LEDE buildbot configuration https://git.openwrt.org/buildbot/atom?h=v25 2025-12-14T05:09:49Z 2025-12-14T05:09:49Z Petr Štetiar 2025-12-12T21:41:01Z urn:sha1:057e8adc9d49eda73499b5b771cba5df5e8f80d1 Currently git.openwrt.org is sometimes overloaded, so lets implement a mechanism to override the source host for feeds. This introduces a `feeds_host_override` configuration option. When set, the buildmaster will temporarily modify `feeds.conf.default` to point to the alternate host (e.g., GitHub) before updating feeds, and restore the original configuration afterwards. This is particularly useful when the primary git server is returning 503 errors: Updating feed 'packages' from 'https://git.openwrt.org/feed/packages.git' ... Cloning into './feeds/packages'... fatal: unable to access 'https://git.openwrt.org/feed/packages.git/': The requested URL returned error: 503 failed. Signed-off-by: Petr Štetiar <ynezz@true.cz> 2025-12-13T08:19:17Z Petr Štetiar 2025-12-13T08:02:33Z urn:sha1:b0a3bf3f9b2acf5be391ed1d684e135f1161af19 Signing steps are currently skipped if only APK signing is configured, because phase2 effectively enables signing only when `usign` is present. Fix this by making `IsSignEnabled` explicitly cover APK signing too. While at it, refactor the signing checks into dedicated helper functions `IsUsignEnabled`, `IsApkSigningEnabled`, and `IsGpgSigningEnabled`, and use them consistently to align phase2 with the phase1 implementation. Signed-off-by: Petr Štetiar <ynezz@true.cz> 2025-12-12T20:49:48Z Petr Štetiar 2025-12-12T20:46:05Z urn:sha1:a51561bb76cdd9759c693f99527f88a6287532cf Currently `CONFIG_SIGNED_PACKAGES` is only enabled when `usign_key` is configured. However, we also want to enable it when `apk_key` is configured, as we support signing APK packages as well. So lets fix it by adding `IsSignedPackagesEnabled` helper which checks for both keys and updates the .config generation to use it. Signed-off-by: Petr Štetiar <ynezz@true.cz> 2025-12-11T19:05:20Z Petr Štetiar 2025-12-11T18:13:05Z urn:sha1:b92996c987fa8d09e927be15e5bde3fc405b55b9 Signing steps are currently skipped if only `apk_key` is configured for a branch, because `IsSignEnabled` only checks for `usign_key` or `gpg_key`. Fix this by explicitly checking for `apk_key`. While at it, refactor the signing checks into dedicated helper functions `IsApkSigningEnabled` and `IsGpgSigningEnabled` for better readability. Signed-off-by: Petr Štetiar <ynezz@true.cz> 2025-08-12T12:16:13Z dependabot[bot] 2025-08-12T04:55:28Z urn:sha1:54e80480d2cb1cd4f723d89addf65058b0e56709 Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/checkout/compare/v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> 2024-11-25T10:12:20Z Robert Marko 2024-11-25T09:40:03Z urn:sha1:7f966275500d5cd94cc4b70e0e6bb203d6f569ae Addition of OPTEE support along with STM32 added a requirment on python3-cryptography and without it buildbots for STM32 will fail with: Checking 'python3-cryptography'... failed. Checking 'python3-pyelftools'... ok. optee-os: Please install the Python3 cryptography module make[3]: *** [/builder/shared-workdir/build/include/prereq.mk:9: prereq] Error 1 So install python3-cryptography to satisfy it. Signed-off-by: Robert Marko <robimarko@gmail.com> Link: https://github.com/openwrt/buildbot/pull/61 Signed-off-by: Petr Štetiar <ynezz@true.cz> 2024-11-18T08:08:57Z Christian Marangi 2024-11-17T15:13:02Z urn:sha1:31eb26b97e7cf8f202c8bd2c65d550edd6e28374 Handle case where a sha256sums might contain previous kmods/. In such case packages.adb for previous kmods/ needs to be skipped as not included in the sign tar and already signed by previous runs. Skip is limited to kmods/ entry as those are the only entry expected to be present in the sha256sums but not included in sign tar. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> 2024-11-18T08:08:56Z Christian Marangi 2024-11-15T15:41:52Z urn:sha1:a75ce026ca9bd5df828e9e51db08f209a716fe82 There is currently a BUG in the --exclude pattern for the targetupload step. The /kmods/ directory is actually never excluded. This was never notice as the rsynclist never actually had kmods entry as make checksum step was done before moving the kmods to the dedicated directory. This is caused by the fact that with --files-from, not only the /kmods/ directory needs to be excluded but also every content in it, hence the additional --exclude "/kmods/**" is required to correcly skip the entry present in rsynclist. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> 2024-11-18T08:08:55Z Christian Marangi 2024-11-15T14:30:09Z urn:sha1:9f22657ef41bb599558aaeffda451353eaf35199 Add additional logic to merge the sha256sums with the remote kmods entry (in remote sha256sums) already present. This is to produce a more consistent sha256sums that actually reflect what is present in the remote server by including also the sha of the kmods for each kernel version supported. Signed-off-by: Christian Marangi <ansuelsmth@gmail.com> 2024-11-18T08:08:54Z Daniel Golle 2024-11-15T14:27:55Z urn:sha1:ec2bd8a07e88f4e251fccb99142bd46c816d62ec OPKG gets confused if kmod packages are present in both, target packages as well as kernel version specific folder. Remove them from target packages to make opkg pick the kmods from kmod archive folder only. This also affects APK that picks packages from the first entry in the repository file and doesn't support checking the same package from multiple entry. Signed-off-by: Daniel Golle <daniel@makrotopia.org> [ add --remove-source-files and improve implementation ] Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>