Merge remote-tracking branch 'upstream/master'

config/Config-build.in

@@ -71,6 +71,7 @@ menu "Global build settings"
 	config USE_APK
 		imply PACKAGE_apk-mbedtls
 		bool "Use APK instead of OPKG to build distribution (EXPERIMENTAL)"
+		default y
 
 	comment "General build options"
 
@@ -295,12 +296,22 @@ menu "Global build settings"
 		  Enable GCC Stack Smashing Protection (SSP) for userspace applications
 		config PKG_CC_STACKPROTECTOR_NONE
 			bool "None"
+			help
+				No stack smashing protection.
 		config PKG_CC_STACKPROTECTOR_REGULAR
 			bool "Regular"
+			help
+				Protects functions with vulnerable objects.
+				This includes functions with buffers larger than 8 bytes or calls to alloca.
 		config PKG_CC_STACKPROTECTOR_STRONG
 			bool "Strong"
+			help
+				Like Regular, but also protects functions with
+				local arrays or references to local frame addresses.
 		config PKG_CC_STACKPROTECTOR_ALL
 			bool "All"
+			help
+				Protects all functions.
 	endchoice
 
 	choice
@@ -310,10 +321,18 @@ menu "Global build settings"
 		  Enable GCC Stack-Smashing Protection (SSP) for the kernel
 		config KERNEL_CC_STACKPROTECTOR_NONE
 			bool "None"
+			help
+				No stack smashing protection.
 		config KERNEL_CC_STACKPROTECTOR_REGULAR
 			bool "Regular"
+			help
+				Protects functions with vulnerable objects.
+				This includes functions with buffers larger than 8 bytes or calls to alloca.
 		config KERNEL_CC_STACKPROTECTOR_STRONG
 			bool "Strong"
+			help
+				Like Regular, but also protects functions with
+				local arrays or references to local frame addresses.
 	endchoice
 
 	config KERNEL_STACKPROTECTOR

include/cmake.mk

@@ -97,7 +97,7 @@ define Build/Configure/Default
 			-DCMAKE_SYSTEM_NAME=Linux \
 			-DCMAKE_SYSTEM_VERSION=1 \
 			-DCMAKE_SYSTEM_PROCESSOR=$(ARCH) \
-			-DCMAKE_BUILD_TYPE=Release \
+			-DCMAKE_BUILD_TYPE=$(if $(CONFIG_DEBUG),Debug,Release) \
 			-DCMAKE_C_FLAGS_RELEASE="-DNDEBUG" \
 			-DCMAKE_CXX_FLAGS_RELEASE="-DNDEBUG" \
 			-DCMAKE_C_COMPILER_LAUNCHER="$(CMAKE_C_COMPILER_LAUNCHER)" \

include/default-packages.mk

@@ -0,0 +1,5 @@
+ifneq ($(CONFIG_USE_APK),)
+  DEFAULT_PACKAGES += apk-mbedtls
+else
+  DEFAULT_PACKAGES += opkg
+endif

include/image.mk

@@ -21,6 +21,11 @@ include $(INCLUDE_DIR)/rootfs.mk
 override MAKE:=$(_SINGLE)$(SUBMAKE)
 override NO_TRACE_MAKE:=$(_SINGLE)$(NO_TRACE_MAKE)
 
+##@
+# @brief Convert size with unit postfix to unitless expression in bytes.
+#
+# @param 1: Size with unit. Possible unit postfix are `g`, `m`, `k`.
+##
 exp_units = $(subst k, * 1024,$(subst m, * 1024k,$(subst g, * 1024m,$(1))))
 
 target_params = $(subst +,$(space),$*)
@@ -111,19 +116,37 @@ endef
 
 PROFILE_SANITIZED := $(call tolower,$(subst DEVICE_,,$(subst $(space),-,$(PROFILE))))
 
+##@
+# @brief Call function for each group of arguments.
+#
+# @param 1: List of lists of arguments. Lists are separated by `|`.
+# @param 2: Function to call for list of arguments.
+##
 define split_args
 $(foreach data, \
 	$(subst |,$(space),\
 		$(subst $(space),^,$(1))), \
 	$(call $(2),$(strip $(subst ^,$(space),$(data)))))
 endef
 
+##@
+# @brief Call build function with arguments.
+#
+# @param 1: Function to call. Function name is prepended with `Build/`.
+# @param 2...: Function arguments.
+##
 define build_cmd
 $(if $(Build/$(word 1,$(1))),,$(error Missing Build/$(word 1,$(1))))
 $(call Build/$(word 1,$(1)),$(wordlist 2,$(words $(1)),$(1)))
 
 endef
 
+##@
+# @brief Call build functions from the list.
+#
+# @param 1: List of build functions with arguments, separated by `|`.
+#           First word in each group is a build command without `Build/` prefix.
+##
 define concat_cmd
 $(call split_args,$(1),build_cmd)
 endef
@@ -163,6 +186,12 @@ DTC_WARN_FLAGS := \
 DTC_FLAGS += $(DTC_WARN_FLAGS)
 DTCO_FLAGS += $(DTC_WARN_FLAGS)
 
+##@
+# @brief Pad file to specified size.
+#
+# @param 1: File.
+# @param 2: Padding.
+##
 define Image/pad-to
 	dd if=$(1) of=$(1).new bs=$(2) conv=sync
 	mv $(1).new $(1)
@@ -281,7 +310,7 @@ endef
 define Image/Manifest
 	$(if $(CONFIG_USE_APK), \
 		$(call apk,$(TARGET_DIR_ORIG)) list --quiet --manifest --no-network \
-			--repositories-file /dev/zero | sort | sed 's/ / - /'  > \
+			--repositories-file /dev/null | sort | sed 's/ / - /'  > \
 			$(BIN_DIR)/$(IMG_PREFIX)$(if $(PROFILE_SANITIZED),-$(PROFILE_SANITIZED)).manifest, \
 		$(call opkg,$(TARGET_DIR_ORIG)) list-installed > \
 			$(BIN_DIR)/$(IMG_PREFIX)$(if $(PROFILE_SANITIZED),-$(PROFILE_SANITIZED)).manifest \
@@ -336,19 +365,17 @@ opkg_target = \
 
 apk_target = \
 	$(call apk,$(mkfs_cur_target_dir)) --no-scripts \
-		--repositories-file /dev/zero --repository file://$(PACKAGE_DIR_ALL)/packages.adb
+		--repositories-file /dev/null --repository file://$(PACKAGE_DIR_ALL)/packages.adb
 
 
 target-dir-%: FORCE
 ifneq ($(CONFIG_USE_APK),)
 	rm -rf $(mkfs_cur_target_dir)
 	$(CP) $(TARGET_DIR_ORIG) $(mkfs_cur_target_dir)
-	mv $(mkfs_cur_target_dir)/etc/apk/repositories $(mkfs_cur_target_dir).repositories
 	$(if $(mkfs_packages_remove), \
 		$(apk_target) del $(mkfs_packages_remove))
 	$(if $(mkfs_packages_add), \
 		$(apk_target) add $(mkfs_packages_add))
-	mv $(mkfs_cur_target_dir).repositories $(mkfs_cur_target_dir)/etc/apk/repositories
 else
 	rm -rf $(mkfs_cur_target_dir) $(mkfs_cur_target_dir).opkg
 	$(CP) $(TARGET_DIR_ORIG) $(mkfs_cur_target_dir)
@@ -403,26 +430,53 @@ define Device/InitProfile
   DEVICE_DESCRIPTION = Build firmware images for $$(DEVICE_TITLE)
 endef
 
+##@
+# @brief Image configuration variables.
+#
+# @param 1: Device name.
+##
 define Device/Init
+  ##@ Device name.
   DEVICE_NAME := $(1)
+  ##@ Commands to build kernel.
+  # Commands with arguments are separated by `|`.
+  ##
   KERNEL:=
+  ##@ Commands to build initramfs.
+  # Commands with arguments are separated by `|`.
+  ##
   KERNEL_INITRAMFS = $$(KERNEL)
+  ##@ Kernel command line.
   CMDLINE:=
 
+  ##@ Images to build.
   IMAGES :=
+  ##@ Artifacts to build.
   ARTIFACTS :=
+  ##@ Device image prefix.
   DEVICE_IMG_PREFIX := $(IMG_PREFIX)-$(1)
+  ##@ Device image name.
   DEVICE_IMG_NAME = $$(DEVICE_IMG_PREFIX)-$$(1)-$$(2)
+  ##@ Factory image name.
   FACTORY_IMG_NAME :=
+  ##@ Maximum image size. Optional.
   IMAGE_SIZE :=
+  ##@ Maximum image size. Optional.
   NAND_SIZE :=
+  ##@ Kernel image prefix.
   KERNEL_PREFIX = $$(DEVICE_IMG_PREFIX)
+  ##@ Kernel image suffix.
   KERNEL_SUFFIX := -kernel.bin
+  ##@ Initramfs image suffix.
   KERNEL_INITRAMFS_SUFFIX = $$(KERNEL_SUFFIX)
+  ##@ Kernel image name.
   KERNEL_IMAGE = $$(KERNEL_PREFIX)$$(KERNEL_SUFFIX)
+  ##@ Initramfs image prefix.
   KERNEL_INITRAMFS_PREFIX = $$(DEVICE_IMG_PREFIX)-initramfs
   KERNEL_INITRAMFS_IMAGE = $$(KERNEL_INITRAMFS_PREFIX)$$(KERNEL_INITRAMFS_SUFFIX)
+  ##@ Initramfs image name.
   KERNEL_INITRAMFS_NAME = $$(KERNEL_NAME)-initramfs
+  ##@ Kernel install flag.
   KERNEL_INSTALL :=
   KERNEL_NAME := vmlinux
   KERNEL_DEPENDS :=

include/kernel-6.6

@@ -1,2 +1,2 @@
-LINUX_VERSION-6.6 = .59
-LINUX_KERNEL_HASH-6.6.59 = 23616808d8c08f12815ff898f4edb4c11397a2b2843d029ee62452d21833a76d
+LINUX_VERSION-6.6 = .61
+LINUX_KERNEL_HASH-6.6.61 = 418fc24df9190f1c3ed9906dc3b7651c2a2eae5c1cb9ab4a6348e20faf047c0b

include/meson.mk

@@ -124,7 +124,7 @@ define Build/Configure/Meson
 	$(call Meson/CreateCrossFile,$(PKG_BUILD_DIR)/openwrt-cross.txt)
 	$(call Meson, \
 		setup \
-		--buildtype plain \
+		--buildtype $(if $(CONFIG_DEBUG),debug,plain) \
 		--native-file $(PKG_BUILD_DIR)/openwrt-native.txt \
 		--cross-file $(PKG_BUILD_DIR)/openwrt-cross.txt \
 		-Ddefault_library=both \

include/package-pack.mk

@@ -8,6 +8,10 @@ endif
 
 IPKG_STATE_DIR:=$(TARGET_DIR)/usr/lib/opkg
 
+define description_escape
+$(subst `,\`,$(subst $$,\$$,$(subst ",\",$(subst \,\\,$(1)))))
+endef
+
 # Generates a make statement to return a wildcard for candidate ipkg files
 # 1: package name
 define gen_package_wildcard
@@ -339,8 +343,8 @@ else
 	$(FAKEROOT) $(STAGING_DIR_HOST)/bin/apk mkpkg \
 	  --info "name:$(1)$$(ABIV_$(1))" \
 	  --info "version:$(VERSION)" \
-	  --info "description:$$(strip $$(Package/$(1)/description))" \
-	  --info "arch:$(PKGARCH)" \
+	  --info "description:$$(call description_escape,$$(strip $$(Package/$(1)/description)))" \
+	  $(if $(findstring all,$(PKGARCH)),--info "arch:noarch",--info "arch:$(PKGARCH)") \
 	  --info "license:$(LICENSE)" \
 	  --info "origin:$(SOURCE)" \
 	  --info "url:$(URL)" \
@@ -355,7 +359,7 @@ else
 			) \
 		), \
 		$$(prov) )" \
-	  $(if $(DEFAULT_VARIANT),--info "provider-priority:100") \
+	  $(if $(DEFAULT_VARIANT),--info "provider-priority:100",$(if $(PROVIDES),--info "provider-priority:1")) \
 	  --script "post-install:$$(ADIR_$(1))/post-install" \
 	  --script "pre-deinstall:$$(ADIR_$(1))/pre-deinstall" \
 	  --info "depends:$$(foreach depends,$$(subst $$(comma),$$(space),$$(subst $$(space),,$$(subst $$(paren_right),,$$(subst $$(paren_left),,$$(Package/$(1)/DEPENDS))))),$$(depends))" \

include/rootfs.mk

@@ -48,7 +48,6 @@ apk = \
   $(FAKEROOT) $(STAGING_DIR_HOST)/bin/apk \
 	--root $(1) \
 	--keys-dir $(if $(APK_KEYS),$(APK_KEYS),$(TOPDIR)) \
-	--no-cache \
 	--no-logfile \
 	--preserve-env
 
@@ -84,7 +83,7 @@ define prepare_rootfs
 			IPKG_POSTINST_PATH=./usr/lib/opkg/info/*.postinst; \
 		fi; \
 		for script in $$IPKG_POSTINST_PATH; do \
-			PATH="$(TARGET_PATH_PKG)" IPKG_INSTROOT=$(1) $$(command -v bash) $$script; \
+			IPKG_INSTROOT=$(1) $$(command -v bash) $$script; \
 			ret=$$?; \
 			if [ $$ret -ne 0 ]; then \
 				echo "postinst script $$script has failed with exit code $$ret" >&2; \

include/target.mk

@@ -7,10 +7,17 @@ ifneq ($(__target_inc),1)
 __target_inc=1
 
 
-# default device type
+##@
+# @brief Default device type ( basic | nas | router ).
+##
 DEVICE_TYPE?=router
 
-# Default packages - the really basic set
+##@
+# @brief Default packages.
+#
+# The really basic set. Additional packages are added based on @DEVICE_TYPE and
+# @CONFIG_* values.
+##
 DEFAULT_PACKAGES:=\
 	base-files \
 	ca-bundle \
@@ -27,15 +34,21 @@ DEFAULT_PACKAGES:=\
 	urandom-seed \
 	urngd
 
-# For the basic set
+##@
+# @brief Default packages for @DEVICE_TYPE basic.
+##
 DEFAULT_PACKAGES.basic:=
-# For nas targets
+##@
+# @brief Default packages for @DEVICE_TYPE nas.
+##
 DEFAULT_PACKAGES.nas:=\
 	block-mount \
 	fdisk \
 	lsblk \
 	mdadm
-# For router targets
+##@
+# @brief Default packages for @DEVICE_TYPE router.
+##
 DEFAULT_PACKAGES.router:=\
 	dnsmasq \
 	firewall4 \
@@ -77,51 +90,21 @@ else
   endif
 endif
 
-ifneq ($(DUMP),)
-  # Parse generic config that might be set before a .config is generated to modify the
-  # default package configuration
-  # Keep DYNAMIC_DEF_PKG_CONF in sync with toplevel.mk to reflect the same configs
-  DYNAMIC_DEF_PKG_CONF := CONFIG_USE_APK CONFIG_SELINUX CONFIG_SMALL_FLASH CONFIG_SECCOMP
-  $(foreach config, $(DYNAMIC_DEF_PKG_CONF), \
-    $(eval $(config) := $(shell grep "$(config)=y" $(TOPDIR)/.config 2>/dev/null)) \
-  )
-  # The config options that are enabled by default and where other default
-  # packages depends on needs to be set if they are missing in the .config.
-  ifeq ($(shell grep "CONFIG_SECCOMP" $(TOPDIR)/.config 2>/dev/null),)
-    ifeq ($(filter $(BOARD), uml),)
-    ifneq ($(filter $(ARCH), aarch64 arm armeb mips mipsel mips64 mips64el i386 powerpc x86_64),)
-      CONFIG_SECCOMP := y
-    endif
-    endif
-  endif
-endif
-
-ifneq ($(CONFIG_USE_APK),)
-DEFAULT_PACKAGES+=apk-mbedtls
-else
-DEFAULT_PACKAGES+=opkg
-endif
-
-ifneq ($(CONFIG_SELINUX),)
-DEFAULT_PACKAGES+=busybox-selinux procd-selinux
-else
-DEFAULT_PACKAGES+=busybox procd
-endif
-
-# include ujail on systems with enough storage
-ifeq ($(CONFIG_SMALL_FLASH),)
-DEFAULT_PACKAGES+=procd-ujail
-endif
-
-# include seccomp ld-preload hooks if kernel supports it
-ifneq ($(CONFIG_SECCOMP),)
-DEFAULT_PACKAGES+=procd-seccomp
-endif
-
 # Add device specific packages (here below to allow device type set from subtarget)
 DEFAULT_PACKAGES += $(DEFAULT_PACKAGES.$(DEVICE_TYPE))
 
+##@
+# @brief Filter out packages, prepended with `-`.
+#
+# @param 1: Package list.
+##
 filter_packages = $(filter-out -% $(patsubst -%,%,$(filter -%,$(1))),$(1))
+
+##@
+# @brief Append extra package dependencies.
+#
+# @param 1: Package list.
+##
 extra_packages = $(if $(filter wpad wpad-% nas,$(1)),iwinfo)
 
 define ProfileDefault