staging/pepe2k/target/imagebuilder, branch v21.02.4

imagebuilder: fix broken image generation with external targets

2022-04-05T20:06:41Z

When using external targets there is a symlink being created for the target under target/linux which then becomes dangling under Image Builder. Fix it by dereferencing the possible symlink. Tested on IB with external target, ipq40xx and mvebu. Signed-off-by: Petr Štetiar (cherry picked from commit 621f39d1f438bf95dbae667c575926fa16a6d797) (cherry picked from commit ec9af870f3278f75549836b469baefa260e2ed41)

imagebuilder: fix local packages/ folder

2022-02-10T19:06:04Z

This commit fixes commit "2999f810ff: build,IB: include kmods only in local builds" which cause the local packages/ folder only to be added for local builds but no longer for ImageBuilder created by the Buildbot. The commits intention was to use remote kmods repositories rather than storing them locally. Accidentally the entire handling of the local `packages/` was removed. Re-add the folder and include a README describing what it can be used for. Signed-off-by: Paul Spooren (cherry picked from commit 15e55a2190ba087679b24b8844a51a6e4d512cf3) Fixes: #5068 Signed-off-by: Jo-Philipp Wich

imagebuilder: unset BINARY_FOLDER and DOWNLOAD_FOLDER in final archive

2021-05-14T20:52:40Z

Using these config-options to customize the folders used at build-time makes these folder settings appear in generated archive. This causes the imagebuilder to be not portable, as it's going to use the build-time folders on the new systems. Errors look like: mkdir: cannot create directory '/mnt/build': Permission denied Makefile:116: recipe for target '_call_image' failed make[2]: *** [_call_image] Error 1 Makefile:241: recipe for target 'image' failed make[1]: *** [image] Error 2 The build-time settings of these folders are passed into the archives via .config file. The expected behavior is that after unpacking the imagebuilder acts like these settings have their defaults, using intree folders. So unset the build-time settings. Signed-off-by: Sven Roederer (cherry picked from commit 6967903b01ea9f7c9f70d0185c3da276801dd78f)

build,ib: add STRIP_ABI option for manifest

2021-03-16T21:05:26Z

The ImageBuilder `make manifest` prints all installed packages. This function can be used to create a list of package and corresponding package versions before attempting image creation. When called with `--strip-abi` OPKG can automatically strip attached ABIVersions from package names. Make this function accessible for the ImageBuilder by adding a `STRIP_ABI` variable. Signed-off-by: Paul Spooren (cherry picked from commit 0f7cd97f812adaf4b2c2048227610d150aec72cc)

imagebuilder: invoke bundle-libraries.sh w/o buildroot dirs in $PATH

2020-12-29T00:07:42Z

Invoke bundle-libraries.sh with any buildroot related directory entries removed from $PATH to avoid picking up cross versions of utilities like ldd which will not properly work when used against host executables. This should fix executable bundling for glibc-target imagebuilders. Signed-off-by: Jo-Philipp Wich

imagebuilder: fix partition signature

2020-11-25T00:46:05Z

When building images with the imagebuilder, the partition signature never changes. The signature is generated by hashing SOURCE_DATE_EPOCH and LINUX_VERMAGIC which are undefined. Prepopulate these variables, as done by the SDK. Signed-off-by: Matthew Gyurgyik

imagebuilder: fix main entry makefile

2020-11-23T03:13:46Z

Remove a syntax error from ImageBuider Makefile Acked-by: Paul Spooren Signed-off-by: Paulo Machado

imagebuilder: add package signature verification

2020-11-19T22:15:00Z

The ImageBuilder downloads pre-built packages and adds them to images. This process uses `opkg` which has the capability to verify package list signatures via `usign`, as enabled per default on running OpenWrt devices. Until now this was disabled for ImageBuilders because neither the `opkg` keys nor the `opkg-add` script was present during first packagelist update. To harden the ImageBuilder against *drive-by-download-attacks* both keys and verification script are added to the ImageBuilder allowing `opkg` to verify downloaded package indices. This commit adds `opkg-add` to the ImageBuilder scripts folder. The keys folder is added to ImageBuilder $TOPDIR to have an obvious place for users to store their own keys. The `option check_signature` is appended to the repositories.conf file. All of the above only happens if the Buildbot runs with the SIGNATURE_CHECK option. The keys stored in the ImageBuilder keys/ are the same as included in the openwrt-keyring package. To avoid the chicken-egg problem of downloading and verifying a package, containing signing keys, the keys are added during the ImageBuilder generation. They are same as in shipped images (stored at `/etc/opkg/keys/`). To allow a local package feed in which the user can add additional packages, a local set of `usign` and `ucert` keys is generated, same as building OpenWrt from source. The private key signs the local repository inside the packages/ folder. The local public key is added to the keys/ folder to be considered by `opkg` when updating repositories. This way a local package feed can be modified while requiring `opkg` to check signatures for remote feed, making HTTPS optional. The new option `ADD_LOCAL_KEY` allows to add the local key inside the created images, adding the advantage that sysupgrades can validate the ImageBuilders local key. Signed-off-by: Paul Spooren

imagebuilder: fix sstrip

2020-11-09T10:54:30Z

Without an absolute path to staging_dir/host/bin/sstrip the Makefile tries to run a host installed version of sstrip, which is likely not available. Signed-off-by: Paul Spooren

build,IB: reload packages/ only if existing

2020-10-30T00:39:09Z

With the fix of external kmod feeds it is possible to ship the ImageBuilder without any packages except the pseudo packages kernel and libc. Therefore the local package feeds becomes optional. This commit adds a check to the package_reload function to only run if the local feed is existing. Signed-off-by: Paul Spooren