staging/ansuel/target/imagebuilder, branch master

imagebuilder: export SOURCE_DATE_EPOCH to environment

2022-04-09T23:56:38Z

Export SOURCE_DATE_EPOCH to environment so filesystem and image creation tools will make use of it. Fixes reproducibility of images generated with the ImageBuilder. Signed-off-by: Daniel Golle

imagebuilder: fix broken image generation with external targets

2022-03-25T13:28:00Z

When using external targets there is a symlink being created for the target under target/linux which then becomes dangling under Image Builder. Fix it by dereferencing the possible symlink. Tested on IB with external target, ipq40xx and mvebu. Signed-off-by: Petr Štetiar

imagebuilder: fix local packages/ folder

2021-11-06T05:18:48Z

This commit fixes commit "2999f810ff: build,IB: include kmods only in local builds" which cause the local packages/ folder only to be added for local builds but no longer for ImageBuilder created by the Buildbot. The commits intention was to use remote kmods repositories rather than storing them locally. Accidentally the entire handling of the local `packages/` was removed. Re-add the folder and include a README describing what it can be used for. Signed-off-by: Paul Spooren

imagebuilder: show architecture in `make info` output

2021-09-24T07:37:19Z

Using `make info` show the current target, revision, default packages and available profiles. This commits adds the used architecture. Signed-off-by: Paul Spooren

imagebuilder: unset BINARY_FOLDER and DOWNLOAD_FOLDER in final archive

2021-05-08T10:14:00Z

Using these config-options to customize the folders used at build-time makes these folder settings appear in generated archive. This causes the imagebuilder to be not portable, as it's going to use the build-time folders on the new systems. Errors look like: mkdir: cannot create directory '/mnt/build': Permission denied Makefile:116: recipe for target '_call_image' failed make[2]: *** [_call_image] Error 1 Makefile:241: recipe for target 'image' failed make[1]: *** [image] Error 2 The build-time settings of these folders are passed into the archives via .config file. The expected behavior is that after unpacking the imagebuilder acts like these settings have their defaults, using intree folders. So unset the build-time settings. Signed-off-by: Sven Roederer

build,ib: add STRIP_ABI option for manifest

2021-03-16T21:00:08Z

The ImageBuilder `make manifest` prints all installed packages. This function can be used to create a list of package and corresponding package versions before attempting image creation. When called with `--strip-abi` OPKG can automatically strip attached ABIVersions from package names. Make this function accessible for the ImageBuilder by adding a `STRIP_ABI` variable. Signed-off-by: Paul Spooren

imagebuilder: invoke bundle-libraries.sh w/o buildroot dirs in $PATH

2020-12-29T00:07:42Z

Invoke bundle-libraries.sh with any buildroot related directory entries removed from $PATH to avoid picking up cross versions of utilities like ldd which will not properly work when used against host executables. This should fix executable bundling for glibc-target imagebuilders. Signed-off-by: Jo-Philipp Wich

imagebuilder: fix partition signature

2020-11-25T00:46:05Z

When building images with the imagebuilder, the partition signature never changes. The signature is generated by hashing SOURCE_DATE_EPOCH and LINUX_VERMAGIC which are undefined. Prepopulate these variables, as done by the SDK. Signed-off-by: Matthew Gyurgyik

imagebuilder: fix main entry makefile

2020-11-23T03:13:46Z

Remove a syntax error from ImageBuider Makefile Acked-by: Paul Spooren Signed-off-by: Paulo Machado

imagebuilder: add package signature verification

2020-11-19T22:15:00Z

The ImageBuilder downloads pre-built packages and adds them to images. This process uses `opkg` which has the capability to verify package list signatures via `usign`, as enabled per default on running OpenWrt devices. Until now this was disabled for ImageBuilders because neither the `opkg` keys nor the `opkg-add` script was present during first packagelist update. To harden the ImageBuilder against *drive-by-download-attacks* both keys and verification script are added to the ImageBuilder allowing `opkg` to verify downloaded package indices. This commit adds `opkg-add` to the ImageBuilder scripts folder. The keys folder is added to ImageBuilder $TOPDIR to have an obvious place for users to store their own keys. The `option check_signature` is appended to the repositories.conf file. All of the above only happens if the Buildbot runs with the SIGNATURE_CHECK option. The keys stored in the ImageBuilder keys/ are the same as included in the openwrt-keyring package. To avoid the chicken-egg problem of downloading and verifying a package, containing signing keys, the keys are added during the ImageBuilder generation. They are same as in shipped images (stored at `/etc/opkg/keys/`). To allow a local package feed in which the user can add additional packages, a local set of `usign` and `ucert` keys is generated, same as building OpenWrt from source. The private key signs the local repository inside the packages/ folder. The local public key is added to the keys/ folder to be considered by `opkg` when updating repositories. This way a local package feed can be modified while requiring `opkg` to check signatures for remote feed, making HTTPS optional. The new option `ADD_LOCAL_KEY` allows to add the local key inside the created images, adding the advantage that sysupgrades can validate the ImageBuilders local key. Signed-off-by: Paul Spooren