diff --git a/.gitignore b/.gitignore index 84cfc99770..ad04755919 100644 --- a/.gitignore +++ b/.gitignore @@ -21,6 +21,8 @@ /*.patch /llvm-bpf* key-build* +private-key.pem +public-key.pem *.orig *.rej *~ diff --git a/config/Config-build.in b/config/Config-build.in index 9768878572..292899df6b 100644 --- a/config/Config-build.in +++ b/config/Config-build.in @@ -68,6 +68,9 @@ menu "Global build settings" bool "Enable TLS certificate verification during package download" default y + config USE_APK + bool "Use APK instead of OPKG to build distribution (EXPERIMENTAL)" + comment "General build options" config TESTING_KERNEL diff --git a/include/feeds.mk b/include/feeds.mk index 632fecb4a3..87b1562c3e 100644 --- a/include/feeds.mk +++ b/include/feeds.mk @@ -18,6 +18,10 @@ opkg_package_files = $(wildcard \ $(foreach dir,$(PACKAGE_SUBDIRS), \ $(foreach pkg,$(1), $(dir)/$(pkg)_*.ipk))) +apk_package_files = $(wildcard \ + $(foreach dir,$(PACKAGE_SUBDIRS), \ + $(foreach pkg,$(1), $(dir)/$(pkg)_*.apk))) + # 1: package name define FeedPackageDir $(strip $(if $(CONFIG_PER_FEED_REPO), \ @@ -28,7 +32,7 @@ $(strip $(if $(CONFIG_PER_FEED_REPO), \ endef # 1: destination file -define FeedSourcesAppend +define FeedSourcesAppendOPKG ( \ echo 'src/gz %d_core %U/targets/%S/packages'; \ $(strip $(if $(CONFIG_PER_FEED_REPO), \ @@ -41,6 +45,20 @@ define FeedSourcesAppend ) >> $(1) endef +# 1: destination file +define FeedSourcesAppendAPK +( \ + echo '%U/targets/%S/packages/packages.adb'; \ + $(strip $(if $(CONFIG_PER_FEED_REPO), \ + echo '%U/packages/%A/base/packages.adb'; \ + $(if $(filter %SNAPSHOT-y,$(VERSION_NUMBER)-$(CONFIG_BUILDBOT)), \ + echo '%U/targets/%S/kmods/$(LINUX_VERSION)-$(LINUX_RELEASE)-$(LINUX_VERMAGIC)/packages.adb';) \ + $(foreach feed,$(FEEDS_AVAILABLE), \ + $(if $(CONFIG_FEED_$(feed)), \ + echo '$(if $(filter m,$(CONFIG_FEED_$(feed))),# )%U/packages/%A/$(feed)/packages.adb';)))) \ +) >> $(1) +endef + # 1: package name define GetABISuffix $(if $(ABIV_$(1)),$(ABIV_$(1)),$(call FormatABISuffix,$(1),$(foreach v,$(wildcard $(STAGING_DIR)/pkginfo/$(1).version),$(shell cat $(v))))) diff --git a/include/image.mk b/include/image.mk index 0dd18dbd82..406f0b8534 100644 --- a/include/image.mk +++ b/include/image.mk @@ -278,8 +278,12 @@ define Image/mkfs/ext4 endef define Image/Manifest - $(call opkg,$(TARGET_DIR_ORIG)) list-installed > \ - $(BIN_DIR)/$(IMG_PREFIX)$(if $(PROFILE_SANITIZED),-$(PROFILE_SANITIZED)).manifest + $(if $(CONFIG_USE_APK), \ + $(call apk,$(TARGET_DIR_ORIG)) list --quiet --manifest --no-network | sort | sed 's/ / - /' > \ + $(BIN_DIR)/$(IMG_PREFIX)$(if $(PROFILE_SANITIZED),-$(PROFILE_SANITIZED)).manifest, \ + $(call opkg,$(TARGET_DIR_ORIG)) list-installed > \ + $(BIN_DIR)/$(IMG_PREFIX)$(if $(PROFILE_SANITIZED),-$(PROFILE_SANITIZED)).manifest \ + ) ifneq ($(CONFIG_JSON_CYCLONEDX_SBOM),) $(SCRIPT_DIR)/package-metadata.pl imgcyclonedxsbom \ $(if $(IB),$(TOPDIR)/.packageinfo, $(TMP_DIR)/.packageinfo) \ @@ -328,7 +332,20 @@ opkg_target = \ $(call opkg,$(mkfs_cur_target_dir)) \ -f $(mkfs_cur_target_dir).conf +apk_target = $(call apk,$(mkfs_cur_target_dir)) --no-scripts + + target-dir-%: FORCE +ifneq ($(CONFIG_USE_APK),) + rm -rf $(mkfs_cur_target_dir) + $(CP) $(TARGET_DIR_ORIG) $(mkfs_cur_target_dir) + mv $(mkfs_cur_target_dir)/etc/apk/repositories $(mkfs_cur_target_dir).repositories + $(if $(mkfs_packages_remove), \ + $(apk_target) del $(mkfs_packages_remove)) + $(if $(mkfs_packages_add), \ + $(apk_target) add $(mkfs_packages_add)) + mv $(mkfs_cur_target_dir).repositories $(mkfs_cur_target_dir)/etc/apk/repositories +else rm -rf $(mkfs_cur_target_dir) $(mkfs_cur_target_dir).opkg $(CP) $(TARGET_DIR_ORIG) $(mkfs_cur_target_dir) -mv $(mkfs_cur_target_dir)/etc/opkg $(mkfs_cur_target_dir).opkg @@ -342,6 +359,7 @@ target-dir-%: FORCE $(call opkg_package_files,$(mkfs_packages_add))) -$(CP) -T $(mkfs_cur_target_dir).opkg/ $(mkfs_cur_target_dir)/etc/opkg/ rm -rf $(mkfs_cur_target_dir).opkg $(mkfs_cur_target_dir).conf +endif $(call prepare_rootfs,$(mkfs_cur_target_dir),$(TOPDIR)/files) $(KDIR)/root.%: kernel_prepare diff --git a/include/package-ipkg.mk b/include/package-pack.mk similarity index 69% rename from include/package-ipkg.mk rename to include/package-pack.mk index 5f5f7e1317..16b56344e1 100644 --- a/include/package-ipkg.mk +++ b/include/package-pack.mk @@ -1,35 +1,32 @@ # SPDX-License-Identifier: GPL-2.0-only # -# Copyright (C) 2006-2020 OpenWrt.org +# Copyright (C) 2006-2022 OpenWrt.org ifndef DUMP include $(INCLUDE_DIR)/feeds.mk endif -IPKG_REMOVE:= \ - $(SCRIPT_DIR)/ipkg-remove - IPKG_STATE_DIR:=$(TARGET_DIR)/usr/lib/opkg # Generates a make statement to return a wildcard for candidate ipkg files # 1: package name -define gen_ipkg_wildcard +define gen_package_wildcard $(1)$$(if $$(filter -%,$$(ABIV_$(1))),,[^a-z-])* endef # 1: package name # 2: candidate ipk files define remove_ipkg_files - $(if $(strip $(2)),$(IPKG_REMOVE) $(1) $(2)) + $(if $(strip $(2)),$(SCRIPT_DIR)/ipkg-remove $(1) $(2)) endef # 1: package name # 2: variable name # 3: variable suffix # 4: file is a script -define BuildIPKGVariable +define BuildPackVariable ifdef Package/$(1)/$(2) - $$(IPKG_$(1)) : VAR_$(2)$(3)=$$(Package/$(1)/$(2)) + $$(PACK_$(1)) : VAR_$(2)$(3)=$$(Package/$(1)/$(2)) $(call shexport,Package/$(1)/$(2)) $(1)_COMMANDS += echo "$$$$$$$$$(call shvar,Package/$(1)/$(2))" > $(2)$(3); $(if $(4),chmod 0755 $(2)$(3);) endif @@ -50,7 +47,7 @@ strip_deps=$(strip $(subst +,,$(filter-out @%,$(1)))) filter_deps=$(foreach dep,$(call strip_deps,$(1)),$(if $(findstring :,$(dep)),$(call dep_if,$(dep)),$(dep))) define AddDependency - $$(if $(1),$$(if $(2),$$(foreach pkg,$(1),$$(IPKG_$$(pkg))): $$(foreach pkg,$(2),$$(IPKG_$$(pkg))))) + $$(if $(1),$$(if $(2),$$(foreach pkg,$(1),$$(PACK_$$(pkg))): $$(foreach pkg,$(2),$$(PACK_$$(pkg))))) endef define FixupReverseDependencies @@ -101,8 +98,13 @@ ifeq ($(DUMP),) define BuildTarget/ipkg ABIV_$(1):=$(call FormatABISuffix,$(1),$(ABI_VERSION)) PDIR_$(1):=$(call FeedPackageDir,$(1)) - IPKG_$(1):=$$(PDIR_$(1))/$(1)$$(ABIV_$(1))_$(VERSION)_$(PKGARCH).ipk +ifeq ($(CONFIG_USE_APK),) + PACK_$(1):=$$(PDIR_$(1))/$(1)$$(ABIV_$(1))_$(VERSION)_$(PKGARCH).ipk +else + PACK_$(1):=$$(PDIR_$(1))/$(1)$$(ABIV_$(1))-$(VERSION).apk +endif IDIR_$(1):=$(PKG_BUILD_DIR)/ipkg-$(PKGARCH)/$(1) + ADIR_$(1):=$(PKG_BUILD_DIR)/apk-$(PKGARCH)/$(1) KEEP_$(1):=$(strip $(call Package/$(1)/conffiles)) TARGET_VARIANT:=$$(if $(ALL_VARIANTS),$$(if $$(VARIANT),$$(filter-out *,$$(VARIANT)),$(firstword $(ALL_VARIANTS)))) @@ -117,8 +119,8 @@ ifeq ($(DUMP),) ifdef do_install ifneq ($(CONFIG_PACKAGE_$(1))$(DEVELOPER),) IPKGS += $(1) - $(_pkg_target)compile: $$(IPKG_$(1)) $(PKG_INFO_DIR)/$(1).provides $(PKG_BUILD_DIR)/.pkgdir/$(1).installed - prepare-package-install: $$(IPKG_$(1)) + $(_pkg_target)compile: $$(PACK_$(1)) $(PKG_INFO_DIR)/$(1).provides $(PKG_BUILD_DIR)/.pkgdir/$(1).installed + prepare-package-install: $$(PACK_$(1)) compile: $(STAGING_DIR_ROOT)/stamp/.$(1)_installed else $(if $(CONFIG_PACKAGE_$(1)),$$(info WARNING: skipping $(1) -- package not selected)) @@ -141,11 +143,11 @@ ifeq ($(DUMP),) $(FixupDependencies) $(FixupReverseDependencies) - $(eval $(call BuildIPKGVariable,$(1),conffiles)) - $(eval $(call BuildIPKGVariable,$(1),preinst,,1)) - $(eval $(call BuildIPKGVariable,$(1),postinst,-pkg,1)) - $(eval $(call BuildIPKGVariable,$(1),prerm,-pkg,1)) - $(eval $(call BuildIPKGVariable,$(1),postrm,,1)) + $(eval $(call BuildPackVariable,$(1),conffiles)) + $(eval $(call BuildPackVariable,$(1),preinst,,1)) + $(eval $(call BuildPackVariable,$(1),postinst,-pkg,1)) + $(eval $(call BuildPackVariable,$(1),prerm,-pkg,1)) + $(eval $(call BuildPackVariable,$(1),postrm,,1)) $(PKG_BUILD_DIR)/.pkgdir/$(1).installed : export PATH=$$(TARGET_PATH_PKG) $(PKG_BUILD_DIR)/.pkgdir/$(1).installed: $(STAMP_BUILT) @@ -195,14 +197,16 @@ $$(call addfield,Depends,$$(Package/$(1)/DEPENDS) Installed-Size: 0 $(_endef) - $$(IPKG_$(1)) : export CONTROL=$$(Package/$(1)/CONTROL) - $$(IPKG_$(1)) : export DESCRIPTION=$$(Package/$(1)/description) - $$(IPKG_$(1)) : export PATH=$$(TARGET_PATH_PKG) - $$(IPKG_$(1)) : export PKG_SOURCE_DATE_EPOCH:=$(PKG_SOURCE_DATE_EPOCH) - $(PKG_INFO_DIR)/$(1).provides $$(IPKG_$(1)): $(STAMP_BUILT) $(INCLUDE_DIR)/package-ipkg.mk - @rm -rf $$(IDIR_$(1)); \ - $$(call remove_ipkg_files,$(1),$$(call opkg_package_files,$(call gen_ipkg_wildcard,$(1)))) - mkdir -p $(PACKAGE_DIR) $$(IDIR_$(1))/CONTROL $(PKG_INFO_DIR) + $$(PACK_$(1)) : export CONTROL=$$(Package/$(1)/CONTROL) + $$(PACK_$(1)) : export DESCRIPTION=$$(Package/$(1)/description) + $$(PACK_$(1)) : export PATH=$$(TARGET_PATH_PKG) + $$(PACK_$(1)) : export PKG_SOURCE_DATE_EPOCH:=$(PKG_SOURCE_DATE_EPOCH) + $(PKG_INFO_DIR)/$(1).provides $$(PACK_$(1)): $(STAMP_BUILT) $(INCLUDE_DIR)/package-pack.mk + rm -rf $$(IDIR_$(1)) +ifeq ($$(CONFIG_USE_APK),) + $$(call remove_ipkg_files,$(1),$$(call opkg_package_files,$(call gen_package_wildcard,$(1)))) +endif + mkdir -p $(PACKAGE_DIR) $$(IDIR_$(1)) $(PKG_INFO_DIR) $(call Package/$(1)/install,$$(IDIR_$(1))) $(if $(Package/$(1)/install-overlay),mkdir -p $(PACKAGE_DIR) $$(IDIR_$(1))/rootfs-overlay) $(call Package/$(1)/install-overlay,$$(IDIR_$(1))/rootfs-overlay) @@ -228,6 +232,24 @@ $(_endef) ) || true \ ) endif + + ifneq ($$(KEEP_$(1)),) + @( \ + keepfiles=""; \ + for x in $$(KEEP_$(1)); do \ + [ -f "$$(IDIR_$(1))/$$$$x" ] || keepfiles="$$$${keepfiles:+$$$$keepfiles }$$$$x"; \ + done; \ + [ -z "$$$$keepfiles" ] || { \ + mkdir -p $$(IDIR_$(1))/lib/upgrade/keep.d; \ + for x in $$$$keepfiles; do echo $$$$x >> $$(IDIR_$(1))/lib/upgrade/keep.d/$(1); done; \ + }; \ + ) + endif + + $(INSTALL_DIR) $$(PDIR_$(1))/tmp + +ifeq ($(CONFIG_USE_APK),) + mkdir -p $$(IDIR_$(1))/CONTROL (cd $$(IDIR_$(1))/CONTROL; \ ( \ echo "$$$$CONTROL"; \ @@ -251,25 +273,66 @@ $(_endef) $($(1)_COMMANDS) \ ) - ifneq ($$(KEEP_$(1)),) - @( \ - keepfiles=""; \ - for x in $$(KEEP_$(1)); do \ - [ -f "$$(IDIR_$(1))/$$$$x" ] || keepfiles="$$$${keepfiles:+$$$$keepfiles }$$$$x"; \ - done; \ - [ -z "$$$$keepfiles" ] || { \ - mkdir -p $$(IDIR_$(1))/lib/upgrade/keep.d; \ - for x in $$$$keepfiles; do echo $$$$x >> $$(IDIR_$(1))/lib/upgrade/keep.d/$(1); done; \ - }; \ - ) - endif - - $(INSTALL_DIR) $$(PDIR_$(1)) $(FAKEROOT) $(STAGING_DIR_HOST)/bin/bash $(SCRIPT_DIR)/ipkg-build -m "$(FILE_MODES)" $$(IDIR_$(1)) $$(PDIR_$(1)) - @[ -f $$(IPKG_$(1)) ] +else + mkdir -p $$(ADIR_$(1))/ + mkdir -p $$(IDIR_$(1))/lib/apk/packages/ + + (cd $$(ADIR_$(1)); $($(1)_COMMANDS)) + + ( \ + echo "#!/bin/sh"; \ + echo "[ \"\$$$${IPKG_NO_SCRIPT}\" = \"1\" ] && exit 0"; \ + echo "[ -s "\$$$${IPKG_INSTROOT}/lib/functions.sh" ] || exit 0"; \ + echo ". \$$$${IPKG_INSTROOT}/lib/functions.sh"; \ + echo 'export root="$$$${IPKG_INSTROOT}"'; \ + echo 'export pkgname="$(1)"'; \ + echo "add_group_and_user"; \ + [ ! -f $$(ADIR_$(1))/postinst-pkg ] || cat "$$(ADIR_$(1))/postinst-pkg"; \ + echo "default_postinst"; \ + ) > $$(ADIR_$(1))/post-install; + + ( \ + echo "#!/bin/sh"; \ + echo "[ -s "\$$$${IPKG_INSTROOT}/lib/functions.sh" ] || exit 0"; \ + echo ". \$$$${IPKG_INSTROOT}/lib/functions.sh"; \ + echo 'export root="$$$${IPKG_INSTROOT}"'; \ + echo 'export pkgname="$(1)"'; \ + [ ! -f $$(ADIR_$(1))/prerm-pkg ] || cat "$$(ADIR_$(1))/prerm-pkg"; \ + echo "default_prerm"; \ + ) > $$(ADIR_$(1))/pre-deinstall; + + if [ -n "$(USERID)" ]; then echo $(USERID) > $$(IDIR_$(1))/lib/apk/packages/$(1).rusers; fi; + if [ -n "$(ALTERNATIVES)" ]; then echo $(ALTERNATIVES) > $$(IDIR_$(1))/lib/apk/packages/$(1).alternatives; fi; + (cd $$(IDIR_$(1)) && find . -type f,l -printf "/%P\n" > $$(IDIR_$(1))/lib/apk/packages/$(1).list) + if [ -f $$(ADIR_$(1))/conffiles ]; then mv $$(ADIR_$(1))/conffiles $$(IDIR_$(1))/lib/apk/packages/$(1).conffiles; fi; + + $(FAKEROOT) $(STAGING_DIR_HOST)/bin/apk mkpkg \ + --info "name:$(1)$$(ABIV_$(1))" \ + --info "version:$(VERSION)" \ + --info "description:" \ + --info "arch:$(PKGARCH)" \ + --info "license:$(LICENSE)" \ + --info "origin:$(SOURCE)" \ + --info "provides:$$(foreach prov,$$(filter-out $(1)$$(ABIV_$(1)),$(PROVIDES)$$(if $$(ABIV_$(1)), \ + $(1) $(foreach provide,$(PROVIDES),$(provide)$$(ABIV_$(1))))),$$(prov)=$(VERSION) )" \ + --script "post-install:$$(ADIR_$(1))/post-install" \ + --script "pre-deinstall:$$(ADIR_$(1))/pre-deinstall" \ + --info "depends:$$(foreach depends,$$(subst $$(comma),$$(space),$$(subst $$(space),,$$(subst $$(paren_right),,$$(subst $$(paren_left),,$$(Package/$(1)/DEPENDS))))),$$(depends))" \ + --files "$$(IDIR_$(1))" \ + --output "$$(PACK_$(1))" \ + --sign "$(BUILD_KEY_APK_SEC)" +endif + + @[ -f $$(PACK_$(1)) ] $(1)-clean: - $$(call remove_ipkg_files,$(1),$$(call opkg_package_files,$(call gen_ipkg_wildcard,$(1)))) +ifeq ($(CONFIG_USE_APK),) + $$(call remove_ipkg_files,$(1),$$(call opkg_package_files,$(call gen_package_wildcard,$(1)))) +else + $$(call remove_ipkg_files,$(1),$$(call apk_package_files,$(call gen_package_wildcard,$(1)))) +endif + clean: $(1)-clean diff --git a/include/package.mk b/include/package.mk index 61a26f0c43..8ee78415df 100644 --- a/include/package.mk +++ b/include/package.mk @@ -136,7 +136,7 @@ PKG_INSTALL_STAMP:=$(PKG_INFO_DIR)/$(PKG_DIR_NAME).$(if $(BUILD_VARIANT),$(BUILD include $(INCLUDE_DIR)/package-defaults.mk include $(INCLUDE_DIR)/package-dumpinfo.mk -include $(INCLUDE_DIR)/package-ipkg.mk +include $(INCLUDE_DIR)/package-pack.mk include $(INCLUDE_DIR)/package-bin.mk include $(INCLUDE_DIR)/autotools.mk diff --git a/include/rootfs.mk b/include/rootfs.mk index 2128aefc2a..907a95a794 100644 --- a/include/rootfs.mk +++ b/include/rootfs.mk @@ -43,6 +43,16 @@ opkg = \ --add-arch all:100 \ --add-arch $(if $(ARCH_PACKAGES),$(ARCH_PACKAGES),$(BOARD)):200 +apk = \ + IPKG_INSTROOT=$(1) \ + $(FAKEROOT) $(STAGING_DIR_HOST)/bin/apk \ + --root $(1) \ + --keys-dir $(TOPDIR) \ + --no-cache \ + --no-logfile \ + --preserve-env \ + --repository file://$(PACKAGE_DIR_ALL)/packages.adb + TARGET_DIR_ORIG := $(TARGET_ROOTFS_DIR)/root.orig-$(BOARD) ifdef CONFIG_CLEAN_IPKG @@ -68,6 +78,11 @@ define prepare_rootfs @mkdir -p $(1)/var/lock @( \ cd $(1); \ + if [ -n "$(CONFIG_USE_APK)" ]; then \ + $(STAGING_DIR_HOST)/bin/tar -xf ./lib/apk/db/scripts.tar --wildcards "*.post-install" -O > script.sh; \ + chmod +x script.sh; \ + IPKG_INSTROOT=$(1) $$(command -v bash) script.sh; \ + else \ for script in ./usr/lib/opkg/info/*.postinst; do \ IPKG_INSTROOT=$(1) $$(command -v bash) $$script; \ ret=$$?; \ @@ -76,6 +91,13 @@ define prepare_rootfs exit 1; \ fi; \ done; \ + $(if $(IB),,awk -i inplace \ + '/^Status:/ { \ + if ($$3 == "user") { $$3 = "ok" } \ + else { sub(/,\|\,/, "", $$3) } \ + }1' $(1)/usr/lib/opkg/status) ; \ + $(if $(SOURCE_DATE_EPOCH),sed -i "s/Installed-Time: .*/Installed-Time: $(SOURCE_DATE_EPOCH)/" $(1)/usr/lib/opkg/status ;) \ + fi; \ for script in ./etc/init.d/*; do \ grep '#!/bin/sh /etc/rc.common' $$script >/dev/null || continue; \ if ! echo " $(3) " | grep -q " $$(basename $$script) "; then \ @@ -87,13 +109,9 @@ define prepare_rootfs fi; \ done || true \ ) - awk -i inplace \ - '/^Status:/ { \ - if ($$3 == "user") { $$3 = "ok" } \ - else { sub(/,\|\,/, "", $$3) } \ - }1' $(1)/usr/lib/opkg/status - $(if $(SOURCE_DATE_EPOCH),sed -i "s/Installed-Time: .*/Installed-Time: $(SOURCE_DATE_EPOCH)/" $(1)/usr/lib/opkg/status) + @-find $(1) -name CVS -o -name .svn -o -name .git -o -name '.#*' | $(XARGS) rm -rf + @-find $(1)/usr/cache/apk/ -name '*.apk' -delete rm -rf \ $(1)/boot \ $(1)/tmp/* \ diff --git a/include/target.mk b/include/target.mk index 5a6700542d..feb924670c 100644 --- a/include/target.mk +++ b/include/target.mk @@ -21,12 +21,17 @@ DEFAULT_PACKAGES:=\ logd \ mtd \ netifd \ - opkg \ uci \ uclient-fetch \ urandom-seed \ urngd +ifdef CONFIG_USE_APK +DEFAULT_PACKAGES+=apk +else +DEFAULT_PACKAGES+=opkg +endif + ifneq ($(CONFIG_SELINUX),) DEFAULT_PACKAGES+=busybox-selinux procd-selinux else diff --git a/package/Makefile b/package/Makefile index d72ce09a81..301a9e6cd5 100644 --- a/package/Makefile +++ b/package/Makefile @@ -53,20 +53,43 @@ $(curdir)/cleanup: $(TMP_DIR)/.build $(curdir)/merge: rm -rf $(PACKAGE_DIR_ALL) mkdir -p $(PACKAGE_DIR_ALL) +ifneq ($(CONFIG_USE_APK),) + -$(foreach pdir,$(PACKAGE_SUBDIRS),$(if $(wildcard $(pdir)/*.apk),ln -s $(pdir)/*.apk $(PACKAGE_DIR_ALL);)) +else -$(foreach pdir,$(PACKAGE_SUBDIRS),$(if $(wildcard $(pdir)/*.ipk),ln -s $(pdir)/*.ipk $(PACKAGE_DIR_ALL);)) +endif $(curdir)/merge-index: $(curdir)/merge +ifneq ($(CONFIG_USE_APK),) + (cd $(PACKAGE_DIR_ALL) && $(STAGING_DIR_HOST)/bin/apk mkndx \ + --root $(TOPDIR) \ + --keys-dir $(TOPDIR) \ + --sign $(BUILD_KEY_APK_SEC) \ + --output packages.adb \ + *.apk; \ + ) +else (cd $(PACKAGE_DIR_ALL) && $(SCRIPT_DIR)/ipkg-make-index.sh . 2>&1 > Packages; ) +endif ifndef SDK $(curdir)//compile = $(STAGING_DIR)/.prepared $(BIN_DIR) +ifneq ($(CONFIG_USE_APK),) + $(curdir)/compile: $(curdir)/system/apk/host/compile +else $(curdir)/compile: $(curdir)/system/opkg/host/compile endif +endif -$(curdir)/install: $(TMP_DIR)/.build $(curdir)/merge $(if $(CONFIG_TARGET_PER_DEVICE_ROOTFS),$(curdir)/merge-index) +$(curdir)/install: $(TMP_DIR)/.build $(curdir)/merge $(curdir)/merge-index - find $(STAGING_DIR_ROOT) -type d | $(XARGS) chmod 0755 rm -rf $(TARGET_DIR) $(TARGET_DIR_ORIG) mkdir -p $(TARGET_DIR)/tmp +ifneq ($(CONFIG_USE_APK),) + $(file >$(TMP_DIR)/apk_install_list,\ + $(foreach pkg,$(shell cat $(PACKAGE_INSTALL_FILES) 2>/dev/null),$(pkg)$(call GetABISuffix,$(pkg)))) + $(call apk,$(TARGET_DIR)) add --initdb --no-scripts --arch $(ARCH_PACKAGES) $$(cat $(TMP_DIR)/apk_install_list) +else $(file >$(TMP_DIR)/opkg_install_list,\ $(call opkg_package_files,\ $(foreach pkg,$(shell cat $(PACKAGE_INSTALL_FILES) 2>/dev/null),$(pkg)$(call GetABISuffix,$(pkg))))) @@ -77,6 +100,7 @@ $(curdir)/install: $(TMP_DIR)/.build $(curdir)/merge $(if $(CONFIG_TARGET_PER_DE $(call opkg,$(TARGET_DIR)) flag $$flag `cat $$file`; \ done; \ done || true +endif $(CP) $(TARGET_DIR) $(TARGET_DIR_ORIG) @@ -84,6 +108,19 @@ $(curdir)/install: $(TMP_DIR)/.build $(curdir)/merge $(if $(CONFIG_TARGET_PER_DE $(curdir)/index: FORCE @echo Generating package index... +ifneq ($(CONFIG_USE_APK),) + @for d in $(PACKAGE_SUBDIRS); do \ + mkdir -p $$d; \ + cd $$d || continue; \ + ls *.apk >/dev/null 2>&1 || continue; \ + $(STAGING_DIR_HOST)/bin/apk mkndx \ + --root $(TOPDIR) \ + --keys-dir $(TOPDIR) \ + --sign $(BUILD_KEY_APK_SEC) \ + --output packages.adb \ + *.apk; \ + done +else @for d in $(PACKAGE_SUBDIRS); do ( \ mkdir -p $$d; \ cd $$d || continue; \ @@ -115,6 +152,7 @@ ifdef CONFIG_JSON_CYCLONEDX_SBOM $(SCRIPT_DIR)/package-metadata.pl pkgcyclonedxsbom Packages.manifest > Packages.bom.cdx.json || true; \ ); done endif +endif $(curdir)/flags-install:= -j1 diff --git a/package/base-files/Makefile b/package/base-files/Makefile index b1a834e1bf..0aa7ecd854 100644 --- a/package/base-files/Makefile +++ b/package/base-files/Makefile @@ -116,6 +116,20 @@ define Build/Compile/Default endef Build/Compile = $(Build/Compile/Default) +ifneq ($(CONFIG_USE_APK),) + define Build/Configure + [ -s $(BUILD_KEY_APK_SEC) -a -s $(BUILD_KEY_APK_PUB) ] || \ + $(STAGING_DIR_HOST)/bin/openssl ecparam -name prime256v1 -genkey -noout -out $(BUILD_KEY_APK_SEC); \ + $(STAGING_DIR_HOST)/bin/openssl ec -in $(BUILD_KEY_APK_SEC) -pubout > $(BUILD_KEY_APK_PUB) + endef + +ifndef CONFIG_BUILDBOT + define Package/base-files/install-key + mkdir -p $(1)/etc/apk/keys + $(CP) $(BUILD_KEY_APK_PUB) $(1)/etc/apk/keys/ + endef +endif +else ifdef CONFIG_SIGNED_PACKAGES define Build/Configure [ -s $(BUILD_KEY) -a -s $(BUILD_KEY).pub ] || \ @@ -130,10 +144,10 @@ ifndef CONFIG_BUILDBOT define Package/base-files/install-key mkdir -p $(1)/etc/opkg/keys $(CP) $(BUILD_KEY).pub $(1)/etc/opkg/keys/`$(STAGING_DIR_HOST)/bin/usign -F -p $(BUILD_KEY).pub` - endef endif endif +endif ifeq ($(CONFIG_NAND_SUPPORT),) define Package/base-files/nand-support @@ -234,15 +248,21 @@ endif cat $(BIN_DIR)/feeds.buildinfo >>$(1)/etc/build.feeds; \ cat $(BIN_DIR)/version.buildinfo >>$(1)/etc/build.version) + $(if $(CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE), \ + rm -f $(1)/etc/banner.failsafe,) + +ifneq ($(CONFIG_USE_APK),) + mkdir -p $(1)/etc/apk/ + $(call FeedSourcesAppendAPK,$(1)/etc/apk/repositories) + $(VERSION_SED_SCRIPT) $(1)/etc/apk/repositories +else $(if $(CONFIG_CLEAN_IPKG),, \ mkdir -p $(1)/etc/opkg; \ - $(call FeedSourcesAppend,$(1)/etc/opkg/distfeeds.conf); \ + $(call FeedSourcesAppendOPKG,$(1)/etc/opkg/distfeeds.conf); \ $(VERSION_SED_SCRIPT) $(1)/etc/opkg/distfeeds.conf) $(if $(CONFIG_IPK_FILES_CHECKSUMS),, \ rm -f $(1)/sbin/pkg_check) - - $(if $(CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE), \ - rm -f $(1)/etc/banner.failsafe,) +endif endef ifneq ($(DUMP),1) diff --git a/package/base-files/files/lib/functions.sh b/package/base-files/files/lib/functions.sh index 82ee58f642..a009aa81e9 100644 --- a/package/base-files/files/lib/functions.sh +++ b/package/base-files/files/lib/functions.sh @@ -211,8 +211,10 @@ config_list_foreach() { default_prerm() { local root="${IPKG_INSTROOT}" - local pkgname="$(basename ${1%.*})" + [ -z "$pkgname" ] && local pkgname="$(basename ${1%.*})" local ret=0 + local filelist="${root}/usr/lib/opkg/info/${pkgname}.list" + [ -f "$root/lib/apk/packages/${pkgname}.list" ] && filelist="$root/lib/apk/packages/${pkgname}.list" if [ -f "$root/usr/lib/opkg/info/${pkgname}.prerm-pkg" ]; then ( . "$root/usr/lib/opkg/info/${pkgname}.prerm-pkg" ) @@ -220,7 +222,7 @@ default_prerm() { fi local shell="$(command -v bash)" - for i in $(grep -s "^/etc/init.d/" "$root/usr/lib/opkg/info/${pkgname}.list"); do + for i in $(grep -s "^/etc/init.d/" "$filelist"); do if [ -n "$root" ]; then ${shell:-/bin/sh} "$root/etc/rc.common" "$root$i" disable else @@ -235,8 +237,11 @@ default_prerm() { } add_group_and_user() { - local pkgname="$1" + [ -z "$pkgname" ] && local pkgname="$(basename ${1%.*})" local rusers="$(sed -ne 's/^Require-User: *//p' $root/usr/lib/opkg/info/${pkgname}.control 2>/dev/null)" + if [ -f "$root/lib/apk/packages/${pkgname}.rusers" ]; then + local rusers="$(cat $root/lib/apk/packages/${pkgname}.rusers)" + fi if [ -n "$rusers" ]; then local tuple oIFS="$IFS" @@ -286,13 +291,71 @@ add_group_and_user() { fi } +update_alternatives() { + local root="${IPKG_INSTROOT}" + local action="$1" + local pkgname="$2" + + if [ -f "$root/lib/apk/packages/${pkgname}.alternatives" ]; then + for pkg_alt in $(cat $root/lib/apk/packages/${pkgname}.alternatives); do + local best_prio=0; + local best_src="/bin/busybox"; + pkg_prio=${pkg_alt%%:*}; + pkg_target=${pkg_alt#*:}; + pkg_target=${pkg_target%:*}; + pkg_src=${pkg_alt##*:}; + + if [ -e "$root/$target" ]; then + for alts in $root/lib/apk/packages/*.alternatives; do + for alt in $(cat $alts); do + prio=${alt%%:*}; + target=${alt#*:}; + target=${target%:*}; + src=${alt##*:}; + + if [ "$target" = "$pkg_target" ] && + [ "$src" != "$pkg_src" ] && + [ "$best_prio" -lt "$prio" ]; then + best_prio=$prio; + best_src=$src; + fi + done + done + fi + case "$action" in + install) + if [ "$best_prio" -lt "$pkg_prio" ]; then + ln -sf "$pkg_src" "$root/$pkg_target" + echo "add alternative: $pkg_target -> $pkg_src" + fi + ;; + remove) + if [ "$best_prio" -lt "$pkg_prio" ]; then + ln -sf "$best_src" "$root/$pkg_target" + echo "add alternative: $pkg_target -> $best_src" + fi + ;; + esac + done + fi +} + default_postinst() { local root="${IPKG_INSTROOT}" - local pkgname="$(basename ${1%.*})" - local filelist="/usr/lib/opkg/info/${pkgname}.list" + [ -z "$pkgname" ] && local pkgname="$(basename ${1%.*})" + local filelist="${root}/usr/lib/opkg/info/${pkgname}.list" + [ -f "$root/lib/apk/packages/${pkgname}.list" ] && filelist="$root/lib/apk/packages/${pkgname}.list" local ret=0 - add_group_and_user "${pkgname}" + if [ -e "${root}/usr/lib/opkg/info/${pkgname}.list" ]; then + filelist="${root}/usr/lib/opkg/info/${pkgname}.list" + add_group_and_user "${pkgname}" + fi + + if [ -e "${root}/lib/apk/packages/${pkgname}.list" ]; then + filelist="${root}/lib/apk/packages/${pkgname}.list" + update_alternatives install "${pkgname}" + fi if [ -d "$root/rootfs-overlay" ]; then cp -R $root/rootfs-overlay/. $root/ @@ -325,7 +388,7 @@ default_postinst() { fi local shell="$(command -v bash)" - for i in $(grep -s "^/etc/init.d/" "$root$filelist"); do + for i in $(grep -s "^/etc/init.d/" "$filelist"); do if [ -n "$root" ]; then ${shell:-/bin/sh} "$root/etc/rc.common" "$root$i" enable else diff --git a/package/boot/uboot-mediatek/patches/105-configs-add-usefull-stuff-to-mt7988-rfb.patch b/package/boot/uboot-mediatek/patches/105-configs-add-usefull-stuff-to-mt7988-rfb.patch index da1d985688..535af4fa09 100644 --- a/package/boot/uboot-mediatek/patches/105-configs-add-usefull-stuff-to-mt7988-rfb.patch +++ b/package/boot/uboot-mediatek/patches/105-configs-add-usefull-stuff-to-mt7988-rfb.patch @@ -157,10 +157,11 @@ CONFIG_MTD=y --- a/configs/mt7988_rfb_defconfig +++ b/configs/mt7988_rfb_defconfig -@@ -11,6 +11,24 @@ CONFIG_DEBUG_UART_BASE=0x11000000 +@@ -11,7 +11,24 @@ CONFIG_DEBUG_UART_BASE=0x11000000 CONFIG_DEBUG_UART_CLOCK=40000000 CONFIG_SYS_LOAD_ADDR=0x46000000 CONFIG_DEBUG_UART=y +-# CONFIG_AUTOBOOT is not set +CONFIG_OF_LIBFDT_OVERLAY=y +CONFIG_SMBIOS_PRODUCT_NAME="" +CONFIG_CFB_CONSOLE_ANSI=y @@ -179,10 +180,10 @@ +CONFIG_NAND_BOOT=y +CONFIG_BOOTSTD_DEFAULTS=y +CONFIG_BOOTSTD_FULL=y - # CONFIG_AUTOBOOT is not set CONFIG_DEFAULT_FDT_FILE="mt7988-rfb" CONFIG_LOGLEVEL=7 -@@ -22,15 +40,118 @@ CONFIG_SYS_PBSIZE=1049 + CONFIG_LOG=y +@@ -22,15 +39,120 @@ CONFIG_SYS_PBSIZE=1049 # CONFIG_BOOTM_PLAN9 is not set # CONFIG_BOOTM_RTEMS is not set # CONFIG_BOOTM_VXWORKS is not set @@ -293,16 +294,18 @@ +CONFIG_USB_XHCI_MTK=y +CONFIG_USB_STORAGE=y +CONFIG_OF_EMBED=y ++CONFIG_OF_SYSTEM_SETUP=y +CONFIG_ENV_OVERWRITE=y -+CONFIG_ENV_IS_IN_MMC=y -+CONFIG_ENV_OFFSET=0x400000 -+CONFIG_ENV_OFFSET_REDUND=0x440000 -+CONFIG_ENV_SIZE=0x40000 -+CONFIG_ENV_SIZE_REDUND=0x40000 ++CONFIG_ENV_IS_IN_UBI=y ++CONFIG_ENV_UBI_PART="ubi" ++CONFIG_ENV_SIZE=0x1f000 ++CONFIG_ENV_SIZE_REDUND=0x1f000 ++CONFIG_ENV_UBI_VOLUME="ubootenv" ++CONFIG_ENV_UBI_VOLUME_REDUND="ubootenv2" CONFIG_DOS_PARTITION=y CONFIG_EFI_PARTITION=y CONFIG_PARTITION_TYPE_GUID=y -@@ -46,6 +167,9 @@ CONFIG_PROT_TCP=y +@@ -46,6 +168,9 @@ CONFIG_PROT_TCP=y CONFIG_REGMAP=y CONFIG_SYSCON=y CONFIG_CLK=y @@ -312,3 +315,29 @@ CONFIG_MMC_HS200_SUPPORT=y CONFIG_MMC_MTK=y CONFIG_MTD=y +--- a/arch/arm/dts/mt7988-rfb.dts ++++ b/arch/arm/dts/mt7988-rfb.dts +@@ -144,6 +144,23 @@ + compatible = "spi-nand"; + reg = <0>; + spi-max-frequency = <52000000>; ++ ++ partitions { ++ compatible = "fixed-partitions"; ++ #address-cells = <1>; ++ #size-cells = <1>; ++ ++ partition@0 { ++ label = "bl2"; ++ reg = <0x0 0x200000>; ++ }; ++ ++ partition@200000 { ++ label = "ubi"; ++ reg = <0x200000 0x7e00000>; ++ compatible = "linux,ubi"; ++ }; ++ }; + }; + }; + diff --git a/package/boot/uboot-tegra/Makefile b/package/boot/uboot-tegra/Makefile index d47ef6f6f0..5bed6b97dd 100644 --- a/package/boot/uboot-tegra/Makefile +++ b/package/boot/uboot-tegra/Makefile @@ -6,10 +6,10 @@ # include $(TOPDIR)/rules.mk -PKG_VERSION := 2020.04 -PKG_RELEASE:=3 +PKG_VERSION := 2024.04 +PKG_RELEASE:=1 -PKG_HASH := fe732aaf037d9cc3c0909bad8362af366ae964bbdac6913a34081ff4ad565372 +PKG_HASH := 18a853fe39fad7ad03a90cc2d4275aeaed6da69735defac3492b80508843dd4a PKG_MAINTAINER := Tomasz Maciej Nowak @@ -46,11 +46,6 @@ define Build/bct-image ) endef -define Build/Configure - sed '/select BINMAN/d' -i $(PKG_BUILD_DIR)/arch/arm/mach-tegra/Kconfig - $(call Build/Configure/U-Boot) -endef - define Build/Compile $(call Build/Compile/U-Boot) $(call Build/bct-image) diff --git a/package/system/apk/Makefile b/package/system/apk/Makefile index 24fa18a6cc..eecbcdd7e1 100644 --- a/package/system/apk/Makefile +++ b/package/system/apk/Makefile @@ -5,9 +5,9 @@ PKG_RELEASE:=1 PKG_SOURCE_URL=https://gitlab.alpinelinux.org/alpine/apk-tools.git PKG_SOURCE_PROTO:=git -PKG_SOURCE_DATE:=2024-04-16 -PKG_SOURCE_VERSION:=ba6c31a5469ef74fb85119508e55de9631ffef41 -PKG_MIRROR_HASH:=3455d5799481add9ece3db685576d58be6303f3a13140133979b965cbd3c9966 +PKG_SOURCE_DATE:=2024-05-18 +PKG_SOURCE_VERSION:=a6ce0a1be1a42a5cf4136eb0db5ea95168ee73fe +PKG_MIRROR_HASH:=a5f59907cd742ec12f31f42910ea9a6ecfaf91e18218a7888836a01cfa272a72 PKG_VERSION=3.0.0_pre$(subst -,,$(PKG_SOURCE_DATE)) @@ -17,8 +17,7 @@ PKG_LICENSE_FILES:=LICENSE PKG_INSTALL:=1 HOST_BUILD_PREFIX:=$(STAGING_DIR_HOST) -HOST_BUILD_DEPENDS:=lua/host -PKG_BUILD_DEPENDS:=$(HOST_BUILD_DEPENDS) +PKG_BUILD_DEPENDS:=lua/host include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/host-build.mk @@ -30,6 +29,7 @@ define Package/apk/default TITLE:=apk package manager DEPENDS:=+zlib URL:=$(PKG_SOURCE_URL) + PROVIDES:=apk endef define Package/apk-mbedtls @@ -52,7 +52,7 @@ MESON_HOST_VARS+=VERSION=$(PKG_VERSION) MESON_VARS+=VERSION=$(PKG_VERSION) MESON_HOST_ARGS += \ - -Dlua_version=5.1 \ + -Dhelp=disabled \ -Dcompressed-help=false \ -Ddocs=disabled \ -Dcrypto_backend=openssl \ diff --git a/package/system/apk/patches/0002-mbedtls-support.patch b/package/system/apk/patches/0002-mbedtls-support.patch deleted file mode 100644 index 62b3ab81d3..0000000000 --- a/package/system/apk/patches/0002-mbedtls-support.patch +++ /dev/null @@ -1,917 +0,0 @@ -From 74ea482102e1a7c1845b3eec19cbdb21264836d4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Timo=20Ter=C3=A4s?= -Date: Fri, 5 Apr 2024 12:06:56 +0300 -Subject: [PATCH 1/4] add alternate url wget implementation - ---- - .gitlab-ci.yml | 16 ++++- - meson.build | 6 +- - meson_options.txt | 1 + - src/io_url_wget.c | 150 ++++++++++++++++++++++++++++++++++++++++++++++ - src/meson.build | 4 +- - 5 files changed, 173 insertions(+), 4 deletions(-) - create mode 100644 src/io_url_wget.c - -diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml -index 7fc86563..b7e00008 100644 ---- a/.gitlab-ci.yml -+++ b/.gitlab-ci.yml -@@ -24,7 +24,19 @@ test:alpine: - script: - - apk update - - apk add make gcc git musl-dev openssl-dev linux-headers zlib-dev zstd-dev lua5.3-dev lua5.3-lzlib meson zlib-static zstd-static openssl-libs-static -- - meson build -+ - meson setup build -Dstatic_apk=true -+ - ninja -C build -+ tags: -+ - docker-alpine -+ - x86_64 -+ -+test:alpine-alt-config: -+ image: alpine -+ stage: test -+ script: -+ - apk update -+ - apk add make gcc git musl-dev openssl-dev linux-headers zlib-dev lua5.3-dev lua5.3-lzlib meson -+ - meson setup build -Durl_backend=wget -Dzstd=false - - ninja -C build - tags: - - docker-alpine -@@ -38,7 +50,7 @@ test:debian: - - apt-get install -y make gcc git libssl-dev zlib1g-dev libzstd-dev lua5.3-dev lua5.2 lua-zlib-dev sudo meson - - unlink /bin/sh - - ln -s /bin/bash /bin/sh -- - meson build -+ - meson setup build - - ninja -C build - tags: - - docker-alpine -diff --git a/meson.build b/meson.build -index 1a44c11f..9a14cac0 100644 ---- a/meson.build -+++ b/meson.build -@@ -33,6 +33,10 @@ subproject = meson.is_subproject() - - subdir('doc') - subdir('portability') --subdir('libfetch') -+if get_option('url_backend') == 'libfetch' -+ subdir('libfetch') -+else -+ libfetch_dep = dependency('', required: false) -+endif - subdir('src') - subdir('tests') -diff --git a/meson_options.txt b/meson_options.txt -index 693f46ec..940fe9a4 100644 ---- a/meson_options.txt -+++ b/meson_options.txt -@@ -5,5 +5,6 @@ option('help', description: 'Build help into apk binaries, needs lua', type: 'fe - option('lua', description: 'Build luaapk (lua bindings)', type: 'feature', value: 'auto') - option('lua_version', description: 'Lua version to build against', type: 'string', value: '5.3') - option('static_apk', description: 'Also build apk.static', type: 'boolean', value: false) -+option('url_backend', description: 'URL backend', type: 'combo', choices: ['libfetch', 'wget'], value: 'libfetch') - option('uvol_db_target', description: 'Default target for uvol database layer', type: 'string') - option('zstd', description: 'Build with zstd support', type: 'boolean', value: true) -diff --git a/src/io_url_wget.c b/src/io_url_wget.c -new file mode 100644 -index 00000000..9a929222 ---- /dev/null -+++ b/src/io_url_wget.c -@@ -0,0 +1,150 @@ -+/* io_url_wget.c - Alpine Package Keeper (APK) -+ * -+ * Copyright (C) 2005-2008 Natanael Copa -+ * Copyright (C) 2008-2011 Timo Teräs -+ * All rights reserved. -+ * -+ * SPDX-License-Identifier: GPL-2.0-only -+ */ -+ -+#include -+#include -+#include -+#include "apk_io.h" -+ -+static char wget_timeout[16]; -+static char wget_no_check_certificate; -+ -+static int wget_translate_status(int status) -+{ -+ if (!WIFEXITED(status)) return -EFAULT; -+ switch (WEXITSTATUS(status)) { -+ case 0: return 0; -+ case 3: return -EIO; -+ case 4: return -ENETUNREACH; -+ case 5: return -EACCES; -+ case 6: return -EACCES; -+ case 7: return -EPROTO; -+ default: return -APKE_REMOTE_IO; -+ } -+} -+ -+struct apk_wget_istream { -+ struct apk_istream is; -+ int fd; -+ pid_t pid; -+}; -+ -+static int wget_spawn(const char *url, pid_t *pid, int *fd) -+{ -+ int i = 0, r, pipefds[2]; -+ posix_spawn_file_actions_t act; -+ char *argv[16]; -+ -+ argv[i++] = "wget"; -+ argv[i++] = "-q"; -+ argv[i++] = "-T"; -+ argv[i++] = wget_timeout; -+ if (wget_no_check_certificate) argv[i++] = "--no-check-certificate"; -+ argv[i++] = (char *) url; -+ argv[i++] = "-O"; -+ argv[i++] = "-"; -+ argv[i++] = 0; -+ -+ if (pipe2(pipefds, O_CLOEXEC) != 0) return -errno; -+ -+ posix_spawn_file_actions_init(&act); -+ posix_spawn_file_actions_adddup2(&act, pipefds[1], STDOUT_FILENO); -+ r = posix_spawnp(pid, "wget", &act, 0, argv, environ); -+ posix_spawn_file_actions_destroy(&act); -+ if (r != 0) return -r; -+ close(pipefds[1]); -+ *fd = pipefds[0]; -+ return 0; -+} -+ -+static int wget_check_exit(struct apk_wget_istream *wis) -+{ -+ int status; -+ -+ if (wis->pid == 0) return apk_istream_error(&wis->is, 0); -+ if (waitpid(wis->pid, &status, 0) == wis->pid) { -+ wis->pid = 0; -+ return apk_istream_error(&wis->is, wget_translate_status(status)); -+ } -+ return 0; -+} -+ -+static void wget_get_meta(struct apk_istream *is, struct apk_file_meta *meta) -+{ -+} -+ -+static ssize_t wget_read(struct apk_istream *is, void *ptr, size_t size) -+{ -+ struct apk_wget_istream *wis = container_of(is, struct apk_wget_istream, is); -+ ssize_t r; -+ -+ r = read(wis->fd, ptr, size); -+ if (r < 0) return -errno; -+ if (r == 0) return wget_check_exit(wis); -+ return r; -+} -+ -+static int wget_close(struct apk_istream *is) -+{ -+ int r = is->err; -+ struct apk_wget_istream *wis = container_of(is, struct apk_wget_istream, is); -+ -+ while (wis->pid != 0) -+ wget_check_exit(wis); -+ -+ close(wis->fd); -+ free(wis); -+ return r < 0 ? r : 0; -+} -+ -+static const struct apk_istream_ops wget_istream_ops = { -+ .get_meta = wget_get_meta, -+ .read = wget_read, -+ .close = wget_close, -+}; -+ -+struct apk_istream *apk_io_url_istream(const char *url, time_t since) -+{ -+ struct apk_wget_istream *wis; -+ int r; -+ -+ wis = malloc(sizeof(*wis) + apk_io_bufsize); -+ if (wis == NULL) return ERR_PTR(-ENOMEM); -+ -+ *wis = (struct apk_wget_istream) { -+ .is.ops = &wget_istream_ops, -+ .is.buf = (uint8_t *)(wis + 1), -+ .is.buf_size = apk_io_bufsize, -+ }; -+ r = wget_spawn(url, &wis->pid, &wis->fd); -+ if (r != 0) { -+ free(wis); -+ return ERR_PTR(r); -+ } -+ -+ return &wis->is; -+} -+ -+void apk_io_url_no_check_certificate(void) -+{ -+ wget_no_check_certificate = 1; -+} -+ -+void apk_io_url_set_timeout(int timeout) -+{ -+ snprintf(wget_timeout, sizeof wget_timeout, "%d", timeout); -+} -+ -+void apk_io_url_set_redirect_callback(void (*cb)(int, const char *)) -+{ -+} -+ -+void apk_io_url_init(void) -+{ -+} -diff --git a/src/meson.build b/src/meson.build -index c1aae550..38e9d3b0 100644 ---- a/src/meson.build -+++ b/src/meson.build -@@ -1,3 +1,5 @@ -+url_backend = get_option('url_backend') -+ - libapk_so_version = '2.99.0' - libapk_src = [ - 'adb.c', -@@ -22,8 +24,8 @@ libapk_src = [ - 'fs_uvol.c', - 'hash.c', - 'io.c', -- 'io_url_libfetch.c', - 'io_gunzip.c', -+ 'io_url_@0@.c'.format(url_backend), - 'package.c', - 'pathbuilder.c', - 'print.c', --- -GitLab - - -From b9fe78fbf19bb10e1d0b8eb1cb1de123bee2ed7e Mon Sep 17 00:00:00 2001 -From: Christian Marangi -Date: Tue, 16 Apr 2024 17:55:15 +0200 -Subject: [PATCH 2/4] add option to configure url backend in legacy make build - system - -Can be configured by setting URL_BACKEND. If not set libfetch is -selected by default. - -Signed-off-by: Christian Marangi ---- - src/Makefile | 20 ++++++++++++++------ - 1 file changed, 14 insertions(+), 6 deletions(-) - -diff --git a/src/Makefile b/src/Makefile -index f7873cb1..efdc68df 100644 ---- a/src/Makefile -+++ b/src/Makefile -@@ -9,8 +9,8 @@ else - $(error Lua interpreter not found. Please specify LUA interpreter, or use LUA=no to build without help.) - endif - --OPENSSL_CFLAGS := $(shell $(PKG_CONFIG) --cflags openssl) --OPENSSL_LIBS := $(shell $(PKG_CONFIG) --libs openssl) -+OPENSSL_CFLAGS := $(shell $(PKG_CONFIG) --cflags openssl) -+OPENSSL_LIBS := $(shell $(PKG_CONFIG) --libs openssl) - - ZLIB_CFLAGS := $(shell $(PKG_CONFIG) --cflags zlib) - ZLIB_LIBS := $(shell $(PKG_CONFIG) --libs zlib) -@@ -21,10 +21,18 @@ libapk_so := $(obj)/libapk.so.$(libapk_soname) - libapk.so.$(libapk_soname)-objs := \ - adb.o adb_comp.o adb_walk_adb.o adb_walk_genadb.o adb_walk_gentext.o adb_walk_text.o apk_adb.o \ - atom.o blob.o commit.o common.o context.o crypto.o crypto_openssl.o ctype.o database.o hash.o \ -- extract_v2.o extract_v3.o fs_fsys.o fs_uvol.o io.o io_gunzip.o io_url_libfetch.o \ -- tar.o package.o pathbuilder.o print.o solver.o trust.o version.o -+ extract_v2.o extract_v3.o fs_fsys.o fs_uvol.o io.o io_gunzip.o tar.o package.o pathbuilder.o \ -+ print.o solver.o trust.o version.o - --libapk.so.$(libapk_soname)-libs := libfetch/libfetch.a -+libapk.so.$(libapk_soname)-libs := -+ -+ifeq ($(URL_BACKEND),wget) -+libapk.so.$(libapk_soname)-objs += io_url_wget.o -+else -+CFLAGS_ALL += -Ilibfetch -+libapk.so.$(libapk_soname)-objs += io_url_libfetch.o -+libapk.so.$(libapk_soname)-libs += libfetch/libfetch.a -+endif - - # ZSTD support can be disabled - ifneq ($(ZSTD),no) -@@ -79,7 +87,7 @@ LIBS_apk := -lapk - LIBS_apk-test := -lapk - LIBS_apk.so := -L$(obj) -lapk - --CFLAGS_ALL += -D_ATFILE_SOURCE -Ilibfetch -Iportability -+CFLAGS_ALL += -D_ATFILE_SOURCE -Iportability - CFLAGS_apk.o := -DAPK_VERSION=\"$(VERSION)\" - CFLAGS_apk-static.o := -DAPK_VERSION=\"$(VERSION)\" -DOPENSSL_NO_ENGINE - CFLAGS_apk-test.o := -DAPK_VERSION=\"$(VERSION)\" -DOPENSSL_NO_ENGINE -DTEST_MODE --- -GitLab - - -From 0418b684898403c49905c1f0e4b7c5ca522b2d50 Mon Sep 17 00:00:00 2001 -From: Jonas Jelonek -Date: Sun, 14 Apr 2024 00:20:14 +0200 -Subject: [PATCH 3/4] crypto: add support for mbedtls as backend - -backend is selected at compile-time with crypto_backend option - -Co-developed-by: Christian Marangi -Signed-off-by: Christian Marangi -Signed-off-by: Jonas Jelonek ---- - libfetch/meson.build | 2 +- - meson.build | 14 +- - meson_options.txt | 1 + - portability/getrandom.c | 19 +++ - portability/meson.build | 3 +- - portability/sys/random.h | 6 + - src/apk_crypto.h | 5 + - src/apk_crypto_mbedtls.h | 30 +++++ - src/crypto_mbedtls.c | 285 +++++++++++++++++++++++++++++++++++++++ - src/meson.build | 21 ++- - 10 files changed, 373 insertions(+), 13 deletions(-) - create mode 100644 portability/getrandom.c - create mode 100644 portability/sys/random.h - create mode 100644 src/apk_crypto_mbedtls.h - create mode 100644 src/crypto_mbedtls.c - -diff --git a/libfetch/meson.build b/libfetch/meson.build -index 431ba197..e24f95eb 100644 ---- a/libfetch/meson.build -+++ b/libfetch/meson.build -@@ -40,7 +40,7 @@ libfetch = static_library( - c_args: libfetch_cargs, - dependencies: [ - libportability_dep.partial_dependency(compile_args: true, includes: true), -- openssl_dep.partial_dependency(compile_args: true, includes: true) -+ crypto_dep.partial_dependency(compile_args: true, includes: true) - ], - ) - -diff --git a/meson.build b/meson.build -index 9a14cac0..3a83f4e1 100644 ---- a/meson.build -+++ b/meson.build -@@ -13,15 +13,21 @@ apk_libdir = get_option('libdir') - lua_bin = find_program('lua' + get_option('lua_version'), required: get_option('help')) - lua_dep = dependency('lua' + get_option('lua_version'), required: get_option('lua')) - scdoc_dep = dependency('scdoc', version: '>=1.10', required: get_option('docs')) --openssl_dep = dependency('openssl') --openssl_static_dep = dependency('openssl', static: true) - zlib_dep = dependency('zlib') - zlib_static_dep = dependency('zlib', static: true) - libzstd_dep = dependency('libzstd', required: get_option('zstd')) - libzstd_static_dep = dependency('libzstd', required: get_option('zstd'), static: true) - --shared_deps = [ openssl_dep, zlib_dep, libzstd_dep ] --static_deps = [ openssl_static_dep, zlib_static_dep, libzstd_static_dep ] -+if get_option('crypto_backend') == 'openssl' -+ crypto_dep = dependency('openssl') -+ crypto_static_dep = dependency('openssl', static: true) -+elif get_option('crypto_backend') == 'mbedtls' -+ crypto_dep = [ dependency('mbedtls'), dependency('mbedcrypto') ] -+ crypto_static_dep = [ dependency('mbedtls', static: true), dependency('mbedcrypto', static: true) ] -+endif -+ -+shared_deps = [ crypto_dep, zlib_dep, libzstd_dep ] -+static_deps = [ crypto_static_dep, zlib_static_dep, libzstd_static_dep ] - - add_project_arguments('-D_GNU_SOURCE', language: 'c') - -diff --git a/meson_options.txt b/meson_options.txt -index 940fe9a4..df0b07dc 100644 ---- a/meson_options.txt -+++ b/meson_options.txt -@@ -1,4 +1,5 @@ - option('arch_prefix', description: 'Define a custom arch prefix for default arch', type: 'string') -+option('crypto_backend', description: 'Crypto backend', type: 'combo', choices: ['openssl', 'mbedtls'], value: 'openssl') - option('compressed-help', description: 'Compress help database, needs lua-zlib', type: 'boolean', value: true) - option('docs', description: 'Build manpages with scdoc', type: 'feature', value: 'auto') - option('help', description: 'Build help into apk binaries, needs lua', type: 'feature', value: 'auto') -diff --git a/portability/getrandom.c b/portability/getrandom.c -new file mode 100644 -index 00000000..b2f4a07c ---- /dev/null -+++ b/portability/getrandom.c -@@ -0,0 +1,19 @@ -+#include -+#include -+#include -+#include -+ -+ssize_t getrandom(void *buf, size_t buflen, unsigned int flags) -+{ -+ int fd; -+ ssize_t ret; -+ -+ fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC); -+ if (fd < 0) -+ return -1; -+ -+ ret = read(fd, buf, buflen); -+ close(fd); -+ return ret; -+} -+ -diff --git a/portability/meson.build b/portability/meson.build -index 89957c3c..3172044e 100644 ---- a/portability/meson.build -+++ b/portability/meson.build -@@ -3,7 +3,8 @@ cc = meson.get_compiler('c') - libportability_src = [] - - check_symbols = [ -- ['memrchr', 'memrchr.c', 'NEED_MEMRCHR', 'string.h'], -+ ['getrandom', 'getrandom.c', 'NEED_GETRANDOM', 'sys/random.h'], -+ ['memrchr', 'memrchr.c', 'NEED_MEMRCHR', 'string.h'], - ['mknodat', 'mknodat.c', 'NEED_MKNODAT', 'sys/stat.h'], - ['pipe2', 'pipe2.c', 'NEED_PIPE2', 'unistd.h'], - ['qsort_r', 'qsort_r.c', 'NEED_QSORT_R', 'stdlib.h'], -diff --git a/portability/sys/random.h b/portability/sys/random.h -new file mode 100644 -index 00000000..02d5b1ca ---- /dev/null -+++ b/portability/sys/random.h -@@ -0,0 +1,6 @@ -+#include_next -+#include -+ -+#ifdef NEED_GETRANDOM -+ssize_t getrandom(void *buf, size_t buflen, unsigned int flags); -+#endif -diff --git a/src/apk_crypto.h b/src/apk_crypto.h -index 7de88dfc..5cae3bfe 100644 ---- a/src/apk_crypto.h -+++ b/src/apk_crypto.h -@@ -12,7 +12,12 @@ - #include - #include "apk_defines.h" - #include "apk_blob.h" -+ -+#if defined(CRYPTO_USE_OPENSSL) - #include "apk_crypto_openssl.h" -+#elif defined(CRYPTO_USE_MBEDTLS) -+#include "apk_crypto_mbedtls.h" -+#endif - - // Digest - -diff --git a/src/apk_crypto_mbedtls.h b/src/apk_crypto_mbedtls.h -new file mode 100644 -index 00000000..5481d149 ---- /dev/null -+++ b/src/apk_crypto_mbedtls.h -@@ -0,0 +1,30 @@ -+/* apk_crypto_mbedtls.h - Alpine Package Keeper (APK) -+ * -+ * Copyright (C) 2024 -+ * All rights reserved. -+ * -+ * SPDX-License-Identifier: GPL-2.0-only -+ */ -+ -+#ifndef APK_CRYPTO_MBEDTLS_H -+#define APK_CRYPTO_MBEDTLS_H -+ -+#include -+#include -+#include -+ -+struct apk_pkey { -+ uint8_t id[16]; -+ mbedtls_pk_context key; -+}; -+ -+struct apk_digest_ctx { -+ mbedtls_md_context_t mdctx; -+ struct apk_pkey *sigver_key; -+ uint8_t alg; -+}; -+ -+/* based on mbedtls' internal pkwrite.h calculations */ -+#define APK_ENC_KEY_MAX_LENGTH (38 + 2 * MBEDTLS_MPI_MAX_SIZE) -+ -+#endif -diff --git a/src/crypto_mbedtls.c b/src/crypto_mbedtls.c -new file mode 100644 -index 00000000..73d60e9d ---- /dev/null -+++ b/src/crypto_mbedtls.c -@@ -0,0 +1,285 @@ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+ -+#include -+#include -+#include -+#include -+ -+#ifdef MBEDTLS_PSA_CRYPTO_C -+#include -+#endif -+ -+#include "apk_crypto.h" -+ -+static inline const mbedtls_md_type_t apk_digest_alg_to_mbedtls_type(uint8_t alg) { -+ switch (alg) { -+ case APK_DIGEST_NONE: return MBEDTLS_MD_NONE; -+ case APK_DIGEST_MD5: return MBEDTLS_MD_MD5; -+ case APK_DIGEST_SHA1: return MBEDTLS_MD_SHA1; -+ case APK_DIGEST_SHA256_160: -+ case APK_DIGEST_SHA256: return MBEDTLS_MD_SHA256; -+ case APK_DIGEST_SHA512: return MBEDTLS_MD_SHA512; -+ default: -+ assert(alg); -+ return MBEDTLS_MD_NONE; -+ } -+} -+ -+static inline const mbedtls_md_info_t *apk_digest_alg_to_mdinfo(uint8_t alg) -+{ -+ return mbedtls_md_info_from_type( -+ apk_digest_alg_to_mbedtls_type(alg) -+ ); -+} -+ -+int apk_digest_calc(struct apk_digest *d, uint8_t alg, const void *ptr, size_t sz) -+{ -+ if (mbedtls_md(apk_digest_alg_to_mdinfo(alg), ptr, sz, d->data)) -+ return -APKE_CRYPTO_ERROR; -+ -+ apk_digest_set(d, alg); -+ return 0; -+} -+ -+int apk_digest_ctx_init(struct apk_digest_ctx *dctx, uint8_t alg) -+{ -+ dctx->alg = alg; -+ -+ mbedtls_md_init(&dctx->mdctx); -+ if (alg == APK_DIGEST_NONE) return 0; -+ if (mbedtls_md_setup(&dctx->mdctx, apk_digest_alg_to_mdinfo(alg), 0) || -+ mbedtls_md_starts(&dctx->mdctx)) -+ return -APKE_CRYPTO_ERROR; -+ -+ return 0; -+} -+ -+int apk_digest_ctx_reset(struct apk_digest_ctx *dctx) -+{ -+ if (dctx->alg == APK_DIGEST_NONE) return 0; -+ if (mbedtls_md_starts(&dctx->mdctx)) return -APKE_CRYPTO_ERROR; -+ return 0; -+} -+ -+int apk_digest_ctx_reset_alg(struct apk_digest_ctx *dctx, uint8_t alg) -+{ -+ mbedtls_md_free(&dctx->mdctx); -+ -+ dctx->alg = alg; -+ if (alg == APK_DIGEST_NONE) return 0; -+ if (mbedtls_md_setup(&dctx->mdctx, apk_digest_alg_to_mdinfo(alg), 0) || -+ mbedtls_md_starts(&dctx->mdctx)) -+ return -APKE_CRYPTO_ERROR; -+ -+ return 0; -+} -+ -+void apk_digest_ctx_free(struct apk_digest_ctx *dctx) -+{ -+ mbedtls_md_free(&dctx->mdctx); -+} -+ -+int apk_digest_ctx_update(struct apk_digest_ctx *dctx, const void *ptr, size_t sz) -+{ -+ if (dctx->alg == APK_DIGEST_NONE) return 0; -+ return mbedtls_md_update(&dctx->mdctx, ptr, sz) == 0 ? 0 : -APKE_CRYPTO_ERROR; -+} -+ -+int apk_digest_ctx_final(struct apk_digest_ctx *dctx, struct apk_digest *d) -+{ -+ if (mbedtls_md_finish(&dctx->mdctx, d->data)) { -+ apk_digest_reset(d); -+ return -APKE_CRYPTO_ERROR; -+ } -+ -+ d->alg = dctx->alg; -+ d->len = apk_digest_alg_len(d->alg); -+ return 0; -+} -+ -+static int apk_load_file_at(int dirfd, const char *fn, unsigned char **buf, size_t *n) -+{ -+ struct stat stats; -+ size_t size; -+ int fd; -+ -+ if ((fd = openat(dirfd, fn, O_RDONLY|O_CLOEXEC)) < 0) -+ return -errno; -+ -+ if (fstat(fd, &stats)) { -+ close(fd); -+ return -errno; -+ } -+ -+ size = (size_t)stats.st_size; -+ *n = size; -+ -+ if (size == 0 || (*buf = mbedtls_calloc(1, size + 1)) == NULL) -+ return MBEDTLS_ERR_PK_ALLOC_FAILED; -+ -+ if (read(fd, *buf, size) != size) { -+ close(fd); -+ -+ mbedtls_platform_zeroize(*buf, size); -+ mbedtls_free(*buf); -+ -+ return MBEDTLS_ERR_PK_FILE_IO_ERROR; -+ } -+ close(fd); -+ -+ (*buf)[size] = '\0'; -+ -+ if (strstr((const char *) *buf, "-----BEGIN ") != NULL) { -+ ++*n; -+ } -+ -+ return 0; -+} -+ -+static int apk_pkey_init(struct apk_pkey *pkey) -+{ -+ unsigned char dig[APK_DIGEST_MAX_LENGTH]; -+ unsigned char pub[APK_ENC_KEY_MAX_LENGTH] = {}; -+ unsigned char *c; -+ int len, r = -APKE_CRYPTO_ERROR; -+ -+ c = pub + APK_ENC_KEY_MAX_LENGTH; -+ -+ // key is written backwards into pub starting at c! -+ if ((len = mbedtls_pk_write_pubkey(&c, pub, &pkey->key)) < 0) return -APKE_CRYPTO_ERROR; -+ if (!mbedtls_md(apk_digest_alg_to_mdinfo(APK_DIGEST_SHA512), c, len, dig)) { -+ memcpy(pkey->id, dig, sizeof pkey->id); -+ r = 0; -+ } -+ -+ return r; -+} -+ -+void apk_pkey_free(struct apk_pkey *pkey) -+{ -+ mbedtls_pk_free(&pkey->key); -+} -+ -+static int apk_random(void *ctx, unsigned char *out, size_t len) -+{ -+ return (int)getrandom(out, len, 0); -+} -+ -+#if MBEDTLS_VERSION_NUMBER >= 0x03000000 -+static inline int apk_mbedtls_parse_privkey(struct apk_pkey *pkey, const unsigned char *buf, size_t blen) -+{ -+ return mbedtls_pk_parse_key(&pkey->key, buf, blen, NULL, 0, apk_random, NULL); -+} -+static inline int apk_mbedtls_sign(struct apk_digest_ctx *dctx, struct apk_digest *dig, -+ unsigned char *sig, size_t *sig_len) -+{ -+ return mbedtls_pk_sign(&dctx->sigver_key->key, apk_digest_alg_to_mbedtls_type(dctx->alg), -+ (const unsigned char *)&dig->data, dig->len, sig, sizeof *sig, sig_len, -+ apk_random, NULL); -+} -+#else -+static inline int apk_mbedtls_parse_privkey(struct apk_pkey *pkey, const unsigned char *buf, size_t blen) -+{ -+ return mbedtls_pk_parse_key(&pkey->key, buf, blen, NULL, 0); -+} -+static inline int apk_mbedtls_sign(struct apk_digest_ctx *dctx, struct apk_digest *dig, -+ unsigned char *sig, size_t *sig_len) -+{ -+ return mbedtls_pk_sign(&dctx->sigver_key->key, apk_digest_alg_to_mbedtls_type(dctx->alg), -+ (const unsigned char *)&dig->data, dig->len, sig, sig_len, apk_random, NULL); -+} -+#endif -+ -+int apk_pkey_load(struct apk_pkey *pkey, int dirfd, const char *fn) -+{ -+ unsigned char *buf = NULL; -+ size_t blen = 0; -+ int ret; -+ -+ if (apk_load_file_at(dirfd, fn, &buf, &blen)) -+ return -APKE_CRYPTO_ERROR; -+ -+ mbedtls_pk_init(&pkey->key); -+ if ((ret = mbedtls_pk_parse_public_key(&pkey->key, buf, blen)) != 0) -+ ret = apk_mbedtls_parse_privkey(pkey, buf, blen); -+ -+ mbedtls_platform_zeroize(buf, blen); -+ mbedtls_free(buf); -+ if (ret != 0) -+ return -APKE_CRYPTO_KEY_FORMAT; -+ -+ return apk_pkey_init(pkey); -+} -+ -+int apk_sign_start(struct apk_digest_ctx *dctx, uint8_t alg, struct apk_pkey *pkey) -+{ -+ if (apk_digest_ctx_reset_alg(dctx, alg)) -+ return -APKE_CRYPTO_ERROR; -+ -+ dctx->sigver_key = pkey; -+ -+ return 0; -+} -+ -+int apk_sign(struct apk_digest_ctx *dctx, void *sig, size_t *len) -+{ -+ struct apk_digest dig; -+ int r = 0; -+ -+ if (apk_digest_ctx_final(dctx, &dig)) -+ return -APKE_SIGNATURE_GEN_FAILURE; -+ -+ if (apk_mbedtls_sign(dctx, &dig, sig, len)) -+ r = -APKE_SIGNATURE_GEN_FAILURE; -+ -+ dctx->sigver_key = NULL; -+ return r; -+} -+ -+int apk_verify_start(struct apk_digest_ctx *dctx, uint8_t alg, struct apk_pkey *pkey) -+{ -+ if (apk_digest_ctx_reset_alg(dctx, alg)) -+ return -APKE_CRYPTO_ERROR; -+ -+ dctx->sigver_key = pkey; -+ -+ return 0; -+} -+ -+int apk_verify(struct apk_digest_ctx *dctx, void *sig, size_t len) -+{ -+ struct apk_digest dig; -+ int r = 0; -+ -+ if (apk_digest_ctx_final(dctx, &dig)) -+ return -APKE_SIGNATURE_GEN_FAILURE; -+ -+ if (mbedtls_pk_verify(&dctx->sigver_key->key, apk_digest_alg_to_mbedtls_type(dctx->alg), -+ (const unsigned char *)&dig.data, dig.len, sig, len)) -+ r = -APKE_SIGNATURE_INVALID; -+ -+ dctx->sigver_key = NULL; -+ return r; -+} -+ -+static void apk_crypto_cleanup(void) -+{ -+#ifdef MBEDTLS_PSA_CRYPTO_C -+ mbedtls_psa_crypto_free(); -+#endif -+} -+ -+void apk_crypto_init(void) -+{ -+ atexit(apk_crypto_cleanup); -+ -+#ifdef MBEDTLS_PSA_CRYPTO_C -+ psa_crypto_init(); -+#endif -+} -diff --git a/src/meson.build b/src/meson.build -index 38e9d3b0..e1204fc0 100644 ---- a/src/meson.build -+++ b/src/meson.build -@@ -1,3 +1,4 @@ -+crypto_backend = get_option('crypto_backend') - url_backend = get_option('url_backend') - - libapk_so_version = '2.99.0' -@@ -15,7 +16,7 @@ libapk_src = [ - 'common.c', - 'context.c', - 'crypto.c', -- 'crypto_openssl.c', -+ 'crypto_@0@.c'.format(crypto_backend), - 'ctype.c', - 'database.c', - 'extract_v2.c', -@@ -40,7 +41,7 @@ libapk_headers = [ - 'apk_atom.h', - 'apk_blob.h', - 'apk_crypto.h', -- 'apk_crypto_openssl.h', -+ 'apk_crypto_@0@.h'.format(crypto_backend), - 'apk_ctype.h', - 'apk_database.h', - 'apk_defines.h', -@@ -89,6 +90,17 @@ apk_src = [ - 'applet.c', - ] - -+apk_cargs = [ -+ '-DAPK_VERSION="' + meson.project_version() + '"', -+ '-D_ATFILE_SOURCE', -+] -+ -+if crypto_backend == 'openssl' -+ apk_cargs += [ '-DCRYPTO_USE_OPENSSL' ] -+elif crypto_backend == 'mbedtls' -+ apk_cargs += [ '-DCRYPTO_USE_MBEDTLS' ] -+endif -+ - if lua_bin.found() - genhelp_script = files('genhelp.lua') - genhelp_args = [lua_bin, genhelp_script, '@INPUT@'] -@@ -115,11 +127,6 @@ endif - - apk_src += [ generated_help ] - --apk_cargs = [ -- '-DAPK_VERSION="' + meson.project_version() + '"', -- '-D_ATFILE_SOURCE', --] -- - apk_arch_prefix = get_option('arch_prefix') - if apk_arch_prefix != '' - apk_cargs += ['-DAPK_ARCH_PREFIX="@0@"'.format(apk_arch_prefix)] --- -GitLab - - -From 34bb1021284dccbf97f02b0a0bb9e751b8887cad Mon Sep 17 00:00:00 2001 -From: Christian Marangi -Date: Tue, 16 Apr 2024 17:56:45 +0200 -Subject: [PATCH 4/4] add option to configure crypto backend in legacy make - build system - -Define CRYPTO to select mbedtls as alternative crypto backend. By -default openssl is used. - -Signed-off-by: Christian Marangi ---- - src/Makefile | 20 +++++++++++++++----- - 1 file changed, 15 insertions(+), 5 deletions(-) - -diff --git a/src/Makefile b/src/Makefile -index efdc68df..97db0e72 100644 ---- a/src/Makefile -+++ b/src/Makefile -@@ -20,9 +20,9 @@ libapk_soname := 2.99.0 - libapk_so := $(obj)/libapk.so.$(libapk_soname) - libapk.so.$(libapk_soname)-objs := \ - adb.o adb_comp.o adb_walk_adb.o adb_walk_genadb.o adb_walk_gentext.o adb_walk_text.o apk_adb.o \ -- atom.o blob.o commit.o common.o context.o crypto.o crypto_openssl.o ctype.o database.o hash.o \ -- extract_v2.o extract_v3.o fs_fsys.o fs_uvol.o io.o io_gunzip.o tar.o package.o pathbuilder.o \ -- print.o solver.o trust.o version.o -+ atom.o blob.o commit.o common.o context.o crypto.o ctype.o database.o hash.o extract_v2.o \ -+ extract_v3.o fs_fsys.o fs_uvol.o io.o io_gunzip.o tar.o package.o pathbuilder.o print.o \ -+ solver.o trust.o version.o - - libapk.so.$(libapk_soname)-libs := - -@@ -34,6 +34,16 @@ libapk.so.$(libapk_soname)-objs += io_url_libfetch.o - libapk.so.$(libapk_soname)-libs += libfetch/libfetch.a - endif - -+ifeq ($(CRYPTO),mbedtls) -+CRYPTO_CFLAGS := $(shell $(PKG_CONFIG) --cflags mbedtls mbedcrypto) -DCRYPTO_USE_MBEDTLS -+CRYPTO_LIBS := $(shell $(PKG_CONFIG) --libs mbedtls mbedcrypto) -+libapk.so.$(libapk_soname)-objs += crypto_mbedtls.o -+else -+CRYPTO_CFLAGS := $(shell $(PKG_CONFIG) --cflags openssl) -DCRYPTO_USE_OPENSSL -+CRYPTO_LIBS := $(shell $(PKG_CONFIG) --libs openssl) -+libapk.so.$(libapk_soname)-objs += crypto_openssl.o -+endif -+ - # ZSTD support can be disabled - ifneq ($(ZSTD),no) - ZSTD_CFLAGS := $(shell $(PKG_CONFIG) --cflags libzstd) -@@ -100,9 +110,9 @@ LIBS_apk.static := -Wl,--as-needed -ldl -Wl,--no-as-needed - LDFLAGS_apk += -L$(obj) - LDFLAGS_apk-test += -L$(obj) - --CFLAGS_ALL += $(OPENSSL_CFLAGS) $(ZLIB_CFLAGS) $(ZSTD_CFLAGS) -+CFLAGS_ALL += $(CRYPTO_CFLAGS) $(ZLIB_CFLAGS) $(ZSTD_CFLAGS) - LIBS := -Wl,--as-needed \ -- $(OPENSSL_LIBS) $(ZLIB_LIBS) $(ZSTD_LIBS) \ -+ $(CRYPTO_LIBS) $(ZLIB_LIBS) $(ZSTD_LIBS) \ - -Wl,--no-as-needed - - # Help generation --- -GitLab diff --git a/package/system/rpcd/Makefile b/package/system/rpcd/Makefile index 2db014f2df..041164ccca 100644 --- a/package/system/rpcd/Makefile +++ b/package/system/rpcd/Makefile @@ -103,5 +103,5 @@ endef $(eval $(call BuildPackage,rpcd)) $(eval $(call BuildPlugin,file,,Provides ubus calls for file and directory operations.)) $(eval $(call BuildPlugin,rpcsys,,Provides ubus calls for sysupgrade and password changing.)) -$(eval $(call BuildPlugin,iwinfo,+libiwinfo,Provides ubus calls for accessing iwinfo data.,libiwinfo (>= 2023-01-21))) +$(eval $(call BuildPlugin,iwinfo,+libiwinfo,Provides ubus calls for accessing iwinfo data.,libiwinfo (>=2023.01.21))) $(eval $(call BuildPlugin,ucode,+libucode,Allows implementing plugins using ucode scripts.)) diff --git a/rules.mk b/rules.mk index 84586ac26b..66297565cb 100644 --- a/rules.mk +++ b/rules.mk @@ -249,6 +249,8 @@ HOST_CFLAGS:=-O2 $(HOST_CPPFLAGS) HOST_LDFLAGS:=-L$(STAGING_DIR_HOST)/lib $(if $(IS_PACKAGE_BUILD),-L$(STAGING_DIR_HOSTPKG)/lib -L$(STAGING_DIR)/host/lib) BUILD_KEY=$(TOPDIR)/key-build +BUILD_KEY_APK_SEC=$(TOPDIR)/private-key.pem +BUILD_KEY_APK_PUB=$(TOPDIR)/public-key.pem FAKEROOT:=$(STAGING_DIR_HOST)/bin/fakeroot diff --git a/scripts/feeds b/scripts/feeds index 1c84cf112e..bf62092ba7 100755 --- a/scripts/feeds +++ b/scripts/feeds @@ -865,7 +865,7 @@ sub feed_config() { printf "\t\tdepends on PER_FEED_REPO\n"; printf "\t\tdefault y\n" if $installed; printf "\t\thelp\n"; - printf "\t\t Enable the \\\"%s\\\" feed in opkg distfeeds.conf.\n", $feed->[1]; + printf "\t\t Enable the \\\"%s\\\" feed in opkg distfeeds.conf and apk repositories.\n", $feed->[1]; printf "\t\t Say M to add the feed commented out.\n"; printf "\n"; } @@ -884,7 +884,7 @@ Commands: -s : List of feed names and their URL. -r : List packages of specified feed. -d : Use specified delimiter to distinguish rows (default: spaces) - -f : List feeds in feeds.conf compatible format (when using -s). + -f : List feeds in opkg feeds.conf compatible format (when using -s). install [options] : Install a package Options: diff --git a/scripts/package-metadata.pl b/scripts/package-metadata.pl index a46f819ab5..2c7d3c624b 100755 --- a/scripts/package-metadata.pl +++ b/scripts/package-metadata.pl @@ -373,7 +373,7 @@ sub and_condition($) { sub gen_condition ($) { my $condition = shift; - # remove '!()', just as include/package-ipkg.mk does + # remove '!()', just as include/package-pack.mk does $condition =~ s/[()!]//g; return join("", map(and_condition($_), split('\|\|', $condition))); } diff --git a/target/imagebuilder/Makefile b/target/imagebuilder/Makefile index bfc72dacd0..ef32d2cf7c 100644 --- a/target/imagebuilder/Makefile +++ b/target/imagebuilder/Makefile @@ -22,6 +22,8 @@ IB_IDIR:=$(patsubst $(TOPDIR)/%,$(PKG_BUILD_DIR)/%,$(STAGING_DIR_IMAGE)) BUNDLER_PATH := $(subst $(space),:,$(filter-out $(TOPDIR)/%,$(subst :,$(space),$(PATH)))) BUNDLER_COMMAND := PATH=$(BUNDLER_PATH) $(XARGS) $(SCRIPT_DIR)/bundle-libraries.sh $(PKG_BUILD_DIR)/staging_dir/host +PACKAGE_SUFFIX:=$(if $(CONFIG_USE_APK),apk,ipk) + all: compile $(BIN_DIR)/$(IB_NAME).tar.zst: clean @@ -35,18 +37,21 @@ $(BIN_DIR)/$(IB_NAME).tar.zst: clean $(INCLUDE_DIR) $(SCRIPT_DIR) \ $(TOPDIR)/rules.mk \ ./files/Makefile \ - ./files/repositories.conf \ $(TMP_DIR)/.targetinfo \ $(TMP_DIR)/.packageinfo \ $(PKG_BUILD_DIR)/ -ifeq ($(CONFIG_IB_STANDALONE),) - echo '## Remote package repositories' >> $(PKG_BUILD_DIR)/repositories.conf - $(call FeedSourcesAppend,$(PKG_BUILD_DIR)/repositories.conf) - $(VERSION_SED_SCRIPT) $(PKG_BUILD_DIR)/repositories.conf -endif - $(INSTALL_DIR) $(PKG_BUILD_DIR)/packages + +ifeq ($(CONFIG_IB_STANDALONE),) +ifneq ($(CONFIG_USE_APK),) + $(call FeedSourcesAppendAPK,$(PKG_BUILD_DIR)/repositories) + $(VERSION_SED_SCRIPT) $(PKG_BUILD_DIR)/repositories +else + echo '## Remote package repositories' >> $(PKG_BUILD_DIR)/repositories.conf + $(call FeedSourcesAppendOPKG,$(PKG_BUILD_DIR)/repositories.conf) + $(VERSION_SED_SCRIPT) $(PKG_BUILD_DIR)/repositories.conf + # create an empty package index so `opkg` doesn't report an error touch $(PKG_BUILD_DIR)/packages/Packages $(INSTALL_DATA) ./files/README.md $(PKG_BUILD_DIR)/packages/ @@ -54,28 +59,32 @@ endif echo '' >> $(PKG_BUILD_DIR)/repositories.conf echo '## This is the local package repository, do not remove!' >> $(PKG_BUILD_DIR)/repositories.conf echo 'src imagebuilder file:packages' >> $(PKG_BUILD_DIR)/repositories.conf +endif +endif ifeq ($(CONFIG_BUILDBOT),) ifeq ($(CONFIG_IB_STANDALONE),) $(FIND) $(call FeedPackageDir,libc) -type f \ - \( -name 'libc_*.ipk' -or -name 'kernel_*.ipk' -or -name 'kmod-*.ipk' \) \ + \( -name 'libc_*.$(PACKAGE_SUFFIX)' -or -name 'kernel_*.$(PACKAGE_SUFFIX)' -or -name 'kmod-*.$(PACKAGE_SUFFIX)' \) \ -exec $(CP) -t $(PKG_BUILD_DIR)/packages {} + else - $(FIND) $(wildcard $(PACKAGE_SUBDIRS)) -type f -name '*.ipk' \ + $(FIND) $(wildcard $(PACKAGE_SUBDIRS)) -type f -name '*.$(PACKAGE_SUFFIX)' \ -exec $(CP) -t $(PKG_BUILD_DIR)/packages/ {} + endif else $(FIND) $(call FeedPackageDir,libc) -type f \ - \( -name 'libc_*.ipk' -or -name 'kernel_*.ipk' \) \ + \( -name 'libc_*.$(PACKAGE_SUFFIX)' -or -name 'kernel_*.$(PACKAGE_SUFFIX)' \) \ -exec $(CP) -t $(IB_LDIR)/ {} + endif +ifneq ($(CONFIG_USE_APK),y) ifneq ($(CONFIG_SIGNATURE_CHECK),) echo '' >> $(PKG_BUILD_DIR)/repositories.conf echo 'option check_signature' >> $(PKG_BUILD_DIR)/repositories.conf $(INSTALL_DIR) $(PKG_BUILD_DIR)/keys $(CP) -L $(STAGING_DIR_ROOT)/etc/opkg/keys/ $(PKG_BUILD_DIR)/ $(CP) -L $(STAGING_DIR_ROOT)/usr/sbin/opkg-key $(PKG_BUILD_DIR)/scripts/ +endif endif $(CP) -L $(TOPDIR)/target/linux/Makefile $(PKG_BUILD_DIR)/target/linux diff --git a/target/imagebuilder/files/Makefile b/target/imagebuilder/files/Makefile index 78a75e96a8..c032306c8e 100644 --- a/target/imagebuilder/files/Makefile +++ b/target/imagebuilder/files/Makefile @@ -85,6 +85,8 @@ help: FORCE # override variables from rules.mk PACKAGE_DIR:=$(TOPDIR)/packages LISTS_DIR:=$(subst $(space),/,$(patsubst %,..,$(subst /,$(space),$(TARGET_DIR))))$(DL_DIR) +PACKAGE_DIR_ALL:=$(TOPDIR)/packages + export OPKG_KEYS:=$(TOPDIR)/keys OPKG:=$(call opkg,$(TARGET_DIR)) \ -f $(TOPDIR)/repositories.conf \ @@ -92,6 +94,11 @@ OPKG:=$(call opkg,$(TARGET_DIR)) \ --cache $(DL_DIR) \ --lists-dir $(LISTS_DIR) +APK:=$(call apk,$(TARGET_DIR)) \ + --cache-dir $(DL_DIR) \ + --allow-untrusted + + include $(INCLUDE_DIR)/target.mk -include .profiles.mk @@ -152,20 +159,25 @@ _call_manifest: FORCE mkdir -p $(TARGET_DIR) $(BIN_DIR) $(TMP_DIR) $(DL_DIR) $(MAKE) package_reload >/dev/null $(MAKE) package_install >/dev/null - $(OPKG) list-installed $(if $(STRIP_ABI),--strip-abi) + $(APK) list --quiet --manifest --no-network package_index: FORCE @echo >&2 @echo Building package index... >&2 @mkdir -p $(TMP_DIR) $(TARGET_DIR)/tmp +ifeq ($(CONFIG_USE_APK),) (cd $(PACKAGE_DIR); $(SCRIPT_DIR)/ipkg-make-index.sh . > Packages && \ gzip -9nc Packages > Packages.gz; \ $(if $(CONFIG_SIGNATURE_CHECK), \ $(STAGING_DIR_HOST)/bin/usign -S -m Packages -s $(BUILD_KEY)) \ ) >/dev/null 2>/dev/null $(OPKG) update >&2 || true +else + (cd $(PACKAGE_DIR); $(APK) mkndx --output packages.adb *.apk) >&2 +endif package_reload: +ifeq ($(CONFIG_USE_APK),) if [ -d "$(PACKAGE_DIR)" ] && ( \ [ ! -f "$(PACKAGE_DIR)/Packages" ] || \ [ ! -f "$(PACKAGE_DIR)/Packages.gz" ] || \ @@ -176,29 +188,48 @@ package_reload: mkdir -p $(TARGET_DIR)/tmp; \ $(OPKG) update >&2 || true; \ fi +else + if [ -d "$(PACKAGE_DIR)" ] && ( \ + [ ! -f "$(PACKAGE_DIR)/packages.adb" ] || \ + [ "`find $(PACKAGE_DIR) -cnewer $(PACKAGE_DIR)/packages.adb`" ] ); then \ + echo "Package list missing or not up-to-date, generating it." >&2 ;\ + $(MAKE) package_index; \ + else \ + mkdir -p $(TARGET_DIR)/tmp; \ + $(APK) update >&2 || true; \ + fi +endif package_list: FORCE @$(MAKE) -s package_reload - @$(OPKG) list --size 2>/dev/null + @$(APK) list --size 2>/dev/null package_install: FORCE @echo @echo Installing packages... +ifeq ($(CONFIG_USE_APK),) $(OPKG) install $(firstword $(wildcard $(LINUX_DIR)/libc_*.ipk $(PACKAGE_DIR)/libc_*.ipk)) $(OPKG) install $(firstword $(wildcard $(LINUX_DIR)/kernel_*.ipk $(PACKAGE_DIR)/kernel_*.ipk)) $(OPKG) install $(BUILD_PACKAGES) +else + $(APK) add --initdb --no-scripts $(firstword $(wildcard $(LINUX_DIR)/libc-*.apk $(PACKAGE_DIR)/libc_*.apk)) + $(APK) add --no-scripts $(firstword $(wildcard $(LINUX_DIR)/kernel-*.apk $(PACKAGE_DIR)/kernel_*.apk)) + $(APK) add --no-scripts $(BUILD_PACKAGES) +endif prepare_rootfs: FORCE @echo @echo Finalizing root filesystem... $(CP) $(TARGET_DIR) $(TARGET_DIR_ORIG) +ifeq ($(CONFIG_USE_APK),) $(if $(CONFIG_SIGNATURE_CHECK), \ $(if $(ADD_LOCAL_KEY), \ OPKG_KEYS=$(TARGET_DIR)/etc/opkg/keys/ \ $(SCRIPT_DIR)/opkg-key add $(BUILD_KEY).pub \ ) \ ) +endif $(call prepare_rootfs,$(TARGET_DIR),$(USER_FILES),$(DISABLED_SERVICES)) build_image: FORCE @@ -245,6 +276,9 @@ ifneq ($(PROFILE),) endif _check_keys: FORCE +ifeq ($(CONFIG_USE_APK),) + # TODO +else ifneq ($(CONFIG_SIGNATURE_CHECK),) @if [ ! -s $(BUILD_KEY) -o ! -s $(BUILD_KEY).pub ]; then \ echo Generate local signing keys... >&2; \ @@ -260,6 +294,7 @@ ifneq ($(CONFIG_SIGNATURE_CHECK),) -s $(BUILD_KEY); \ fi endif +endif image: $(MAKE) -s _check_profile @@ -287,7 +322,11 @@ ifeq ($(PACKAGE),) @exit 1 endif @$(MAKE) -s package_reload - @$(OPKG) whatdepends -A $(PACKAGE) +ifeq ($(CONFIG_USE_APK),) + @$(OPKG) list --depends $(PACKAGE) +else + @$(APK) list --depends $(PACKAGE) +endif package_depends: FORCE ifeq ($(PACKAGE),) @@ -295,7 +334,10 @@ ifeq ($(PACKAGE),) @exit 1 endif @$(MAKE) -s package_reload +ifeq ($(CONFIG_USE_APK),) @$(OPKG) depends -A $(PACKAGE) - +else + @$(OPKG) whatdepends -A $(PACKAGE) +endif .SILENT: help info image manifest package_whatdepends package_depends diff --git a/target/linux/mediatek/files-6.6/arch/arm64/boot/dts/mediatek/mt7988a-rfb-eth1-aqr.dtso b/target/linux/mediatek/files-6.6/arch/arm64/boot/dts/mediatek/mt7988a-rfb-eth1-aqr.dtso index d21a61ad19..c471b9ed91 100644 --- a/target/linux/mediatek/files-6.6/arch/arm64/boot/dts/mediatek/mt7988a-rfb-eth1-aqr.dtso +++ b/target/linux/mediatek/files-6.6/arch/arm64/boot/dts/mediatek/mt7988a-rfb-eth1-aqr.dtso @@ -22,6 +22,7 @@ phy0: ethernet-phy@0 { reg = <0>; compatible = "ethernet-phy-ieee802.3-c45"; + firmware-name = "AQR-G4_v5.7.0-AQR_EVB_Generic_X3410_StdCfg_MDISwap_USX_ID46316_VER2140.cld"; reset-gpios = <&pio 72 GPIO_ACTIVE_LOW>; reset-assert-us = <100000>; reset-deassert-us = <221000>; diff --git a/target/linux/mediatek/files-6.6/arch/arm64/boot/dts/mediatek/mt7988a-rfb-eth2-aqr.dtso b/target/linux/mediatek/files-6.6/arch/arm64/boot/dts/mediatek/mt7988a-rfb-eth2-aqr.dtso index 140391fc45..1490f055b5 100644 --- a/target/linux/mediatek/files-6.6/arch/arm64/boot/dts/mediatek/mt7988a-rfb-eth2-aqr.dtso +++ b/target/linux/mediatek/files-6.6/arch/arm64/boot/dts/mediatek/mt7988a-rfb-eth2-aqr.dtso @@ -22,6 +22,7 @@ phy8: ethernet-phy@8 { reg = <8>; compatible = "ethernet-phy-ieee802.3-c45"; + firmware-name = "AQR-G4_v5.7.0-AQR_EVB_Generic_X3410_StdCfg_MDISwap_USX_ID46316_VER2140.cld"; reset-gpios = <&pio 71 GPIO_ACTIVE_LOW>; reset-assert-us = <100000>; reset-deassert-us = <221000>; diff --git a/target/linux/mediatek/files-6.6/arch/arm64/boot/dts/mediatek/mt7988a-rfb-spim-nand-factory.dtso b/target/linux/mediatek/files-6.6/arch/arm64/boot/dts/mediatek/mt7988a-rfb-spim-nand-factory.dtso new file mode 100644 index 0000000000..3fe75aca36 --- /dev/null +++ b/target/linux/mediatek/files-6.6/arch/arm64/boot/dts/mediatek/mt7988a-rfb-spim-nand-factory.dtso @@ -0,0 +1,82 @@ +// SPDX-License-Identifier: (GPL-2.0 OR MIT) + +/dts-v1/; +/plugin/; + +/ { + compatible = "mediatek,mt7988a-rfb", "mediatek,mt7988a"; + + fragment@0 { + target = <&ubi_part>; + + __overlay__ { + volumes { + ubi_factory: ubi-volume-factory { + volname = "factory"; + + nvmem-layout { + compatible = "fixed-layout"; + #address-cells = <1>; + #size-cells = <1>; + + eeprom_wmac: eeprom@0 { + reg = <0x0 0x1e00>; + }; + + gmac2_mac: eeprom@fffee { + reg = <0xfffee 0x6>; + }; + + gmac1_mac: eeprom@ffff4 { + reg = <0xffff4 0x6>; + }; + + gmac0_mac: eeprom@ffffa { + reg = <0xffffa 0x6>; + }; + }; + }; + }; + }; + }; + + fragment@1 { + target = <&pcie0>; + __overlay__ { + pcie@0,0 { + reg = <0x0000 0 0 0 0>; + + wifi@0,0 { + compatible = "mediatek,mt76"; + reg = <0x0000 0 0 0 0>; + nvmem-cell-names = "eeprom"; + nvmem-cells = <&eeprom_wmac>; + }; + }; + }; + }; + + fragment@2 { + target = <&gmac0>; + __overlay__ { + nvmem-cell-names = "mac-address"; + nvmem-cells = <&gmac0_mac>; + }; + }; + + fragment@3 { + target = <&gmac1>; + __overlay__ { + nvmem-cell-names = "mac-address"; + nvmem-cells = <&gmac1_mac>; + }; + }; + + fragment@4 { + target = <&gmac2>; + __overlay__ { + nvmem-cell-names = "mac-address"; + nvmem-cells = <&gmac2_mac>; + }; + }; +}; diff --git a/target/linux/mediatek/files-6.6/arch/arm64/boot/dts/mediatek/mt7988a-rfb-spim-nand.dtso b/target/linux/mediatek/files-6.6/arch/arm64/boot/dts/mediatek/mt7988a-rfb-spim-nand.dtso index a9eca00d44..b5a67c725b 100644 --- a/target/linux/mediatek/files-6.6/arch/arm64/boot/dts/mediatek/mt7988a-rfb-spim-nand.dtso +++ b/target/linux/mediatek/files-6.6/arch/arm64/boot/dts/mediatek/mt7988a-rfb-spim-nand.dtso @@ -23,9 +23,6 @@ spi-max-frequency = <52000000>; spi-tx-bus-width = <4>; spi-rx-bus-width = <4>; - mediatek,nmbm; - mediatek,bmt-max-ratio = <1>; - mediatek,bmt-max-reserved-blocks = <64>; partitions { compatible = "fixed-partitions"; @@ -34,31 +31,45 @@ partition@0 { label = "BL2"; - reg = <0x00000 0x0100000>; + reg = <0x00000 0x0200000>; read-only; }; - partition@100000 { - label = "u-boot-env"; - reg = <0x0100000 0x0080000>; - }; - - partition@180000 { - label = "Factory"; - reg = <0x180000 0x0400000>; - }; - - partition@580000 { - label = "FIP"; - reg = <0x580000 0x0200000>; - }; - - partition@780000 { + ubi_part: partition@200000 { label = "ubi"; - reg = <0x780000 0x7080000>; + reg = <0x0200000 0x7e00000>; + compatible = "linux,ubi"; + + volumes { + ubi-volume-ubootenv { + volname = "ubootenv"; + nvmem-layout { + compatible = "u-boot,env-redundant-bool-layout"; + }; + }; + + ubi-volume-ubootenv2 { + volname = "ubootenv2"; + nvmem-layout { + compatible = "u-boot,env-redundant-bool-layout"; + }; + }; + + ubi_root: ubi-volume-fit { + volname = "fit"; + }; + + }; }; }; }; }; }; + + fragment@1 { + target-path = "/chosen"; + __overlay__ { + rootdisk-spim-nand = <&ubi_root>; + }; + }; }; diff --git a/target/linux/mediatek/filogic/base-files/lib/upgrade/platform.sh b/target/linux/mediatek/filogic/base-files/lib/upgrade/platform.sh index 878ec4e1ba..72279d2940 100755 --- a/target/linux/mediatek/filogic/base-files/lib/upgrade/platform.sh +++ b/target/linux/mediatek/filogic/base-files/lib/upgrade/platform.sh @@ -84,7 +84,8 @@ platform_do_upgrade() { bananapi,bpi-r3-mini|\ bananapi,bpi-r4|\ bananapi,bpi-r4-poe|\ - jdcloud,re-cp-03) + jdcloud,re-cp-03|\ + mediatek,mt7988a-rfb) [ -e /dev/fit0 ] && fitblk /dev/fit0 [ -e /dev/fitrw ] && fitblk /dev/fitrw bootdev="$(fitblk_get_bootdev)" diff --git a/target/linux/mediatek/image/filogic.mk b/target/linux/mediatek/image/filogic.mk index 5938a69fe4..bcb727535b 100644 --- a/target/linux/mediatek/image/filogic.mk +++ b/target/linux/mediatek/image/filogic.mk @@ -983,6 +983,7 @@ define Device/mediatek_mt7988a-rfb mt7988a-rfb-sd \ mt7988a-rfb-snfi-nand \ mt7988a-rfb-spim-nand \ + mt7988a-rfb-spim-nand-factory \ mt7988a-rfb-spim-nor \ mt7988a-rfb-eth1-aqr \ mt7988a-rfb-eth1-i2p5g-phy \ @@ -1014,7 +1015,7 @@ define Device/mediatek_mt7988a-rfb ARTIFACT/emmc-bl31-uboot.fip := mt7988-bl31-uboot rfb-emmc ARTIFACT/nor-preloader.bin := mt7988-bl2 nor-comb ARTIFACT/nor-bl31-uboot.fip := mt7988-bl31-uboot rfb-nor - ARTIFACT/snand-preloader.bin := mt7988-bl2 spim-nand-comb + ARTIFACT/snand-preloader.bin := mt7988-bl2 spim-nand-ubi-comb ARTIFACT/snand-bl31-uboot.fip := mt7988-bl31-uboot rfb-snand ARTIFACT/sdcard.img.gz := mt798x-gpt sdmmc |\ pad-to 17k | mt7988-bl2 sdmmc-comb |\ diff --git a/target/linux/tegra/image/Makefile b/target/linux/tegra/image/Makefile index a45992e5f3..dcdf8a7013 100644 --- a/target/linux/tegra/image/Makefile +++ b/target/linux/tegra/image/Makefile @@ -16,12 +16,13 @@ define Build/tegra-sdcard -n '$(DEVICE_TITLE) OpenWrt bootscript' \ -d $(BOOT_SCRIPT) \ $@.boot/boot.scr + $(CP) $@ $@.rootfs SIGNATURE="$(IMG_PART_SIGNATURE)" \ $(SCRIPT_DIR)/gen_image_generic.sh \ $@ \ $(CONFIG_TARGET_KERNEL_PARTSIZE) $@.boot \ - $(CONFIG_TARGET_ROOTFS_PARTSIZE) $(IMAGE_ROOTFS) \ + $(CONFIG_TARGET_ROOTFS_PARTSIZE) $@.rootfs \ 2048 $(if $(UBOOT),dd if=$(STAGING_DIR_IMAGE)/$(UBOOT).img of=$@ bs=512 skip=1 seek=1 conv=notrunc) @@ -32,7 +33,7 @@ DEVICE_VARS += BOOT_SCRIPT UBOOT define Device/Default BOOT_SCRIPT := generic-bootscript IMAGES := sdcard.img.gz - IMAGE/sdcard.img.gz := tegra-sdcard | gzip | append-metadata + IMAGE/sdcard.img.gz := append-rootfs | pad-extra 128k | tegra-sdcard | gzip | append-metadata KERNEL_NAME := zImage KERNEL := kernel-bin PROFILES := Default @@ -42,8 +43,8 @@ define Device/compulab_trimslice DEVICE_VENDOR := CompuLab DEVICE_MODEL := TrimSlice DEVICE_DTS := tegra20-trimslice - DEVICE_PACKAGES := kmod-r8169 kmod-rt2800-usb kmod-rtc-em3027 \ - kmod-usb-storage wpad-basic-openssl + DEVICE_PACKAGES := kmod-leds-gpio kmod-r8169 kmod-rt2800-usb \ + kmod-rtc-em3027 kmod-usb-hid kmod-usb-storage wpad-basic-openssl UBOOT := trimslice-mmc endef TARGET_DEVICES += compulab_trimslice diff --git a/target/linux/tegra/image/generic-bootscript b/target/linux/tegra/image/generic-bootscript index 0e7816490d..5d4620c4d2 100644 --- a/target/linux/tegra/image/generic-bootscript +++ b/target/linux/tegra/image/generic-bootscript @@ -1,6 +1,6 @@ part uuid ${devtype} ${devnum}:2 ptuuid -setenv bootargs "root=PARTUUID=${ptuuid} rw rootwait console=ttyS0,115200 console=tty0" +setenv bootargs "root=PARTUUID=${ptuuid} rw rootwait" load ${devtype} ${devnum}:${bootpart} ${kernel_addr_r} zImage load ${devtype} ${devnum}:${bootpart} ${fdt_addr_r} ${soc}-${board}.dtb