Version update to R25.4.145

Removed, merged upstream:
- 170-wpa_supplicant-fix-compiling-without-IEEE8021X_EAPOL.patch

Manually refreshed:
- 040-mesh-allow-processing-authentication-frames-in-block.patch
- 600-ubus_support.patch
- 761-shared_das_port.patch

Fixes: a091a96 ("hostapd: always enable nl80211 driver support")
Signed-off-by: Andre Heider <a.heider@gmail.com>

.github/ISSUE_TEMPLATE.md

@@ -1,20 +0,0 @@
-反馈bug/问题模板，提建议请删除
-
-## 1.关于你要提交的问题
-
-Q：是否搜索了issue (使用 "x" 选择)
-* [ ] 没有类似的issue
-
-## 2. 详细叙述
-
-### (1) 具体问题
-
-A：
-
-### (2) 路由器型号和固件版本
-
-A：
-
-### (3) 详细日志
-
-A：

.github/ISSUE_TEMPLATE/bug-report.yml

@@ -0,0 +1,32 @@
+name: 问题描述
+description: 反馈问题模板
+body:
+  - type: textarea
+    id: description
+    attributes:
+      label: 详细叙述
+      description: 详细叙述问题
+    validations:
+      required: true
+  - type: checkboxes
+    id: duplicate_issue
+    attributes:
+      label: 重复 issue
+      description: 是否搜索了 issues
+      options:
+        - label: 没有类似的 issue
+          required: true
+  - type: input
+    id: model_name
+    attributes:
+      label: 具体型号
+      description: 硬件型号
+    validations:
+      required: true
+  - type: textarea
+    id: details_log
+    attributes:
+      label: 详细日志
+      description: make V=s -j1 时的问题日志
+    validations:
+      required: true

.github/ISSUE_TEMPLATE/config.yml

@@ -0,0 +1,6 @@
+---
+blank_issues_enabled: false
+contact_links:
+  - name: discussion
+    url: https://github.com/coolsnowwolf/lede/discussions
+    about: Please ask and answer questions here.

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,2 +1,4 @@
-Q：你知道这是`pull request`吗？(使用 "x" 选择)
+# Pull Request 规则，创建时请删除
-* [ ] 我知道
+
+- 禁止有关 "GitHub Actions" 的提交
+- 禁止使用 users.noreply.github.com 提交

.github/workflows/openwrt-ci.yml

@@ -10,39 +10,37 @@ name: OpenWrt-CI
 on:
   schedule:
     - cron: 0 20 * * *
-  release:
+
-    types: [published]
+permissions:
+  contents: read
 
 jobs:
 
   build_openwrt:
 
-    name: Build OpenWrt firmware
+    name: Build OpenWrt Firmware
 
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
-
-    if: github.event.repository.owner.id == github.event.sender.id
 
     steps:
-
+      - name: Space cleanup and Initialization environment
-      - name: Checkout
-        uses: actions/checkout@v2
-        with:
-          ref: master
-
-      - name: Space cleanup
         env:
           DEBIAN_FRONTEND: noninteractive
         run: |
           docker rmi `docker images -q`
-          sudo rm -rf /usr/share/dotnet /etc/mysql /etc/php /etc/apt/sources.list.d /usr/local/lib/android
+          sudo -E rm -rf /usr/share/dotnet /etc/mysql /etc/php /etc/apt/sources.list.d /usr/local/lib/android
-          sudo -E apt-get -y purge azure-cli ghc* zulu* hhvm llvm* firefox google* dotnet* powershell openjdk* adoptopenjdk* mysql* php* mongodb* dotnet* moby* snapd* || true
+          sudo -E apt-mark hold grub-efi-amd64-signed
-          sudo -E apt-get update
+          sudo -E apt update
-          sudo -E apt-get -y install build-essential asciidoc binutils bzip2 gawk gettext git libncurses5-dev libz-dev patch python3 unzip zlib1g-dev lib32gcc1 libc6-dev-i386 subversion flex uglifyjs gcc-multilib g++-multilib p7zip p7zip-full msmtp libssl-dev texinfo libglib2.0-dev xmlto qemu-utils upx libelf-dev autoconf automake libtool autopoint device-tree-compiler antlr3 gperf swig
+          sudo -E apt -y purge azure-cli* docker* ghc* zulu* llvm* firefox google* dotnet* powershell* openjdk* mysql* php* mongodb* dotnet* snap*
-          sudo -E apt-get -y autoremove --purge
+          sudo -E apt -y full-upgrade
-          sudo -E apt-get clean
+          sudo -E apt -y install ack antlr3 asciidoc autoconf automake autopoint binutils bison build-essential bzip2 ccache clang cmake cpio curl device-tree-compiler flex gawk gcc-multilib g++-multilib gettext genisoimage git gperf haveged help2man intltool libc6-dev-i386 libelf-dev libfuse-dev libglib2.0-dev libgmp3-dev libltdl-dev libmpc-dev libmpfr-dev libncurses5-dev libncursesw5-dev libpython3-dev libreadline-dev libssl-dev libtool llvm lrzsz msmtp ninja-build p7zip p7zip-full patch pkgconf python3 python3-pyelftools python3-setuptools qemu-utils rsync scons squashfs-tools subversion swig texinfo uglifyjs upx-ucl unzip vim wget xmlto xxd zlib1g-dev
+          sudo -E systemctl daemon-reload
+          sudo -E apt -y autoremove --purge
+          sudo -E apt clean
+          sudo -E timedatectl set-timezone "Asia/Shanghai"
 
-          df -h
+      - name: Checkout OpenWrt
+        uses: actions/checkout@v4
 
       - name: Update feeds
         run: |
@@ -53,10 +51,8 @@ jobs:
       - name: Generate configuration file
         run: make defconfig
 
-      - name: Make download
+      - name: Download packages
-        run: |
+        run: make download -j16
-          make download -j8
-          find dl -size -1024c -exec rm -f {} \;
 
       - name: Compile firmware
         run: |
@@ -72,38 +68,26 @@ jobs:
 
       - name: Prepare artifact
         run: |
-          mkdir -p ./artifact/firmware
           mkdir -p ./artifact/package
           mkdir -p ./artifact/buildinfo
           rm -rf $(find ./bin/targets/ -type d -name "packages")
-          cp -rf $(find ./bin/targets/ -type f) ./artifact/firmware/
           cp -rf $(find ./bin/packages/ -type f -name "*.ipk") ./artifact/package/
           cp -rf $(find ./bin/targets/ -type f -name "*.buildinfo" -o -name "*.manifest") ./artifact/buildinfo/
 
-      - name: Deliver buildinfo
+      - name: Upload buildinfo
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: OpenWrt_buildinfo
           path: ./artifact/buildinfo/
 
-      - name: Deliver package
+      - name: Upload package
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: OpenWrt_package
           path: ./artifact/package/
 
-      - name: Deliver firmware
+      - name: Upload firmware
-        uses: actions/upload-artifact@v2
+        uses: actions/upload-artifact@v4
         with:
           name: OpenWrt_firmware
           path: ./bin/targets/
-  
-
-      - name: Upload release asset
-        if: github.event == 'release'
-        uses: svenstaro/upload-release-action@v2
-        with:
-          repo_token: ${{ secrets.YOURTOKEN }}
-          file: ./artifact/firmware/*
-          tag: ${{ github.ref }}
-          file_glob: true

Config.in

@@ -2,10 +2,10 @@
 #
 # Copyright (C) 2006-2013 OpenWrt.org
 
-mainmenu "OpenWrt Configuration"
+mainmenu "LEDE Configuration"
 
 config MODULES
-	option modules
+	modules
 	bool
 	default y
 
@@ -13,6 +13,14 @@ config HAVE_DOT_CONFIG
 	bool
 	default y
 
+HOST_OS := $(shell, uname)
+
+config HOST_OS_LINUX
+	def_bool $(shell, ./config/check-uname.sh Linux)
+
+config HOST_OS_MACOS
+	def_bool $(shell, ./config/check-uname.sh Darwin)
+
 source "target/Config.in"
 
 source "config/Config-images.in"

Makefile

@@ -10,12 +10,14 @@ export TOPDIR LC_ALL LANG TZ
 
 empty:=
 space:= $(empty) $(empty)
-$(if $(findstring $(space),$(TOPDIR)),$(error ERROR: The path to the OpenWrt directory must not include any spaces))
+$(if $(findstring $(space),$(TOPDIR)),$(error ERROR: The path to the LEDE directory must not include any spaces))
 
 world:
 
-DISTRO_PKG_CONFIG:=$(shell which -a pkg-config | grep -E '\/usr' | head -n 1)
+DISTRO_PKG_CONFIG:=$(shell $(TOPDIR)/scripts/command_all.sh pkg-config | grep -e '/usr' -e '/nix/store' -m 1)
-export PATH:=$(TOPDIR)/staging_dir/host/bin:$(PATH)
+
+export ORIG_PATH:=$(if $(ORIG_PATH),$(ORIG_PATH),$(PATH))
+export PATH:=$(if $(STAGING_DIR),$(abspath $(STAGING_DIR)/../host/bin),$(TOPDIR)/staging_dir/host/bin):$(PATH)
 
 ifneq ($(OPENWRT_BUILD),1)
   _SINGLE=export MAKEFLAGS=$(space);
@@ -38,7 +40,10 @@ else
   include tools/Makefile
   include toolchain/Makefile
 
-$(toolchain/stamp-compile): $(tools/stamp-compile)
+# Include the test suite Makefile if it exists
+-include tests/Makefile
+
+$(toolchain/stamp-compile): $(tools/stamp-compile) $(if $(CONFIG_BUILDBOT),toolchain_rebuild_check)
 $(target/stamp-compile): $(toolchain/stamp-compile) $(tools/stamp-compile) $(BUILD_DIR)/.prepared
 $(package/stamp-compile): $(target/stamp-compile) $(package/stamp-cleanup)
 $(package/stamp-install): $(package/stamp-compile)
@@ -50,14 +55,23 @@ printdb:
 
 prepare: $(target/stamp-compile)
 
-clean: FORCE
+_clean: FORCE
-	rm -rf $(BUILD_DIR) $(STAGING_DIR) $(BIN_DIR) $(OUTPUT_DIR)/packages/$(ARCH_PACKAGES) $(BUILD_LOG_DIR) $(TOPDIR)/staging_dir/packages
+	rm -rf $(BUILD_DIR) $(STAGING_DIR) $(BIN_DIR) $(OUTPUT_DIR)/packages/$(ARCH_PACKAGES) $(TOPDIR)/staging_dir/packages
 
-dirclean: clean
+clean: _clean
-	rm -rf $(STAGING_DIR_HOST) $(STAGING_DIR_HOSTPKG) $(TOOLCHAIN_DIR) $(BUILD_DIR_BASE)/host $(BUILD_DIR_BASE)/hostpkg $(BUILD_DIR_TOOLCHAIN)
+	rm -rf $(BUILD_LOG_DIR)
+
+targetclean: _clean
+	rm -rf $(TOOLCHAIN_DIR) $(BUILD_DIR_BASE)/hostpkg $(BUILD_DIR_TOOLCHAIN)
+
+dirclean: targetclean clean
+	rm -rf $(STAGING_DIR_HOST) $(STAGING_DIR_HOSTPKG) $(BUILD_DIR_BASE)/host
 	rm -rf $(TMP_DIR)
 	$(MAKE) -C $(TOPDIR)/scripts/config clean
 
+toolchain_rebuild_check:
+	$(SCRIPT_DIR)/check-toolchain-clean.sh
+
 cacheclean:
 ifneq ($(CONFIG_CCACHE),)
 	$(STAGING_DIR_HOST)/bin/ccache -C

README.md

@@ -1,6 +1,25 @@
-# 欢迎来到 Lean 的 Openwrt 源码仓库
+# 欢迎来到 Lean 的 LEDE 源码仓库
 
-如何编译自己需要的 OpenWrt 固件 [English](./README_EN.md)
+为国产龙芯 LOONGSON SoC loongarch64 / 飞腾 Phytium 腾锐 D2000 系列架构添加支持
+
+I18N: [English](README_EN.md) | [简体中文](README.md) | [日本語](README_JA.md)
+
+## 官方讨论群
+
+如有技术问题需要讨论或者交流，欢迎加入以下群：
+
+1. QQ 讨论群：Op 固件技术研究群，号码 891659613，加群链接：[点击加入](https://qm.qq.com/q/IMa6Yf2SgC "Op固件技术研究群")
+2. TG 讨论群：OP 编译官方大群，加群链接：[点击加入](https://t.me/JhKgAA6Hx1 "OP 编译官方大群")
+
+## 软路由 ArmSoM Sige 系列介绍
+
+ArmSoM-Sige 系列：软路由、单板计算机、小型服务器与智能家居的全能之选。
+
+[商品介绍页面 - ArmSom 品牌店](https://shop518100695.taobao.com/)
+
+购买链接：
+
+[![sige1-zh](doc/sige-zh.jpg)](https://item.taobao.com/item.htm?id=721197662185)
 
 ## 注意
 
@@ -10,7 +29,7 @@
 
 ## 编译命令
 
-1. 首先装好 Linux 系统，推荐 Debian 11 或 Ubuntu LTS
+1. 首先装好 Linux 系统，推荐 Debian 或 Ubuntu LTS
 
 2. 安装编译依赖
 
@@ -18,11 +37,12 @@
    sudo apt update -y
    sudo apt full-upgrade -y
    sudo apt install -y ack antlr3 asciidoc autoconf automake autopoint binutils bison build-essential \
-   bzip2 ccache cmake cpio curl device-tree-compiler fastjar flex gawk gettext gcc-multilib g++-multilib \
+   bzip2 ccache clang cmake cpio curl device-tree-compiler flex gawk gcc-multilib g++-multilib gettext \
-   git gperf haveged help2man intltool libc6-dev-i386 libelf-dev libglib2.0-dev libgmp3-dev libltdl-dev \
+   genisoimage git gperf haveged help2man intltool libc6-dev-i386 libelf-dev libfuse-dev libglib2.0-dev \
-   libmpc-dev libmpfr-dev libncurses5-dev libncursesw5-dev libreadline-dev libssl-dev libtool lrzsz \
+   libgmp3-dev libltdl-dev libmpc-dev libmpfr-dev libncurses5-dev libncursesw5-dev libpython3-dev \
-   mkisofs msmtp nano ninja-build p7zip p7zip-full patch pkgconf python2.7 python3 python3-pip libpython3-dev qemu-utils \
+   libreadline-dev libssl-dev libtool llvm lrzsz msmtp ninja-build p7zip p7zip-full patch pkgconf \
-   rsync scons squashfs-tools subversion swig texinfo uglifyjs upx-ucl unzip vim wget xmlto xxd zlib1g-dev
+   python3 python3-pyelftools python3-setuptools qemu-utils rsync scons squashfs-tools subversion \
+   swig texinfo uglifyjs upx-ucl unzip vim wget xmlto xxd zlib1g-dev
    ```
 
 3. 下载源代码，更新 feeds 并选择配置
@@ -43,7 +63,7 @@
    make V=s -j1
    ```
 
-本套代码保证肯定可以编译成功。里面包括了 R21 所有源代码，包括 IPK 的。
+本套代码保证肯定可以编译成功。里面包括了 R24 所有源代码，包括 IPK 的。
 
 你可以自由使用，但源码编译二次发布请注明我的 GitHub 仓库链接。谢谢合作！
 
@@ -62,14 +82,14 @@ make V=s -j$(nproc)
 如果需要重新配置：
 
 ```bash
-rm -rf ./tmp && rm -rf .config
+rm -rf .config
 make menuconfig
 make V=s -j$(nproc)
 ```
 
 编译完成后输出路径：bin/targets
 
-### 如果你使用 WSL/WSL2 进行编译
+### 使用 WSL/WSL2 进行编译
 
 由于 WSL 的 PATH 中包含带有空格的 Windows 路径，有可能会导致编译失败，请在 `make` 前面加上：
 
@@ -77,6 +97,23 @@ make V=s -j$(nproc)
 PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 ```
 
+由于默认情况下，装载到 WSL 发行版的 NTFS 格式的驱动器将不区分大小写，因此大概率在 WSL/WSL2 的编译检查中会返回以下错误：
+
+```txt
+Build dependency: OpenWrt can only be built on a case-sensitive filesystem
+```
+
+一个比较简洁的解决方法是，在 `git clone` 前先创建 Repository 目录，并为其启用大小写敏感：
+
+```powershell
+# 以管理员身份打开终端
+PS > fsutil.exe file setCaseSensitiveInfo <your_local_lede_path> enable
+# 将本项目 git clone 到开启了大小写敏感的目录 <your_local_lede_path> 中
+PS > git clone https://github.com/coolsnowwolf/lede <your_local_lede_path>
+```
+
+> 对已经 `git clone` 完成的项目目录执行 `fsutil.exe` 命令无法生效，大小写敏感只对新增的文件变更有效。
+
 ### macOS 原生系统进行编译
 
 1. 在 AppStore 中安装 Xcode
@@ -84,10 +121,10 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 2. 安装 Homebrew：
 
    ```bash
-   /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
+   /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"
    ```
 
-3. 使用 Homebrew 安装工具链、依赖与基础软件包:
+3. 使用 Homebrew 安装工具链、依赖与基础软件包：
 
    ```bash
    brew unlink awk
@@ -97,6 +134,8 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
 
 4. 然后输入以下命令，添加到系统环境变量中：
 
+   - intel 芯片的 mac
+
    ```bash
    echo 'export PATH="/usr/local/opt/coreutils/libexec/gnubin:$PATH"' >> ~/.bashrc
    echo 'export PATH="/usr/local/opt/findutils/libexec/gnubin:$PATH"' >> ~/.bashrc
@@ -107,30 +146,33 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
    echo 'export PATH="/usr/local/opt/make/libexec/gnubin:$PATH"' >> ~/.bashrc
    ```
 
+   - apple 芯片的 mac
+
+   ```zsh
+   echo 'export PATH="/opt/homebrew/opt/coreutils/libexec/gnubin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/opt/homebrew/opt/findutils/libexec/gnubin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/opt/homebrew/opt/gnu-getopt/bin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/opt/homebrew/opt/gnu-tar/libexec/gnubin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/opt/homebrew/opt/grep/libexec/gnubin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/opt/homebrew/opt/gnu-sed/libexec/gnubin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/opt/homebrew/opt/make/libexec/gnubin:$PATH"' >> ~/.bashrc
+   ```
+
 5. 重新加载一下 shell 启动文件 `source ~/.bashrc`，然后输入 `bash` 进入 bash shell，就可以和 Linux 一样正常编译了
 
 ## 特别提示
 
-1. 源代码中绝不含任何后门和可以监控或者劫持你的 HTTPS 的闭源软件， SSL 安全是互联网最后的壁垒。安全干净才是固件应该做到的；
+1. 源代码中绝不含任何后门和可以监控或者劫持你的 HTTPS 的闭源软件， SSL 安全是互联网最后的壁垒，安全干净才是固件应该做到的。
 
-2. 如有技术问题需要讨论，欢迎加入 QQ 讨论群： OP 共享技术交流群 ,号码 297253733 ，加群链接: 点击链接加入群聊【 OP 共享技术交流群】：[点击加入](https://jq.qq.com/?_wv=1027&k=5yCRuXL "OP共享技术交流群")
+2. 想学习 OpenWrt 开发，但是摸不着门道？自学没毅力？基础太差？怕太难学不会？跟着佐大学 OpenWrt 开发入门培训班助你能学有所成
-
-3. 想学习 OpenWrt 开发，但是摸不着门道？自学没毅力？基础太差？怕太难学不会？跟着佐大学 OpenWrt 开发入门培训班助你能学有所成
 报名地址：[点击报名](http://forgotfun.org/2018/04/openwrt-training-2018.html "报名")
 
-4. QCA IPQ60xx 开源仓库地址：<https://github.com/coolsnowwolf/openwrt-gl-ax1800>
+3. QCA IPQ60xx 开源仓库地址：<https://github.com/coolsnowwolf/openwrt-gl-ax1800>
 
-5. 稳定版仓库地址：<https://github.com/coolsnowwolf/openwrt>
+4. 存档版本仓库地址：<https://github.com/coolsnowwolf/openwrt>
-
-## 软路由介绍
-
-友情推荐不恰饭：如果你在寻找一个低功耗小体积性能不错的 x86 / x64 路由器，我个人建议可以考虑小马v1 的铝合金版本
-(N3710 4千兆)：[页面介绍](https://item.taobao.com/item.htm?spm=a230r.1.14.20.144c763fRkK0VZ&id=561126544764)
-
-![xm1](doc/xm5.jpg) ![xm2](doc/xm6.jpg)
 
 ## 捐贈
 
 如果你觉得此项目对你有帮助，可以捐助我们，以鼓励项目能持续发展，更加完善
 
-支付宝 ![alipay](doc/alipay_donate.jpg) 微信 ![wechat](doc/wechat_donate.jpg)
+ ![star](doc/star.png)

README_EN.md

@@ -1,88 +1,201 @@
-Welcome to Lean's git source of OpenWrt and packages
+# Welcome to Lean's git source of OpenWrt and packages
-=
+
-
+I18N: [English](README_EN.md) | [简体中文](README.md) | [日本語](README_JA.md)
-How to build your Openwrt firmware.
+
--
+## Official Channels
-Note:
+
---
+If you have technical questions for discussion or sharing, feel free to join the following channels:
-1. DO **NOT** USE **root** USER FOR COMPILING!!!
+
-
+1. QQ Group: *OpenWRT Firmware Technical Research Group*, Group Number is `891659613`.
-2. Users within China should prepare proxy before building.
+Join the group: [Link](https://jq.qq.com/?_wv=1027&k=XL8SK5aC "Op固件技术研究群").
-
+    - [Click to download QQ client](https://im.qq.com/pcqq).
-3. Web admin panel default IP is 192.168.1.1 and default password is "password".
+
-
+2. Telegram Group: *OpenWRT Firmware Technical Research Group*.
-Let's start!
+Join the group: [Link](https://t.me/JhKgAA6Hx1 "OP 编译官方大群").
----
+
-1. First, install Ubuntu 64bit (Ubuntu 20.04 LTS x86 is recommended).
+## ArmSoM Sige Board Series Introduction
-
+
-2. Run `sudo apt-get update` in the terminal, and then run
+ArmSoM-Sige Series: Your All-in-One Powerhouse for Soft Routing, SBCs, Mini Servers, and Home Automation.
-    `
+
-    sudo apt-get -y install build-essential asciidoc binutils bzip2 gawk gettext git libncurses5-dev libz-dev patch python3 python2.7 unzip zlib1g-dev lib32gcc1 libc6-dev-i386 subversion flex uglifyjs git-core gcc-multilib p7zip p7zip-full msmtp libssl-dev texinfo libglib2.0-dev xmlto qemu-utils upx libelf-dev autoconf automake libtool autopoint device-tree-compiler g++-multilib antlr3 gperf wget curl swig rsync
+[ArmSoM Store](https://www.aliexpress.com/store/1102800175)
-    `
+
-
+Buy Link ：
-3. Run `git clone https://github.com/coolsnowwolf/lede` to clone the source code, and then `cd lede` to enter the directory
+[![sige1-en](doc/sige-en.jpg)](https://aliexpress.com/item/3256807356692995.html)
-
+
-4. ```bash
+## Notice
-   ./scripts/feeds update -a
+
-   ./scripts/feeds install -a
+1. **Never compile OpenWRT as `root`**
-   make menuconfig
+2. If you are living in mainland China, please make sure you could visit the **REAL** Internet.
-   ```
+3. Default login IP is `192.168.1.1`, password is `password`.
-
+
-5. Run `make -j8 download V=s` to download libraries and dependencies (user in China should use global proxy when possible)
+## How to Compile
-
+
-6. Run `make -j1 V=s` (integer following -j is the thread count, single-thread is recommended for the first build) to start building your firmware.
+1. Install a Linux distribution, Debian or Ubuntu LTS is recommended.
-
+
-This source code is promised to be compiled successfully.
+2. Install dependencies:
-
+
-You can use this source code freely, but please link this GitHub repository when redistributing. Thank you for your cooperation!
+   ```bash
-=
+   sudo apt update -y
-
+   sudo apt full-upgrade -y
-Rebuild:
+   sudo apt install -y ack antlr3 asciidoc autoconf automake autopoint binutils bison build-essential \
-```bash
+   bzip2 ccache clang cmake cpio curl device-tree-compiler flex gawk gcc-multilib g++-multilib gettext \
-cd lede
+   git gperf haveged help2man intltool libc6-dev-i386 libelf-dev libfuse-dev libglib2.0-dev libgmp3-dev \
-git pull
+   libltdl-dev libmpc-dev libmpfr-dev libncurses5-dev libncursesw5-dev libpython3-dev libreadline-dev \
-./scripts/feeds update -a && ./scripts/feeds install -a
+   libssl-dev libtool llvm lrzsz mkisofs msmtp nano ninja-build p7zip p7zip-full patch pkgconf python3 \
-make defconfig
+   python3-pyelftools python3-setuptools qemu-utils rsync scons squashfs-tools subversion swig texinfo \
-make -j8 download
+   uglifyjs upx-ucl unzip vim wget xmlto xxd zlib1g-dev
-make -j$(($(nproc) + 1)) V=s
+   ```
-```
+
-
+3. Clone the source code, update `feeds` and configure:
-If reconfiguration is need:
+
-```bash
+   ```bash
-rm -rf ./tmp && rm -rf .config
+   git clone https://github.com/coolsnowwolf/lede
-make menuconfig
+   cd lede
-make -j$(($(nproc) + 1)) V=s
+   ./scripts/feeds update -a
-```
+   ./scripts/feeds install -a
-
+   make menuconfig
-Build result will be produced to `bin/targets` directory.
+   ```
-
+
-Special tips:
+4. Download libraries and compile firmware
-------
+   > (`-j` is the thread count, single-thread is recommended for the first build):
-1. This source code doesn't contain any backdoors or close source applications that can monitor/capture your HTTPS traffic, SSL is the final castle of cyber security. Safety is what a firmware should achieve.
+
-
+   ```bash
-2. If you have any technical problem, you may join the QQ discussion group: 297253733, link: click [here](https://jq.qq.com/?_wv=1027&k=5yCRuXL)
+   make download -j8
-
+   make V=s -j1
-3. Want to learn OpenWrt development but don't know how? Can't motivate yourself for self-learning? Not enough fundamental knowledge? Learn OpenWrt development with Mr. Zuo through his Beginner OpenWrt Training Course. Click [here](http://forgotfun.org/2018/04/openwrt-training-2018.html) to register.
+   ```
-
+
-## Router Recommendation
+These commands are supposed to compile the source code successfully.
-Not Sponsored: If you are finding a low power consumption, small and performance promising x86/x64 router, I personally recommend the 
+All source code of R23 is included, including IPK.
-EZPROv1 Alumium Edition (N3710 4000M): [Details](https://item.taobao.com/item.htm?spm=a230r.1.14.20.144c763fRkK0VZ&id=561126544764)
+
-
+You can use this source code freely, but please link this GitHub repository when redistributing.
-![xm1](doc/xm5.jpg)
+Thank you for your cooperation!
-![xm2](doc/xm6.jpg)
+
-
+Rebuild:
-## Donation
+
-
+```bash
-If this project does help you, please consider donating to support the development of this project.
+cd lede
-
+git pull
-### Alipay
+./scripts/feeds update -a
-
+./scripts/feeds install -a
-![alipay](doc/alipay_donate.jpg)
+make defconfig
-
+make download -j8
-### WeChat
+make V=s -j$(nproc)
-
+```
-![wechat](doc/wechat_donate.jpg)
+
-
+If reconfiguration is need:
-## Note: Addition Lean's private package source code in `./package/lean` directory. Use it under GPL v3.
+
-
+```bash
-## GPLv3 is compatible with more licenses than GPLv2: it allows you to make combinations with code that has specific kinds of additional requirements that are not in GPLv3 itself. Section 7 has more information about this, including the list of additional requirements that are permitted.
+rm -rf ./tmp && rm -rf .config
+make menuconfig
+make V=s -j$(nproc)
+```
+
+Build artifacts will be outputted to `bin/targets` directory.
+
+### If you are using WSL/WSL2 as your build environment
+
+WSL's `PATH` potentially contain Windows paths with spaces, which may cause compilation failure.
+Please add the following lines to your local environment profiles before compiling:
+
+```bash
+# Update and reload your profile, ~/.bashrc for example.
+cat << EOF >> ~/.bashrc
+export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH"
+EOF
+source ~/.bashrc
+```
+
+NTFS-formatted drives mounted to a WSL distribution will be case-insensitive by default.
+This will cause the following error when compiling in WSL/WSL2:
+
+```txt
+Build dependency: OpenWrt can only be built on a case-sensitive filesystem
+```
+
+A simple solution is to create a case-sensitive directory for the repository before `git clone`:
+
+```powershell
+# Open a terminal as administrator
+PS > fsutil.exe file setCaseSensitiveInfo <your_local_lede_path> enable
+# Clone this repository to the case-sensitive directory <your_local_lede_path>
+PS > git clone git@github.com:coolsnowwolf/lede.git <your_local_lede_path>
+```
+
+> For directories that have already been `git clone`, `fsutil.exe` will not take effect.
+> Case sensitivity will only be enabled for new changes in the directory.
+
+### macOS Compilation
+
+1. Install Xcode from AppStore
+
+2. Install Homebrew:
+
+   ```bash
+   /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
+   ```
+
+3. Install toolchain, dependencies and packages with Homebrew:
+
+   ```bash
+   brew unlink awk
+   brew install coreutils diffutils findutils gawk gnu-getopt gnu-tar grep make ncurses pkg-config wget quilt xz
+   brew install gcc@11
+   ```
+
+4. Update your system environment:
+
+   - mac with intel chip
+
+   ```bash
+   echo 'export PATH="/usr/local/opt/coreutils/libexec/gnubin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/usr/local/opt/findutils/libexec/gnubin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/usr/local/opt/gnu-getopt/bin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/usr/local/opt/gnu-tar/libexec/gnubin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/usr/local/opt/grep/libexec/gnubin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/usr/local/opt/gnu-sed/libexec/gnubin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/usr/local/opt/make/libexec/gnubin:$PATH"' >> ~/.bashrc
+   ```
+
+   - mac with apple chip
+
+   ```zsh
+   echo 'export PATH="/opt/homebrew/opt/coreutils/libexec/gnubin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/opt/homebrew/opt/findutils/libexec/gnubin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/opt/homebrew/opt/gnu-getopt/bin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/opt/homebrew/opt/gnu-tar/libexec/gnubin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/opt/homebrew/opt/grep/libexec/gnubin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/opt/homebrew/opt/gnu-sed/libexec/gnubin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/opt/homebrew/opt/make/libexec/gnubin:$PATH"' >> ~/.bashrc
+   ```
+
+5. Reload your shell profile `source ~/.bashrc && bash`, then you can compile normally like Linux.
+
+## Declaration
+
+1. This source code doesn't contain any backdoors or closed source applications that can monitor/capture your HTTPS traffic. SSL security is the final castle of cyber security. Safety is what a firmware should do.
+2. Want to learn OpenWRT development but don't know how to start? Can't motivate yourself for self-learning? Do not have enough fundamental knowledge? Learn OpenWRT development with Mr. Zuo through his Beginner OpenWRT Training Course. Click [here](http://forgotfun.org/2018/04/openwrt-training-2018.html) to register.
+3. QCA IPQ60xx open source repository: <https://github.com/coolsnowwolf/openwrt-gl-ax1800>
+4. OpenWRT Archive repository: <https://github.com/coolsnowwolf/openwrt>
+
+## Introduction to Software Routers
+
+Yingku R2 - N95/N300 Mini Four-Network HomeLab Server
+
+(Introduction page - Yingku Technology (support AliPay Huabei)):
+
+[Pre-sale link](https://item.taobao.com/item.htm?ft=t&id=719159813003)
+<div align="left">
+<a href="https://item.taobao.com/item.htm?ft=t&id=719159813003">
+  <img src="doc/r1.jpg" width = "600" alt="" align=center />
+</a>
+</div>
+<br>
+
+## Donation
+
+If this project did helped you, please consider donating to support the development of this project.
+
+<div align="left">
+  <img src="./doc/star.png" width = "400" alt="" align=center />
+</div>
+<br>

README_JA.md

@@ -0,0 +1,191 @@
+# OpenWrt とパッケージの Lean の git ソースへようこそ
+
+I18N: [English](README_EN.md) | [简体中文](README.md) | [日本語](README_JA.md)
+
+## 公式チャンネル
+
+ディスカッションや共有したい技術的な質問がある場合は、以下のチャンネルにお気軽にご参加ください:
+
+1. QQ グループ: *OpenWRT ファームウェア技術研究グループ*、グループ番号は `891659613` です。
+グループに参加する: [リンク](https://jq.qq.com/?_wv=1027&k=XL8SK5aC "Op固件技术研究群")。
+    - [クリックして QQ クライアントをダウンロードする](https://im.qq.com/pcqq)。
+
+2. Telegram グループ: *OpenWRT ファームウェア技術研究グループ*。グループに参加する: [リンク](https://t.me/JhKgAA6Hx1 "OP 编译官方大群")。
+
+## 注意
+
+1. **OpenWRT を決して `root` としてコンパイルしないこと**
+2. 中国本土にお住まいの方は、ぜひ **REAL** インターネットをご覧ください。
+3. デフォルトのログイン IP は `192.168.1.1` で、パスワードは `password` です。
+
+## コンパイル方法
+
+1. Linuxディストリビューションをインストールし、Debian または Ubuntu LTS を推奨します。
+
+2. 依存関係をインストールする:
+
+   ```bash
+   sudo apt update -y
+   sudo apt full-upgrade -y
+   sudo apt install -y ack antlr3 asciidoc autoconf automake autopoint binutils bison build-essential \
+   bzip2 ccache clang cmake cpio curl device-tree-compiler flex gawk gcc-multilib g++-multilib gettext \
+   git gperf haveged help2man intltool libc6-dev-i386 libelf-dev libfuse-dev libglib2.0-dev libgmp3-dev \
+   libltdl-dev libmpc-dev libmpfr-dev libncurses5-dev libncursesw5-dev libpython3-dev libreadline-dev \
+   libssl-dev libtool llvm lrzsz mkisofs msmtp nano ninja-build p7zip p7zip-full patch pkgconf python3 \
+   python3-pyelftools python3-setuptools qemu-utils rsync scons squashfs-tools subversion swig texinfo \
+   uglifyjs upx-ucl unzip vim wget xmlto xxd zlib1g-dev
+   ```
+
+3. ソースコードをクローンし、`feeds` を更新し、設定する:
+
+   ```bash
+   git clone https://github.com/coolsnowwolf/lede
+   cd lede
+   ./scripts/feeds update -a
+   ./scripts/feeds install -a
+   make menuconfig
+   ```
+
+4. ライブラリのダウンロードとファームウェアのコンパイル
+   > (`-j` はスレッドカウント、最初のビルドはシングルスレッドを推奨):
+
+   ```bash
+   make download -j8
+   make V=s -j1
+   ```
+
+これらのコマンドは、ソースコードを正常にコンパイルするためのものです。
+R23 のソースコードは IPK を含めてすべて含まれています。
+
+このソースコードはご自由にお使いいただけますが、再配布の際はこの GitHub リポジトリをリンクしてください。
+ご協力ありがとうございました！
+
+リビルド:
+
+```bash
+cd lede
+git pull
+./scripts/feeds update -a
+./scripts/feeds install -a
+make defconfig
+make download -j8
+make V=s -j$(nproc)
+```
+
+再設定が必要な場合:
+
+```bash
+rm -rf ./tmp && rm -rf .config
+make menuconfig
+make V=s -j$(nproc)
+```
+
+ビルドの成果物は `bin/targets` ディレクトリに出力されます。
+
+### WSL/WSL2 をビルド環境として使用している場合
+
+WSL の `PATH` には、Windows のパスが空白で含まれている可能性があり、コンパイルに失敗することがあります。
+コンパイルする前に、ローカルの環境プロファイルに以下の行を追加してください:
+
+```bash
+# 例えば、~/.bashrc などのプロファイルを更新した後、再読み込みを行う。
+cat << EOF >> ~/.bashrc
+export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$PATH"
+EOF
+source ~/.bashrc
+```
+
+WSL ディストリビューションにマウントされた NTFS フォーマットのドライブは、デフォルトで大文字と小文字が区別されません。
+このため、WSL/WSL2 でコンパイルすると、次のようなエラーが発生します:
+
+```txt
+Build dependency: OpenWrt can only be built on a case-sensitive filesystem
+```
+
+単純な解決策は、`git clone` の前に大文字小文字を区別してリポジトリ用のディレクトリを作成することです:
+
+```powershell
+# 管理者としてターミナルを開く
+PS > fsutil.exe file setCaseSensitiveInfo <your_local_lede_path> enable
+# 大文字と小文字を区別して、このリポジトリを <your_local_lede_path> ディレクトリにクローンする
+PS > git clone git@github.com:coolsnowwolf/lede.git <your_local_lede_path>
+```
+
+> すでに `git clone` されたディレクトリでは、`fsutil.exe` は有効になりません。
+> 大文字小文字の区別はディレクトリの新しい変更に対してのみ有効になります。
+
+### macOS コンパイル
+
+1. AppStore から Xcode をインストールする
+
+2. Homebrew をインストールする:
+
+   ```bash
+   /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"
+   ```
+
+3. Homebrew でツールチェーン、依存関係、パッケージをインストールする:
+
+   ```bash
+   brew unlink awk
+   brew install coreutils diffutils findutils gawk gnu-getopt gnu-tar grep make ncurses pkg-config wget quilt xz
+   brew install gcc@11
+   ```
+
+4. システム環境のアップデート:
+
+   - MacのIntelシリコンバージョン
+
+   ```bash
+   echo 'export PATH="/usr/local/opt/coreutils/libexec/gnubin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/usr/local/opt/findutils/libexec/gnubin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/usr/local/opt/gnu-getopt/bin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/usr/local/opt/gnu-tar/libexec/gnubin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/usr/local/opt/grep/libexec/gnubin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/usr/local/opt/gnu-sed/libexec/gnubin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/usr/local/opt/make/libexec/gnubin:$PATH"' >> ~/.bashrc
+   ```
+
+   - MacのAppleシリコンバージョン
+
+   ```zsh
+   echo 'export PATH="/opt/homebrew/opt/coreutils/libexec/gnubin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/opt/homebrew/opt/findutils/libexec/gnubin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/opt/homebrew/opt/gnu-getopt/bin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/opt/homebrew/opt/gnu-tar/libexec/gnubin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/opt/homebrew/opt/grep/libexec/gnubin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/opt/homebrew/opt/gnu-sed/libexec/gnubin:$PATH"' >> ~/.bashrc
+   echo 'export PATH="/opt/homebrew/opt/make/libexec/gnubin:$PATH"' >> ~/.bashrc
+   ```
+
+5. シェルプロファイル `source ~/.bashrc && bash` を再読み込みすれば、Linux のように普通にコンパイルできます。
+
+## 宣言
+
+1. このソースコードには、HTTPS トラフィックを監視／キャプチャできるバックドアやクローズドソースアプリケーションは含まれていません。SSL セキュリティはサイバーセキュリティの最後の城です。安全性はファームウェアがすべきことです。
+2. OpenWRT の開発を学びたいが、何から始めたらいいかわからないですか？自己学習のモチベーションが上がらない？基礎知識が足りない？ズオ氏の初心者 OpenWRT トレーニングコースで一緒に OpenWRT 開発を学びましょう。お申し込みは[こちら](http://forgotfun.org/2018/04/openwrt-training-2018.html)をクリックしてください。
+3. QCA IPQ60xx オープンソースリポジトリ: <https://github.com/coolsnowwolf/openwrt-gl-ax1800>
+4. OpenWRT アーカイブリポジトリ: <https://github.com/coolsnowwolf/openwrt>
+
+## ソフトウェアルーター入門
+
+Yingku R2 - N95/N300 Mini Four-Network HomeLab Server
+
+(紹介ページ - Yingku Technology (support AliPay Huabei)):
+
+[先行販売リンク](https://item.taobao.com/item.htm?ft=t&id=719159813003)
+<div align="left">
+<a href="https://item.taobao.com/item.htm?ft=t&id=719159813003">
+  <img src="doc/r1.jpg" width = "600" alt="" align=center />
+</a>
+</div>
+<br>
+
+## 寄付
+
+このプロジェクトがあなたのお役に立てたのであれば、このプロジェクトの発展を支援するための寄付をご検討ください。
+
+<div align="left">
+  <img src="./doc/star.png" width = "400" alt="" align=center />
+</div>
+<br>

config/Config-build.in

@@ -5,7 +5,6 @@
 
 config EXPERIMENTAL
 	bool "Enable experimental features by default"
-	default n
 	help
 	  Set this option to build with latest bleeding edge features
 	  which may or may not work as expected.
@@ -14,19 +13,27 @@ config EXPERIMENTAL
 	  positive and negative). But do so only if you know how to
 	  recover your device in case of flashing potentially non-working
 	  firmware.
-	
+
 	  If you plan to use this build in production, say NO!
 
 menu "Global build settings"
 
 	config JSON_OVERVIEW_IMAGE_INFO
 		bool "Create JSON info file overview per target"
-		default BUILDBOT
+		default y
 		help
 		  Create a JSON info file called profiles.json in the target
 		  directory containing machine readable list of built profiles
 		  and resulting images.
 
+	config JSON_CYCLONEDX_SBOM
+		bool "Create CycloneDX SBOM JSON"
+		default BUILDBOT
+		help
+		  Create a JSON files *.bom.cdx.json in the build
+		  directory containing Software Bill Of Materials in CycloneDX
+		  format.
+
 	config ALL_NONSHARED
 		bool "Select all target specific packages by default"
 		select ALL_KMODS
@@ -42,7 +49,6 @@ menu "Global build settings"
 
 	config BUILDBOT
 		bool "Set build defaults for automatic builds (e.g. via buildbot)"
-		default n
 		help
 		  This option changes several defaults to be more suitable for
 		  automatic builds. This includes the following changes:
@@ -58,6 +64,15 @@ menu "Global build settings"
 		bool "Enable signature checking in opkg"
 		default SIGNED_PACKAGES
 
+	config DOWNLOAD_CHECK_CERTIFICATE
+		bool "Enable TLS certificate verification during package download"
+		default y
+
+	config USE_APK
+		imply PACKAGE_apk-mbedtls
+		bool "Use APK instead of OPKG to build distribution (BROKEN)"
+		depends on BROKEN
+
 	comment "General build options"
 
 	config TESTING_KERNEL
@@ -71,10 +86,8 @@ menu "Global build settings"
 
 	config DISPLAY_SUPPORT
 		bool "Show packages that require graphics support (local or remote)"
-		default n
 
 	config BUILD_PATENTED
-		default n
 		bool "Compile with support for patented functionality"
 		help
 		  When this option is disabled, software which provides patented functionality
@@ -82,7 +95,6 @@ menu "Global build settings"
 		  functionality, this optional support will get disabled for this package.
 
 	config BUILD_NLS
-		default n
 		bool "Compile with full language support"
 		help
 		  When this option is enabled, packages are built with the full versions of
@@ -96,7 +108,6 @@ menu "Global build settings"
 	config CLEAN_IPKG
 		bool
 		prompt "Remove ipkg/opkg status data files in final images"
-		default n
 		help
 		  This removes all ipkg/opkg status data files from the target directory
 		  before building the root filesystem.
@@ -104,14 +115,13 @@ menu "Global build settings"
 	config IPK_FILES_CHECKSUMS
 		bool
 		prompt "Record files checksums in package metadata"
-		default n
+		depends on !USE_APK
 		help
 		  This makes file checksums part of package metadata. It increases size
-		  but provides you with pkg_check command to check for flash coruptions.
+		  but provides you with pkg_check command to check for flash corruptions.
 
 	config INCLUDE_CONFIG
 		bool "Include build configuration in firmware" if DEVEL
-		default n
 		help
 		  If enabled, buildinfo files will be stored in /etc/build.* of firmware.
 
@@ -145,22 +155,44 @@ menu "Global build settings"
 	config DEBUG
 		bool
 		prompt "Compile packages with debugging info"
-		default n
 		help
 		  Adds -g3 to the CFLAGS.
 
-	config IPV6
+	config USE_GC_SECTIONS
 		bool
-		prompt "Enable IPv6 support in packages"
+		prompt "Dead code and data elimination for all packages (EXPERIMENTAL)"
-		default y
 		help
-		  Enables IPv6 support in kernel (builtin) and packages.
+		  Places functions and data items into its own sections to use the linker's
+		  garbage collection capabilites.
+		  Packages can choose to opt-out via setting PKG_BUILD_FLAGS:=no-gc-sections
+
+	config USE_LTO
+		bool
+		prompt "Use the link-time optimizer for all packages (EXPERIMENTAL)"
+		help
+		  Adds LTO flags to the CFLAGS and LDFLAGS.
+		  Packages can choose to opt-out via setting PKG_BUILD_FLAGS:=no-lto
+
+	config MOLD
+		depends on (aarch64 || arm || i386 || i686 || m68k || powerpc || powerpc64 || sh4 || x86_64)
+		depends on !GCC_USE_VERSION_11
+		def_bool $(shell, ./config/check-hostcxx.sh 10 2 12)
+
+	config USE_MOLD
+		bool
+		prompt "Use the mold linker for all packages"
+		depends on MOLD
+		help
+		  Link packages with mold, a modern linker
+		  Packages can opt-out via setting PKG_BUILD_FLAGS:=no-mold
+
+	config IPV6
+		def_bool y
 
 	comment "Stripping options"
 
 	choice
 		prompt "Binary stripping method"
-		default USE_STRIP   if EXTERNAL_TOOLCHAIN
 		default USE_STRIP   if USE_GLIBC
 		default USE_SSTRIP
 		help
@@ -177,7 +209,6 @@ menu "Global build settings"
 			help
 			  This will install binaries stripped using strip from binutils.
 
-
 		config USE_SSTRIP
 			bool "sstrip"
 			depends on !USE_GLIBC
@@ -194,16 +225,16 @@ menu "Global build settings"
 		help
 		  Specifies arguments passed to the strip command when stripping binaries.
 
-	config SSTRIP_ARGS
+	config SSTRIP_DISCARD_TRAILING_ZEROES
-		string
+		bool "Strip trailing zero bytes"
-		prompt "Sstrip arguments"
+		depends on USE_SSTRIP && !USE_MOLD
-		depends on USE_SSTRIP
+		default y
-		default "-z"
 		help
-		  Specifies arguments passed to the sstrip command when stripping binaries.
+		  Use sstrip's -z option to discard trailing zero bytes
 
 	config STRIP_KERNEL_EXPORTS
 		bool "Strip unnecessary exports from the kernel image"
+		depends on BROKEN
 		help
 		  Reduces kernel size by stripping unused kernel exports from the kernel
 		  image.  Note that this might make the kernel incompatible with any kernel
@@ -217,20 +248,6 @@ menu "Global build settings"
 		  make the system libraries incompatible with most of the packages that are
 		  not selected during the build process.
 
-	choice
-		prompt "Preferred standard C++ library"
-		default USE_LIBSTDCXX if USE_GLIBC
-		default USE_UCLIBCXX
-		help
-		  Select the preferred standard C++ library for all packages that support this.
-
-		config USE_UCLIBCXX
-			bool "uClibc++"
-
-		config USE_LIBSTDCXX
-			bool "libstdc++"
-	endchoice
-
 	comment "Hardening build options"
 
 	config PKG_CHECK_FORMAT_SECURITY
@@ -279,10 +296,22 @@ menu "Global build settings"
 		  Enable GCC Stack Smashing Protection (SSP) for userspace applications
 		config PKG_CC_STACKPROTECTOR_NONE
 			bool "None"
+			help
+				No stack smashing protection.
 		config PKG_CC_STACKPROTECTOR_REGULAR
 			bool "Regular"
+			help
+				Protects functions with vulnerable objects.
+				This includes functions with buffers larger than 8 bytes or calls to alloca.
 		config PKG_CC_STACKPROTECTOR_STRONG
 			bool "Strong"
+			help
+				Like Regular, but also protects functions with
+				local arrays or references to local frame addresses.
+		config PKG_CC_STACKPROTECTOR_ALL
+			bool "All"
+			help
+				Protects all functions.
 	endchoice
 
 	choice
@@ -292,10 +321,18 @@ menu "Global build settings"
 		  Enable GCC Stack-Smashing Protection (SSP) for the kernel
 		config KERNEL_CC_STACKPROTECTOR_NONE
 			bool "None"
+			help
+				No stack smashing protection.
 		config KERNEL_CC_STACKPROTECTOR_REGULAR
 			bool "Regular"
+			help
+				Protects functions with vulnerable objects.
+				This includes functions with buffers larger than 8 bytes or calls to alloca.
 		config KERNEL_CC_STACKPROTECTOR_STRONG
 			bool "Strong"
+			help
+				Like Regular, but also protects functions with
+				local arrays or references to local frame addresses.
 	endchoice
 
 	config KERNEL_STACKPROTECTOR
@@ -386,4 +423,16 @@ menu "Global build settings"
 
 	endchoice
 
+	config SECCOMP
+		bool "Enable SECCOMP"
+		select KERNEL_SECCOMP
+		select PACKAGE_procd-seccomp
+		depends on (aarch64 || arm || armeb || mips || mipsel || mips64 || mips64el || i386 || powerpc || x86_64)
+		depends on !TARGET_uml
+		default y
+		help
+		  This option enables seccomp kernel features to safely
+		  execute untrusted bytecode and selects the seccomp-variants
+		  of procd
+
 endmenu

config/Config-devel.in

@@ -4,11 +4,9 @@
 
 menuconfig DEVEL
 	bool "Advanced configuration options (for developers)"
-	default n
 
 	config BROKEN
 		bool "Show broken platforms / packages / devices" if DEVEL
-		default n
 
 	config BINARY_FOLDER
 		string "Binary folder" if DEVEL
@@ -17,6 +15,20 @@ menuconfig DEVEL
 		  Store built firmware images and filesystem images in this directory.
 		  If not set, uses './bin/$(BOARD)'
 
+	config DOWNLOAD_TOOL_CUSTOM
+		string "Use custom download tool" if DEVEL
+		default ""
+		help
+		  Use and force custom download tool instead of relying on autoselection
+		  between curl if available and wget as a fallback.
+
+		  download.pl supports 3 tools officially aria2c, curl and wget.
+		  If one of the tool is used in this config, download.pl will use the
+		  default args to make use of them.
+
+		  If the provided string is different than aria2c, curl or wget, the command
+		  is used as is and the download url will be appended at the end of such command.
+
 	config DOWNLOAD_FOLDER
 		string "Download folder" if DEVEL
 		default ""
@@ -39,12 +51,17 @@ menuconfig DEVEL
 
 	config AUTOREMOVE
 		bool "Automatic removal of build directories" if DEVEL
-		default n
 		help
 		  Automatically delete build directories after make target completed.
 		  This allows you to symlink build_dir into a scratch location, e.g. a ramdisk,
 		  which does not have enough space to keep a complete build_dir.
 
+	config BUILD_ALL_HOST_TOOLS
+		bool "Compile all host tools" if DEVEL
+		help
+		  Compile all host host tools even if not needed. This is needed to prepare a
+		  universal precompiled host tools archive to use in another buildroot.
+
 	config BUILD_SUFFIX
 		string "Build suffix to append to the target BUILD_DIR variable" if DEVEL
 		default ""
@@ -63,7 +80,6 @@ menuconfig DEVEL
 
 	config CCACHE
 		bool "Use ccache" if DEVEL
-		default n
 		help
 		  Compiler cache; see https://ccache.samba.org/
 
@@ -74,6 +90,11 @@ menuconfig DEVEL
 		  Store ccache in this directory.
 		  If not set, uses './.ccache'
 
+	config KERNEL_CFLAGS
+		string "Kernel extra CFLAGS" if DEVEL
+		default "-falign-functions=32" if TARGET_bcm53xx
+		default ""
+
 	config EXTERNAL_KERNEL_TREE
 		string "Use external kernel tree" if DEVEL
 		default ""

config/Config-images.in

@@ -17,7 +17,7 @@ menu "Target Images"
 			default TARGET_INITRAMFS_COMPRESSION_LZMA if TARGET_lantiq
 			default TARGET_INITRAMFS_COMPRESSION_LZMA if TARGET_mpc85xx
 			default TARGET_INITRAMFS_COMPRESSION_LZMA if TARGET_ramips
-			default TARGET_INITRAMFS_COMPRESSION_LZMA if TARGET_ipq40xx
+			default TARGET_INITRAMFS_COMPRESSION_ZSTD if TARGET_qualcommax
 			default TARGET_INITRAMFS_COMPRESSION_XZ if USES_SEPARATE_INITRAMFS
 			default TARGET_INITRAMFS_COMPRESSION_NONE
 			depends on TARGET_ROOTFS_INITRAMFS
@@ -37,18 +37,16 @@ menu "Target Images"
 				bool "lzma"
 
 			config TARGET_INITRAMFS_COMPRESSION_LZO
-				depends on !TARGET_ROOTFS_INITRAMFS_SEPARATE
 				bool "lzo"
 
 			config TARGET_INITRAMFS_COMPRESSION_LZ4
-				depends on !TARGET_ROOTFS_INITRAMFS_SEPARATE
 				bool "lz4"
 
 			config TARGET_INITRAMFS_COMPRESSION_XZ
 				bool "xz"
 
 			config TARGET_INITRAMFS_COMPRESSION_ZSTD
-				depends on !LINUX_5_4 && !LINUX_4_19
+				depends on !LINUX_5_4
 				bool "zstd"
 		endchoice
 
@@ -152,14 +150,17 @@ menu "Target Images"
 		bool "squashfs"
 		default y if USES_SQUASHFS
 		help
-		  Build a squashfs-lzma root filesystem.
+		  Build a squashfs root filesystem.
 
 		config TARGET_SQUASHFS_BLOCK_SIZE
 			int "Block size (in KiB)"
 			depends on TARGET_ROOTFS_SQUASHFS
 			default 64 if LOW_MEMORY_FOOTPRINT
 			default 1024 if (SMALL_FLASH && !LOW_MEMORY_FOOTPRINT)
-			default 1024
+			default 256
+			help
+			  Select squashfs block size, must be one of:
+			    4, 8, 16, 32, 64, 128, 256, 512, 1024
 
 	menuconfig TARGET_ROOTFS_UBIFS
 		bool "ubifs"
@@ -197,18 +198,23 @@ menu "Target Images"
 			default ""
 
 	config GRUB_IMAGES
-		bool "Build GRUB images (Linux x86 or x86_64 host only)"
+		bool "Build GRUB images"
 		depends on TARGET_x86
 		depends on TARGET_ROOTFS_EXT4FS || TARGET_ROOTFS_JFFS2 || TARGET_ROOTFS_SQUASHFS
 		select PACKAGE_grub2
+		select PACKAGE_grub2-bios-setup
 		default n
 
 	config GRUB_EFI_IMAGES
-		bool "Build GRUB EFI images (Linux x86 or x86_64 host only)"
+		bool "Build GRUB EFI images"
-		depends on TARGET_x86
+		depends on TARGET_x86 || TARGET_armvirt || TARGET_loongarch64 || TARGET_phytium
 		depends on TARGET_ROOTFS_EXT4FS || TARGET_ROOTFS_JFFS2 || TARGET_ROOTFS_SQUASHFS
-		select PACKAGE_grub2
+		select PACKAGE_grub2 if TARGET_x86
-		select PACKAGE_grub2-efi
+		select PACKAGE_grub2-efi if TARGET_x86
+		select PACKAGE_grub2-bios-setup if TARGET_x86
+		select PACKAGE_grub2-efi-arm if TARGET_armvirt
+		select PACKAGE_grub2-efi-arm if TARGET_phytium_armv8
+		select PACKAGE_grub2-efi-loongarch64 if TARGET_loongarch64
 		select PACKAGE_kmod-fs-vfat
 		default y
 
@@ -273,9 +279,8 @@ menu "Target Images"
 
 	config VMDK_IMAGES
 		bool "Build VMware image files (VMDK)"
-		depends on TARGET_x86
+		depends on TARGET_x86 || TARGET_armvirt
 		depends on GRUB_IMAGES || GRUB_EFI_IMAGES
-		default y
 		select PACKAGE_kmod-e1000
 
 	config VHDX_IMAGES
@@ -286,24 +291,28 @@ menu "Target Images"
 
 	config TARGET_IMAGES_GZIP
 		bool "GZip images"
-		depends on TARGET_ROOTFS_EXT4FS || TARGET_x86 || TARGET_armvirt || TARGET_malta
+		depends on TARGET_ROOTFS_EXT4FS || TARGET_x86 || TARGET_armvirt || TARGET_malta || TARGET_loongarch64
-		default n
+		default y
 
 	comment "Image Options"
 
 	source "target/linux/*/image/Config.in"
+	source "target/linux/*/*/image/Config.in"
 
 	config TARGET_KERNEL_PARTSIZE
-		int "Kernel partition size (in MB)"
+		int "Kernel partition size (in MiB)"
 		depends on USES_BOOT_PART
 		default 8 if TARGET_apm821xx_sata
 		default 64 if TARGET_bcm27xx
+		default 128 if TARGET_armvirt
 		default 32 if TARGET_rockchip
 		default 16
 
 	config TARGET_ROOTFS_PARTSIZE
-		int "Root filesystem partition size (in MB)"
+		int "Root filesystem partition size (in MiB)"
-		depends on USES_ROOTFS_PART || TARGET_ROOTFS_EXT4FS || TARGET_omap || TARGET_sunxi || TARGET_uml
+		depends on USES_ROOTFS_PART || TARGET_ROOTFS_EXT4FS
+		default 232 if TARGET_loongarch64
+		default 448 if TARGET_mediatek || TARGET_x86
 		default 160
 		help
 		  Select the root filesystem partition size.

config/Config-kernel.in

@@ -24,11 +24,6 @@ config KERNEL_PRINTK
 	bool "Enable support for printk"
 	default y
 
-config KERNEL_CRASHLOG
-	bool "Crash logging"
-	depends on !(arm || powerpc || sparc || TARGET_uml || i386 || x86_64)
-	default y
-
 config KERNEL_SWAP
 	bool "Support for paging of anonymous memory (swap)"
 	default y if !SMALL_FLASH
@@ -48,17 +43,29 @@ config KERNEL_DEBUG_FS
 
 config KERNEL_MIPS_FP_SUPPORT
 	bool
-	default y
+	default y if TARGET_pistachio
-	depends on (mips || mipsel || mips64 || mips64el)
 
 config KERNEL_ARM_PMU
 	bool
-	default n
+	default y if TARGET_armsr_armv8
 	depends on (arm || aarch64)
 
+config KERNEL_ARM_PMUV3
+	bool
+	default y if TARGET_armsr_armv8
+	depends on (arm_v7 || aarch64) && LINUX_6_6
+
+config KERNEL_RISCV_PMU
+	bool
+	select KERNEL_RISCV_PMU_SBI
+	depends on riscv64
+
+config KERNEL_RISCV_PMU_SBI
+	bool
+	depends on riscv64
+
 config KERNEL_X86_VSYSCALL_EMULATION
 	bool "Enable vsyscall emulation"
-	default n
 	depends on x86_64
 	help
 	  This enables emulation of the legacy vsyscall page.  Disabling
@@ -76,17 +83,22 @@ config KERNEL_X86_VSYSCALL_EMULATION
 
 config KERNEL_PERF_EVENTS
 	bool "Compile the kernel with performance events and counters"
-	default n
 	select KERNEL_ARM_PMU if (arm || aarch64)
+	select KERNEL_ARM_PMUV3 if (arm_v7 || aarch64) && LINUX_6_6
+	select KERNEL_RISCV_PMU if riscv64
 
 config KERNEL_PROFILING
 	bool "Compile the kernel with profiling enabled"
-	default n
 	select KERNEL_PERF_EVENTS
 	help
 	  Enable the extended profiling support mechanisms used by profilers such
 	  as OProfile.
 
+config KERNEL_RPI_AXIPERF
+	bool "Compile the kernel with RaspberryPi AXI Performance monitors"
+	default y
+	depends on KERNEL_PERF_EVENTS && TARGET_bcm27xx
+
 config KERNEL_UBSAN
 	bool "Compile the kernel with undefined behaviour sanity checker"
 	help
@@ -115,6 +127,16 @@ config KERNEL_UBSAN_ALIGNMENT
 	  Enabling this option on architectures that support unaligned
 	  accesses may produce a lot of false positives.
 
+config KERNEL_UBSAN_BOUNDS
+	bool "Perform array index bounds checking"
+	depends on KERNEL_UBSAN
+	help
+	  This option enables detection of directly indexed out of bounds array
+	  accesses, where the array size is known at compile time. Note that
+	  this does not protect array overflows via bad calls to the
+	  {str,mem}*cpy() family of functions (that is addressed by
+	  FORTIFY_SOURCE).
+
 config KERNEL_UBSAN_NULL
 	bool "Enable checking of null pointers"
 	depends on KERNEL_UBSAN
@@ -122,10 +144,23 @@ config KERNEL_UBSAN_NULL
 	  This option enables detection of memory accesses via a
 	  null pointer.
 
+config KERNEL_UBSAN_TRAP
+	bool "On Sanitizer warnings, abort the running kernel code"
+	depends on KERNEL_UBSAN
+	help
+	  Building kernels with Sanitizer features enabled tends to grow the
+	  kernel size by around 5%, due to adding all the debugging text on
+	  failure paths. To avoid this, Sanitizer instrumentation can just
+	  issue a trap. This reduces the kernel size overhead but turns all
+	  warnings (including potentially harmless conditions) into full
+	  exceptions that abort the running kernel code (regardless of context,
+	  locks held, etc), which may destabilize the system. For some system
+	  builders this is an acceptable trade-off.
+
 config KERNEL_KASAN
 	bool "Compile the kernel with KASan: runtime memory debugger"
 	select KERNEL_SLUB_DEBUG
-	depends on (x86_64 || aarch64)
+	depends on (x86_64 || aarch64 || arm || powerpc || riscv64)
 	help
 	  Enables kernel address sanitizer - runtime memory debugger,
 	  designed to find out-of-bounds accesses and use-after-free bugs.
@@ -138,20 +173,91 @@ config KERNEL_KASAN
 	  Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB
 	  (the resulting kernel does not boot).
 
-config KERNEL_KASAN_EXTRA
+config KERNEL_KASAN_VMALLOC
-	bool "KAsan: extra checks"
+	bool "Back mappings in vmalloc space with real shadow memory"
-	depends on KERNEL_KASAN && KERNEL_DEBUG_KERNEL
+	depends on KERNEL_KASAN
 	help
-	  This enables further checks in the kernel address sanitizer, for now
+	  By default, the shadow region for vmalloc space is the read-only
-	  it only includes the address-use-after-scope check that can lead
+	  zero page. This means that KASAN cannot detect errors involving
-	  to excessive kernel stack usage, frame size warnings and longer
+	  vmalloc space.
-	  compile time.
-	  https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 has more
 
+	  Enabling this option will hook in to vmap/vmalloc and back those
+	  mappings with real shadow memory allocated on demand. This allows
+	  for KASAN to detect more sorts of errors (and to support vmapped
+	  stacks), but at the cost of higher memory usage.
+
+	  This option depends on HAVE_ARCH_KASAN_VMALLOC, but we can't
+	  depend on that in here, so it is possible that enabling this
+	  will have no effect.
+
+if KERNEL_KASAN
+choice
+	prompt "KASAN mode"
+	depends on KERNEL_KASAN
+	default KERNEL_KASAN_GENERIC
+	help
+	  KASAN has three modes:
+
+	  1. Generic KASAN (supported by many architectures, enabled with
+	     CONFIG_KASAN_GENERIC, similar to userspace ASan),
+	  2. Software Tag-Based KASAN (arm64 only, based on software memory
+	     tagging, enabled with CONFIG_KASAN_SW_TAGS, similar to userspace
+	     HWASan), and
+	  3. Hardware Tag-Based KASAN (arm64 only, based on hardware memory
+	     tagging, enabled with CONFIG_KASAN_HW_TAGS).
+
+config KERNEL_KASAN_GENERIC
+	bool "Generic KASAN"
+	select KERNEL_SLUB_DEBUG
+	help
+	  Enables Generic KASAN.
+
+	  Consumes about 1/8th of available memory at kernel start and adds an
+	  overhead of ~50% for dynamic allocations.
+	  The performance slowdown is ~x3.
+
+config KERNEL_KASAN_SW_TAGS
+	bool "Software Tag-Based KASAN"
+	depends on aarch64
+	select KERNEL_SLUB_DEBUG
+	help
+	  Enables Software Tag-Based KASAN.
+
+	  Supported only on arm64 CPUs and relies on Top Byte Ignore.
+
+	  Consumes about 1/16th of available memory at kernel start and
+	  add an overhead of ~20% for dynamic allocations.
+
+	  May potentially introduce problems related to pointer casting and
+	  comparison, as it embeds a tag into the top byte of each pointer.
+
+config KERNEL_KASAN_HW_TAGS
+	bool "Hardware Tag-Based KASAN"
+	depends on aarch64
+	select KERNEL_SLUB_DEBUG
+	select KERNEL_ARM64_MTE
+	help
+	  Enables Hardware Tag-Based KASAN.
+
+	  Supported only on arm64 CPUs starting from ARMv8.5 and relies on
+	  Memory Tagging Extension and Top Byte Ignore.
+
+	  Consumes about 1/32nd of available memory.
+
+	  May potentially introduce problems related to pointer casting and
+	  comparison, as it embeds a tag into the top byte of each pointer.
+
+endchoice
+
+	config KERNEL_ARM64_MTE
+		def_bool n
+
+endif
 
 choice
 	prompt "Instrumentation type"
 	depends on KERNEL_KASAN
+	depends on !KERNEL_KASAN_HW_TAGS
 	default KERNEL_KASAN_OUTLINE
 
 config KERNEL_KASAN_OUTLINE
@@ -209,7 +315,6 @@ config KERNEL_KCOV_INSTRUMENT_ALL
 
 config KERNEL_TASKSTATS
 	bool "Compile the kernel with task resource/io statistics and accounting"
-	default n
 	help
 	  Enable the collection and publishing of task/io statistics and
 	  accounting.  Enable this option to enable i/o monitoring in system
@@ -228,6 +333,25 @@ if KERNEL_TASKSTATS
 
 endif
 
+config KERNEL_PSI
+	bool "Compile the kernel with pressure stall information tracking"
+	help
+	  Collect metrics that indicate how overcommitted the CPU, memory,
+	  and IO capacity are in the system.
+
+	  If you say Y here, the kernel will create /proc/pressure/ with the
+	  pressure statistics files cpu, memory, and io. These will indicate
+	  the share of walltime in which some or all tasks in the system are
+	  delayed due to contention of the respective resource.
+
+	  In kernels with cgroup support, cgroups (cgroup2 only) will
+	  have cpu.pressure, memory.pressure, and io.pressure files,
+	  which aggregate pressure stalls for the grouped tasks only.
+
+	  For more details see Documentation/accounting/psi.rst.
+
+	  Say N if unsure.
+
 config KERNEL_KALLSYMS
 	bool "Compile the kernel with symbol table information"
 	default y if !SMALL_FLASH
@@ -237,37 +361,30 @@ config KERNEL_KALLSYMS
 config KERNEL_FTRACE
 	bool "Compile the kernel with tracing support"
 	depends on !TARGET_uml
-	default n
 
 config KERNEL_FTRACE_SYSCALLS
 	bool "Trace system calls"
 	depends on KERNEL_FTRACE
-	default n
 
 config KERNEL_ENABLE_DEFAULT_TRACERS
 	bool "Trace process context switches and events"
 	depends on KERNEL_FTRACE
-	default n
 
 config KERNEL_FUNCTION_TRACER
 	bool "Function tracer"
 	depends on KERNEL_FTRACE
-	default n
 
 config KERNEL_FUNCTION_GRAPH_TRACER
 	bool "Function graph tracer"
 	depends on KERNEL_FUNCTION_TRACER
-	default n
 
 config KERNEL_DYNAMIC_FTRACE
 	bool "Enable/disable function tracing dynamically"
 	depends on KERNEL_FUNCTION_TRACER
-	default n
 
 config KERNEL_FUNCTION_PROFILER
 	bool "Function profiler"
 	depends on KERNEL_FUNCTION_TRACER
-	default n
 
 config KERNEL_IRQSOFF_TRACER
 	bool "Interrupts-off Latency Tracer"
@@ -303,9 +420,21 @@ config KERNEL_PREEMPT_TRACER
 	  enabled. This option and the irqs-off timing option can be
 	  used together or separately.)
 
+config KERNEL_HIST_TRIGGERS
+	bool "Histogram triggers"
+	depends on KERNEL_FTRACE
+	help
+	  Hist triggers allow one or more arbitrary trace event fields to be
+	  aggregated into hash tables and dumped to stdout by reading a
+	  debugfs/tracefs file. They're useful for gathering quick and dirty
+	  (though precise) summaries of event activity as an initial guide for
+	  further investigation using more advanced tools.
+
+	  Inter-event tracing of quantities such as latencies is also
+	  supported using hist triggers under this option.
+
 config KERNEL_DEBUG_KERNEL
 	bool
-	default n
 
 config KERNEL_DEBUG_INFO
 	bool "Compile the kernel with debug information"
@@ -314,6 +443,61 @@ config KERNEL_DEBUG_INFO
 	help
 	  This will compile your kernel and modules with debug information.
 
+config KERNEL_DEBUG_INFO_BTF
+	bool "Enable additional BTF type information"
+	depends on !HOST_OS_MACOS
+	depends on KERNEL_DEBUG_INFO && !KERNEL_DEBUG_INFO_REDUCED
+	select DWARVES
+	help
+	  Generate BPF Type Format (BTF) information from DWARF debug info.
+	  Turning this on expects presence of pahole tool, which will convert
+	  DWARF type info into equivalent deduplicated BTF type info.
+
+	  Required to run BPF CO-RE applications.
+
+config KERNEL_DEBUG_INFO_BTF_MODULES
+	def_bool y
+	depends on KERNEL_DEBUG_INFO_BTF
+
+config KERNEL_MODULE_ALLOW_BTF_MISMATCH
+	bool "Allow loading modules with non-matching BTF type info"
+	depends on KERNEL_DEBUG_INFO_BTF_MODULES
+	help
+	  For modules whose split BTF does not match vmlinux, load without
+	  BTF rather than refusing to load. The default behavior with
+	  module BTF enabled is to reject modules with such mismatches;
+	  this option will still load module BTF where possible but ignore
+	  it when a mismatch is found.
+
+config KERNEL_DEBUG_INFO_REDUCED
+	bool "Reduce debugging information"
+	default y
+	depends on KERNEL_DEBUG_INFO
+	help
+	  If you say Y here gcc is instructed to generate less debugging
+	  information for structure types. This means that tools that
+	  need full debugging information (like kgdb or systemtap) won't
+	  be happy. But if you merely need debugging information to
+	  resolve line numbers there is no loss. Advantage is that
+	  build directory object sizes shrink dramatically over a full
+	  DEBUG_INFO build and compile times are reduced too.
+	  Only works with newer gcc versions.
+
+config KERNEL_FRAME_WARN
+	int
+	range 0 8192
+	default 1280 if KERNEL_KASAN && !ARCH_64BIT
+	default 1024 if !ARCH_64BIT
+	default 2048 if ARCH_64BIT
+	help
+	  Tell the compiler to warn at build time for stack frames larger than this.
+	  Setting this too low will cause a lot of warnings.
+	  Setting it to 0 disables the warning.
+
+# KERNEL_DEBUG_LL symbols must have the default value set as otherwise
+# KConfig wont evaluate them unless KERNEL_EARLY_PRINTK is selected
+# which means that buildroot wont override the DEBUG_LL symbols in target
+# kernel configurations and lead to devices that dont have working console
 config KERNEL_DEBUG_LL_UART_NONE
 	bool
 	default n
@@ -327,10 +511,16 @@ config KERNEL_DEBUG_LL
 	help
 	  ARM low level debugging.
 
+config KERNEL_DEBUG_VIRTUAL
+	bool "Compile the kernel with VM translations debugging"
+	select KERNEL_DEBUG_KERNEL
+	help
+	  Enable checks sanity checks to catch invalid uses of
+	  virt_to_phys()/phys_to_virt() against the non-linear address space.
+
 config KERNEL_DYNAMIC_DEBUG
 	bool "Compile the kernel with dynamic printk"
 	select KERNEL_DEBUG_FS
-	default n
 	help
 	  Compiles debug level messages into the kernel, which would not
 	  otherwise be available at runtime. These messages can then be
@@ -342,7 +532,6 @@ config KERNEL_DYNAMIC_DEBUG
 config KERNEL_EARLY_PRINTK
 	bool "Compile the kernel with early printk"
 	default y if TARGET_bcm53xx
-	default n
 	depends on arm
 	select KERNEL_DEBUG_KERNEL
 	select KERNEL_DEBUG_LL if arm
@@ -353,7 +542,6 @@ config KERNEL_EARLY_PRINTK
 
 config KERNEL_KPROBES
 	bool "Compile the kernel with kprobes support"
-	default n
 	select KERNEL_FTRACE
 	select KERNEL_PERF_EVENTS
 	help
@@ -368,13 +556,32 @@ config KERNEL_KPROBE_EVENTS
 	bool
 	default y if KERNEL_KPROBES
 
+config KERNEL_BPF_EVENTS
+	bool "Compile the kernel with BPF event support"
+	select KERNEL_KPROBES
+	help
+	  Allows to attach BPF programs to kprobe, uprobe and tracepoint events.
+	  This is required to use BPF maps of type BPF_MAP_TYPE_PERF_EVENT_ARRAY
+	  for sending data from BPF programs to user-space for post-processing
+	  or logging.
+
+config KERNEL_PROBE_EVENTS_BTF_ARGS
+	bool "Support BTF function arguments for probe events"
+	depends on KERNEL_DEBUG_INFO_BTF && KERNEL_KPROBE_EVENTS && LINUX_6_6
+
+config KERNEL_BPF_KPROBE_OVERRIDE
+	bool
+	depends on KERNEL_KPROBES
+	default n
+
 config KERNEL_AIO
 	bool "Compile the kernel with asynchronous IO support"
 	default y if !SMALL_FLASH
 
 config KERNEL_IO_URING
 	bool "Compile the kernel with io_uring support"
-	default y if !SMALL_FLASH
+	depends on !SMALL_FLASH
+	default y if (x86_64 || aarch64)
 
 config KERNEL_FHANDLE
 	bool "Compile the kernel with support for fhandle syscalls"
@@ -386,7 +593,6 @@ config KERNEL_FANOTIFY
 
 config KERNEL_BLK_DEV_BSG
 	bool "Compile the kernel with SCSI generic v4 support for any block device"
-	default n
 
 config KERNEL_TRANSPARENT_HUGEPAGE
 	bool
@@ -410,7 +616,6 @@ config KERNEL_HUGETLB_PAGE
 	bool "Compile the kernel with HugeTLB support"
 	select KERNEL_TRANSPARENT_HUGEPAGE
 	select KERNEL_HUGETLBFS
-	default n
 
 config KERNEL_MAGIC_SYSRQ
 	bool "Compile the kernel with SysRq support"
@@ -435,36 +640,35 @@ config KERNEL_ELF_CORE
 config KERNEL_PROVE_LOCKING
 	bool "Enable kernel lock checking"
 	select KERNEL_DEBUG_KERNEL
-	default n
 
-config KERNEL_LOCKUP_DETECTOR
+config KERNEL_SOFTLOCKUP_DETECTOR
-	bool "Compile the kernel with detect Hard and Soft Lockups"
+	bool "Compile the kernel with detect Soft Lockups"
 	depends on KERNEL_DEBUG_KERNEL
 	help
 	  Say Y here to enable the kernel to act as a watchdog to detect
-	  hard and soft lockups.
+	  soft lockups.
 
 	  Softlockups are bugs that cause the kernel to loop in kernel
 	  mode for more than 20 seconds, without giving other tasks a
 	  chance to run.  The current stack trace is displayed upon
 	  detection and the system will stay locked up.
 
+config KERNEL_HARDLOCKUP_DETECTOR
+	bool "Compile the kernel with detect Hard Lockups"
+	depends on KERNEL_DEBUG_KERNEL
+	help
+	  Say Y here to enable the kernel to act as a watchdog to detect
+	  hard lockups.
+
 	  Hardlockups are bugs that cause the CPU to loop in kernel mode
 	  for more than 10 seconds, without letting other interrupts have a
 	  chance to run.  The current stack trace is displayed upon detection
 	  and the system will stay locked up.
 
-	  The overhead should be minimal.  A periodic hrtimer runs to
-	  generate interrupts and kick the watchdog task every 4 seconds.
-	  An NMI is generated every 10 seconds or so to check for hardlockups.
-
-	  The frequency of hrtimer and NMI events and the soft and hard lockup
-	  thresholds can be controlled through the sysctl watchdog_thresh.
-
 config KERNEL_DETECT_HUNG_TASK
 	bool "Compile the kernel with detect Hung Tasks"
 	depends on KERNEL_DEBUG_KERNEL
-	default KERNEL_LOCKUP_DETECTOR
+	default KERNEL_SOFTLOCKUP_DETECTOR
 	help
 	  Say Y here to enable the kernel to detect "hung tasks",
 	  which are bugs that cause the task to be stuck in
@@ -510,10 +714,23 @@ config KERNEL_PRINTK_TIME
 	default y
 
 config KERNEL_SLUB_DEBUG
-	bool
+	bool "Enable SLUB debugging support"
+	help
+	  This enables various debugging features:
+	    - Accepts "slub_debug" kernel parameter
+	    - Provides caches debugging options (e.g. tracing, validating)
+	    - Adds /sys/kernel/slab/ attrs for reading amounts of *objects*
+	    - Enables /proc/slabinfo support
+	    - Prints info when running out of memory
+
+	  Enabling this can result in a significant increase of code size.
 
 config KERNEL_SLUB_DEBUG_ON
-	bool
+	depends on KERNEL_SLUB_DEBUG
+	bool "Boot kernel with basic caches debugging enabled"
+	help
+	  This enables by default sanity_checks, red_zone, poison and store_user
+	  debugging options for all caches.
 
 config KERNEL_SLABINFO
 	select KERNEL_SLUB_DEBUG
@@ -549,11 +766,9 @@ config USE_RFKILL
 
 config USE_SPARSE
 	bool "Enable sparse check during kernel build"
-	default n
 
 config KERNEL_DEVTMPFS
 	bool "Compile the kernel with device tmpfs enabled"
-	default n
 	help
 	  devtmpfs is a simple, kernel-managed /dev filesystem. The kernel creates
 	  devices nodes for all registered devices to simplify boot, but leaves more
@@ -563,7 +778,6 @@ if KERNEL_DEVTMPFS
 
 	config KERNEL_DEVTMPFS_MOUNT
 		bool "Automatically mount devtmpfs after root filesystem is mounted"
-		default n
 
 endif
 
@@ -574,17 +788,14 @@ config KERNEL_KEYS
 config KERNEL_PERSISTENT_KEYRINGS
 	bool "Enable kernel persistent keyrings"
 	depends on KERNEL_KEYS
-	default n
 
 config KERNEL_KEYS_REQUEST_CACHE
 	bool "Enable temporary caching of the last request_key() result"
 	depends on KERNEL_KEYS
-	default n
 
 config KERNEL_BIG_KEYS
 	bool "Enable large payload keys on kernel keyrings"
 	depends on KERNEL_KEYS
-	default n
 
 #
 # CGROUP support symbols
@@ -598,7 +809,6 @@ if KERNEL_CGROUPS
 
 	config KERNEL_CGROUP_DEBUG
 		bool "Example debug cgroup subsystem"
-		default n
 		help
 		  This option enables a simple cgroup subsystem that
 		  exports useful debugging information about the cgroups
@@ -609,7 +819,6 @@ if KERNEL_CGROUPS
 
 	config KERNEL_CGROUP_FREEZER
 		bool "legacy Freezer cgroup subsystem"
-		default n
 		select KERNEL_FREEZER
 		help
 		  Provides a way to freeze and unfreeze all tasks in a
@@ -619,7 +828,6 @@ if KERNEL_CGROUPS
 
 	config KERNEL_CGROUP_DEVICE
 		bool "legacy Device controller for cgroups"
-		default n
 		help
 		  Provides a cgroup implementing whitelists for devices which
 		  a process in the cgroup can mknod or open.
@@ -627,7 +835,6 @@ if KERNEL_CGROUPS
 
 	config KERNEL_CGROUP_HUGETLB
 		bool "HugeTLB controller"
-		default n
 		select KERNEL_HUGETLB_PAGE
 
 	config KERNEL_CGROUP_PIDS
@@ -654,9 +861,19 @@ if KERNEL_CGROUPS
 		  Memory Nodes and assigning tasks to run only within those sets.
 		  This is primarily useful on large SMP or NUMA systems.
 
+	config KERNEL_CPUSETS_V1
+		bool "Legacy cgroup v1 cpusets controller"
+		depends on KERNEL_CPUSETS
+		default n
+		help
+		  Legacy cgroup v1 cpusets controller which has been deprecated by
+		  cgroup v2 implementation. The v1 is there for legacy applications
+		  which haven't migrated to the new cgroup v2 interface yet. If you
+		  do not have any such application then you are completely fine leaving
+		  this option disabled.
+
 	config KERNEL_PROC_PID_CPUSET
 		bool "Include legacy /proc/<pid>/cpuset file"
-		default n
 		depends on KERNEL_CPUSETS
 
 	config KERNEL_CGROUP_CPUACCT
@@ -681,7 +898,7 @@ if KERNEL_CGROUPS
 		bool "Memory Resource Controller for Control Groups"
 		default y
 		select KERNEL_FREEZER
-		depends on KERNEL_RESOURCE_COUNTERS || !LINUX_3_18
+		depends on KERNEL_RESOURCE_COUNTERS
 		help
 		  Provides a memory resource controller that manages both anonymous
 		  memory and page cache. (See Documentation/cgroups/memory.txt)
@@ -722,7 +939,6 @@ if KERNEL_CGROUPS
 
 	config KERNEL_MEMCG_SWAP_ENABLED
 		bool "Memory Resource Controller Swap Extension enabled by default"
-		default n
 		depends on KERNEL_MEMCG_SWAP
 		help
 		  Memory Resource Controller Swap Extension comes with its price in
@@ -748,10 +964,24 @@ if KERNEL_CGROUPS
 		  the kmem extension can use it to guarantee that no group of processes
 		  will ever exhaust kernel resources alone.
 
+	config KERNEL_MEMCG_V1
+		bool "Legacy cgroup v1 memory controller"
+		default n
+		depends on KERNEL_MEMCG
+		help
+		  Legacy cgroup v1 memory controller which has been deprecated by
+		  cgroup v2 implementation. The v1 is there for legacy applications
+		  which haven't migrated to the new cgroup v2 interface yet. If you
+		  do not have any such application then you are completely fine leaving
+		  this option disabled.
+
+		  Please note that feature set of the legacy memory controller is likely
+		  going to shrink due to deprecation process. New deployments with v1
+		  controller are highly discouraged.
+
 	config KERNEL_CGROUP_PERF
 		bool "Enable perf_event per-cpu per-container group (cgroup) monitoring"
 		select KERNEL_PERF_EVENTS
-		default n
 		help
 		  This option extends the per-cpu mode to restrict monitoring to
 		  threads which belong to the cgroup specified and run on the
@@ -828,7 +1058,6 @@ if KERNEL_CGROUPS
 
 	config KERNEL_DEBUG_BLK_CGROUP
 		bool "Enable Block IO controller debugging"
-		default n
 		depends on KERNEL_BLK_CGROUP
 		help
 		  Enable some debugging help. Currently it exports additional stat
@@ -836,15 +1065,12 @@ if KERNEL_CGROUPS
 
 	config KERNEL_NET_CLS_CGROUP
 		bool "legacy Control Group Classifier"
-		default n
 
 	config KERNEL_CGROUP_NET_CLASSID
 		bool "legacy Network classid cgroup"
-		default n
 
 	config KERNEL_CGROUP_NET_PRIO
 		bool "legacy Network priority cgroup"
-		default n
 
 endif
 
@@ -944,6 +1170,19 @@ config KERNEL_IP_MROUTE
 	  Multicast routing requires a multicast routing daemon in
 	  addition to kernel support.
 
+if KERNEL_IP_MROUTE
+
+	config KERNEL_IP_MROUTE_MULTIPLE_TABLES
+		def_bool y
+
+	config KERNEL_IP_PIMSM_V1
+		def_bool y
+
+	config KERNEL_IP_PIMSM_V2
+		def_bool y
+
+endif
+
 #
 # IPv6 configuration
 #
@@ -966,8 +1205,15 @@ if KERNEL_IPV6
 		  Multicast routing requires a multicast routing daemon in
 		  addition to kernel support.
 
-	config KERNEL_IPV6_PIMSM_V2
+	if KERNEL_IPV6_MROUTE
-		def_bool n
+
+		config KERNEL_IPV6_MROUTE_MULTIPLE_TABLES
+			def_bool y
+
+		config KERNEL_IPV6_PIMSM_V2
+			def_bool y
+
+	endif
 
 	config KERNEL_IPV6_SEG6_LWTUNNEL
 		bool "Enable support for lightweight tunnels"
@@ -980,6 +1226,45 @@ if KERNEL_IPV6
 
 endif
 
+#
+# Miscellaneous network configuration
+#
+
+config KERNEL_NET_L3_MASTER_DEV
+	bool "L3 Master device support"
+	default y if !SMALL_FLASH
+	help
+	  This module provides glue between core networking code and device
+	  drivers to support L3 master devices like VRF.
+  	  Increases the compressed kernel size by ~4kB (as of Linux 6.6).
+
+config KERNEL_XDP_SOCKETS
+	bool "XDP sockets support"
+	help
+	  XDP sockets allows a channel between XDP programs and
+	  userspace applications.
+
+config KERNEL_PAGE_POOL
+	def_bool n
+
+config KERNEL_PAGE_POOL_STATS
+	bool "Page pool stats support"
+	depends on KERNEL_PAGE_POOL
+
+config KERNEL_MPTCP
+	bool "Multi-Path TCP support"
+	default y if !SMALL_FLASH
+	help
+	   Select this option to enable support for Multi-Path TCP.
+	   Increases the compressed kernel size by ~214kB (as of Linux 6.6).
+
+if KERNEL_IPV6
+config KERNEL_MPTCP_IPV6
+	bool "IPv6 support for Multipath TCP"
+	depends on KERNEL_MPTCP
+	default KERNEL_MPTCP
+endif
+
 #
 # NFS related symbols
 #
@@ -1014,14 +1299,20 @@ if KERNEL_IP_PNP
 
 endif
 
+config KERNEL_BTRFS_FS
+	bool "Compile the kernel with built-in BTRFS support"
+	help
+	  Say Y here if you want to make the kernel to be able to boot off a
+	  BTRFS partition.
+
 menu "Filesystem ACL and attr support options"
 	config USE_FS_ACL_ATTR
 		bool "Use filesystem ACL and attr support by default"
-		default n
+		default y if !SMALL_FLASH
 		help
 		  Make using ACLs (e.g. POSIX ACL, NFSv4 ACL) the default
-		  for kernel and packages, except tmpfs, flash filesystems,
+		  for kernel and packages, except old NFS.
-		  and old NFS.  Also enable userspace extended attribute support
+		  Also enable userspace extended attribute support
 		  by default.  (OpenWrt already has an expection it will be
 		  present in the kernel).
 
@@ -1042,17 +1333,17 @@ menu "Filesystem ACL and attr support options"
 	config KERNEL_F2FS_FS_POSIX_ACL
 		bool "Enable POSIX ACL for F2FS Filesystems"
 		select KERNEL_FS_POSIX_ACL
-		default n
+		default y if USE_FS_ACL_ATTR
 
 	config KERNEL_JFFS2_FS_POSIX_ACL
 		bool "Enable POSIX ACL for JFFS2 Filesystems"
 		select KERNEL_FS_POSIX_ACL
-		default n
+		default y if USE_FS_ACL_ATTR
 
 	config KERNEL_TMPFS_POSIX_ACL
 		bool "Enable POSIX ACL for TMPFS Filesystems"
 		select KERNEL_FS_POSIX_ACL
-		default n
+		default y if USE_FS_ACL_ATTR
 
 	config KERNEL_CIFS_ACL
 		bool "Enable CIFS ACLs"
@@ -1075,15 +1366,12 @@ menu "Filesystem ACL and attr support options"
 
 	config KERNEL_NFS_V3_ACL_SUPPORT
 		bool "Enable ACLs for NFSv3"
-		default n
 
 	config KERNEL_NFSD_V2_ACL_SUPPORT
 		bool "Enable ACLs for NFSDv2"
-		default n
 
 	config KERNEL_NFSD_V3_ACL_SUPPORT
 		bool "Enable ACLs for NFSDv3"
-		default n
 
 	config KERNEL_REISER_FS_POSIX_ACL
 		bool "Enable POSIX ACLs for ReiserFS"
@@ -1125,7 +1413,7 @@ config KERNEL_SQUASHFS_XATTR
 	bool "Squashfs XATTR support"
 
 #
-# compile optimiziation setting
+# compile optimization setting
 #
 choice
 	prompt "Compiler optimization level"
@@ -1192,12 +1480,30 @@ config KERNEL_LSM
 
 config KERNEL_EXT4_FS_SECURITY
 	bool "Ext4 Security Labels"
+	default y if !SMALL_FLASH
 
 config KERNEL_F2FS_FS_SECURITY
 	bool "F2FS Security Labels"
+	default y if !SMALL_FLASH
 
 config KERNEL_UBIFS_FS_SECURITY
 	bool "UBIFS Security Labels"
+	default y if !SMALL_FLASH
 
 config KERNEL_JFFS2_FS_SECURITY
 	bool "JFFS2 Security Labels"
+	default y if !SMALL_FLASH
+
+config KERNEL_WERROR
+	bool "Compile the kernel with warnings as errors"
+	help
+	  A kernel build should not cause any compiler warnings, and this
+	  enables the '-Werror' (for C) and '-Dwarnings' (for Rust) flags
+	  to enforce that rule by default. Certain warnings from other tools
+	  such as the linker may be upgraded to errors with this option as
+	  well.
+
+	  However, if you have a new (or very old) compiler or linker with odd
+	  and unusual warnings, or you have some architecture with problems,
+	  you may need to disable this config option in order to
+	  successfully build the kernel.

config/check-hostcxx.sh

@@ -0,0 +1,12 @@
+cat << EOF | "$STAGING_DIR_HOST/bin/g++" -c -x c++ -o /dev/null - >/dev/null 2>&1
+#if __clang__
+  #if __clang_major__ < $3
+    #error "clang too old"
+  #endif
+#else
+  #if __GNUC__ < $1 || (__GNUC__ == $1 && (__GNUC_MINOR__ < $2))
+    #error "gcc too old"
+  #endif
+#endif
+EOF
+[ $? -eq 0 ] && echo y || echo n

config/check-uname.sh

@@ -0,0 +1 @@
+[ "$(uname)" = "$1" ] && echo y || echo n

feeds.conf.default

@@ -1,7 +1,10 @@
 src-git packages https://github.com/coolsnowwolf/packages
-src-git luci https://github.com/coolsnowwolf/luci
+#src-git luci https://github.com/coolsnowwolf/luci
+src-git luci https://github.com/coolsnowwolf/luci.git;openwrt-23.05
 src-git routing https://github.com/coolsnowwolf/routing
-src-git telephony https://git.openwrt.org/feed/telephony.git
+src-git telephony https://github.com/coolsnowwolf/telephony.git
+#src-git helloworld https://github.com/fw876/helloworld.git
+#src-git oui https://github.com/zhaojh329/oui.git
 #src-git video https://github.com/openwrt/video.git
 #src-git targets https://github.com/openwrt/targets.git
 #src-git oldpackages http://git.openwrt.org/packages.git

include/autotools.mk

@@ -23,7 +23,8 @@ AM_TOOL_PATHS:= \
 	LIBTOOLIZE=$(STAGING_DIR_HOST)/bin/libtoolize \
 	LIBTOOL=$(STAGING_DIR_HOST)/bin/libtool \
 	M4=$(STAGING_DIR_HOST)/bin/m4 \
-	AUTOPOINT=true
+	AUTOPOINT=true \
+	GTKDOCIZE=true
 
 # 1: build dir
 # 2: remove files
@@ -35,7 +36,7 @@ define autoreconf
 		$(patsubst %,rm -f %;,$(2)) \
 		$(foreach p,$(3), \
 			if [ -f $(p)/configure.ac ] || [ -f $(p)/configure.in ]; then \
-				[ -d $(p)/autom4te.cache ] && rm -rf autom4te.cache; \
+				[ -d $(p)/autom4te.cache ] && rm -rf $(p)/autom4te.cache; \
 				[ -e $(p)/config.rpath ] || \
 						ln -s $(SCRIPT_DIR)/config.rpath $(p)/config.rpath; \
 				touch NEWS AUTHORS COPYING ABOUT-NLS ChangeLog; \
@@ -113,7 +114,7 @@ ifneq ($(filter patch-libtool,$(PKG_FIXUP)),)
 endif
 
 ifneq ($(filter libtool,$(PKG_FIXUP)),)
-  PKG_BUILD_DEPENDS += libtool gettext libiconv
+  PKG_BUILD_DEPENDS += libtool
  ifeq ($(filter no-autoreconf,$(PKG_FIXUP)),)
   Hooks/Configure/Pre += autoreconf_target
  endif
@@ -124,7 +125,7 @@ ifneq ($(filter libtool-abiver,$(PKG_FIXUP)),)
 endif
 
 ifneq ($(filter libtool-ucxx,$(PKG_FIXUP)),)
-  PKG_BUILD_DEPENDS += libtool gettext libiconv
+  PKG_BUILD_DEPENDS += libtool
  ifeq ($(filter no-autoreconf,$(PKG_FIXUP)),)
   Hooks/Configure/Pre += autoreconf_target
  endif

include/bpf.mk

@@ -63,13 +63,15 @@ BPF_CFLAGS := \
 	-Wno-unused-label \
 	-O2 -emit-llvm -Xclang -disable-llvm-passes
 
-ifeq ($(DUMP),)
+ifneq ($(CONFIG_HAS_BPF_TOOLCHAIN),)
+ifeq ($(DUMP)$(filter download refresh,$(MAKECMDGOALS)),)
   CLANG_VER:=$(shell $(CLANG) -dM -E - < /dev/null | grep __clang_major__ | cut -d' ' -f3)
   CLANG_VER_VALID:=$(shell [ "$(CLANG_VER)" -ge "$(CLANG_MIN_VER)" ] && echo 1 )
   ifeq ($(CLANG_VER_VALID),)
     $(error ERROR: LLVM/clang version too old. Minimum required: $(CLANG_MIN_VER), found: $(CLANG_VER))
   endif
 endif
+endif
 
 define CompileBPF
 	$(CLANG) -g -target $(BPF_ARCH)-linux-gnu $(BPF_CFLAGS) $(2) \

include/cmake.mk

@@ -18,12 +18,13 @@ endif
 CMAKE_BINARY_DIR = $(PKG_BUILD_DIR)$(if $(CMAKE_BINARY_SUBDIR),/$(CMAKE_BINARY_SUBDIR))
 CMAKE_SOURCE_DIR = $(PKG_BUILD_DIR)$(if $(CMAKE_SOURCE_SUBDIR),/$(CMAKE_SOURCE_SUBDIR))
 HOST_CMAKE_SOURCE_DIR = $(HOST_BUILD_DIR)$(if $(CMAKE_SOURCE_SUBDIR),/$(CMAKE_SOURCE_SUBDIR))
+HOST_CMAKE_BINARY_DIR = $(HOST_BUILD_DIR)$(if $(CMAKE_BINARY_SUBDIR),/$(CMAKE_BINARY_SUBDIR))
 MAKE_PATH = $(firstword $(CMAKE_BINARY_SUBDIR) .)
 
 ifeq ($(CONFIG_EXTERNAL_TOOLCHAIN),)
   cmake_tool=$(TOOLCHAIN_DIR)/bin/$(1)
 else
-  cmake_tool=$(shell which $(1))
+  cmake_tool=$(shell command -v $(1))
 endif
 
 ifeq ($(CONFIG_CCACHE),)
@@ -51,20 +52,21 @@ CMAKE_RANLIB:=$(call cmake_tool,$(TARGET_RANLIB))
 CMAKE_FIND_ROOT_PATH:=$(STAGING_DIR)/usr;$(TOOLCHAIN_DIR)$(if $(CONFIG_EXTERNAL_TOOLCHAIN),;$(CONFIG_TOOLCHAIN_ROOT))
 CMAKE_HOST_FIND_ROOT_PATH:=$(STAGING_DIR)/host;$(STAGING_DIR_HOSTPKG);$(STAGING_DIR_HOST)
 CMAKE_SHARED_LDFLAGS:=-Wl,-Bsymbolic-functions
+CMAKE_HOST_INSTALL_PREFIX = $(HOST_BUILD_PREFIX)
 
 ifeq ($(HOST_USE_NINJA),1)
   CMAKE_HOST_OPTIONS += -DCMAKE_GENERATOR="Ninja"
 
   define Host/Compile/Default
-	+$(NINJA) -C $(HOST_BUILD_DIR) $(1)
+	+$(NINJA) -C $(HOST_CMAKE_BINARY_DIR) $(1)
   endef
 
   define Host/Install/Default
-	+$(NINJA) -C $(HOST_BUILD_DIR) install
+	+$(NINJA) -C $(HOST_CMAKE_BINARY_DIR) install
   endef
 
   define Host/Uninstall/Default
-	+$(NINJA) -C $(HOST_BUILD_DIR) uninstall
+	+$(NINJA) -C $(HOST_CMAKE_BINARY_DIR) uninstall
   endef
 endif
 
@@ -133,7 +135,8 @@ endef
 Build/InstallDev = $(if $(CMAKE_INSTALL),$(Build/InstallDev/cmake))
 
 define Host/Configure/Default
-	(cd $(HOST_BUILD_DIR); \
+	mkdir -p "$(HOST_CMAKE_BINARY_DIR)"
+	(cd $(HOST_CMAKE_BINARY_DIR); \
 		CFLAGS="$(HOST_CFLAGS)" \
 		CXXFLAGS="$(HOST_CFLAGS)" \
 		LDFLAGS="$(HOST_LDFLAGS)" \
@@ -155,7 +158,7 @@ define Host/Configure/Default
 			-DCMAKE_FIND_ROOT_PATH_MODE_LIBRARY=ONLY \
 			-DCMAKE_FIND_ROOT_PATH_MODE_INCLUDE=ONLY \
 			-DCMAKE_STRIP=: \
-			-DCMAKE_INSTALL_PREFIX=$(HOST_BUILD_PREFIX) \
+			-DCMAKE_INSTALL_PREFIX=$(CMAKE_HOST_INSTALL_PREFIX) \
 			-DCMAKE_PREFIX_PATH=$(HOST_BUILD_PREFIX) \
 			-DCMAKE_SKIP_RPATH=TRUE  \
 			-DCMAKE_INSTALL_LIBDIR=lib \

include/depends.mk

@@ -12,6 +12,7 @@
 DEP_FINDPARAMS := -x "*/.svn*" -x ".*" -x "*:*" -x "*\!*" -x "* *" -x "*\\\#*" -x "*/.*_check" -x "*/.*.swp" -x "*/.pkgdir*"
 
 find_md5=find $(wildcard $(1)) -type f $(patsubst -x,-and -not -path,$(DEP_FINDPARAMS) $(2)) -printf "%p%T@\n" | sort | $(MKHASH) md5
+find_md5_reproducible=find $(wildcard $(1)) -type f $(patsubst -x,-and -not -path,$(DEP_FINDPARAMS) $(2)) -print0 | xargs -0 $(MKHASH) md5 | sort | $(MKHASH) md5
 
 define rdep
   .PRECIOUS: $(2)
@@ -27,7 +28,7 @@ ifneq ($(wildcard $(2)),)
 		{ [ \! -f "$(3)" ] || diff $(3) $(3).1 >/dev/null; } && \
 	) \
 	{ \
-		[ -f "$(2)_check.1" ] && mv "$(2)_check.1"; \
+		[ -f "$(2)_check.1" ] && mv "$(2)_check.1" "$(2)_check"; \
 	    $(TOPDIR)/scripts/timestamp.pl $(DEP_FINDPARAMS) $(4) -n $(2) $(1) && { \
 			$(call debug_eval,$(SUBDIR),r,echo "No need to rebuild $(2)";) \
 			touch -r "$(2)" "$(2)_check"; \

include/download.mk

@@ -18,6 +18,10 @@ endif
 
 DOWNLOAD_RDEP=$(STAMP_PREPARED) $(HOST_STAMP_PREPARED)
 
+# Export options for download.pl
+export DOWNLOAD_CHECK_CERTIFICATE:=$(CONFIG_DOWNLOAD_CHECK_CERTIFICATE)
+export DOWNLOAD_TOOL_CUSTOM:=$(CONFIG_DOWNLOAD_TOOL_CUSTOM)
+
 define dl_method_git
 $(if $(filter https://github.com/% git://github.com/%,$(1)),github_archive,git)
 endef
@@ -59,6 +63,21 @@ define dl_tar_pack
 		$$$${TAR_TIMESTAMP:+--mtime="$$$$TAR_TIMESTAMP"} -c $(2) | $(call dl_pack,$(1))
 endef
 
+gen_sha256sum = $(shell $(MKHASH) sha256 $(DL_DIR)/$(1))
+
+# Used in Build/CoreTargets and HostBuild/Core as an integrity check for
+# downloaded files.  It will add a FORCE rule if the sha256 hash does not
+# match, so that the download can be more thoroughly handled by download.pl.
+define check_download_integrity
+  expected_hash:=$(strip $(if $(filter-out x,$(HASH)),$(HASH),$(MIRROR_HASH)))
+  $$(if $$(and $(FILE),$$(wildcard $(DL_DIR)/$(FILE)), \
+	       $$(filter undefined,$$(flavor DownloadChecked/$(FILE)))), \
+    $$(eval DownloadChecked/$(FILE):=1) \
+    $$(if $$(filter-out $$(call gen_sha256sum,$(FILE)),$$(expected_hash)), \
+      $(DL_DIR)/$(FILE): FORCE) \
+  )
+endef
+
 ifdef CHECK
 check_escape=$(subst ','\'',$(1))
 #')
@@ -74,8 +93,6 @@ else
   check_warn = $(if $(filter-out undefined,$(origin F_$(1))),$(filter ,$(shell $(call F_$(1),$(2),$(3),$(4)) >&2)),$(check_warn_nofix))
 endif
 
-gen_sha256sum = $(shell $(MKHASH) sha256 $(DL_DIR)/$(1))
-
 ifdef FIXUP
 F_hash_deprecated = $(SCRIPT_DIR)/fixup-makefile.pl $(CURDIR)/Makefile fix-hash $(3) $(call gen_sha256sum,$(1)) $(2)
 F_hash_mismatch = $(F_hash_deprecated)

include/host-build.mk

@@ -21,7 +21,7 @@ include $(INCLUDE_DIR)/depends.mk
 include $(INCLUDE_DIR)/quilt.mk
 
 BUILD_TYPES += host
-HOST_STAMP_PREPARED=$(HOST_BUILD_DIR)/.prepared$(if $(HOST_QUILT)$(DUMP),,$(shell $(call find_md5,${CURDIR} $(PKG_FILE_DEPENDS),))_$(call confvar,CONFIG_AUTOREMOVE $(HOST_PREPARED_DEPENDS)))
+HOST_STAMP_PREPARED=$(HOST_BUILD_DIR)/.prepared$(if $(HOST_QUILT)$(DUMP),,$(shell $(call $(if $(CONFIG_AUTOREMOVE),find_md5_reproducible,find_md5),${CURDIR} $(PKG_FILE_DEPENDS),))_$(call confvar,CONFIG_AUTOREMOVE $(HOST_PREPARED_DEPENDS)))
 HOST_STAMP_CONFIGURED:=$(HOST_BUILD_DIR)/.configured
 HOST_STAMP_BUILT:=$(HOST_BUILD_DIR)/.built
 HOST_BUILD_PREFIX?=$(if $(IS_PACKAGE_BUILD),$(STAGING_DIR_HOSTPKG),$(STAGING_DIR_HOST))
@@ -34,23 +34,31 @@ include $(INCLUDE_DIR)/autotools.mk
 _host_target:=$(if $(HOST_QUILT),,.)
 
 Host/Patch:=$(Host/Patch/Default)
-ifneq ($(strip $(HOST_UNPACK)),)
+define Host/Prepare/Default
-  define Host/Prepare/Default
+	$(if $(strip $(HOST_UNPACK)),$(HOST_UNPACK))
-	$(HOST_UNPACK)
 	[ ! -d ./src/ ] || $(CP) ./src/* $(HOST_BUILD_DIR)
 	$(Host/Patch)
-  endef
+endef
-endif
 
 define Host/Prepare
   $(call Host/Prepare/Default)
 endef
 
+define Host/Gnulib/Prepare
+  $(STAGING_DIR_HOST)/bin/gnulib-tool \
+	--local-dir=$(STAGING_DIR_HOST)/share/gnulib \
+	--source-base=$(PKG_GNULIB_BASE) \
+	$(PKG_GNULIB_ARGS) \
+	$(PKG_GNULIB_MODS) \
+  ;
+endef
+
 HOST_CONFIGURE_VARS = \
 	CC="$(HOSTCC)" \
 	CFLAGS="$(HOST_CFLAGS)" \
 	CXX="$(HOSTCXX)" \
 	CPPFLAGS="$(HOST_CPPFLAGS)" \
+	CXXFLAGS="$(HOST_CXXFLAGS)" \
 	LDFLAGS="$(HOST_LDFLAGS)" \
 	CONFIG_SHELL="$(SHELL)"
 
@@ -108,6 +116,10 @@ define Host/Compile
   $(call Host/Compile/Default)
 endef
 
+define Host/Gnulib/Compile
+  $(call Host/Compile/Default,SUBDIRS='$$$$(wildcard $(PKG_GNULIB_BASE))')
+endef
+
 define Host/Install/Default
 	$(call Host/Compile/Default,install)
 endef
@@ -180,7 +192,7 @@ ifndef DUMP
     clean-build: host-clean-build
   endif
 
-  $(DL_DIR)/$(FILE): FORCE
+  $(call check_download_integrity)
 
   $(_host_target)host-prepare: $(HOST_STAMP_PREPARED)
   $(_host_target)host-configure: $(HOST_STAMP_CONFIGURED)
@@ -197,13 +209,17 @@ ifndef DUMP
 
     ifneq ($(CONFIG_AUTOREMOVE),)
       host-compile:
-		$(FIND) $(HOST_BUILD_DIR) -mindepth 1 -maxdepth 1 -not '(' -type f -and -name '.*' -and -size 0 ')' | \
+		$(FIND) $(HOST_BUILD_DIR) -mindepth 1 -maxdepth 1 -not '(' -type f -and -name '.*' -and -size 0 ')' -print0 | \
-			$(XARGS) rm -rf
+			$(XARGS) -0 rm -rf
     endif
   endef
 endif
 
 define HostBuild
   $(HostBuild/Core)
-  $(if $(if $(PKG_HOST_ONLY),,$(STAMP_PREPARED)),,$(if $(strip $(PKG_SOURCE_URL)),$(call Download,default)))
+  $(if $(if $(PKG_HOST_ONLY),,$(if $(and $(filter host-%,$(MAKECMDGOALS)),$(PKG_SKIP_DOWNLOAD)),,$(STAMP_PREPARED))),,
+	$(if $(and $(CONFIG_AUTOREMOVE), $(wildcard $(HOST_STAMP_INSTALLED), $(wildcard $(HOST_STAMP_BUILT)))),,
+		$(if $(strip $(PKG_SOURCE_URL)),$(call Download,default))
+	)
+  )
 endef

include/image-commands.mk

@@ -4,7 +4,7 @@ IMAGE_KERNEL = $(word 1,$^)
 IMAGE_ROOTFS = $(word 2,$^)
 
 define ModelNameLimit16
-$(shell expr substr "$(word 2, $(subst _, ,$(1)))" 1 16)
+$(shell printf %.16s "$(word 2, $(subst _, ,$(1)))")
 endef
 
 define rootfs_align
@@ -27,8 +27,21 @@ define Build/append-kernel
 	dd if=$(IMAGE_KERNEL) >> $@
 endef
 
+define Build/package-kernel-ubifs
+	mkdir $@.kernelubifs
+	cp $@ $@.kernelubifs/kernel
+	$(STAGING_DIR_HOST)/bin/mkfs.ubifs \
+		$(KERNEL_UBIFS_OPTS) \
+		-r $@.kernelubifs $@
+	rm -r $@.kernelubifs
+endef
+
 define Build/append-image
-	dd if=$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1) >> $@
+	cp "$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1)" "$@.stripmeta"
+	fwtool -s /dev/null -t "$@.stripmeta" || :
+	fwtool -i /dev/null -t "$@.stripmeta" || :
+	dd if="$@.stripmeta" >> "$@"
+	rm "$@.stripmeta"
 endef
 
 ifdef IB
@@ -37,8 +50,13 @@ define Build/append-image-stage
 endef
 else
 define Build/append-image-stage
-	dd if=$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1) of=$(STAGING_DIR_IMAGE)/$(BOARD)$(if $(SUBTARGET),-$(SUBTARGET))-$(DEVICE_NAME)-$(1)
+	cp "$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1)" "$@.stripmeta"
-	dd if=$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1) >> $@
+	fwtool -s /dev/null -t "$@.stripmeta" || :
+	fwtool -i /dev/null -t "$@.stripmeta" || :
+	mkdir -p "$(STAGING_DIR_IMAGE)"
+	dd if="$@.stripmeta" of="$(STAGING_DIR_IMAGE)/$(BOARD)$(if $(SUBTARGET),-$(SUBTARGET))-$(DEVICE_NAME)-$(1)"
+	dd if="$@.stripmeta" >> "$@"
+	rm "$@.stripmeta"
 endef
 endif
 
@@ -72,6 +90,7 @@ metadata_json = \
 
 define Build/append-metadata
 	$(if $(SUPPORTED_DEVICES),-echo $(call metadata_json) | fwtool -I - $@)
+	sha256sum "$@" | cut -d" " -f1 > "$@.sha256sum"
 	[ ! -s "$(BUILD_KEY)" -o ! -s "$(BUILD_KEY).ucert" -o ! -s "$@" ] || { \
 		cp "$(BUILD_KEY).ucert" "$@.ucert" ;\
 		usign -S -m "$@" -s "$(BUILD_KEY)" -x "$@.sig" ;\
@@ -94,6 +113,15 @@ define Build/append-squashfs-fakeroot-be
 	cat $@.fakesquashfs >> $@
 endef
 
+define Build/append-squashfs4-fakeroot
+	rm -rf $@.fakefs $@.fakesquashfs
+	mkdir $@.fakefs
+	$(STAGING_DIR_HOST)/bin/mksquashfs4 \
+		$@.fakefs $@.fakesquashfs \
+		-nopad -noappend -root-owned
+	cat $@.fakesquashfs >> $@
+endef
+
 define Build/append-string
 	echo -n $(1) >> $@
 endef
@@ -103,7 +131,7 @@ define Build/append-ubi
 		$(if $(UBOOTENV_IN_UBI),--uboot-env) \
 		$(if $(KERNEL_IN_UBI),--kernel $(IMAGE_KERNEL)) \
 		$(foreach part,$(UBINIZE_PARTS),--part $(part)) \
-		$(IMAGE_ROOTFS) \
+		--rootfs $(IMAGE_ROOTFS) \
 		$@.tmp \
 		-p $(BLOCKSIZE:%k=%KiB) -m $(PAGESIZE) \
 		$(if $(SUBPAGESIZE),-s $(SUBPAGESIZE)) \
@@ -113,6 +141,18 @@ define Build/append-ubi
 	rm $@.tmp
 endef
 
+define Build/ubinize-kernel
+	cp $@ $@.tmp
+	sh $(TOPDIR)/scripts/ubinize-image.sh \
+		--kernel $@.tmp \
+		$@ \
+		-p $(BLOCKSIZE:%k=%KiB) -m $(PAGESIZE) \
+		$(if $(SUBPAGESIZE),-s $(SUBPAGESIZE)) \
+		$(if $(VID_HDR_OFFSET),-O $(VID_HDR_OFFSET)) \
+		$(UBINIZE_OPTS)
+	rm $@.tmp
+endef
+
 define Build/append-uboot
 	dd if=$(UBOOT_PATH) >> $@
 endef
@@ -170,11 +210,20 @@ define Build/check-size
 	@imagesize="$$(stat -c%s $@)"; \
 	limitsize="$$(($(subst k,* 1024,$(subst m, * 1024k,$(if $(1),$(1),$(IMAGE_SIZE))))))"; \
 	[ $$limitsize -ge $$imagesize ] || { \
-		echo "WARNING: Image file $@ is too big: $$imagesize > $$limitsize" >&2; \
+		$(call ERROR_MESSAGE,    WARNING: Image file $@ is too big: $$imagesize > $$limitsize); \
 		rm -f $@; \
 	}
 endef
 
+define Build/copy-file
+	cat "$(1)" > "$@"
+endef
+
+define Build/edimax-header
+	$(STAGING_DIR_HOST)/bin/mkedimaximg -i $@ -o $@.new $(1)
+	@mv $@.new $@
+endef
+
 define Build/elecom-product-header
 	$(eval product=$(word 1,$(1)))
 	$(eval fw=$(if $(word 2,$(1)),$(word 2,$(1)),$@))
@@ -187,6 +236,19 @@ define Build/elecom-product-header
 	mv $(fw).new $(fw)
 endef
 
+define Build/elecom-wrc-gs-factory
+	$(eval product=$(word 1,$(1)))
+	$(eval version=$(word 2,$(1)))
+	$(eval hash_opt=$(word 3,$(1)))
+	$(MKHASH) md5 $(hash_opt) $@ >> $@
+	( \
+		echo -n "ELECOM $(product) v$(version)" | \
+			dd bs=32 count=1 conv=sync; \
+		dd if=$@; \
+	) > $@.new
+	mv $@.new $@
+endef
+
 define Build/elx-header
 	$(eval hw_id=$(word 1,$(1)))
 	$(eval xor_pattern=$(word 2,$(1)))
@@ -215,7 +277,9 @@ endef
 define Build/initrd_compression
 	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_BZIP2),.bzip2) \
 	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_GZIP),.gzip) \
+	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_LZ4),.lz4) \
 	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_LZMA),.lzma) \
+	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_LZO),.lzo) \
 	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_XZ),.xz) \
 	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_ZSTD),.zstd)
 endef
@@ -223,16 +287,20 @@ endef
 define Build/fit
 	$(TOPDIR)/scripts/mkits.sh \
 		-D $(DEVICE_NAME) -o $@.its -k $@ \
-		-C $(word 1,$(1)) $(if $(word 2,$(1)),\
+		-C $(word 1,$(1)) \
-		$(if $(DEVICE_DTS_OVERLAY),-d $(KERNEL_BUILD_DIR)/image-$$(basename $(word 2,$(1))),\
+		$(if $(word 2,$(1)),\
-			-d $(word 2,$(1)))) \
+			$(if $(findstring 11,$(if $(DEVICE_DTS_OVERLAY),1)$(if $(findstring $(KERNEL_BUILD_DIR)/image-,$(word 2,$(1))),,1)), \
+				-d $(KERNEL_BUILD_DIR)/image-$$(basename $(word 2,$(1))), \
+				-d $(word 2,$(1)))) \
 		$(if $(findstring with-rootfs,$(word 3,$(1))),-r $(IMAGE_ROOTFS)) \
 		$(if $(findstring with-initrd,$(word 3,$(1))), \
 			$(if $(CONFIG_TARGET_ROOTFS_INITRAMFS_SEPARATE), \
 				-i $(KERNEL_BUILD_DIR)/initrd.cpio$(strip $(call Build/initrd_compression)))) \
 		-a $(KERNEL_LOADADDR) -e $(if $(KERNEL_ENTRY),$(KERNEL_ENTRY),$(KERNEL_LOADADDR)) \
 		$(if $(DEVICE_FDT_NUM),-n $(DEVICE_FDT_NUM)) \
-		$(if $(DEVICE_DTS_OVERLAY),$(foreach dtso,$(DEVICE_DTS_OVERLAY), -O $(dtso):$(KERNEL_BUILD_DIR)/image-$(dtso).dtb)) \
+		$(if $(DEVICE_DTS_DELIMITER),-l $(DEVICE_DTS_DELIMITER)) \
+		$(if $(DEVICE_DTS_LOADADDR),-s $(DEVICE_DTS_LOADADDR)) \
+		$(if $(DEVICE_DTS_OVERLAY),$(foreach dtso,$(DEVICE_DTS_OVERLAY), -O $(dtso):$(KERNEL_BUILD_DIR)/image-$(dtso).dtbo)) \
 		-c $(if $(DEVICE_DTS_CONFIG),$(DEVICE_DTS_CONFIG),"config-1") \
 		-A $(LINUX_KARCH) -v $(LINUX_VERSION)
 	PATH=$(LINUX_DIR)/scripts/dtc:$(PATH) mkimage $(if $(findstring external,$(word 3,$(1))),\
@@ -240,11 +308,25 @@ define Build/fit
 	@mv $@.new $@
 endef
 
-define Build/gzip
+define Build/libdeflate-gzip
-	gzip -f -9n -c $@ $(1) > $@.new
+	$(STAGING_DIR_HOST)/bin/libdeflate-gzip -f -12 -c $@ $(1) > $@.new
 	@mv $@.new $@
 endef
 
+define Build/gzip
+	$(STAGING_DIR_HOST)/bin/gzip -f -9n -c $@ $(1) > $@.new
+	@mv $@.new $@
+endef
+
+define Build/gzip-filename
+	@mkdir -p $@.tmp
+	@cp $@ $@.tmp/$(word 1,$(1))
+	$(if $(SOURCE_DATE_EPOCH),touch -hcd "@$(SOURCE_DATE_EPOCH)" $@.tmp/$(word 1,$(1)) $(word 2,$(1)))
+	$(STAGING_DIR_HOST)/bin/gzip -f -9 -N -c $@.tmp/$(word 1,$(1)) $(word 2,$(1)) > $@.new
+	@mv $@.new $@
+	@rm -rf $@.tmp
+endef
+
 define Build/install-dtb
 	$(call locked, \
 		$(foreach dts,$(DEVICE_DTS), \
@@ -256,6 +338,16 @@ define Build/install-dtb
 	)
 endef
 
+define Build/iptime-crc32
+	$(STAGING_DIR_HOST)/bin/iptime-crc32 $(1) $@ $@.new
+	mv $@.new $@
+endef
+
+define Build/iptime-naspkg
+	$(STAGING_DIR_HOST)/bin/iptime-naspkg $(1) $@ $@.new
+	mv $@.new $@
+endef
+
 define Build/jffs2
 	rm -rf $(KDIR_TMP)/$(DEVICE_NAME)/jffs2 && \
 		mkdir -p $(KDIR_TMP)/$(DEVICE_NAME)/jffs2/$$(dirname $(1)) && \
@@ -318,6 +410,19 @@ define Build/netgear-dni
 	mv $@.new $@
 endef
 
+define Build/netgear-encrypted-factory
+	$(TOPDIR)/scripts/netgear-encrypted-factory.py \
+		--input-file $@ \
+		--output-file $@ \
+		--model $(NETGEAR_ENC_MODEL) \
+		--region $(NETGEAR_ENC_REGION) \
+		--version V1.0.0.0.$(VERSION_DIST).$(firstword $(subst -, ,$(REVISION))) \
+		--encryption-block-size 0x20000 \
+		--openssl-bin "$(STAGING_DIR_HOST)/bin/openssl" \
+		--key 6865392d342b4d212964363d6d7e7765312c7132613364316e26322a5a5e2538 \
+		--iv 4a253169516c38243d6c6d2d3b384145
+endef
+
 define Build/openmesh-image
 	$(TOPDIR)/scripts/om-fwupgradecfg-gen.sh \
 		"$(call param_get_default,ce_type,$(1),$(DEVICE_NAME))" \
@@ -370,16 +475,16 @@ define Build/qemu-image
 	fi
 endef
 
-define Build/qsdk-ipq-factory-mmc
+define Build/qsdk-ipq-factory-nand
 	$(TOPDIR)/scripts/mkits-qsdk-ipq-image.sh \
-		$@.its kernel $(IMAGE_KERNEL) rootfs $(IMAGE_ROOTFS)
+		$@.its ubi $@
 	PATH=$(LINUX_DIR)/scripts/dtc:$(PATH) mkimage -f $@.its $@.new
 	@mv $@.new $@
 endef
 
-define Build/qsdk-ipq-factory-nand
+define Build/qsdk-ipq-factory-mmc
 	$(TOPDIR)/scripts/mkits-qsdk-ipq-image.sh \
-		$@.its ubi $@
+		$@.its kernel $(IMAGE_KERNEL) rootfs $(IMAGE_ROOTFS)
 	PATH=$(LINUX_DIR)/scripts/dtc:$(PATH) mkimage -f $@.its $@.new
 	@mv $@.new $@
 endef
@@ -476,6 +581,7 @@ define Build/tplink-v2-image
 endef
 
 define Build/uImage
+	$(if $(UIMAGE_TIME),SOURCE_DATE_EPOCH="$(UIMAGE_TIME)") \
 	mkimage \
 		-A $(LINUX_KARCH) \
 		-O linux \
@@ -496,12 +602,12 @@ define Build/xor-image
 endef
 
 define Build/zip
+	rm -rf $@.tmp
 	mkdir $@.tmp
-	mv $@ $@.tmp/$(1)
+	mv $@ $@.tmp/$(word 1,$(1))
-
+	TZ=UTC $(STAGING_DIR_HOST)/bin/zip -j -X \
-	zip -j -X \
+		$(wordlist 2,$(words $(1)),$(1)) \
-		$(if $(SOURCE_DATE_EPOCH),--mtime="$(SOURCE_DATE_EPOCH)") \
+		$@ $@.tmp/$(if $(word 1,$(1)),$(word 1,$(1)),$$(basename $@))
-		$@ $@.tmp/$(if $(1),$(1),$@)
 	rm -rf $@.tmp
 endef
 

include/image.mk

@@ -1,6 +1,6 @@
 # SPDX-License-Identifier: GPL-2.0-only
 #
-# Copyright (C) 2006-2020 OpenWrt.org
+# Copyright (C) 2006-2020 LEDE.org
 
 override TARGET_BUILD=
 include $(INCLUDE_DIR)/prereq.mk
@@ -137,14 +137,6 @@ define Image/BuildKernel/MkuImage
 		-n '$(call toupper,$(ARCH)) $(VERSION_DIST) Linux-$(LINUX_VERSION)' -d $(4) $(5)
 endef
 
-define Image/BuildKernel/MkFIT
-	$(TOPDIR)/scripts/mkits.sh \
-		-D $(1) -o $(KDIR)/fit-$(1).its -k $(2) $(if $(3),-d $(3)) -C $(4) -a $(5) -e $(6) \
-		-c $(if $(DEVICE_DTS_CONFIG),$(DEVICE_DTS_CONFIG),"config-1") \
-		-A $(LINUX_KARCH) -v $(LINUX_VERSION)
-	PATH=$(LINUX_DIR)/scripts/dtc:$(PATH) mkimage -f $(KDIR)/fit-$(1).its $(KDIR)/fit-$(1)$(7).itb
-endef
-
 ifdef CONFIG_TARGET_IMAGES_GZIP
   define Image/Gzip
 	rm -f $(1).gz
@@ -154,7 +146,7 @@ endif
 
 
 # Disable noisy checks by default as in upstream
-DTC_FLAGS += \
+DTC_WARN_FLAGS := \
   -Wno-unit_address_vs_reg \
   -Wno-simple_bus_reg \
   -Wno-unit_address_format \
@@ -167,6 +159,9 @@ DTC_FLAGS += \
   -Wno-graph_port \
   -Wno-unique_unit_address
 
+DTC_FLAGS += $(DTC_WARN_FLAGS)
+DTCO_FLAGS += $(DTC_WARN_FLAGS)
+
 define Image/pad-to
 	dd if=$(1) of=$(1).new bs=$(2) conv=sync
 	mv $(1).new $(1)
@@ -182,20 +177,30 @@ endef
 # $(2) target dtb file
 # $(3) extra CPP flags
 # $(4) extra DTC flags
-define Image/BuildDTB
+define Image/BuildDTB/sub
 	$(TARGET_CROSS)cpp -nostdinc -x assembler-with-cpp \
+		$(DTS_CPPFLAGS) \
 		-I$(DTS_DIR) \
 		-I$(DTS_DIR)/include \
 		-I$(LINUX_DIR)/include/ \
+		-I$(LINUX_DIR)/scripts/dtc/include-prefixes \
 		-undef -D__DTS__ $(3) \
 		-o $(2).tmp $(1)
 	$(LINUX_DIR)/scripts/dtc/dtc -O dtb \
-		-i$(dir $(1)) $(DTC_FLAGS) $(4) \
+		-i$(dir $(1)) $(4) \
 	$(if $(CONFIG_HAS_DT_OVERLAY_SUPPORT),-@) \
 		-o $(2) $(2).tmp
 	$(RM) $(2).tmp
 endef
 
+define Image/BuildDTB
+	$(call Image/BuildDTB/sub,$(1),$(2),$(3),$(DTC_FLAGS) $(DEVICE_DTC_FLAGS) $(4))
+endef
+
+define Image/BuildDTBO
+	$(call Image/BuildDTB/sub,$(1),$(2),$(3),$(DTCO_FLAGS) $(DEVICE_DTCO_FLAGS) $(4))
+endef
+
 define Image/mkfs/jffs2/sub-raw
 	$(STAGING_DIR_HOST)/bin/mkfs.jffs2 \
 		$(2) \
@@ -229,8 +234,7 @@ $(eval $(foreach S,$(NAND_BLOCKSIZE),$(call Image/mkfs/jffs2-nand/template,$(S))
 define Image/mkfs/squashfs-common
 	$(STAGING_DIR_HOST)/bin/mksquashfs4 $(call mkfs_target_dir,$(1)) $@ \
 		-nopad -noappend -root-owned \
-		-comp $(SQUASHFSCOMP) $(SQUASHFSOPT) \
+		-comp $(SQUASHFSCOMP) $(SQUASHFSOPT)
-		-processors $(shell nproc)
 endef
 
 ifeq ($(CONFIG_TARGET_ROOTFS_SECURITY_LABELS),y)
@@ -341,6 +345,8 @@ define Device/InitProfile
   DEVICE_ALT0_TITLE = $$(DEVICE_ALT0_VENDOR) $$(DEVICE_ALT0_MODEL)$$(if $$(DEVICE_ALT0_VARIANT), $$(DEVICE_ALT0_VARIANT))
   DEVICE_ALT1_TITLE = $$(DEVICE_ALT1_VENDOR) $$(DEVICE_ALT1_MODEL)$$(if $$(DEVICE_ALT1_VARIANT), $$(DEVICE_ALT1_VARIANT))
   DEVICE_ALT2_TITLE = $$(DEVICE_ALT2_VENDOR) $$(DEVICE_ALT2_MODEL)$$(if $$(DEVICE_ALT2_VARIANT), $$(DEVICE_ALT2_VARIANT))
+  DEVICE_ALT3_TITLE = $$(DEVICE_ALT3_VENDOR) $$(DEVICE_ALT3_MODEL)$$(if $$(DEVICE_ALT3_VARIANT), $$(DEVICE_ALT3_VARIANT))
+  DEVICE_ALT4_TITLE = $$(DEVICE_ALT4_VENDOR) $$(DEVICE_ALT4_MODEL)$$(if $$(DEVICE_ALT4_VARIANT), $$(DEVICE_ALT4_VARIANT))
   DEVICE_VENDOR :=
   DEVICE_MODEL :=
   DEVICE_VARIANT :=
@@ -353,6 +359,12 @@ define Device/InitProfile
   DEVICE_ALT2_VENDOR :=
   DEVICE_ALT2_MODEL :=
   DEVICE_ALT2_VARIANT :=
+  DEVICE_ALT3_VENDOR :=
+  DEVICE_ALT3_MODEL :=
+  DEVICE_ALT3_VARIANT :=
+  DEVICE_ALT4_VENDOR :=
+  DEVICE_ALT4_MODEL :=
+  DEVICE_ALT4_VARIANT :=
   DEVICE_PACKAGES :=
   DEVICE_DESCRIPTION = Build firmware images for $$(DEVICE_TITLE)
 endef
@@ -367,6 +379,7 @@ define Device/Init
   ARTIFACTS :=
   DEVICE_IMG_PREFIX := $(IMG_PREFIX)-$(1)
   DEVICE_IMG_NAME = $$(DEVICE_IMG_PREFIX)-$$(1)-$$(2)
+  FACTORY_IMG_NAME :=
   IMAGE_SIZE :=
   KERNEL_PREFIX = $$(DEVICE_IMG_PREFIX)
   KERNEL_SUFFIX := -kernel.bin
@@ -394,14 +407,19 @@ define Device/Init
 
   DEVICE_DTS :=
   DEVICE_DTS_CONFIG :=
+  DEVICE_DTS_DELIMITER :=
   DEVICE_DTS_DIR :=
+  DEVICE_DTS_LOADADDR :=
   DEVICE_DTS_OVERLAY :=
   DEVICE_FDT_NUM :=
+  DEVICE_DTC_FLAGS :=
+  DEVICE_DTCO_FLAGS :=
   SOC :=
 
   BOARD_NAME :=
   UIMAGE_MAGIC :=
   UIMAGE_NAME :=
+  UIMAGE_TIME :=
   DEVICE_COMPAT_VERSION := 1.0
   DEVICE_COMPAT_MESSAGE :=
   SUPPORTED_DEVICES := $(subst _,$(comma),$(1))
@@ -418,16 +436,20 @@ endef
 DEFAULT_DEVICE_VARS := \
   DEVICE_NAME KERNEL KERNEL_INITRAMFS KERNEL_INITRAMFS_IMAGE KERNEL_SIZE \
   CMDLINE UBOOTENV_IN_UBI KERNEL_IN_UBI BLOCKSIZE PAGESIZE SUBPAGESIZE \
-  VID_HDR_OFFSET UBINIZE_OPTS UBINIZE_PARTS MKUBIFS_OPTS DEVICE_DTS \
+  VID_HDR_OFFSET UBINIZE_OPTS UBINIZE_PARTS MKUBIFS_OPTS DEVICE_DTC_FLAGS \
-  DEVICE_DTS_CONFIG DEVICE_DTS_DIR DEVICE_DTS_OVERLAY DEVICE_FDT_NUM \
+  DEVICE_DTCO_FLAGS DEVICE_DTS DEVICE_DTS_CONFIG DEVICE_DTS_DELIMITER \
-  DEVICE_IMG_PREFIX SOC BOARD_NAME UIMAGE_MAGIC UIMAGE_NAME \
+  DEVICE_DTS_DIR DEVICE_DTS_OVERLAY DEVICE_DTS_LOADADDR \
-  SUPPORTED_DEVICES IMAGE_METADATA KERNEL_ENTRY KERNEL_LOADADDR \
+  DEVICE_FDT_NUM DEVICE_IMG_PREFIX SOC BOARD_NAME UIMAGE_MAGIC UIMAGE_NAME \
+  UIMAGE_TIME SUPPORTED_DEVICES IMAGE_METADATA KERNEL_ENTRY KERNEL_LOADADDR \
   UBOOT_PATH IMAGE_SIZE \
+  FACTORY_IMG_NAME FACTORY_SIZE \
   DEVICE_PACKAGES DEVICE_COMPAT_VERSION DEVICE_COMPAT_MESSAGE \
   DEVICE_VENDOR DEVICE_MODEL DEVICE_VARIANT \
   DEVICE_ALT0_VENDOR DEVICE_ALT0_MODEL DEVICE_ALT0_VARIANT \
   DEVICE_ALT1_VENDOR DEVICE_ALT1_MODEL DEVICE_ALT1_VARIANT \
-  DEVICE_ALT2_VENDOR DEVICE_ALT2_MODEL DEVICE_ALT2_VARIANT
+  DEVICE_ALT2_VENDOR DEVICE_ALT2_MODEL DEVICE_ALT2_VARIANT \
+  DEVICE_ALT3_VENDOR DEVICE_ALT3_MODEL DEVICE_ALT3_VARIANT \
+  DEVICE_ALT4_VENDOR DEVICE_ALT4_MODEL DEVICE_ALT4_VARIANT
 
 define Device/ExportVar
   $(1) : $(2):=$$($(2))
@@ -480,6 +502,9 @@ define Device/Build/initramfs
 
   $(KDIR)/$$(KERNEL_INITRAMFS_NAME):: image_prepare
   $(1)-images: $$(if $$(KERNEL_INITRAMFS),$(BIN_DIR)/$$(KERNEL_INITRAMFS_IMAGE))
+  
+  .IGNORE: $(BIN_DIR)/$$(KERNEL_INITRAMFS_IMAGE)
+  
   $(BIN_DIR)/$$(KERNEL_INITRAMFS_IMAGE): $(KDIR)/tmp/$$(KERNEL_INITRAMFS_IMAGE)
 	cp $$^ $$@
 
@@ -492,11 +517,11 @@ define Device/Build/initramfs
   $(BUILD_DIR)/json_info_files/$$(KERNEL_INITRAMFS_IMAGE).json: $(BIN_DIR)/$$(KERNEL_INITRAMFS_IMAGE)
 	@mkdir -p $$(shell dirname $$@)
 	DEVICE_ID="$(1)" \
-	BIN_DIR="$(BIN_DIR)" \
 	SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
-	DEVICE_IMG_NAME="$$(notdir $$^)" \
+	FILE_NAME="$$(notdir $$^)" \
-	IMAGE_TYPE="kernel" \
+	FILE_DIR="$(KDIR)/tmp" \
-	IMAGE_FILESYSTEM="initramfs" \
+	FILE_TYPE="kernel" \
+	FILE_FILESYSTEM="initramfs" \
 	DEVICE_IMG_PREFIX="$$(DEVICE_IMG_PREFIX)" \
 	DEVICE_VENDOR="$$(DEVICE_VENDOR)" \
 	DEVICE_MODEL="$$(DEVICE_MODEL)" \
@@ -510,6 +535,12 @@ define Device/Build/initramfs
 	DEVICE_ALT2_VENDOR="$$(DEVICE_ALT2_VENDOR)" \
 	DEVICE_ALT2_MODEL="$$(DEVICE_ALT2_MODEL)" \
 	DEVICE_ALT2_VARIANT="$$(DEVICE_ALT2_VARIANT)" \
+	DEVICE_ALT3_VENDOR="$$(DEVICE_ALT3_VENDOR)" \
+	DEVICE_ALT3_MODEL="$$(DEVICE_ALT3_MODEL)" \
+	DEVICE_ALT3_VARIANT="$$(DEVICE_ALT3_VARIANT)" \
+	DEVICE_ALT4_VENDOR="$$(DEVICE_ALT4_VENDOR)" \
+	DEVICE_ALT4_MODEL="$$(DEVICE_ALT4_MODEL)" \
+	DEVICE_ALT4_VARIANT="$$(DEVICE_ALT4_VARIANT)" \
 	DEVICE_TITLE="$$(DEVICE_TITLE)" \
 	DEVICE_PACKAGES="$$(DEVICE_PACKAGES)" \
 	TARGET="$(BOARD)" \
@@ -524,7 +555,8 @@ endif
 define Device/Build/compile
   $$(_COMPILE_TARGET): $(KDIR)/$(1)
   $(eval $(call Device/Export,$(KDIR)/$(1)))
-  $(KDIR)/$(1):
+  $(KDIR)/$(1): FORCE
+	rm -f $(KDIR)/$(1)
 	$$(call concat_cmd,$(COMPILE/$(1)))
 
 endef
@@ -536,19 +568,36 @@ define Device/Build/dtb
   $(KDIR)/image-$(1).dtb: FORCE
 	$(call Image/BuildDTB,$(strip $(2))/$(strip $(3)).dts,$$@)
 
-  image_prepare: $(KDIR)/image-$(1).dtb
+  compile-dtb: $(KDIR)/image-$(1).dtb
+  endif
+
+endef
+
+define Device/Build/dtbo
+  ifndef BUILD_DTSO_$(1)
+  BUILD_DTSO_$(1) := 1
+  $(KDIR)/image-$(1).dtbo: FORCE
+	$(call Image/BuildDTBO,$(strip $(2))/$(strip $(3)).dtso,$$@)
+
+  compile-dtb: $(KDIR)/image-$(1).dtbo
   endif
 
 endef
 endif
 
 define Device/Build/kernel
-  $$(eval $$(foreach dts,$$(DEVICE_DTS) $$(DEVICE_DTS_OVERLAY), \
+  $$(eval $$(foreach dts,$$(DEVICE_DTS), \
 	$$(call Device/Build/dtb,$$(notdir $$(dts)), \
 		$$(if $$(DEVICE_DTS_DIR),$$(DEVICE_DTS_DIR),$$(DTS_DIR)), \
 		$$(dts) \
 	) \
   ))
+  $$(eval $$(foreach dtso,$$(DEVICE_DTS_OVERLAY), \
+	$$(call Device/Build/dtbo,$$(notdir $$(dtso)), \
+		$$(if $$(DEVICE_DTS_DIR),$$(DEVICE_DTS_DIR),$$(DTS_DIR)), \
+		$$(dtso) \
+	) \
+  ))
 
   $(KDIR)/$$(KERNEL_NAME):: image_prepare
   $$(_TARGET): $$(if $$(KERNEL_INSTALL),$(BIN_DIR)/$$(KERNEL_IMAGE))
@@ -599,11 +648,11 @@ define Device/Build/image
   $(BUILD_DIR)/json_info_files/$(call DEVICE_IMG_NAME,$(1),$(2)).json: $(BIN_DIR)/$(call DEVICE_IMG_NAME,$(1),$(2))$$(GZ_SUFFIX)
 	@mkdir -p $$(shell dirname $$@)
 	DEVICE_ID="$(DEVICE_NAME)" \
-	BIN_DIR="$(BIN_DIR)" \
 	SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
-	DEVICE_IMG_NAME="$(DEVICE_IMG_NAME)" \
+	FILE_NAME="$(DEVICE_IMG_NAME)" \
-	IMAGE_TYPE=$(word 1,$(subst ., ,$(2))) \
+	FILE_DIR="$(KDIR)/tmp" \
-	IMAGE_FILESYSTEM="$(1)" \
+	FILE_TYPE=$(word 1,$(subst ., ,$(2))) \
+	FILE_FILESYSTEM="$(1)" \
 	DEVICE_IMG_PREFIX="$(DEVICE_IMG_PREFIX)" \
 	DEVICE_VENDOR="$(DEVICE_VENDOR)" \
 	DEVICE_MODEL="$(DEVICE_MODEL)" \
@@ -617,6 +666,12 @@ define Device/Build/image
 	DEVICE_ALT2_VENDOR="$(DEVICE_ALT2_VENDOR)" \
 	DEVICE_ALT2_MODEL="$(DEVICE_ALT2_MODEL)" \
 	DEVICE_ALT2_VARIANT="$(DEVICE_ALT2_VARIANT)" \
+	DEVICE_ALT3_VENDOR="$(DEVICE_ALT3_VENDOR)" \
+	DEVICE_ALT3_MODEL="$(DEVICE_ALT3_MODEL)" \
+	DEVICE_ALT3_VARIANT="$(DEVICE_ALT3_VARIANT)" \
+	DEVICE_ALT4_VENDOR="$(DEVICE_ALT4_VENDOR)" \
+	DEVICE_ALT4_MODEL="$(DEVICE_ALT4_MODEL)" \
+	DEVICE_ALT4_VARIANT="$(DEVICE_ALT4_VARIANT)" \
 	DEVICE_TITLE="$(DEVICE_TITLE)" \
 	DEVICE_PACKAGES="$(DEVICE_PACKAGES)" \
 	TARGET="$(BOARD)" \
@@ -629,7 +684,9 @@ define Device/Build/image
 endef
 
 define Device/Build/artifact
-  $$(_TARGET): $(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1)
+  $$(_TARGET): $(if $(CONFIG_JSON_OVERVIEW_IMAGE_INFO), \
+	  $(BUILD_DIR)/json_info_files/$(DEVICE_IMG_PREFIX)-$(1).json, \
+	  $(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1))
   $(eval $(call Device/Export,$(KDIR)/tmp/$(DEVICE_IMG_PREFIX)-$(1)))
   $(KDIR)/tmp/$(DEVICE_IMG_PREFIX)-$(1): $$(KDIR_KERNEL_IMAGE) $(2)-images
 	@rm -f $$@
@@ -640,6 +697,41 @@ define Device/Build/artifact
   $(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1): $(KDIR)/tmp/$(DEVICE_IMG_PREFIX)-$(1)
 	cp $$^ $$@
 
+  $(BUILD_DIR)/json_info_files/$(DEVICE_IMG_PREFIX)-$(1).json: $(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1)
+	@mkdir -p $$(shell dirname $$@)
+	DEVICE_ID="$(DEVICE_NAME)" \
+	SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
+	FILE_NAME="$(DEVICE_IMG_PREFIX)-$(1)" \
+	FILE_DIR="$(KDIR)/tmp" \
+	FILE_TYPE="$(1)" \
+	DEVICE_IMG_PREFIX="$(DEVICE_IMG_PREFIX)" \
+	DEVICE_VENDOR="$(DEVICE_VENDOR)" \
+	DEVICE_MODEL="$(DEVICE_MODEL)" \
+	DEVICE_VARIANT="$(DEVICE_VARIANT)" \
+	DEVICE_ALT0_VENDOR="$(DEVICE_ALT0_VENDOR)" \
+	DEVICE_ALT0_MODEL="$(DEVICE_ALT0_MODEL)" \
+	DEVICE_ALT0_VARIANT="$(DEVICE_ALT0_VARIANT)" \
+	DEVICE_ALT1_VENDOR="$(DEVICE_ALT1_VENDOR)" \
+	DEVICE_ALT1_MODEL="$(DEVICE_ALT1_MODEL)" \
+	DEVICE_ALT1_VARIANT="$(DEVICE_ALT1_VARIANT)" \
+	DEVICE_ALT2_VENDOR="$(DEVICE_ALT2_VENDOR)" \
+	DEVICE_ALT2_MODEL="$(DEVICE_ALT2_MODEL)" \
+	DEVICE_ALT2_VARIANT="$(DEVICE_ALT2_VARIANT)" \
+	DEVICE_ALT3_VENDOR="$(DEVICE_ALT3_VENDOR)" \
+	DEVICE_ALT3_MODEL="$(DEVICE_ALT3_MODEL)" \
+	DEVICE_ALT3_VARIANT="$(DEVICE_ALT3_VARIANT)" \
+	DEVICE_ALT4_VENDOR="$(DEVICE_ALT4_VENDOR)" \
+	DEVICE_ALT4_MODEL="$(DEVICE_ALT4_MODEL)" \
+	DEVICE_ALT4_VARIANT="$(DEVICE_ALT4_VARIANT)" \
+	DEVICE_TITLE="$(DEVICE_TITLE)" \
+	DEVICE_PACKAGES="$(DEVICE_PACKAGES)" \
+	TARGET="$(BOARD)" \
+	SUBTARGET="$(if $(SUBTARGET),$(SUBTARGET),generic)" \
+	VERSION_NUMBER="$(VERSION_NUMBER)" \
+	VERSION_CODE="$(VERSION_CODE)" \
+	SUPPORTED_DEVICES="$(SUPPORTED_DEVICES)" \
+	$(TOPDIR)/scripts/json_add_image_info.py $$@
+
 endef
 
 define Device/Build
@@ -672,6 +764,8 @@ $(if $(strip $(DEVICE_ALT0_TITLE)),Alternative device titles:
 - $(DEVICE_ALT0_TITLE))
 $(if $(strip $(DEVICE_ALT1_TITLE)),- $(DEVICE_ALT1_TITLE))
 $(if $(strip $(DEVICE_ALT2_TITLE)),- $(DEVICE_ALT2_TITLE))
+$(if $(strip $(DEVICE_ALT3_TITLE)),- $(DEVICE_ALT3_TITLE))
+$(if $(strip $(DEVICE_ALT4_TITLE)),- $(DEVICE_ALT4_TITLE))
 @@
 
 endef
@@ -689,6 +783,14 @@ ifneq ($$(strip $$(DEVICE_ALT2_TITLE)),)
 DEVICE_DISPLAY = $$(DEVICE_ALT2_TITLE) ($$(DEVICE_TITLE))
 $$(info $$(call Device/DumpInfo,$(1)))
 endif
+ifneq ($$(strip $$(DEVICE_ALT3_TITLE)),)
+DEVICE_DISPLAY = $$(DEVICE_ALT3_TITLE) ($$(DEVICE_TITLE))
+$$(info $$(call Device/DumpInfo,$(1)))
+endif
+ifneq ($$(strip $$(DEVICE_ALT4_TITLE)),)
+DEVICE_DISPLAY = $$(DEVICE_ALT4_TITLE) ($$(DEVICE_TITLE))
+$$(info $$(call Device/DumpInfo,$(1)))
+endif
 DEVICE_DISPLAY = $$(DEVICE_TITLE)
 $$(eval $$(if $$(DEVICE_TITLE),$$(info $$(call Device/DumpInfo,$(1)))))
 endef
@@ -714,24 +816,27 @@ define BuildImage
   download:
   prepare:
   compile:
+  compile-dtb:
   clean:
   image_prepare:
 
   ifeq ($(IB),)
-    .PHONY: download prepare compile clean image_prepare kernel_prepare install install-images
+    .PHONY: download prepare compile compile-dtb clean image_prepare kernel_prepare install install-images
     compile:
 		$(call Build/Compile)
 
     clean:
 		$(call Build/Clean)
 
-    image_prepare: compile
+    compile-dtb:
+    image_prepare: compile compile-dtb
 		mkdir -p $(BIN_DIR) $(KDIR)/tmp
 		rm -rf $(BUILD_DIR)/json_info_files
 		$(call Image/Prepare)
 
   else
     image_prepare:
+		rm -rf $(KDIR)/tmp
 		mkdir -p $(BIN_DIR) $(KDIR)/tmp
   endif
 

include/kernel-5.10

@@ -1,2 +1,2 @@
-LINUX_VERSION-5.10 = .127
+LINUX_VERSION-5.10 = .235
-LINUX_KERNEL_HASH-5.10.127 = 419233ee0b1ee1dc2be8abf1b241545d10dad19d95f237180d6ccdc0cd221580
+LINUX_KERNEL_HASH-5.10.235 = 953be3931101a94a93a644c1283ca41a7e567447ca87d3069ed4dd712dc1f1cc

include/kernel-5.15

@@ -1,2 +1,2 @@
-LINUX_VERSION-5.15 = .55
+LINUX_VERSION-5.15 = .179
-LINUX_KERNEL_HASH-5.15.55 = 1ef6bd508b6c3af3bef2d5b337e4477254dba284c79e329aa38f9763ae3bfdcc
+LINUX_KERNEL_HASH-5.15.179 = 9319a47b1e9b5d344ff6015431856d0c9640e4faedc527c87f9129061a27136f

include/kernel-5.18

@@ -1,2 +0,0 @@
-LINUX_VERSION-5.18 = .12
-LINUX_KERNEL_HASH-5.18.12 = 40b74d0942f255da07481710e1083412d06e37e45b8f9d9e34ae856db37b9527

include/kernel-5.4

@@ -1,2 +1,2 @@
-LINUX_VERSION-5.4 = .203
+LINUX_VERSION-5.4 = .291
-LINUX_KERNEL_HASH-5.4.203 = fc933f5b13066cfa54aacb5e86747a167bad1d8d23972e4a03ab5ee36c29798a
+LINUX_KERNEL_HASH-5.4.291 = b3ad64a4476a7c5450b92eab9a888b84ecb64dc613fcb0128f653f58e958ef6e

include/kernel-6.1

@@ -0,0 +1,2 @@
+LINUX_VERSION-6.1 = .134
+LINUX_KERNEL_HASH-6.1.134 = 60c70cdd70ddee384c004242e67844e3dd1fe28f75b26b3586859fff0a07bd23

include/kernel-6.12

@@ -0,0 +1,2 @@
+LINUX_VERSION-6.12 = .23
+LINUX_KERNEL_HASH-6.12.23 = d8d95404f8deeb7ff6992c0df855025062e9e8182bca6daa27ef2e9275d27749

include/kernel-6.6

@@ -0,0 +1,2 @@
+LINUX_VERSION-6.6 = .87
+LINUX_KERNEL_HASH-6.6.87 = 8957e5c2dacdbc47a16dbf1f6303ca7088409be6197a3881f752313275357ac6

include/kernel-build.mk

@@ -10,7 +10,7 @@ ifneq ($(DUMP),1)
 endif
 
 KERNEL_FILE_DEPENDS=$(GENERIC_BACKPORT_DIR) $(GENERIC_PATCH_DIR) $(GENERIC_HACK_DIR) $(PATCH_DIR) $(GENERIC_FILES_DIR) $(FILES_DIR)
-STAMP_PREPARED=$(LINUX_DIR)/.prepared$(if $(QUILT)$(DUMP),,_$(shell $(call find_md5,$(KERNEL_FILE_DEPENDS),)))
+STAMP_PREPARED=$(LINUX_DIR)/.prepared$(if $(QUILT)$(DUMP),,_$(shell $(call $(if $(CONFIG_AUTOREMOVE),find_md5_reproducible,find_md5),$(KERNEL_FILE_DEPENDS),)))
 STAMP_CONFIGURED:=$(LINUX_DIR)/.configured
 include $(INCLUDE_DIR)/download.mk
 include $(INCLUDE_DIR)/quilt.mk
@@ -156,6 +156,10 @@ define BuildKernel
   compile: $(LINUX_DIR)/.modules
 	$(MAKE) -C image compile TARGET_BUILD=
 
+  dtb: $(STAMP_CONFIGURED)
+	$(_SINGLE)$(KERNEL_MAKE) scripts_dtc
+	$(MAKE) -C image compile-dtb TARGET_BUILD=
+
   oldconfig menuconfig nconfig xconfig: $(STAMP_PREPARED) $(STAMP_CHECKED) FORCE
 	rm -f $(LINUX_DIR)/.config.prev
 	rm -f $(STAMP_CONFIGURED)

include/kernel-defaults.mk

@@ -21,7 +21,7 @@ Kernel/Patch:=$(Kernel/Patch/Default)
 ifneq (,$(findstring .xz,$(LINUX_SOURCE)))
   LINUX_CAT:=xzcat
 else
-  LINUX_CAT:=gzip -dc
+  LINUX_CAT:=$(STAGING_DIR_HOST)/bin/libdeflate-gzip -dc
 endif
 
 ifeq ($(strip $(CONFIG_EXTERNAL_KERNEL_TREE)),"")
@@ -75,6 +75,7 @@ endif
 	rm -f $(LINUX_DIR)/.config.prev
 	mv $(LINUX_DIR)/.config $(LINUX_DIR)/.config.old
 	$(call Kernel/SetInitramfs/PreConfigure)
+	echo "# CONFIG_INITRAMFS_PRESERVE_MTIME is not set" >> $(LINUX_DIR)/.config
   ifneq ($(CONFIG_TARGET_ROOTFS_INITRAMFS_SEPARATE),y)
 	echo 'CONFIG_INITRAMFS_ROOT_UID=$(shell id -u)' >> $(LINUX_DIR)/.config
 	echo 'CONFIG_INITRAMFS_ROOT_GID=$(shell id -g)' >> $(LINUX_DIR)/.config
@@ -99,6 +100,7 @@ define Kernel/SetNoInitramfs
 	grep -v INITRAMFS $(LINUX_DIR)/.config.old > $(LINUX_DIR)/.config.set
 	echo 'CONFIG_INITRAMFS_SOURCE=""' >> $(LINUX_DIR)/.config.set
 	echo '# CONFIG_INITRAMFS_FORCE is not set' >> $(LINUX_DIR)/.config.set
+	echo "# CONFIG_INITRAMFS_PRESERVE_MTIME is not set" >> $(LINUX_DIR)/.config.set
 endef
 
 define Kernel/Configure/Default
@@ -117,7 +119,7 @@ define Kernel/Configure/Default
 		cp $(LINUX_DIR)/.config.set $(LINUX_DIR)/.config; \
 		cp $(LINUX_DIR)/.config.set $(LINUX_DIR)/.config.prev; \
 	}
-	$(_SINGLE) [ -d $(LINUX_DIR)/user_headers ] || $(KERNEL_MAKE) INSTALL_HDR_PATH=$(LINUX_DIR)/user_headers headers_install
+	$(_SINGLE) [ -d $(LINUX_DIR)/user_headers ] || $(KERNEL_MAKE) $(if $(findstring uml,$(BOARD)),ARCH=$(ARCH)) INSTALL_HDR_PATH=$(LINUX_DIR)/user_headers headers_install
 	grep '=[ym]' $(LINUX_DIR)/.config.set | LC_ALL=C sort | $(MKHASH) md5 > $(LINUX_DIR)/.vermagic
 endef
 
@@ -129,6 +131,10 @@ define Kernel/CompileModules/Default
 	rm -f $(LINUX_DIR)/vmlinux $(LINUX_DIR)/System.map
 	+$(KERNEL_MAKE) olddefconfig
 	+$(KERNEL_MAKE) $(if $(KERNELNAME),$(KERNELNAME),all) modules
+	# If .config did not change, use the previous timestamp to avoid package rebuilds
+	cmp -s $(LINUX_DIR)/.config $(LINUX_DIR)/.config.modules.save && \
+		mv $(LINUX_DIR)/.config.modules.save $(LINUX_DIR)/.config; \
+	$(CP) $(LINUX_DIR)/.config $(LINUX_DIR)/.config.modules.save
 endef
 
 OBJCOPY_STRIP = -R .reginfo -R .notes -R .note -R .comment -R .mdebug -R .note.gnu.build-id
@@ -165,20 +171,21 @@ ifneq ($(CONFIG_TARGET_ROOTFS_INITRAMFS),)
 define Kernel/CompileImage/Initramfs
 	$(call Kernel/Configure/Initramfs)
 	$(CP) $(GENERIC_PLATFORM_DIR)/other-files/init $(TARGET_DIR)/init
-	$(if $(SOURCE_DATE_EPOCH),touch -hcd "@$(SOURCE_DATE_EPOCH)" $(TARGET_DIR)/init)
+	$(if $(SOURCE_DATE_EPOCH),touch -hcd "@$(SOURCE_DATE_EPOCH)" $(TARGET_DIR) $(TARGET_DIR)/init)
 	rm -rf $(KERNEL_BUILD_DIR)/linux-$(LINUX_VERSION)/usr/initramfs_data.cpio*
 ifeq ($(CONFIG_TARGET_ROOTFS_INITRAMFS_SEPARATE),y)
-ifeq ($(CONFIG_EXTERNAL_CPIO),y)
+ifneq ($(qstrip $(CONFIG_EXTERNAL_CPIO)),)
 	$(CP) $(CONFIG_EXTERNAL_CPIO) $(KERNEL_BUILD_DIR)/initrd.cpio
 else
-	( cd $(TARGET_DIR); find . | $(STAGING_DIR_HOST)/bin/cpio -o -H newc -R 0:0 > $(KERNEL_BUILD_DIR)/initrd.cpio )
+	( cd $(TARGET_DIR); find . | LC_ALL=C sort | $(STAGING_DIR_HOST)/bin/cpio --reproducible -o -H newc -R 0:0 > $(KERNEL_BUILD_DIR)/initrd.cpio )
 endif
+	$(if $(SOURCE_DATE_EPOCH),touch -hcd "@$(SOURCE_DATE_EPOCH)" $(KERNEL_BUILD_DIR)/initrd.cpio)
 	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_BZIP2),bzip2 -9 -c < $(KERNEL_BUILD_DIR)/initrd.cpio > $(KERNEL_BUILD_DIR)/initrd.cpio.bzip2)
-	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_GZIP),gzip -f -S .gzip -9n $(KERNEL_BUILD_DIR)/initrd.cpio)
+	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_GZIP),gzip -n -f -S .gzip -9n $(KERNEL_BUILD_DIR)/initrd.cpio)
+	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_LZ4),$(STAGING_DIR_HOST)/bin/lz4c -l -c1 -fz --favor-decSpeed $(KERNEL_BUILD_DIR)/initrd.cpio)
 	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_LZMA),$(STAGING_DIR_HOST)/bin/lzma e -lc1 -lp2 -pb2 $(KERNEL_BUILD_DIR)/initrd.cpio $(KERNEL_BUILD_DIR)/initrd.cpio.lzma)
-# ?	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_LZO),)
+	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_LZO),$(STAGING_DIR_HOST)/bin/lzop -9 -f $(KERNEL_BUILD_DIR)/initrd.cpio)
-	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_XZ),$(STAGING_DIR_HOST)/bin/xz -9 -fz --check=crc32 $(KERNEL_BUILD_DIR)/initrd.cpio)
+	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_XZ),$(STAGING_DIR_HOST)/bin/xz -T$(if $(filter 1,$(NPROC)),2,0) -9 -fz --check=crc32 $(KERNEL_BUILD_DIR)/initrd.cpio)
-# ?	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_LZ4),)
 	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_ZSTD),$(STAGING_DIR_HOST)/bin/zstd -T0 -f -o $(KERNEL_BUILD_DIR)/initrd.cpio.zstd $(KERNEL_BUILD_DIR)/initrd.cpio)
 endif
 	+$(KERNEL_MAKE) $(KERNEL_MAKEOPTS_IMAGE) $(if $(KERNELNAME),$(KERNELNAME),all) modules

include/kernel-version.mk

@@ -13,6 +13,15 @@ endif
 
 include $(KERNEL_DETAILS_FILE)
 
+ifdef KERNEL_TESTING_PATCHVER
+  KERNEL_TESTING_DETAILS_FILE=$(INCLUDE_DIR)/kernel-$(KERNEL_TESTING_PATCHVER)
+  ifeq ($(wildcard $(KERNEL_TESTING_DETAILS_FILE)),)
+    $(error Missing kernel version/hash file for $(KERNEL_TESTING_PATCHVER). Please create $(KERNEL_TESTING_DETAILS_FILE))
+  endif
+
+  include $(KERNEL_TESTING_DETAILS_FILE)
+endif
+
 remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1))))
 sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1)))))))
 

include/kernel.mk

@@ -70,11 +70,7 @@ else
       LINUX_UNAME_VERSION:=$(strip $(shell cat $(LINUX_DIR)/include/config/kernel.release 2>/dev/null))
   endif
 
-  ifeq (,$(findstring -android,$(LINUX_VERSION)))
+  MODULES_SUBDIR:=lib/modules/$(LINUX_UNAME_VERSION)
-    MODULES_SUBDIR:=lib/modules/$(LINUX_UNAME_VERSION)
-  else
-    MODULES_SUBDIR:=lib/modules/$(LINUX_UNAME_VERSION)-android
-  endif
   TARGET_MODULES_DIR:=$(LINUX_TARGET_DIR)/$(MODULES_SUBDIR)
 
   ifneq ($(TARGET_BUILD),1)
@@ -90,10 +86,14 @@ else ifneq (,$(findstring $(ARCH) , arceb ))
   LINUX_KARCH := arc
 else ifneq (,$(findstring $(ARCH) , armeb ))
   LINUX_KARCH := arm
+else ifneq (,$(findstring $(ARCH) , loongarch64 ))
+  LINUX_KARCH := loongarch
 else ifneq (,$(findstring $(ARCH) , mipsel mips64 mips64el ))
   LINUX_KARCH := mips
 else ifneq (,$(findstring $(ARCH) , powerpc64 ))
   LINUX_KARCH := powerpc
+else ifneq (,$(findstring $(ARCH) , riscv64 ))
+  LINUX_KARCH := riscv
 else ifneq (,$(findstring $(ARCH) , sh2 sh3 sh4 ))
   LINUX_KARCH := sh
 else ifneq (,$(findstring $(ARCH) , i386 x86_64 ))
@@ -105,7 +105,7 @@ endif
 KERNEL_MAKE = $(MAKE) $(KERNEL_MAKEOPTS)
 
 KERNEL_MAKE_FLAGS = \
-	KCFLAGS="$(call iremap,$(BUILD_DIR),$(notdir $(BUILD_DIR)))" \
+	KCFLAGS="$(call iremap,$(BUILD_DIR),$(notdir $(BUILD_DIR))) $(filter-out -fno-plt,$(call qstrip,$(CONFIG_EXTRA_OPTIMIZATION))) $(call qstrip,$(CONFIG_KERNEL_CFLAGS))" \
 	HOSTCFLAGS="$(HOST_CFLAGS) -Wall -Wmissing-prototypes -Wstrict-prototypes" \
 	CROSS_COMPILE="$(KERNEL_CROSS)" \
 	ARCH="$(LINUX_KARCH)" \
@@ -129,17 +129,17 @@ ifeq ($(call qstrip,$(CONFIG_EXTERNAL_KERNEL_TREE))$(call qstrip,$(CONFIG_KERNEL
 	KERNELRELEASE=$(LINUX_VERSION)
 endif
 
-KERNEL_MAKEOPTS := -C $(LINUX_DIR) $(KERNEL_MAKE_FLAGS)
+ifneq ($(HOST_OS),Linux)
+  KERNEL_MAKE_FLAGS += CONFIG_STACK_VALIDATION=
+  export SKIP_STACK_VALIDATION:=1
+endif
+
+KERNEL_MAKEOPTS = -C $(LINUX_DIR) $(KERNEL_MAKE_FLAGS)
 
 ifdef CONFIG_USE_SPARSE
   KERNEL_MAKEOPTS += C=1 CHECK=$(STAGING_DIR_HOST)/bin/sparse
 endif
 
-ifneq ($(HOST_OS),Linux)
-  KERNEL_MAKEOPTS += CONFIG_STACK_VALIDATION=
-  export SKIP_STACK_VALIDATION:=1
-endif
-
 PKG_EXTMOD_SUBDIRS ?= .
 
 PKG_SYMVERS_DIR = $(KERNEL_BUILD_DIR)/symvers
@@ -238,7 +238,7 @@ $(call KernelPackage/$(1)/config)
   $(call KernelPackage/depends)
   $(call KernelPackage/hooks)
 
-  ifneq ($(if $(filter-out %=y %=n %=m,$(KCONFIG)),$(filter m y,$(foreach c,$(filter-out %=y %=n %=m,$(KCONFIG)),$($(c)))),.),)
+  ifneq ($(if $(filter-out %=y %=n %=m,$(KCONFIG)),$(filter m y,$(foreach c,$(call version_filter,$(filter-out %=y %=n %=m,$(KCONFIG))),$($(c)))),.),)
     define Package/kmod-$(1)/install
 		  @for mod in $$(call version_filter,$$(FILES)); do \
 			if grep -q "$$$$$$$${mod##$(LINUX_DIR)/}" "$(LINUX_DIR)/modules.builtin"; then \

include/meson.mk

@@ -19,7 +19,6 @@
 #
 # Host packages are built in the same fashion, just use these vars instead:
 #
-# HOST_BUILD_DEPENDS:=meson/host
 # MESON_HOST_ARGS+=-Dfoo -Dbar=baz
 # MESON_HOST_VARS+=FOO=bar
 
@@ -56,8 +55,14 @@ else
 MESON_CPU:="$(CPU_TYPE)$(if $(CPU_SUBTYPE),+$(CPU_SUBTYPE))"
 endif
 
+ifeq ($(MESON_USE_STAGING_PYTHON),)
+PYTHON_BIN:=$(STAGING_DIR_HOST)/bin/$(PYTHON)
+else
+PYTHON_BIN:=$(STAGING_DIR_HOSTPKG)/bin/$(PYTHON)
+endif
+
 define Meson
-	$(2) $(STAGING_DIR_HOST)/bin/$(PYTHON) $(MESON_DIR)/meson.py $(1)
+	$(2) $(PYTHON_BIN) $(STAGING_DIR_HOST)/bin/meson.py $(1)
 endef
 
 define Meson/CreateNativeFile
@@ -65,6 +70,8 @@ define Meson/CreateNativeFile
 		-e "s|@CC@|$(foreach BIN,$(HOSTCC),'$(BIN)',)|" \
 		-e "s|@CXX@|$(foreach BIN,$(HOSTCXX),'$(BIN)',)|" \
 		-e "s|@PKGCONFIG@|$(PKG_CONFIG)|" \
+		-e "s|@CMAKE@|$(STAGING_DIR_HOST)/bin/cmake|" \
+		-e "s|@PYTHON@|$(PYTHON_BIN)|" \
 		-e "s|@CFLAGS@|$(foreach FLAG,$(HOST_CFLAGS) $(HOST_CPPFLAGS),'$(FLAG)',)|" \
 		-e "s|@CXXFLAGS@|$(foreach FLAG,$(HOST_CXXFLAGS) $(HOST_CPPFLAGS),'$(FLAG)',)|" \
 		-e "s|@LDFLAGS@|$(foreach FLAG,$(HOST_LDFLAGS),'$(FLAG)',)|" \
@@ -77,10 +84,13 @@ define Meson/CreateCrossFile
 	$(STAGING_DIR_HOST)/bin/sed \
 		-e "s|@CC@|$(foreach BIN,$(TARGET_CC),'$(BIN)',)|" \
 		-e "s|@CXX@|$(foreach BIN,$(TARGET_CXX),'$(BIN)',)|" \
+		-e "s|@LD@|$(foreach FLAG,$(TARGET_LINKER),'$(FLAG)',)|" \
 		-e "s|@AR@|$(TARGET_AR)|" \
 		-e "s|@STRIP@|$(TARGET_CROSS)strip|" \
 		-e "s|@NM@|$(TARGET_NM)|" \
 		-e "s|@PKGCONFIG@|$(PKG_CONFIG)|" \
+		-e "s|@CMAKE@|$(STAGING_DIR_HOST)/bin/cmake|" \
+		-e "s|@PYTHON@|$(PYTHON_BIN)|" \
 		-e "s|@CFLAGS@|$(foreach FLAG,$(TARGET_CFLAGS) $(EXTRA_CFLAGS) $(TARGET_CPPFLAGS) $(EXTRA_CPPFLAGS),'$(FLAG)',)|" \
 		-e "s|@CXXFLAGS@|$(foreach FLAG,$(TARGET_CXXFLAGS) $(EXTRA_CXXFLAGS) $(TARGET_CPPFLAGS) $(EXTRA_CPPFLAGS),'$(FLAG)',)|" \
 		-e "s|@LDFLAGS@|$(foreach FLAG,$(TARGET_LDFLAGS) $(EXTRA_LDFLAGS),'$(FLAG)',)|" \
@@ -94,15 +104,17 @@ endef
 define Host/Configure/Meson
 	$(call Meson/CreateNativeFile,$(HOST_BUILD_DIR)/openwrt-native.txt)
 	$(call Meson, \
+		setup \
 		--native-file $(HOST_BUILD_DIR)/openwrt-native.txt \
+		-Ddefault_library=static \
 		$(MESON_HOST_ARGS) \
 		$(MESON_HOST_BUILD_DIR) \
-		$(HOST_BUILD_DIR), \
+		$(MESON_HOST_BUILD_DIR)/.., \
 		$(MESON_HOST_VARS))
 endef
 
 define Host/Compile/Meson
-	+$(NINJA) -C $(MESON_HOST_BUILD_DIR) $(1)
+	+$(MESON_HOST_VARS) $(NINJA) -C $(MESON_HOST_BUILD_DIR) $(1)
 endef
 
 define Host/Install/Meson
@@ -117,9 +129,11 @@ define Build/Configure/Meson
 	$(call Meson/CreateNativeFile,$(PKG_BUILD_DIR)/openwrt-native.txt)
 	$(call Meson/CreateCrossFile,$(PKG_BUILD_DIR)/openwrt-cross.txt)
 	$(call Meson, \
-		--buildtype plain \
+		setup \
+		--buildtype $(if $(CONFIG_DEBUG),debug,plain) \
 		--native-file $(PKG_BUILD_DIR)/openwrt-native.txt \
 		--cross-file $(PKG_BUILD_DIR)/openwrt-cross.txt \
+		-Ddefault_library=both \
 		$(MESON_ARGS) \
 		$(MESON_BUILD_DIR) \
 		$(MESON_BUILD_DIR)/.., \
@@ -127,7 +141,7 @@ define Build/Configure/Meson
 endef
 
 define Build/Compile/Meson
-	+$(NINJA) -C $(MESON_BUILD_DIR) $(1)
+	+$(MESON_VARS) $(NINJA) -C $(MESON_BUILD_DIR) $(1)
 endef
 
 define Build/Install/Meson

include/netfilter.mk

@@ -48,9 +48,6 @@ $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_COMMENT, $(P_XT)xt_comme
 $(eval $(call nf_add,IPT_CLUSTER,CONFIG_NETFILTER_XT_MATCH_CLUSTER, $(P_XT)xt_cluster))
 
 $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_LOG, $(P_XT)xt_LOG))
-$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_LOG, $(P_XT)nf_log_common, lt 5.13))
-$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_LOG, $(P_V4)nf_log_ipv4, lt 5.13))
-$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_LOG, $(P_XT)nf_log_syslog, ge 5.13))
 $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_TCPMSS, $(P_XT)xt_TCPMSS))
 $(eval $(call nf_add,IPT_CORE,CONFIG_IP_NF_TARGET_REJECT, $(P_V4)ipt_REJECT))
 $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_TIME, $(P_XT)xt_time))
@@ -173,6 +170,13 @@ $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_OPTS, $(P_V6)ip6t_hbh))
 $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_FRAG, $(P_V6)ip6t_frag))
 $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt))
 
+# log
+
+$(eval $(call nf_add,NF_LOG,CONFIG_NF_LOG_COMMON, $(P_XT)nf_log_common, lt 5.13))
+$(eval $(call nf_add,NF_LOG,CONFIG_NF_LOG_IPV4, $(P_V4)nf_log_ipv4, lt 5.13))
+$(eval $(call nf_add,NF_LOG,CONFIG_NF_LOG_SYSLOG, $(P_XT)nf_log_syslog, ge 5.13))
+# $(eval $(if $(NF_KMOD),$(call nf_add,NF_LOG6,CONFIG_NF_LOG_IPV6, $(P_V6)nf_log_ipv6,lt 5.13),))
+
 # nat
 
 # kernel only
@@ -226,11 +230,6 @@ $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_IRC, $(P_XT)nf_connt
 $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_IRC, $(P_XT)nf_nat_irc))
 
 
-# ulog
-
-$(eval $(call nf_add,IPT_ULOG,CONFIG_IP_NF_TARGET_ULOG, $(P_V4)ipt_ULOG))
-
-
 # nflog
 
 $(eval $(call nf_add,IPT_NFLOG,CONFIG_NETFILTER_XT_TARGET_NFLOG, $(P_XT)xt_NFLOG))
@@ -245,14 +244,15 @@ $(eval $(call nf_add,IPT_NFQUEUE,CONFIG_NETFILTER_XT_TARGET_NFQUEUE, $(P_XT)xt_N
 
 $(eval $(call nf_add,IPT_DEBUG,CONFIG_NETFILTER_XT_TARGET_TRACE, $(P_XT)xt_TRACE))
 
-# tproxy
+# socket
+$(eval $(call nf_add,NF_SOCKET,CONFIG_NF_SOCKET_IPV4, $(P_V4)nf_socket_ipv4))
+$(eval $(call nf_add,NF_SOCKET,CONFIG_NF_SOCKET_IPV6, $(P_V6)nf_socket_ipv6))
+$(eval $(call nf_add,IPT_SOCKET,CONFIG_NETFILTER_XT_MATCH_SOCKET, $(P_XT)xt_socket))
 
-$(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_MATCH_SOCKET, $(P_XT)xt_socket))
+# tproxy
-$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_SOCKET_IPV4, $(P_V4)nf_socket_ipv4))
+$(eval $(call nf_add,NF_TPROXY,CONFIG_NF_TPROXY_IPV4, $(P_V4)nf_tproxy_ipv4))
-$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_SOCKET_IPV6, $(P_V6)nf_socket_ipv6))
+$(eval $(call nf_add,NF_TPROXY,CONFIG_NF_TPROXY_IPV6, $(P_V6)nf_tproxy_ipv6))
 $(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_TARGET_TPROXY, $(P_XT)xt_TPROXY))
-$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_TPROXY_IPV4, $(P_V4)nf_tproxy_ipv4))
-$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_TPROXY_IPV6, $(P_V6)nf_tproxy_ipv6))
 
 # led
 $(eval $(call nf_add,IPT_LED,CONFIG_NETFILTER_XT_TARGET_LED, $(P_XT)xt_LED))
@@ -316,7 +316,6 @@ $(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_SNAT, $(P_EBT)ebt_snat))
 
 # watchers
 $(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_LOG, $(P_EBT)ebt_log))
-$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_ULOG, $(P_EBT)ebt_ulog))
 $(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_NFLOG, $(P_EBT)ebt_nflog))
 $(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_NFQUEUE, $(P_EBT)ebt_nfqueue))
 
@@ -338,6 +337,7 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_REJECT_INET, $(P_XT)nft
 
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NFT_BRIDGE_META, $(P_EBT)nft_meta_bridge),))
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NFT_BRIDGE_REJECT, $(P_EBT)nft_reject_bridge),))
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NF_CONNTRACK_BRIDGE, $(P_EBT)nf_conntrack_bridge),))
 
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_NAT, $(P_XT)nft_nat),))
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_NAT, $(P_XT)nft_chain_nat),))
@@ -355,6 +355,14 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NFT_FIB,CONFIG_NFT_FIB_IPV6, $(P_V6)nft_fib
 
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_QUEUE,CONFIG_NFT_QUEUE, $(P_XT)nft_queue),))
 
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_SOCKET,CONFIG_NFT_SOCKET, $(P_XT)nft_socket),))
+
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_TPROXY,CONFIG_NFT_TPROXY, $(P_XT)nft_tproxy),))
+
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_COMPAT,CONFIG_NFT_COMPAT, $(P_XT)nft_compat),))
+
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_XFRM,CONFIG_NFT_XFRM, $(P_XT)nft_xfrm),))
+
 # userland only
 IPT_BUILTIN += $(NF_IPT-y) $(NF_IPT-m)
 IPT_BUILTIN += $(IPT_CORE-y) $(IPT_CORE-m)
@@ -379,7 +387,6 @@ IPT_BUILTIN += $(IPT_NAT6-y)
 IPT_BUILTIN += $(IPT_NAT_EXTRA-y)
 IPT_BUILTIN += $(NF_NATHELPER-y)
 IPT_BUILTIN += $(NF_NATHELPER_EXTRA-y)
-IPT_BUILTIN += $(IPT_ULOG-y)
 IPT_BUILTIN += $(IPT_TPROXY-y)
 IPT_BUILTIN += $(NFNETLINK-y)
 IPT_BUILTIN += $(NFNETLINK_LOG-y)

include/nls.mk

@@ -10,27 +10,38 @@ ifeq ($(CONFIG_BUILD_NLS),y)
 	INTL_PREFIX:=$(STAGING_DIR)/usr/lib/libintl-full
 	INTL_FULL:=1
 
-# iconv stub
+	CMAKE_OPTIONS += -DCMAKE_PREFIX_PATH="$(ICONV_PREFIX);$(INTL_PREFIX)"
 else
-	ICONV_PREFIX:=$(STAGING_DIR)/usr/lib/libiconv-stub
+	ICONV_PREFIX:=
 	ICONV_FULL:=
 
-	INTL_PREFIX:=$(STAGING_DIR)/usr/lib/libintl-stub
+	INTL_PREFIX:=
 	INTL_FULL:=
 endif
 
 PKG_CONFIG_DEPENDS += CONFIG_BUILD_NLS
-PKG_BUILD_DEPENDS += !BUILD_NLS:libiconv !BUILD_NLS:gettext
 
 ICONV_DEPENDS:=+BUILD_NLS:libiconv-full
-ICONV_CFLAGS:=-I$(ICONV_PREFIX)/include
+ifeq ($(CONFIG_BUILD_NLS),y)
-ICONV_CPPFLAGS:=-I$(ICONV_PREFIX)/include
+	ICONV_CFLAGS:=-I$(ICONV_PREFIX)/include
-ICONV_LDFLAGS:=-L$(ICONV_PREFIX)/lib -Wl,-rpath-link=$(ICONV_PREFIX)/lib
+	ICONV_CPPFLAGS:=-I$(ICONV_PREFIX)/include
+	ICONV_LDFLAGS:=-L$(ICONV_PREFIX)/lib -Wl,-rpath-link=$(ICONV_PREFIX)/lib
+else
+	ICONV_CFLAGS:=
+	ICONV_CPPFLAGS:=
+	ICONV_LDFLAGS:=
+endif
 
 INTL_DEPENDS:=+BUILD_NLS:libintl-full
-INTL_CFLAGS:=-I$(INTL_PREFIX)/include
+ifeq ($(CONFIG_BUILD_NLS),y)
-INTL_CPPFLAGS:=-I$(INTL_PREFIX)/include
+	INTL_CFLAGS:=-I$(INTL_PREFIX)/include
-INTL_LDFLAGS:=-L$(INTL_PREFIX)/lib -Wl,-rpath-link=$(INTL_PREFIX)/lib
+	INTL_CPPFLAGS:=-I$(INTL_PREFIX)/include
+	INTL_LDFLAGS:=-L$(INTL_PREFIX)/lib -Wl,-rpath-link=$(INTL_PREFIX)/lib
+else
+	INTL_CFLAGS:=
+	INTL_CPPFLAGS:=
+	INTL_LDFLAGS:=
+endif
 
 TARGET_CFLAGS += $(ICONV_CFLAGS) $(INTL_CFLAGS)
 TARGET_CPPFLAGS += $(ICONV_CPPFLAGS) $(INTL_CPPFLAGS)

include/openssl-engine.mk

@@ -1,50 +0,0 @@
-# SPDX-License-Identifier: GPL-2.0-only
-#
-# Copyright (C) 2022 Enéas Ulir de Queiroz
-
-ENGINES_DIR=engines-1.1
-
-define Package/openssl/engine/Default
-  SECTION:=libs
-  CATEGORY:=Libraries
-  SUBMENU:=SSL
-  DEPENDS:=libopenssl @OPENSSL_ENGINE +libopenssl-conf
-endef
-
-# 1 = engine name
-# 2 - package name, defaults to libopenssl-$(1)
-define Package/openssl/add-engine
-  OSSL_ENG_PKG:=$(if $(2),$(2),libopenssl-$(1))
-  Package/$$(OSSL_ENG_PKG)/conffiles:=/etc/ssl/engines.cnf.d/$(1).cnf
-
-  define Package/$$(OSSL_ENG_PKG)/install
-	$$(INSTALL_DIR)  $$(1)/usr/lib/$(ENGINES_DIR)
-	$$(INSTALL_BIN)  $$(PKG_INSTALL_DIR)/usr/lib/$(ENGINES_DIR)/$(1).so \
-			 $$(1)/usr/lib/$(ENGINES_DIR)
-	$$(INSTALL_DIR)  $$(1)/etc/ssl/engines.cnf.d
-	$$(INSTALL_DATA) ./files/$(1).cnf $$(1)/etc/ssl/engines.cnf.d/
-  endef
-
-  define Package/$$(OSSL_ENG_PKG)/postinst :=
-#!/bin/sh
-OPENSSL_UCI="$$$${IPKG_INSTROOT}/etc/config/openssl"
-
-[ -z "$$$${IPKG_INSTROOT}" ] && uci -q get openssl.$(1) >/dev/null && exit 0
-
-cat << EOF >> "$$$${OPENSSL_UCI}"
-
-config engine '$(1)'
-	option enabled '1'
-EOF
-
-[ -n "$$$${IPKG_INSTROOT}" ] || /etc/init.d/openssl reload
-  endef
-
-  define Package/$$(OSSL_ENG_PKG)/postrm :=
-#!/bin/sh
-[ -n "$$$${IPKG_INSTROOT}" ] && exit 0
-uci delete openssl.$(1)
-uci commit openssl
-/etc/init.d/openssl reload
-  endef
-endef

include/openssl-module.mk

@@ -0,0 +1,79 @@
+# SPDX-License-Identifier: GPL-2.0-only
+#
+# Copyright (C) 2022-2023 Enéas Ulir de Queiroz
+
+ENGINES_DIR=engines-3
+
+define Package/openssl/module/Default
+  SECTION:=libs
+  CATEGORY:=Libraries
+  SUBMENU:=SSL
+  DEPENDS:=libopenssl +libopenssl-conf
+endef
+
+define Package/openssl/engine/Default
+  $(Package/openssl/module/Default)
+  DEPENDS+=@OPENSSL_ENGINE
+endef
+
+
+# 1 = moudule type (engine|provider)
+# 2 = module name
+# 3 = directory to save .so file
+# 4 = [ package name, defaults to libopenssl-$(2) ]
+define Package/openssl/add-module
+  $(eval MOD_TYPE:=$(1))
+  $(eval MOD_NAME:=$(2))
+  $(eval MOD_DIR:=$(3))
+  $(eval OSSL_PKG:=$(if $(4),$(4),libopenssl-$(MOD_NAME)))
+  $(info Package/openssl/add-module 1='$(1)'; 2='$(2)'; 3='$(3)' 4='$(4)')
+  $(info MOD_TYPE='$(MOD_TYPE)'; MOD_NAME='$(MOD_NAME)'; MOD_DIR='$(MOD_DIR)' OSSL_PKG='$(OSSL_PKG)')
+  Package/$(OSSL_PKG)/conffiles:=/etc/ssl/modules.cnf.d/$(MOD_NAME).cnf
+
+  define Package/$(OSSL_PKG)/install
+	$$(INSTALL_DIR)  $$(1)/$(MOD_DIR)
+	$$(INSTALL_BIN)  $$(PKG_INSTALL_DIR)/$(MOD_DIR)/$(MOD_NAME).so \
+			 $$(1)/$(MOD_DIR)
+	$$(INSTALL_DIR)  $$(1)/etc/ssl/modules.cnf.d
+	$$(INSTALL_DATA) ./files/$(MOD_NAME).cnf $$(1)/etc/ssl/modules.cnf.d/
+  endef
+
+  define Package/$(OSSL_PKG)/postinst
+#!/bin/sh
+OPENSSL_UCI="$$$${IPKG_INSTROOT}/etc/config/openssl"
+
+[ -z "$$$${IPKG_INSTROOT}" ] \
+	&& uci -q get openssl.$(MOD_NAME) >/dev/null \
+	&& exit 0
+
+cat << EOF >> "$$$${OPENSSL_UCI}"
+
+config $(MOD_TYPE) '$(MOD_NAME)'
+	option enabled '1'
+EOF
+
+[ -n "$$$${IPKG_INSTROOT}" ] || /etc/init.d/openssl reload
+exit 0
+  endef
+
+  define Package/$(OSSL_PKG)/postrm
+#!/bin/sh
+[ -n "$$$${IPKG_INSTROOT}" ] && exit 0
+uci -q delete openssl.$(MOD_NAME) && uci commit openssl
+/etc/init.d/openssl reload
+exit 0
+  endef
+endef
+
+# 1 = engine name
+# 2 - package name, defaults to libopenssl-$(1)
+define Package/openssl/add-engine
+  $(call Package/openssl/add-module,engine,$(1),/usr/lib/$(ENGINES_DIR),$(2))
+endef
+
+# 1 = provider name
+# 2 = [ package name, defaults to libopenssl-$(1) ]
+define Package/openssl/add-provider
+  $(call Package/openssl/add-module,provider,$(1),/usr/lib/ossl-modules,$(2))
+endef
+

include/package-bin.mk

@@ -4,7 +4,8 @@
 
 ifeq ($(DUMP),)
   define BuildTarget/bin
-    ifeq ($(if $(VARIANT),$(BUILD_VARIANT)),$(VARIANT))
+    TARGET_VARIANT=$(if $(ALL_VARIANTS),$(if $(VARIANT),$(filter-out *,$(VARIANT)),$(firstword $(ALL_VARIANTS))))
+    ifeq ($(if $(TARGET_VARIANT),$(BUILD_VARIANT)),$(TARGET_VARIANT))
     ifdef Package/$(1)/install
       ifneq ($(CONFIG_PACKAGE_$(1))$(DEVELOPER),)
         $(_pkg_target)compile: $(PKG_BUILD_DIR)/.pkgdir/$(1).installed

include/package-defaults.mk

@@ -2,7 +2,7 @@
 #
 # Copyright (C) 2006-2020 OpenWrt.org
 
-PKG_DEFAULT_DEPENDS = +libc +USE_GLIBC:librt +USE_GLIBC:libpthread
+PKG_DEFAULT_DEPENDS = +libc
 
 ifneq ($(PKG_NAME),toolchain)
   PKG_FIXUP_DEPENDS = $(if $(filter kmod-%,$(1)),$(2),$(PKG_DEFAULT_DEPENDS) $(filter-out $(PKG_DEFAULT_DEPENDS),$(2)))

include/package-ipkg.mk

@@ -105,7 +105,8 @@ ifeq ($(DUMP),)
     IDIR_$(1):=$(PKG_BUILD_DIR)/ipkg-$(PKGARCH)/$(1)
     KEEP_$(1):=$(strip $(call Package/$(1)/conffiles))
 
-    ifeq ($(BUILD_VARIANT),$$(if $$(VARIANT),$$(VARIANT),$(BUILD_VARIANT)))
+    TARGET_VARIANT:=$$(if $(ALL_VARIANTS),$$(if $$(VARIANT),$$(filter-out *,$$(VARIANT)),$(firstword $(ALL_VARIANTS))))
+    ifeq ($(BUILD_VARIANT),$$(if $$(TARGET_VARIANT),$$(TARGET_VARIANT),$(BUILD_VARIANT)))
     do_install=
     ifdef Package/$(1)/install
       do_install=yes
@@ -263,7 +264,7 @@ $(_endef)
     endif
 
 	$(INSTALL_DIR) $$(PDIR_$(1))
-	$(FAKEROOT) $(SCRIPT_DIR)/ipkg-build -m "$(FILE_MODES)" $$(IDIR_$(1)) $$(PDIR_$(1))
+	$(FAKEROOT) $(STAGING_DIR_HOST)/bin/bash $(SCRIPT_DIR)/ipkg-build -m "$(FILE_MODES)" $$(IDIR_$(1)) $$(PDIR_$(1))
 	@[ -f $$(IPKG_$(1)) ]
 
     $(1)-clean:

include/package.mk

@@ -11,8 +11,7 @@ include $(INCLUDE_DIR)/download.mk
 PKG_BUILD_DIR ?= $(BUILD_DIR)/$(if $(BUILD_VARIANT),$(PKG_NAME)-$(BUILD_VARIANT)/)$(PKG_NAME)$(if $(PKG_VERSION),-$(PKG_VERSION))
 PKG_INSTALL_DIR ?= $(PKG_BUILD_DIR)/ipkg-install
 PKG_BUILD_PARALLEL ?=
-PKG_USE_MIPS16 ?= 1
+PKG_SKIP_DOWNLOAD=$(USE_SOURCE_DIR)$(USE_GIT_TREE)$(USE_GIT_SRC_CHECKOUT)
-PKG_IREMAP ?= 1
 
 MAKE_J:=$(if $(MAKE_JOBSERVER),$(MAKE_JOBSERVER) $(if $(filter 3.% 4.0 4.1,$(MAKE_VERSION)),-j))
 
@@ -23,17 +22,52 @@ PKG_JOBS?=-j1
 else
 PKG_JOBS?=$(if $(PKG_BUILD_PARALLEL),$(MAKE_J),-j1)
 endif
-ifdef CONFIG_USE_MIPS16
+
-  ifeq ($(strip $(PKG_USE_MIPS16)),1)
+PKG_BUILD_FLAGS?=
-    TARGET_ASFLAGS_DEFAULT = $(filter-out -mips16 -minterlink-mips16,$(TARGET_CFLAGS))
+# TODO remove this when all packages moved to PKG_BUILD_FLAGS=no-mips16
-    TARGET_CFLAGS += -mips16 -minterlink-mips16
+PKG_USE_MIPS16?=1
-  endif
+ifneq ($(strip $(PKG_USE_MIPS16)),1)
+  PKG_BUILD_FLAGS+=no-mips16
 endif
-ifeq ($(strip $(PKG_IREMAP)),1)
+
+__unknown_flags=$(filter-out no-iremap no-mips16 gc-sections no-gc-sections lto no-lto no-mold,$(PKG_BUILD_FLAGS))
+ifneq ($(__unknown_flags),)
+  $(error unknown PKG_BUILD_FLAGS: $(__unknown_flags))
+endif
+
+# $1=flagname, $2=default (0/1)
+define pkg_build_flag
+$(if $(filter no-$(1),$(PKG_BUILD_FLAGS)),0,$(if $(filter $(1),$(PKG_BUILD_FLAGS)),1,$(2)))
+endef
+
+ifeq ($(call pkg_build_flag,iremap,1),1)
   IREMAP_CFLAGS = $(call iremap,$(PKG_BUILD_DIR),$(notdir $(PKG_BUILD_DIR)))
   TARGET_CFLAGS += $(IREMAP_CFLAGS)
 endif
 
+ifdef CONFIG_USE_MIPS16
+  ifeq ($(call pkg_build_flag,mips16,1),1)
+    TARGET_ASFLAGS_DEFAULT = $(filter-out -mips16 -minterlink-mips16,$(TARGET_CFLAGS))
+    TARGET_CFLAGS += -mips16 -minterlink-mips16
+    TARGET_CXXFLAGS += -mips16 -minterlink-mips16
+  endif
+endif
+ifeq ($(call pkg_build_flag,gc-sections,$(if $(CONFIG_USE_GC_SECTIONS),1,0)),1)
+  TARGET_CFLAGS+= -ffunction-sections -fdata-sections
+  TARGET_CXXFLAGS+= -ffunction-sections -fdata-sections
+  TARGET_LDFLAGS+= -Wl,--gc-sections
+endif
+ifeq ($(call pkg_build_flag,lto,$(if $(CONFIG_USE_LTO),1,0)),1)
+  TARGET_CFLAGS+= -flto=auto -fno-fat-lto-objects
+  TARGET_CXXFLAGS+= -flto=auto -fno-fat-lto-objects
+  TARGET_LDFLAGS+= -flto=auto -fuse-linker-plugin
+endif
+ifdef CONFIG_USE_MOLD
+  ifeq ($(call pkg_build_flag,mold,1),1)
+    TARGET_LINKER:=mold
+  endif
+endif
+
 include $(INCLUDE_DIR)/hardening.mk
 include $(INCLUDE_DIR)/prereq.mk
 include $(INCLUDE_DIR)/unpack.mk
@@ -84,7 +118,7 @@ ifneq ($(PREV_STAMP_PREPARED),)
   STAMP_PREPARED:=$(PREV_STAMP_PREPARED)
   CONFIG_AUTOREBUILD:=
 else
-  STAMP_PREPARED=$(PKG_BUILD_DIR)/.prepared$(if $(QUILT)$(DUMP),,_$(shell $(call find_md5,${CURDIR} $(PKG_FILE_DEPENDS),))_$(call confvar,CONFIG_AUTOREMOVE $(PKG_PREPARED_DEPENDS)))
+  STAMP_PREPARED=$(PKG_BUILD_DIR)/.prepared$(if $(QUILT)$(DUMP),,_$(shell $(call $(if $(CONFIG_AUTOREMOVE),find_md5_reproducible,find_md5),${CURDIR} $(PKG_FILE_DEPENDS),))_$(call confvar,CONFIG_AUTOREMOVE $(PKG_PREPARED_DEPENDS)))
 endif
 STAMP_CONFIGURED=$(PKG_BUILD_DIR)/.configured$(if $(DUMP),,_$(call confvar,$(PKG_CONFIG_DEPENDS)))
 STAMP_CONFIGURED_WILDCARD=$(PKG_BUILD_DIR)/.configured_*
@@ -183,7 +217,7 @@ define Build/CoreTargets
   $(call Build/Autoclean)
   $(call DefaultTargets)
 
-  $(DL_DIR)/$(FILE): FORCE
+  $(call check_download_integrity)
 
   download:
 	$(foreach hook,$(Hooks/Download),
@@ -258,13 +292,13 @@ define Build/CoreTargets
   ifneq ($(CONFIG_AUTOREMOVE),)
     compile:
 		-touch -r $(PKG_BUILD_DIR)/.built $(PKG_BUILD_DIR)/.autoremove 2>/dev/null >/dev/null
-		$(FIND) $(PKG_BUILD_DIR) -mindepth 1 -maxdepth 1 -not '(' -type f -and -name '.*' -and -size 0 ')' -and -not -name '.pkgdir' | \
+		$(FIND) $(PKG_BUILD_DIR) -mindepth 1 -maxdepth 1 -not '(' -type f -and -name '.*' -and -size 0 ')' -and -not -name '.pkgdir'  -print0 | \
-			$(XARGS) rm -rf
+			$(XARGS) -0 rm -rf
   endif
 endef
 
 define Build/DefaultTargets
-  $(if $(USE_SOURCE_DIR)$(USE_GIT_TREE)$(USE_GIT_SRC_CHECKOUT),,$(if $(strip $(PKG_SOURCE_URL)),$(call Download,default)))
+  $(if $(PKG_SKIP_DOWNLOAD),,$(if $(strip $(PKG_SOURCE_URL)),$(call Download,default)))
   $(if $(DUMP),,$(Build/CoreTargets))
 
   define Build/DefaultTargets

include/prereq-build.mk

@@ -15,7 +15,7 @@ $(eval $(call TestHostCommand,working-make, \
 	$(MAKE) -v | grep -E 'Make (4\.[1-9]|[5-9]\.)'))
 
 $(eval $(call TestHostCommand,case-sensitive-fs, \
-	OpenWrt can only be built on a case-sensitive filesystem, \
+	LEDE can only be built on a case-sensitive filesystem, \
 	rm -f $(TMP_DIR)/test.*; touch $(TMP_DIR)/test.fs; \
 		test ! -f $(TMP_DIR)/test.FS))
 
@@ -49,10 +49,16 @@ $(eval $(call TestHostCommand,working-g++, \
 		g++ -x c++ -o $(TMP_DIR)/a.out - -lstdc++ && \
 		$(TMP_DIR)/a.out))
 
-$(eval $(call TestHostCommand,ncurses, \
+$(eval $(call RequireCHeader,ncurses.h, \
 	Please install ncurses. (Missing libncurses.so or ncurses.h), \
-	echo 'int main(int argc, char **argv) { initscr(); return 0; }' | \
+	initscr(), -lncurses))
-		gcc -include ncurses.h -x c -o $(TMP_DIR)/a.out - -lncurses))
+
+$(eval $(call SetupHostCommand,git,Please install Git (git-core) >= 1.7.12.2, \
+	git --exec-path | xargs -I % -- grep -q -- --recursive %/git-submodule, \
+	git submodule --help | grep -- --recursive))
+
+$(eval $(call SetupHostCommand,rsync,Please install 'rsync', \
+	rsync --version </dev/null))
 endif # IB
 
 ifeq ($(HOST_OS),Linux)
@@ -130,13 +136,21 @@ $(eval $(call SetupHostCommand,getopt, \
 	Please install an extended getopt version that supports --long, \
 	gnugetopt -o t --long test -- --test | grep '^ *--test *--', \
 	getopt -o t --long test -- --test | grep '^ *--test *--', \
-	/usr/local/opt/gnu-getopt/bin/getopt -o t --long test -- --test | grep '^ *--test *--'))
+	/usr/local/opt/gnu-getopt/bin/getopt -o t --long test -- --test | grep '^ *--test *--', \
+	/opt/local/bin/getopt -o t --long test -- --test | grep '^ *--test *--'))
+
+$(eval $(call SetupHostCommand,realpath,Please install a 'realpath' utility, \
+	grealpath /, \
+	realpath /))
 
 $(eval $(call SetupHostCommand,stat,Cannot find a file stat utility, \
 	gnustat -c%s $(TOPDIR)/Makefile, \
 	gstat -c%s $(TOPDIR)/Makefile, \
 	stat -c%s $(TOPDIR)/Makefile))
 
+$(eval $(call SetupHostCommand,gzip,Please install 'gzip', \
+	gzip --version </dev/null))
+
 $(eval $(call SetupHostCommand,unzip,Please install 'unzip', \
 	unzip 2>&1 | grep zipfile, \
 	unzip))
@@ -157,43 +171,62 @@ $(eval $(call SetupHostCommand,perl,Please install Perl 5.x, \
 $(eval $(call CleanupPython2))
 
 $(eval $(call SetupHostCommand,python,Please install Python >= 3.6, \
+	python3.11 -V 2>&1 | grep 'Python 3', \
 	python3.10 -V 2>&1 | grep 'Python 3', \
 	python3.9 -V 2>&1 | grep 'Python 3', \
 	python3.8 -V 2>&1 | grep 'Python 3', \
 	python3.7 -V 2>&1 | grep 'Python 3', \
 	python3.6 -V 2>&1 | grep 'Python 3', \
-	python3 -V 2>&1 | grep -E 'Python 3\.([6-9]|10)\.?'))
+	python3 -V 2>&1 | grep -E 'Python 3\.([6-9]|[0-9][0-9])\.?'))
 
 $(eval $(call SetupHostCommand,python3,Please install Python >= 3.6, \
+	python3.11 -V 2>&1 | grep 'Python 3', \
 	python3.10 -V 2>&1 | grep 'Python 3', \
 	python3.9 -V 2>&1 | grep 'Python 3', \
 	python3.8 -V 2>&1 | grep 'Python 3', \
 	python3.7 -V 2>&1 | grep 'Python 3', \
 	python3.6 -V 2>&1 | grep 'Python 3', \
-	python3 -V 2>&1 | grep -E 'Python 3\.([6-9]|10)\.?'))
+	python3 -V 2>&1 | grep -E 'Python 3\.([6-9]|[0-9][0-9])\.?'))
 
 $(eval $(call TestHostCommand,python3-distutils, \
 	Please install the Python3 distutils module, \
-	$(STAGING_DIR_HOST)/bin/python3 -c 'import distutils'))
+	$(STAGING_DIR_HOST)/bin/python3 -c 'from distutils import util'))
 
-$(eval $(call SetupHostCommand,git,Please install Git (git-core) >= 1.7.12.2, \
+$(eval $(call TestHostCommand,python3-stdlib, \
-	git --exec-path | xargs -I % -- grep -q -- --recursive %/git-submodule))
+	Please install the Python3 stdlib module, \
+	$(STAGING_DIR_HOST)/bin/python3 -c 'import ntpath'))
 
 $(eval $(call SetupHostCommand,file,Please install the 'file' package, \
 	file --version 2>&1 | grep file))
 
-$(eval $(call SetupHostCommand,rsync,Please install 'rsync', \
-	rsync --version </dev/null))
-
 $(eval $(call SetupHostCommand,which,Please install 'which', \
-	which which | grep which))
+	/usr/bin/which which, \
+	/bin/which which, \
+	which which))
+
+ifeq ($(HOST_OS),Linux)
+  $(eval $(call RequireCHeader,argp.h, \
+	Missing argp.h Please install the argp-standalone package if musl libc))
+
+  $(eval $(call RequireCHeader,fts.h, \
+	Missing fts.h Please install the musl-fts-dev package if musl libc))
+
+  $(eval $(call RequireCHeader,obstack.h, \
+	Missing obstack.h Please install the musl-obstack-dev package if musl libc))
+
+  $(eval $(call RequireCHeader,libintl.h, \
+	Missing libintl.h Please install the musl-libintl package if musl libc))
+endif
 
 $(STAGING_DIR_HOST)/bin/mkhash: $(SCRIPT_DIR)/mkhash.c
 	mkdir -p $(dir $@)
 	$(CC) -O2 -I$(TOPDIR)/tools/include -o $@ $<
 
-prereq: $(STAGING_DIR_HOST)/bin/mkhash
+$(STAGING_DIR_HOST)/bin/xxd: $(SCRIPT_DIR)/xxdi.pl
+	$(LN) $< $@
+
+prereq: $(STAGING_DIR_HOST)/bin/mkhash $(STAGING_DIR_HOST)/bin/xxd
 
 # Install ldconfig stub
 $(eval $(call TestHostCommand,ldconfig-stub,Failed to install stub, \
-	$(LN) /bin/true $(STAGING_DIR_HOST)/bin/ldconfig))
+	$(LN) $(SCRIPT_DIR)/noop.sh $(STAGING_DIR_HOST)/bin/ldconfig))

include/prereq.mk

@@ -49,7 +49,7 @@ endef
 
 define RequireCommand
   define Require/$(1)
-    which $(1)
+    command -v $(1)
   endef
 
   $$(eval $$(call Require,$(1),$(2)))
@@ -63,6 +63,18 @@ define RequireHeader
   $$(eval $$(call Require,$(1),$(2)))
 endef
 
+# 1: header to test
+# 2: failure message
+# 3: optional compile time test
+# 4: optional link library test (example -lncurses)
+define RequireCHeader
+  define Require/$(1)
+    echo 'int main(int argc, char **argv) { $(3); return 0; }' | gcc -include $(1) -x c -o $(TMP_DIR)/a.out - $(4)
+  endef
+
+  $$(eval $$(call Require,$(1),$(2)))
+endef
+
 define CleanupPython2
   define Require/python2-cleanup
 	if [ -f "$(STAGING_DIR_HOST)/bin/python" ] && \
@@ -103,7 +115,7 @@ define SetupHostCommand
 	           $(call QuoteHostCommand,$(11)) $(call QuoteHostCommand,$(12)); do \
 		if [ -n "$$$$$$$$cmd" ]; then \
 			bin="$$$$$$$$(PATH="$(subst $(space),:,$(filter-out $(STAGING_DIR_HOST)/%,$(subst :,$(space),$(PATH))))" \
-				which "$$$$$$$${cmd%% *}")"; \
+				command -v "$$$$$$$${cmd%% *}")"; \
 			if [ -x "$$$$$$$$bin" ] && eval "$$$$$$$$cmd" >/dev/null 2>/dev/null; then \
 				mkdir -p "$(STAGING_DIR_HOST)/bin"; \
 				ln -sf "$$$$$$$$bin" "$(STAGING_DIR_HOST)/bin/$(strip $(1))"; \

include/quilt.mk

@@ -116,7 +116,7 @@ define Quilt/RefreshDir
 endef
 
 define Quilt/Refresh/Host
-	$(call Quilt/RefreshDir,$(HOST_BUILD_DIR),$(PATCH_DIR))
+	$(call Quilt/RefreshDir,$(HOST_BUILD_DIR),$(HOST_PATCH_DIR))
 endef
 
 define Quilt/Refresh/Package

include/scan.mk

@@ -11,7 +11,7 @@ TARGET_STAMP:=$(TMP_DIR)/info/.files-$(SCAN_TARGET).stamp
 FILELIST:=$(TMP_DIR)/info/.files-$(SCAN_TARGET)-$(SCAN_COOKIE)
 OVERRIDELIST:=$(TMP_DIR)/info/.overrides-$(SCAN_TARGET)-$(SCAN_COOKIE)
 
-export PATH:=$(TOPDIR)/staging_dir/host/bin:$(PATH)
+export PATH:=$(STAGING_DIR_HOST)/bin:$(PATH)
 
 define feedname
 $(if $(patsubst feeds/%,,$(1)),,$(word 2,$(subst /, ,$(1))))
@@ -72,7 +72,7 @@ endif
 
 $(FILELIST): $(OVERRIDELIST)
 	rm -f $(TMP_DIR)/info/.files-$(SCAN_TARGET)-*
-	find -L $(SCAN_DIR) $(SCAN_EXTRA) -mindepth 1 $(if $(SCAN_DEPTH),-maxdepth $(SCAN_DEPTH)) -name Makefile | xargs grep -aHE 'call $(GREP_STRING)' | sed -e 's#^$(SCAN_DIR)/##' -e 's#/Makefile:.*##' | uniq | awk -v of=$(OVERRIDELIST) -f include/scan.awk > $@
+	find -L $(SCAN_DIR) -mindepth 1 $(if $(SCAN_DEPTH),-maxdepth $(SCAN_DEPTH)) $(SCAN_EXTRA) -name Makefile | xargs grep -aHE 'call $(GREP_STRING)' | sed -e 's#^$(SCAN_DIR)/##' -e 's#/Makefile:.*##' | uniq | awk -v of=$(OVERRIDELIST) -f include/scan.awk > $@
 
 $(TMP_DIR)/info/.files-$(SCAN_TARGET).mk: $(FILELIST)
 	( \

include/site/loongarch64

@@ -0,0 +1,30 @@
+#!/bin/sh
+. $TOPDIR/include/site/linux
+ac_cv_c_littleendian=${ac_cv_c_littleendian=yes}
+ac_cv_c_bigendian=${ac_cv_c_bigendian=no}
+
+ac_cv_sizeof___int64=0
+ac_cv_sizeof_char=1
+ac_cv_sizeof_int=4
+ac_cv_sizeof_int16_t=2
+ac_cv_sizeof_int32_t=4
+ac_cv_sizeof_int64_t=8
+ac_cv_sizeof_long_int=8
+ac_cv_sizeof_long_long=8
+ac_cv_sizeof_long=8
+ac_cv_sizeof_off_t=8
+ac_cv_sizeof_short_int=2
+ac_cv_sizeof_short=2
+ac_cv_sizeof_size_t=8
+ac_cv_sizeof_ssize_t=8
+ac_cv_sizeof_u_int16_t=2
+ac_cv_sizeof_u_int32_t=4
+ac_cv_sizeof_u_int64_t=8
+ac_cv_sizeof_uint16_t=2
+ac_cv_sizeof_uint32_t=4
+ac_cv_sizeof_uint64_t=8
+ac_cv_sizeof_unsigned_int=4
+ac_cv_sizeof_unsigned_long=8
+ac_cv_sizeof_unsigned_long_long=8
+ac_cv_sizeof_unsigned_short=2
+ac_cv_sizeof_void_p=8

include/site/riscv64

@@ -0,0 +1,30 @@
+#!/bin/sh
+. $TOPDIR/include/site/linux
+ac_cv_c_littleendian=${ac_cv_c_littleendian=yes}
+ac_cv_c_bigendian=${ac_cv_c_bigendian=no}
+
+ac_cv_sizeof___int64=8
+ac_cv_sizeof_char=1
+ac_cv_sizeof_int=4
+ac_cv_sizeof_int16_t=2
+ac_cv_sizeof_int32_t=4
+ac_cv_sizeof_int64_t=8
+ac_cv_sizeof_long_int=8
+ac_cv_sizeof_long_long=8
+ac_cv_sizeof_long=8
+ac_cv_sizeof_off_t=8
+ac_cv_sizeof_short_int=2
+ac_cv_sizeof_short=2
+ac_cv_sizeof_size_t=8
+ac_cv_sizeof_ssize_t=8
+ac_cv_sizeof_u_int16_t=2
+ac_cv_sizeof_u_int32_t=4
+ac_cv_sizeof_u_int64_t=8
+ac_cv_sizeof_uint16_t=2
+ac_cv_sizeof_uint32_t=4
+ac_cv_sizeof_uint64_t=8
+ac_cv_sizeof_unsigned_int=4
+ac_cv_sizeof_unsigned_long=8
+ac_cv_sizeof_unsigned_long_long=8
+ac_cv_sizeof_unsigned_short=2
+ac_cv_sizeof_void_p=8

include/subdir.mk

@@ -5,6 +5,9 @@
 ifeq ($(MAKECMDGOALS),prereq)
   SUBTARGETS:=prereq
   PREREQ_ONLY:=1
+# For target/linux related target add dtb to selectively compile dtbs
+else ifneq ($(filter target/linux/%,$(MAKECMDGOALS)),)
+  SUBTARGETS:=$(DEFAULT_SUBDIR_TARGETS) dtb
 else
   SUBTARGETS:=$(DEFAULT_SUBDIR_TARGETS)
 endif
@@ -27,14 +30,16 @@ lastdir=$(word $(words $(subst /, ,$(1))),$(subst /, ,$(1)))
 diralias=$(if $(findstring $(1),$(call lastdir,$(1))),,$(call lastdir,$(1)))
 
 subdir_make_opts = \
-	-r -C $(1) \
+	$(if $(SUBDIR_MAKE_DEBUG),-d) -r -C $(1) \
 		BUILD_SUBDIR="$(1)" \
-		BUILD_VARIANT="$(4)"
+		BUILD_VARIANT="$(4)" \
+		ALL_VARIANTS="$(5)"
 
 # 1: subdir
 # 2: target
 # 3: build type
 # 4: build variant
+# 5: all variants
 log_make = \
 	 $(if $(call debug,$(1),v),,@)+ \
 	 $(if $(BUILD_LOG), \
@@ -62,15 +67,15 @@ define subdir
     $(foreach target,$(SUBTARGETS) $($(1)/subtargets),
       $(foreach btype,$(buildtypes-$(bd)),
         $(call warn_eval,$(1)/$(bd),t,T,$(1)/$(bd)/$(btype)/$(target): $(if $(NO_DEPS)$(QUILT),,$($(1)/$(bd)/$(btype)/$(target)) $(call $(1)//$(btype)/$(target),$(1)/$(bd)/$(btype))))
-		  $(call log_make,$(1)/$(bd),$(target),$(btype),$(filter-out __default,$(variant))) \
+		  $(call log_make,$(1)/$(bd),$(target),$(btype),$(filter-out __default,$(variant)),$($(1)/$(bd)/variants)) \
 			|| $(call ERROR,$(2),   ERROR: $(1)/$(bd) [$(btype)] failed to build.,$(findstring $(bd),$($(1)/builddirs-ignore-$(btype)-$(target))))
         $(if $(call diralias,$(bd)),$(call warn_eval,$(1)/$(bd),l,T,$(1)/$(call diralias,$(bd))/$(btype)/$(target): $(1)/$(bd)/$(btype)/$(target)))
       )
       $(call warn_eval,$(1)/$(bd),t,T,$(1)/$(bd)/$(target): $(if $(NO_DEPS)$(QUILT),,$($(1)/$(bd)/$(target)) $(call $(1)//$(target),$(1)/$(bd))))
-        $(foreach variant,$(if $(BUILD_VARIANT),$(BUILD_VARIANT),$(if $(strip $($(1)/$(bd)/variants)),$($(1)/$(bd)/variants),$(if $($(1)/$(bd)/default-variant),$($(1)/$(bd)/default-variant),__default))),
+        $(foreach variant,$(filter-out *,$(if $(BUILD_VARIANT),$(BUILD_VARIANT),$(if $(strip $($(1)/$(bd)/variants)),$($(1)/$(bd)/variants),$(if $($(1)/$(bd)/default-variant),$($(1)/$(bd)/default-variant),__default)))),
 			$(if $(BUILD_LOG),@mkdir -p $(BUILD_LOG_DIR)/$(1)/$(bd)/$(filter-out __default,$(variant)))
-			$(if $($(1)/autoremove),$(call rebuild_check,$(1)/$(bd),$(target),,$(filter-out __default,$(variant))))
+			$(if $($(1)/autoremove),$(call rebuild_check,$(1)/$(bd),$(target),,$(filter-out __default,$(variant)),$($(1)/$(bd)/variants)))
-			$(call log_make,$(1)/$(bd),$(target),,$(filter-out __default,$(variant))) \
+			$(call log_make,$(1)/$(bd),$(target),,$(filter-out __default,$(variant)),$($(1)/$(bd)/variants)) \
 				|| $(call ERROR,$(1),   ERROR: $(1)/$(bd) failed to build$(if $(filter-out __default,$(variant)), (build variant: $(variant))).,$(findstring $(bd),$($(1)/builddirs-ignore-$(target)))) 
         )
       $(if $(PREREQ_ONLY)$(DUMP_TARGET_DB),,

include/target.mk

@@ -12,6 +12,7 @@ DEVICE_TYPE?=router
 # Default packages - the really basic set
 DEFAULT_PACKAGES:=\
 	base-files \
+	ca-bundle \
 	dropbear \
 	fstools \
 	libc \
@@ -23,7 +24,8 @@ DEFAULT_PACKAGES:=\
 	opkg \
 	uci \
 	uclient-fetch \
-	urandom-seed
+	urandom-seed \
+	urngd
 
 ifneq ($(CONFIG_SELINUX),)
 DEFAULT_PACKAGES+=busybox-selinux procd-selinux
@@ -31,6 +33,16 @@ else
 DEFAULT_PACKAGES+=busybox procd
 endif
 
+# include ujail on systems with enough storage
+ifeq ($(CONFIG_SMALL_FLASH),)
+DEFAULT_PACKAGES+=procd-ujail
+endif
+
+# include seccomp ld-preload hooks if kernel supports it
+ifneq ($(CONFIG_SECCOMP),)
+DEFAULT_PACKAGES+=procd-seccomp
+endif
+
 # For the basic set
 DEFAULT_PACKAGES.basic:=
 # For nas targets
@@ -41,9 +53,9 @@ DEFAULT_PACKAGES.nas:=\
 	mdadm
 # For router targets
 DEFAULT_PACKAGES.router:=\
-	dnsmasq-full firewall iptables ppp ppp-mod-pppoe \
+	dnsmasq-full firewall iptables ppp ppp-mod-pppoe odhcp6c odhcpd-ipv6only ip6tables libip6tc kmod-ipt-nat6 \
 	block-mount coremark kmod-nf-nathelper kmod-nf-nathelper-extra kmod-ipt-raw kmod-tun \
-	iptables-mod-tproxy iptables-mod-extra ipset ip-full default-settings luci luci-newapi \
+	iptables-mod-tproxy iptables-mod-extra ipset ip-full default-settings luci luci-proto-ipv6 \
 	ddns-scripts_aliyun ddns-scripts_dnspod luci-app-ddns luci-app-upnp luci-app-autoreboot \
 	luci-app-arpbind luci-app-filetransfer luci-app-vsftpd luci-app-ssr-plus luci-app-vlmcsd \
 	luci-app-accesscontrol luci-app-nlbwmon luci-app-turboacc luci-app-wol curl ca-certificates
@@ -54,7 +66,7 @@ endif
 
 target_conf=$(subst .,_,$(subst -,_,$(subst /,_,$(1))))
 ifeq ($(DUMP),)
-  PLATFORM_DIR:=$(TOPDIR)/target/linux/$(BOARD)
+  PLATFORM_DIR:=$(firstword $(wildcard $(TOPDIR)/target/linux/feeds/$(BOARD) $(TOPDIR)/target/linux/$(BOARD)))
   SUBTARGET:=$(strip $(foreach subdir,$(patsubst $(PLATFORM_DIR)/%/target.mk,%,$(wildcard $(PLATFORM_DIR)/*/target.mk)),$(if $(CONFIG_TARGET_$(call target_conf,$(BOARD)_$(subdir))),$(subdir))))
 else
   PLATFORM_DIR:=${CURDIR}
@@ -159,22 +171,30 @@ USE_SUBTARGET_CONFIG = $(if $(wildcard $(LINUX_TARGET_CONFIG)),,$(if $(LINUX_SUB
 LINUX_RECONFIG_LIST = $(wildcard $(GENERIC_LINUX_CONFIG) $(LINUX_TARGET_CONFIG) $(if $(USE_SUBTARGET_CONFIG),$(LINUX_SUBTARGET_CONFIG)))
 LINUX_RECONFIG_TARGET = $(if $(USE_SUBTARGET_CONFIG),$(LINUX_SUBTARGET_CONFIG),$(LINUX_TARGET_CONFIG))
 
+CFG_TARGET = $(CONFIG_TARGET)
+ifeq ($(CFG_TARGET),platform)
+  CFG_TARGET = target
+  $(warning Deprecation warning: use CONFIG_TARGET=target instead.)
+else ifeq ($(CFG_TARGET),subtarget_platform)
+  CFG_TARGET = subtarget_target
+  $(warning Deprecation warning: use CONFIG_TARGET=subtarget_target instead.)
+endif
+
 # select the config file to be changed by kernel_menuconfig/kernel_oldconfig
-ifeq ($(CONFIG_TARGET),platform)
+ifeq ($(CFG_TARGET),target)
   LINUX_RECONFIG_LIST = $(wildcard $(GENERIC_LINUX_CONFIG) $(LINUX_TARGET_CONFIG))
   LINUX_RECONFIG_TARGET = $(LINUX_TARGET_CONFIG)
-endif
+else ifeq ($(CFG_TARGET),subtarget)
-ifeq ($(CONFIG_TARGET),subtarget)
   LINUX_RECONFIG_LIST = $(wildcard $(GENERIC_LINUX_CONFIG) $(LINUX_TARGET_CONFIG) $(LINUX_SUBTARGET_CONFIG))
   LINUX_RECONFIG_TARGET = $(LINUX_SUBTARGET_CONFIG)
-endif
+else ifeq ($(CFG_TARGET),subtarget_target)
-ifeq ($(CONFIG_TARGET),subtarget_platform)
   LINUX_RECONFIG_LIST = $(wildcard $(GENERIC_LINUX_CONFIG) $(LINUX_SUBTARGET_CONFIG) $(LINUX_TARGET_CONFIG))
   LINUX_RECONFIG_TARGET = $(LINUX_TARGET_CONFIG)
-endif
+else ifeq ($(CFG_TARGET),env)
-ifeq ($(CONFIG_TARGET),env)
   LINUX_RECONFIG_LIST = $(LINUX_KCONFIG_LIST)
   LINUX_RECONFIG_TARGET = $(TOPDIR)/env/kernel-config
+else ifneq ($(strip $(CFG_TARGET)),)
+  $(error CONFIG_TARGET=$(CFG_TARGET) is invalid. Valid: target|subtarget|subtarget_target|env)
 endif
 
 __linux_confcmd = $(2) $(patsubst %,+,$(wordlist 2,9999,$(1))) $(1)
@@ -213,12 +233,14 @@ ifeq ($(DUMP),1)
   ifeq ($(ARCH),powerpc)
     CPU_CFLAGS_603e:=-mcpu=603e
     CPU_CFLAGS_8540:=-mcpu=8540
+    CPU_CFLAGS_8548:=-mcpu=8548
     CPU_CFLAGS_405:=-mcpu=405
     CPU_CFLAGS_440:=-mcpu=440
     CPU_CFLAGS_464fp:=-mcpu=464fp
   endif
   ifeq ($(ARCH),powerpc64)
     CPU_TYPE ?= powerpc64
+    CPU_CFLAGS_e5500:=-mcpu=e5500
     CPU_CFLAGS_powerpc64:=-mcpu=powerpc64
   endif
   ifeq ($(ARCH),sparc)
@@ -236,6 +258,15 @@ ifeq ($(DUMP),1)
     CPU_CFLAGS_arc700 = -mcpu=arc700
     CPU_CFLAGS_archs = -mcpu=archs
   endif
+  ifeq ($(ARCH),riscv64)
+    CPU_TYPE ?= riscv64
+    CPU_CFLAGS_riscv64:=-mabi=lp64d -march=rv64imafdc
+  endif
+  ifeq ($(ARCH),loongarch64)
+    CPU_TYPE ?= generic
+    CPU_CFLAGS := -O2 -pipe
+    CPU_CFLAGS_generic:=-march=loongarch64
+  endif
   ifneq ($(CPU_TYPE),)
     ifndef CPU_CFLAGS_$(CPU_TYPE)
       $(warning CPU_TYPE "$(CPU_TYPE)" doesn't correspond to a known type)

include/toolchain-build.mk

@@ -18,6 +18,6 @@ define FixupLibdir
 		mkdir -p $(1)/lib; \
 		mv $(1)/lib64/* $(1)/lib/; \
 		rm -rf $(1)/lib64; \
+		ln -sf lib $(1)/lib64; \
 	fi
-	ln -sf lib $(1)/lib64
 endef

include/toplevel.mk

@@ -51,11 +51,12 @@ path:=$(subst :,$(space),$(PATH))
 path:=$(filter-out .%,$(path))
 path:=$(subst $(space),:,$(path))
 export PATH:=$(path)
+export STAGING_DIR_HOST:=$(if $(STAGING_DIR),$(abspath $(STAGING_DIR)/../host),$(TOPDIR)/staging_dir/host)
 
 unexport TAR_OPTIONS
 
 ifeq ($(FORCE),)
-  .config scripts/config/conf scripts/config/mconf: staging_dir/host/.prereq-build
+  .config scripts/config/conf scripts/config/mconf: $(STAGING_DIR_HOST)/.prereq-build
 endif
 
 SCAN_COOKIE?=$(shell echo $$$$)
@@ -65,7 +66,7 @@ SUBMAKE:=umask 022; $(SUBMAKE)
 
 ULIMIT_FIX=_limit=`ulimit -n`; [ "$$_limit" = "unlimited" -o "$$_limit" -ge 1024 ] || ulimit -n 1024;
 
-prepare-mk: staging_dir/host/.prereq-build FORCE ;
+prepare-mk: $(STAGING_DIR_HOST)/.prereq-build FORCE ;
 
 ifdef SDK
   IGNORE_PACKAGES = linux
@@ -74,10 +75,10 @@ endif
 _ignore = $(foreach p,$(IGNORE_PACKAGES),--ignore $(p))
 
 prepare-tmpinfo: FORCE
-	@+$(MAKE) -r -s staging_dir/host/.prereq-build $(PREP_MK)
+	@+$(MAKE) -r -s $(STAGING_DIR_HOST)/.prereq-build $(PREP_MK)
 	mkdir -p tmp/info
 	$(_SINGLE)$(NO_TRACE_MAKE) -j1 -r -s -f include/scan.mk SCAN_TARGET="packageinfo" SCAN_DIR="package" SCAN_NAME="package" SCAN_DEPTH=5 SCAN_EXTRA=""
-	$(_SINGLE)$(NO_TRACE_MAKE) -j1 -r -s -f include/scan.mk SCAN_TARGET="targetinfo" SCAN_DIR="target/linux" SCAN_NAME="target" SCAN_DEPTH=2 SCAN_EXTRA="" SCAN_MAKEOPTS="TARGET_BUILD=1"
+	$(_SINGLE)$(NO_TRACE_MAKE) -j1 -r -s -f include/scan.mk SCAN_TARGET="targetinfo" SCAN_DIR="target/linux" SCAN_NAME="target" SCAN_DEPTH=3 SCAN_EXTRA="" SCAN_MAKEOPTS="TARGET_BUILD=1"
 	for type in package target; do \
 		f=tmp/.$${type}info; t=tmp/.config-$${type}.in; \
 		[ "$$t" -nt "$$f" ] || ./scripts/$${type}-metadata.pl $(_ignore) config "$$f" > "$$t" || { rm -f "$$t"; echo "Failed to build $$t"; false; break; }; \
@@ -101,7 +102,7 @@ ifneq ($(DISTRO_PKG_CONFIG),)
 scripts/config/%onf: export PATH:=$(dir $(DISTRO_PKG_CONFIG)):$(PATH)
 endif
 scripts/config/%onf: CFLAGS+= -O2
-scripts/config/%onf:
+scripts/config/%onf: FORCE
 	@$(_SINGLE)$(SUBMAKE) $(if $(findstring s,$(OPENWRT_VERBOSE)),,-s) \
 		-C scripts/config $(notdir $@)
 
@@ -151,7 +152,7 @@ xconfig: scripts/config/qconf prepare-tmpinfo FORCE
 
 prepare_kernel_conf: .config toolchain/install FORCE
 
-ifeq ($(wildcard staging_dir/host/bin/quilt),)
+ifeq ($(wildcard $(STAGING_DIR_HOST)/bin/quilt),)
   prepare_kernel_conf:
 	@+$(SUBMAKE) -r tools/quilt/compile
 else
@@ -175,7 +176,7 @@ kernel_nconfig: prepare_kernel_conf
 kernel_xconfig: prepare_kernel_conf
 	$(_SINGLE)$(NO_TRACE_MAKE) -C target/linux xconfig
 
-staging_dir/host/.prereq-build: include/prereq-build.mk
+$(STAGING_DIR_HOST)/.prereq-build: include/prereq-build.mk
 	mkdir -p tmp
 	@$(_SINGLE)$(NO_TRACE_MAKE) -j1 -r -s -f $(TOPDIR)/include/prereq-build.mk prereq 2>/dev/null || { \
 		echo "Prerequisite check failed. Use FORCE=1 to override."; \
@@ -198,7 +199,7 @@ else
   DOWNLOAD_DIRS = package/download
 endif
 
-download: .config FORCE $(if $(wildcard $(TOPDIR)/staging_dir/host/bin/flock),,tools/flock/compile)
+download: .config FORCE $(if $(wildcard $(STAGING_DIR_HOST)/bin/flock),,tools/flock/compile)
 	@+$(foreach dir,$(DOWNLOAD_DIRS),$(SUBMAKE) $(dir);)
 
 clean dirclean: .config
@@ -262,7 +263,7 @@ distclean:
 	@$(_SINGLE)$(SUBMAKE) -C scripts/config clean
 
 ifeq ($(findstring v,$(DEBUG)),)
-  .SILENT: symlinkclean clean dirclean distclean config-clean download help tmpinfo-clean .config scripts/config/mconf scripts/config/conf menuconfig staging_dir/host/.prereq-build tmp/.prereq-package prepare-tmpinfo
+  .SILENT: symlinkclean clean dirclean distclean config-clean download help tmpinfo-clean .config scripts/config/mconf scripts/config/conf menuconfig $(STAGING_DIR_HOST)/.prereq-build tmp/.prereq-package prepare-tmpinfo
 endif
 .PHONY: help FORCE
 .NOTPARALLEL:

include/trusted-firmware-a.mk

@@ -1,9 +1,9 @@
 PKG_NAME ?= trusted-firmware-a
-PKG_CPE_ID ?= cpe:/a:arm:arm_trusted_firmware
+PKG_CPE_ID ?= cpe:/a:arm:trusted_firmware-a
 
 ifndef PKG_SOURCE_PROTO
 PKG_SOURCE = trusted-firmware-a-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/snapshot
+PKG_SOURCE_URL:=https://codeload.github.com/TrustedFirmware-A/trusted-firmware-a/tar.gz/v$(PKG_VERSION)?
 endif
 
 PKG_BUILD_DIR = $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
@@ -68,13 +68,20 @@ define Build/Trusted-Firmware-A/Target
   endef
 endef
 
+define Build/Configure/Trusted-Firmware-A
+	$(INSTALL_DIR) $(STAGING_DIR)/usr/include
+endef
+
+DTC=$(wildcard $(LINUX_DIR)/scripts/dtc/dtc)
 
 define Build/Compile/Trusted-Firmware-A
 	+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
 		CROSS_COMPILE=$(TARGET_CROSS) \
 		OPENSSL_DIR=$(STAGING_DIR_HOST) \
+		$(if $(DTC),DTC="$(DTC)") \
 		PLAT=$(PLAT) \
 		BUILD_STRING="OpenWrt v$(PKG_VERSION)-$(PKG_RELEASE) ($(VARIANT))" \
+		$(if $(CONFIG_BINUTILS_VERSION_2_37)$(CONFIG_BINUTILS_VERSION_2_38),,LDFLAGS="-no-warn-rwx-segments") \
 		$(TFA_MAKE_FLAGS)
 endef
 

include/u-boot.mk

@@ -16,7 +16,7 @@ PKG_FLAGS:=nonshared
 PKG_LICENSE:=GPL-2.0 GPL-2.0+
 PKG_LICENSE_FILES:=Licenses/README
 
-PKG_BUILD_PARALLEL:=1
+PKG_BUILD_PARALLEL ?= 1
 
 export GCC_HONOUR_COPTS=s
 
@@ -45,6 +45,11 @@ UBOOT_MAKE_FLAGS = \
 	HOSTCC="$(HOSTCC)" \
 	HOSTCFLAGS="$(HOST_CFLAGS) $(HOST_CPPFLAGS) -std=gnu11" \
 	HOSTLDFLAGS="$(HOST_LDFLAGS)" \
+	LOCALVERSION="-OpenWrt-$(REVISION)" \
+	STAGING_PREFIX="$(STAGING_DIR_HOST)" \
+	PKG_CONFIG_PATH="$(STAGING_DIR_HOST)/lib/pkgconfig" \
+	PKG_CONFIG_LIBDIR="$(STAGING_DIR_HOST)/lib/pkgconfig" \
+	PKG_CONFIG_EXTRAARGS="--static" \
 	$(if $(findstring c,$(OPENWRT_VERBOSE)),V=1,V='')
 
 define Build/U-Boot/Target

include/uclibc++.mk

@@ -1,16 +1,2 @@
-ifndef DUMP
+$(warn uclibc++.mk is deprecated. Please remove it and CXX_DEPENDS)
-  ifdef __package_mk
+CXX_DEPENDS = +libstdcpp
-    $(error uclibc++.mk must be included before package.mk)
-  endif
-endif
-
-PKG_PREPARED_DEPENDS += CONFIG_USE_UCLIBCXX
-CXX_DEPENDS = +USE_UCLIBCXX:uclibcxx +USE_LIBSTDCXX:libstdcpp
-
-ifneq ($(CONFIG_USE_UCLIBCXX),)
- ifneq ($(CONFIG_CCACHE),)
-  TARGET_CXX_NOCACHE=g++-uc
- else
-  TARGET_CXX=g++-uc
- endif
-endif

include/unpack.mk

@@ -18,7 +18,7 @@ ifeq ($(strip $(UNPACK_CMD)),)
 
     ifeq ($(filter gz tgz,$(EXT)),$(EXT))
       EXT:=$(call ext,$(PKG_SOURCE:.$(EXT)=))
-      DECOMPRESS_CMD:=gzip -dc $(DL_DIR)/$(PKG_SOURCE) |
+      DECOMPRESS_CMD:=$(STAGING_DIR_HOST)/bin/libdeflate-gzip -dc $(DL_DIR)/$(PKG_SOURCE) |
     endif
     ifeq ($(filter bzip2 bz2 bz tbz2 tbz,$(EXT)),$(EXT))
       EXT:=$(call ext,$(PKG_SOURCE:.$(EXT)=))
@@ -56,7 +56,7 @@ ifeq ($(strip $(UNPACK_CMD)),)
     endif
     # replace zcat with $(ZCAT), because some system don't support it properly
     ifeq ($(PKG_CAT),zcat)
-      UNPACK_CMD=gzip -dc $(DL_DIR)/$(PKG_SOURCE) | $(TAR_CMD)
+      UNPACK_CMD=$(STAGING_DIR_HOST)/bin/libdeflate-gzip -dc $(DL_DIR)/$(PKG_SOURCE) | $(TAR_CMD)
     endif
   endif
 endif

include/verbose.mk

@@ -29,15 +29,15 @@ ifeq ($(IS_TTY),1)
   endif
 endif
 
+define ERROR_MESSAGE
+  printf "$(_R)%s$(_N)\n" "$(1)" >&8
+endef
+
 ifeq ($(findstring s,$(OPENWRT_VERBOSE)),)
   define MESSAGE
 	printf "$(_Y)%s$(_N)\n" "$(1)" >&8
   endef
 
-  define ERROR_MESSAGE
-	printf "$(_R)%s$(_N)\n" "$(1)" >&8
-  endef
-
   ifeq ($(QUIET),1)
     ifneq ($(CURDIR),$(TOPDIR))
       _DIR:=$(patsubst $(TOPDIR)/%,%,${CURDIR})
@@ -60,5 +60,4 @@ else
   define MESSAGE
     printf "%s\n" "$(1)"
   endef
-  ERROR_MESSAGE=$(MESSAGE)
 endif

include/version.mk

@@ -23,13 +23,13 @@ PKG_CONFIG_DEPENDS += \
 sanitize = $(call tolower,$(subst _,-,$(subst $(space),-,$(1))))
 
 VERSION_NUMBER:=$(call qstrip,$(CONFIG_VERSION_NUMBER))
-VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),SNAPSHOT)
+VERSION_NUMBER:=$(if $(VERSION_NUMBER),$(VERSION_NUMBER),24.10.0)
 
 VERSION_CODE:=$(call qstrip,$(CONFIG_VERSION_CODE))
 VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),$(REVISION))
 
 VERSION_REPO:=$(call qstrip,$(CONFIG_VERSION_REPO))
-VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),https://downloads.openwrt.org/snapshots)
+VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),https://downloads.openwrt.org/releases/24.10.0)
 
 VERSION_DIST:=$(call qstrip,$(CONFIG_VERSION_DIST))
 VERSION_DIST:=$(if $(VERSION_DIST),$(VERSION_DIST),OpenWrt)

package/base-files/Makefile

@@ -23,6 +23,7 @@ PKG_LICENSE:=GPL-2.0
 PKG_CONFIG_DEPENDS += \
 	CONFIG_SIGNED_PACKAGES CONFIG_TARGET_INIT_PATH CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE \
 	CONFIG_NAND_SUPPORT \
+	CONFIG_LEGACY_SDCARD_SUPPORT \
 	CONFIG_EMMC_SUPPORT \
 	CONFIG_CLEAN_IPKG \
 	CONFIG_PER_FEED_REPO \
@@ -39,7 +40,7 @@ define Package/base-files
   SECTION:=base
   CATEGORY:=Base system
   DEPENDS:=+netifd +libc +jsonfilter +SIGNED_PACKAGES:usign +SIGNED_PACKAGES:openwrt-keyring +NAND_SUPPORT:ubi-utils +fstools +fwtool
-  TITLE:=Base filesystem for OpenWrt
+  TITLE:=Base filesystem for LEDE
   URL:=http://openwrt.org/
   VERSION:=$(PKG_RELEASE)-$(REVISION)
 endef
@@ -48,7 +49,6 @@ define Package/base-files/conffiles
 /etc/config/
 /etc/config/network
 /etc/config/system
-/etc/crontabs/
 /etc/dropbear/
 /etc/ethers
 /etc/group
@@ -89,6 +89,19 @@ define ImageConfigOptions
 	echo 'pi_preinit_net_messages="$(CONFIG_TARGET_PREINIT_SHOW_NETMSG)"' >>$(1)/lib/preinit/00_preinit.conf
 	echo 'pi_preinit_no_failsafe_netmsg="$(CONFIG_TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG)"' >>$(1)/lib/preinit/00_preinit.conf
 	echo 'pi_preinit_no_failsafe="$(CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE)"' >>$(1)/lib/preinit/00_preinit.conf
+ifeq ($(CONFIG_TARGET_DEFAULT_LAN_IP_FROM_PREINIT),y)
+	mkdir -p $(1)/etc/board.d
+	echo '. /lib/functions/uci-defaults.sh' >$(1)/etc/board.d/99-lan-ip
+	echo 'logger -t 99-lan-ip "setting custom default LAN IP"' >>$(1)/etc/board.d/99-lan-ip
+	echo 'board_config_update' >>$(1)/etc/board.d/99-lan-ip
+	echo 'json_select network' >>$(1)/etc/board.d/99-lan-ip
+	echo 'json_select lan' >>$(1)/etc/board.d/99-lan-ip
+	echo 'json_add_string ipaddr $(if $(CONFIG_TARGET_PREINIT_IP),$(CONFIG_TARGET_PREINIT_IP),"192.168.1.1")' >>$(1)/etc/board.d/99-lan-ip
+	echo 'json_add_string netmask $(if $(CONFIG_TARGET_PREINIT_NETMASK),$(CONFIG_TARGET_PREINIT_NETMASK),"255.255.255.0")' >>$(1)/etc/board.d/99-lan-ip
+	echo 'json_select ..' >>$(1)/etc/board.d/99-lan-ip
+	echo 'json_select ..' >>$(1)/etc/board.d/99-lan-ip
+	echo 'board_config_flush' >>$(1)/etc/board.d/99-lan-ip
+endif
 endef
 
 define Build/Prepare
@@ -125,6 +138,12 @@ ifeq ($(CONFIG_NAND_SUPPORT),)
   endef
 endif
 
+ifeq ($(CONFIG_LEGACY_SDCARD_SUPPORT),)
+  define Package/base-files/legacy-sdcard-support
+	rm -f $(1)/lib/upgrade/legacy-sdcard.sh
+  endef
+endif
+
 ifeq ($(CONFIG_EMMC_SUPPORT),)
   define Package/base-files/emmc-support
 	rm -f $(1)/lib/upgrade/emmc.sh
@@ -135,6 +154,7 @@ define Package/base-files/install
 	$(CP) ./files/* $(1)/
 	$(Package/base-files/install-key)
 	$(Package/base-files/nand-support)
+	$(Package/base-files/legacy-sdcard-support)
 	$(Package/base-files/emmc-support)
 	if [ -d $(GENERIC_PLATFORM_DIR)/base-files/. ]; then \
 		$(CP) $(GENERIC_PLATFORM_DIR)/base-files/* $(1)/; \
@@ -218,6 +238,10 @@ endif
 
 	$(if $(CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE), \
 		rm -f $(1)/etc/banner.failsafe,)
+		
+	if [ -f $(TOPDIR)/feeds/luci/package.json ]; then \
+		$(CP) ./luci2/* $(1)/; \
+	fi
 endef
 
 ifneq ($(DUMP),1)

package/base-files/files/bin/config_generate

@@ -192,6 +192,15 @@ generate_network() {
 				EOF
 			}
 		;;
+
+		ncm|\
+		qmi|\
+		mbim)
+			uci -q batch <<-EOF
+				set network.$1.proto='${protocol}'
+				set network.$1.pdptype='ipv4'
+			EOF
+		;;
 	esac
 }
 
@@ -287,7 +296,7 @@ generate_static_system() {
 	uci -q batch <<-EOF
 		delete system.@system[0]
 		add system system
-		set system.@system[-1].hostname='OpenWrt'
+		set system.@system[-1].hostname='LEDE'
 		set system.@system[-1].timezone='UTC'
 		set system.@system[-1].ttylogin='0'
 		set system.@system[-1].log_size='64'
@@ -296,11 +305,11 @@ generate_static_system() {
 		delete system.ntp
 		set system.ntp='timeserver'
 		set system.ntp.enabled='1'
-		set system.ntp.enable_server='0'
+		set system.ntp.enable_server='1'
-		add_list system.ntp.server='ntp.aliyun.com'
+		add_list system.ntp.server='time.apple.com'
-		add_list system.ntp.server='time1.cloud.tencent.com'
+		add_list system.ntp.server='time.google.com'
-		add_list system.ntp.server='time.ustc.edu.cn'
+		add_list system.ntp.server='time.windows.com'
-		add_list system.ntp.server='cn.pool.ntp.org'
+		add_list system.ntp.server='time.cloudflare.com'
 	EOF
 
 	if json_is_a system object; then

package/base-files/files/bin/ipcalc.sh

@@ -1,6 +1,5 @@
-#!/bin/sh
+#!/usr/bin/awk -f
 
-awk -f - $* <<EOF
 function bitcount(c) {
 	c=and(rshift(c, 1),0x55555555)+and(c,0x55555555)
 	c=and(rshift(c, 2),0x33333333)+and(c,0x33333333)
@@ -11,14 +10,20 @@ function bitcount(c) {
 }
 
 function ip2int(ip) {
-	for (ret=0,n=split(ip,a,"\."),x=1;x<=n;x++) ret=or(lshift(ret,8),a[x])
+	ret=0
+	n=split(ip,a,"\\.")
+	for (x=1;x<=n;x++)
+		ret=or(lshift(ret,8),a[x])
 	return ret
 }
 
 function int2ip(ip,ret,x) {
 	ret=and(ip,255)
 	ip=rshift(ip,8)
-	for(;x<3;ret=and(ip,255)"."ret,ip=rshift(ip,8),x++);
+	for(;x<3;x++) {
+		ret=and(ip,255)"."ret
+		ip=rshift(ip,8)
+	}
 	return ret
 }
 
@@ -44,28 +49,40 @@ BEGIN {
 	}
 
 	network=and(ipaddr,netmask)
+	prefix=32-bitcount(compl32(netmask))
 	broadcast=or(network,compl32(netmask))
 
-	start=or(network,and(ip2int(ARGV[3]),compl32(netmask)))
-	limit=network+1
-	if (start<limit) start=limit
-
-	end=start+ARGV[4]
-	limit=or(network,compl32(netmask))-1
-	if (end>limit) end=limit
-
 	print "IP="int2ip(ipaddr)
 	print "NETMASK="int2ip(netmask)
 	print "BROADCAST="int2ip(broadcast)
 	print "NETWORK="int2ip(network)
-	print "PREFIX="32-bitcount(compl32(netmask))
+	print "PREFIX="prefix
 
 	# range calculations:
 	# ipcalc <ip> <netmask> <start> <num>
 
-	if (ARGC > 3) {
+	if (ARGC <= 3)
-		print "START="int2ip(start)
+		exit(0)
-		print "END="int2ip(end)
+
+	start=or(network,and(ip2int(ARGV[3]),compl32(netmask)))
+	limit=network+1
+	if (start<limit) start=limit
+	if (start==ipaddr) start=ipaddr+1
+
+	end=start+ARGV[4]
+	limit=or(network,compl32(netmask))-1
+	if (end>limit) end=limit
+	if (end==ipaddr) end=ipaddr-1
+
+	if (start>end) {
+		print "network ("int2ip(network)"/"prefix") too small" > "/dev/stderr"
+		exit(1)
 	}
+
+	if (ipaddr > start && ipaddr < end) {
+		print "warning: ipaddr inside range - this might not be supported in future releases of Openwrt" > "/dev/stderr"
+	}
+
+	print "START="int2ip(start)
+	print "END="int2ip(end)
 }
-EOF

package/base-files/files/etc/init.d/boot

@@ -48,6 +48,7 @@ boot() {
 
 	/bin/config_generate
 	uci_apply_defaults
+	sync
 	
 	# temporary hack until configd exists
 	/sbin/reload_config

package/base-files/files/etc/init.d/led

@@ -29,7 +29,7 @@ load_led() {
 	config_get delay $1 delay "150"
 	config_get message $1 message ""
 	config_get gpio $1 gpio "0"
-	config_get inverted $1 inverted "0"
+	config_get_bool inverted $1 inverted "0"
 
 	# execute application led trigger
 	[ -f "/usr/libexec/led-trigger/${trigger}" ] && {
@@ -69,6 +69,10 @@ load_led() {
 			return 1
 		}
 		case "$trigger" in
+		"heartbeat")
+			echo "${inverted}" > "/sys/class/leds/${sysfs}/invert"
+			;;
+
 		"netdev")
 			[ -n "$dev" ] && {
 				echo $dev > /sys/class/leds/${sysfs}/device_name

package/base-files/files/etc/init.d/sysfixtime

@@ -8,23 +8,33 @@ RTC_DEV=/dev/rtc0
 HWCLOCK=/sbin/hwclock
 
 boot() {
-	start && exit 0
+	hwclock_load
-
+	local maxtime="$(find_max_time)"
-	local maxtime="$(maxtime)"
 	local curtime="$(date +%s)"
-	[ $curtime -lt $maxtime ] && date -s @$maxtime
+	if [ $curtime -lt $maxtime ]; then
+		date -s @$maxtime
+		hwclock_save
+	fi
 }
 
 start() {
-	[ -e "$RTC_DEV" ] && [ -e "$HWCLOCK" ] && $HWCLOCK -s -u -f $RTC_DEV
+	hwclock_load
 }
 
 stop() {
+	hwclock_save
+}
+
+hwclock_load() {
+	[ -e "$RTC_DEV" ] && [ -e "$HWCLOCK" ] && $HWCLOCK -s -u -f $RTC_DEV
+}
+
+hwclock_save(){
 	[ -e "$RTC_DEV" ] && [ -e "$HWCLOCK" ] && $HWCLOCK -w -u -f $RTC_DEV && \
 		logger -t sysfixtime "saved '$(date)' to $RTC_DEV"
 }
 
-maxtime() {
+find_max_time() {
 	local file newest
 
 	for file in $( find /etc -type f ) ; do

package/base-files/files/etc/init.d/system

@@ -4,10 +4,9 @@
 START=10
 USE_PROCD=1
 
-validate_system_section()
+validate_system_section() {
-{
 	uci_load_validate system system "$1" "$2" \
-		'hostname:string:OpenWrt' \
+		'hostname:string:LEDE' \
 		'conloglevel:uinteger' \
 		'buffersize:uinteger' \
 		'timezone:string:UTC' \
@@ -23,8 +22,9 @@ system_config() {
 	echo "$hostname" > /proc/sys/kernel/hostname
 	[ -z "$conloglevel" -a -z "$buffersize" ] || dmesg ${conloglevel:+-n $conloglevel} ${buffersize:+-s $buffersize}
 	echo "$timezone" > /tmp/TZ
-	[ -n "$zonename" ] && [ -f "/usr/share/zoneinfo/$zonename" ] && \
+	[ -n "$zonename" ] && [ -f "/usr/share/zoneinfo/${zonename// /_}" ] \
-		ln -sf "/usr/share/zoneinfo/$zonename" /tmp/localtime && rm -f /tmp/TZ
+		&& ln -sf "/usr/share/zoneinfo/${zonename// /_}" /tmp/localtime \
+		&& rm -f /tmp/TZ
 
 	# apply timezone to kernel
 	hwclock -u --systz
@@ -35,8 +35,7 @@ reload_service() {
 	config_foreach validate_system_section system system_config
 }
 
-service_triggers()
+service_triggers() {
-{
 	procd_add_reload_trigger "system"
 	procd_add_validation validate_system_section
 }

package/base-files/files/etc/profile

@@ -3,7 +3,7 @@
 [ -f /etc/banner ] && cat /etc/banner
 [ -n "$FAILSAFE" ] && cat /etc/banner.failsafe
 
-fgrep -sq '/ overlay ro,' /proc/mounts && {
+grep -Fsq '/ overlay ro,' /proc/mounts && {
 	echo 'Your JFFS2-partition seems full and overlayfs is mounted read-only.'
 	echo 'Please try to remove files from /overlay/upper/... and reboot!'
 }

package/base-files/files/etc/rc.common

@@ -55,7 +55,12 @@ enable() {
 
 enabled() {
 	name="$(basename "${initscript}")"
-	[ -x "$IPKG_INSTROOT/etc/rc.d/S${START}${name##S[0-9][0-9]}" ]
+	name="${name##[SK][0-9][0-9]}"
+	{
+		[ -z "${START:-}" ] || [ -L "$IPKG_INSTROOT/etc/rc.d/S${START}$name" ]
+	} && {
+		[ -z "${STOP:-}" ] || [ -L "$IPKG_INSTROOT/etc/rc.d/K${STOP}$name" ]
+	}
 }
 
 depends() {
@@ -100,9 +105,9 @@ service_data() {
 }
 
 service_running() {
-	local service="${1:-$(basename $initscript)}"
+	local instance="${1:-*}"
-	local instance="${2:-*}"
+
-	procd_running "$service" "$instance" "$@"
+	procd_running "$(basename $initscript)" "$instance"
 }
 
 ${INIT_TRACE:+set -x}
@@ -121,6 +126,7 @@ extra_command "enabled" "Check if service is started on boot"
 	extra_command "running" "Check if service is running"
 	extra_command "status" "Service status"
 	extra_command "trace" "Start with syscall trace"
+	extra_command "info" "Dump procd service info"
 
 	. $IPKG_INSTROOT/lib/functions/procd.sh
 	basescript=$(readlink "$initscript")
@@ -144,6 +150,13 @@ extra_command "enabled" "Check if service is started on boot"
 		start "$@"
 	}
 
+	info() {
+		json_init
+		json_add_string name "$(basename ${basescript:-$initscript})"
+		json_add_boolean verbose "1"
+		_procd_ubus_call list
+	}
+
 	stop() {
 		procd_lock
 		stop_service "$@"

package/base-files/files/etc/shadow

@@ -1,4 +1,4 @@
-root::0:0:99999:7:::
+root:::0:99999:7:::
 daemon:*:0:0:99999:7:::
 ftp:*:0:0:99999:7:::
 network:*:0:0:99999:7:::

package/base-files/files/etc/shinit

@@ -8,26 +8,5 @@ alias ll='ls -alF --color=auto'
 [ -x /usr/bin/arp -o -x /sbin/arp ] || arp() { cat /proc/net/arp; }
 [ -x /usr/bin/ldd ] || ldd() { LD_TRACE_LOADED_OBJECTS=1 $*; }
 
-service() {
-	if [ -f "/etc/init.d/$1" ]; then
-		/etc/init.d/$@
-	else
-		echo "Usage: service <service> [command]"
-		if [ -n "$1" ]; then
-			echo "Service "'"'"$1"'"'" not found, the following services are available:"
-		else
-			echo "The following services are available:"
-		fi
-		for F in /etc/init.d/* ; do
-			printf "%-30s\t%10s\t%10s\n"  "$F" \
-			$( $($F enabled) && echo "enabled" || echo "disabled" ) \
-			$( [ "$(ubus call service list "{ 'verbose': true, 'name': '$(basename $F)' }" \
-			| jsonfilter -q -e "@['$(basename $F)'].instances[*].running" | uniq)" = "true" ] \
-			&& echo "running" || echo "stopped" )
-		done;
-		return 1
-	fi
-}
-
 [ -n "$KSH_VERSION" -o \! -s "$HOME/.shinit" ] || . "$HOME/.shinit"
 [ -z "$KSH_VERSION" -o \! -s "$HOME/.mkshrc" ] || . "$HOME/.mkshrc"

package/base-files/files/etc/sysctl.conf

@@ -1 +1,5 @@
 # Defaults are configured in /etc/sysctl.d/* and can be customized in this file
+
+net.bridge.bridge-nf-call-arptables = 0
+net.bridge.bridge-nf-call-ip6tables = 0
+net.bridge.bridge-nf-call-iptables = 0

package/base-files/files/etc/sysctl.d/10-default.conf

@@ -9,6 +9,7 @@ fs.protected_hardlinks=1
 fs.protected_symlinks=1
 
 net.core.bpf_jit_enable=1
+net.core.bpf_jit_kallsyms=1
 
 net.ipv4.conf.default.arp_ignore=1
 net.ipv4.conf.all.arp_ignore=1

package/base-files/files/lib/functions.sh

@@ -209,10 +209,10 @@ add_group_and_user() {
 	if [ -n "$rusers" ]; then
 		local tuple oIFS="$IFS"
 		for tuple in $rusers; do
-			local uid gid uname gname
+			local uid gid uname gname addngroups addngroup addngname addngid
 
 			IFS=":"
-			set -- $tuple; uname="$1"; gname="$2"
+			set -- $tuple; uname="$1"; gname="$2"; addngroups="$3"
 			IFS="="
 			set -- $uname; uname="$1"; uid="$2"
 			set -- $gname; gname="$1"; gid="$2"
@@ -232,7 +232,24 @@ add_group_and_user() {
 				group_add_user "$gname" "$uname"
 			fi
 
-			unset uid gid uname gname
+			if [ -n "$uname" ] &&  [ -n "$addngroups" ]; then
+				oIFS="$IFS"
+				IFS=","
+				for addngroup in $addngroups ; do
+					IFS="="
+					set -- $addngroup; addngname="$1"; addngid="$2"
+					if [ -n "$addngid" ]; then
+						group_exists "$addngname" || group_add "$addngname" "$addngid"
+					else
+						group_add_next "$addngname"
+					fi
+
+					group_add_user "$addngname" "$uname"
+				done
+				IFS="$oIFS"
+			fi
+
+			unset uid gid uname gname addngroups addngroup addngname addngid
 		done
 	fi
 }
@@ -245,11 +262,6 @@ default_postinst() {
 
 	add_group_and_user "${pkgname}"
 
-	if [ -f "$root/usr/lib/opkg/info/${pkgname}.postinst-pkg" ]; then
-		( . "$root/usr/lib/opkg/info/${pkgname}.postinst-pkg" )
-		ret=$?
-	fi
-
 	if [ -d "$root/rootfs-overlay" ]; then
 		cp -R $root/rootfs-overlay/. $root/
 		rm -fR $root/rootfs-overlay/
@@ -275,6 +287,11 @@ default_postinst() {
 		rm -f /tmp/luci-indexcache
 	fi
 
+	if [ -f "$root/usr/lib/opkg/info/${pkgname}.postinst-pkg" ]; then
+		( . "$root/usr/lib/opkg/info/${pkgname}.postinst-pkg" )
+		ret=$?
+	fi
+
 	local shell="$(command -v bash)"
 	for i in $(grep -s "^/etc/init.d/" "$root$filelist"); do
 		if [ -n "$root" ]; then
@@ -354,7 +371,7 @@ group_add_next() {
 		return
 	fi
 	gids=$(cut -d: -f3 ${IPKG_INSTROOT}/etc/group)
-	gid=65536
+	gid=32768
 	while echo "$gids" | grep -q "^$gid$"; do
 		gid=$((gid + 1))
 	done
@@ -369,6 +386,9 @@ group_add_user() {
 	echo "$grp" | grep -q ":$" && delim=""
 	[ -n "$IPKG_INSTROOT" ] || lock /var/lock/passwd
 	sed -i "s/$grp/$grp$delim$2/g" ${IPKG_INSTROOT}/etc/group
+	if [ -z "$IPKG_INSTROOT" ] && [ -x /usr/sbin/selinuxenabled ] && selinuxenabled; then
+		restorecon /etc/group
+	fi
 	[ -n "$IPKG_INSTROOT" ] || lock -u /var/lock/passwd
 }
 
@@ -382,7 +402,7 @@ user_add() {
 	local rc
 	[ -z "$uid" ] && {
 		uids=$(cut -d: -f3 ${IPKG_INSTROOT}/etc/passwd)
-		uid=65536
+		uid=32768
 		while echo "$uids" | grep -q "^$uid$"; do
 			uid=$((uid + 1))
 		done

package/base-files/files/lib/functions/leds.sh

@@ -11,6 +11,36 @@ get_dt_led_path() {
 	echo "$ledpath"
 }
 
+get_dt_led_color_func() {
+	local enum
+	local func
+	local idx
+	local label
+
+	[ -e "$1/function" ] && func=$(cat "$1/function")
+	[ -e "$1/color" ] && idx=$((0x$(hexdump -n 4 -e '4/1 "%02x"' "$1/color")))
+	[ -e "$1/function-enumerator" ] && \
+		enum=$((0x$(hexdump -n 4 -e '4/1 "%02x"' "$1/function-enumerator")))
+
+	[ -z "$idx" ] && [ -z "$func" ] && return 2
+
+	if [ -n "$idx" ]; then
+		for color in "white" "red" "green" "blue" "amber" \
+			     "violet" "yellow" "ir" "multicolor" "rgb" \
+			     "purple" "orange" "pink" "cyan" "lime"
+		do
+			[ $idx -eq 0 ] && label="$color" && break
+			idx=$((idx-1))
+		done
+	fi
+
+	label="$label:$func"
+	[ -n "$enum" ] && label="$label-$enum"
+	echo "$label"
+
+	return 0
+}
+
 get_dt_led() {
 	local label
 	local ledpath=$(get_dt_led_path $1)
@@ -18,6 +48,7 @@ get_dt_led() {
 	[ -n "$ledpath" ] && \
 		label=$(cat "$ledpath/label" 2>/dev/null) || \
 		label=$(cat "$ledpath/chan-name" 2>/dev/null) || \
+		label=$(get_dt_led_color_func "$ledpath") || \
 		label=$(basename "$ledpath")
 
 	echo "$label"

package/base-files/files/lib/functions/network.sh

@@ -90,6 +90,13 @@ network_get_prefix6() {
 	__network_ifstatus "$1" "$2" "['ipv6-prefix'][0]['address','mask']" "/"
 }
 
+# determine first IPv6 prefix assignment of given logical interface
+# 1: destination variable
+# 2: interface
+network_get_prefix_assignment6() {
+	__network_ifstatus "$1" "$2" "['ipv6-prefix-assignment'][0]['address','mask']" "/"
+}
+
 # determine all IPv4 addresses of given logical interface
 # 1: destination variable
 # 2: interface
@@ -187,6 +194,13 @@ network_get_prefixes6() {
 	__network_ifstatus "$1" "$2" "['ipv6-prefix'][*]['address','mask']" "/ "
 }
 
+# determine all IPv6 prefix assignments of given logical interface
+# 1: destination variable
+# 2: interface
+network_get_prefix_assignments6() {
+	__network_ifstatus "$1" "$2" "['ipv6-prefix-assignment'][*]['address','mask']" "/ "
+}
+
 # determine IPv4 gateway of given logical interface
 # 1: destination variable
 # 2: interface

package/base-files/files/lib/functions/system.sh

@@ -61,11 +61,21 @@ find_mtd_chardev() {
 	echo "${INDEX:+$PREFIX$INDEX}"
 }
 
+get_mac_ascii() {
+	local part="$1"
+	local key="$2"
+	local mac_dirty
+
+	mac_dirty=$(strings "$part" | sed -n 's/^'"$key"'=//p')
+
+	# "canonicalize" mac
+	[ -n "$mac_dirty" ] && macaddr_canonicalize "$mac_dirty"
+}
+
 mtd_get_mac_ascii() {
 	local mtdname="$1"
 	local key="$2"
 	local part
-	local mac_dirty
 
 	part=$(find_mtd_part "$mtdname")
 	if [ -z "$part" ]; then
@@ -73,35 +83,75 @@ mtd_get_mac_ascii() {
 		return
 	fi
 
-	mac_dirty=$(strings "$part" | sed -n 's/^'"$key"'=//p')
+	get_mac_ascii "$part" "$key"
-
-	# "canonicalize" mac
-	[ -n "$mac_dirty" ] && macaddr_canonicalize "$mac_dirty"
 }
 
-mtd_get_mac_ascii_mmc() {
+mtd_get_mac_encrypted_arcadyan() {
-	local mtdname="$1"
+	local iv="00000000000000000000000000000000"
-	local key="$2"
+	local key="2A4B303D7644395C3B2B7053553C5200"
-	local part
 	local mac_dirty
+	local mtdname="$1"
+	local part
+	local size
 
-	part=$(find_mmc_part "$mtdname")
+	part=$(find_mtd_part "$mtdname")
 	if [ -z "$part" ]; then
-		echo "mtd_get_mac_ascii: partition $mtdname not found!" >&2
+		echo "mtd_get_mac_encrypted_arcadyan: partition $mtdname not found!" >&2
 		return
 	fi
 
-	mac_dirty=$(strings "$part" | sed -n 's/^'"$key"'=//p')
+	# Config decryption and getting mac. Trying uencrypt and openssl utils.
+	size=$((0x$(dd if=$part skip=9 bs=1 count=4 2>/dev/null | hexdump -v -e '1/4 "%08x"')))
+	if [[ -f  "/usr/bin/uencrypt" ]]; then
+		mac_dirty=$(dd if=$part bs=1 count=$size skip=$((0x100)) 2>/dev/null | \
+			uencrypt -d -n -k $key -i $iv | grep mac | cut -c 5-)
+	elif [[ -f  "/usr/bin/openssl" ]]; then
+		mac_dirty=$(dd if=$part bs=1 count=$size skip=$((0x100)) 2>/dev/null | \
+			openssl aes-128-cbc -d -nopad -K $key -iv $iv | grep mac | cut -c 5-)
+	else
+		echo "mtd_get_mac_encrypted_arcadyan: Neither uencrypt nor openssl was found!" >&2
+		return
+	fi
 
 	# "canonicalize" mac
 	[ -n "$mac_dirty" ] && macaddr_canonicalize "$mac_dirty"
 }
 
+mtd_get_mac_encrypted_deco() {
+	local mtdname="$1"
+
+	if ! [ -e "$mtdname" ]; then
+		echo "mtd_get_mac_encrypted_deco: file $mtdname not found!" >&2
+		return
+	fi
+
+	tplink_key="3336303032384339"
+
+	key=$(dd if=$mtdname bs=1 skip=16 count=8 2>/dev/null | \
+		uencrypt -n -d -k $tplink_key -c des-ecb | hexdump -v -n 8 -e '1/1 "%02x"')
+
+	macaddr=$(dd if=$mtdname bs=1 skip=32 count=8 2>/dev/null | \
+		uencrypt -n -d -k $key -c des-ecb | hexdump -v -n 6 -e '5/1 "%02x:" 1/1 "%02x"')
+
+	echo $macaddr
+}
+
+mtd_get_mac_uci_config_ubi() {
+	local volumename="$1"
+
+	. /lib/upgrade/nand.sh
+
+	local ubidev=$(nand_attach_ubi $CI_UBIPART)
+	local part=$(nand_find_volume $ubidev $volumename)
+
+	cat "/dev/$part" | sed -n 's/^\s*option macaddr\s*'"'"'\?\([0-9A-F:]\+\)'"'"'\?/\1/Ip'
+}
+
 mtd_get_mac_text() {
-	local mtdname=$1
+	local mtdname="$1"
-	local offset=$(($2))
+	local offset=$((${2:-0}))
+	local length="${3:-17}"
 	local part
-	local mac_dirty
 
 	part=$(find_mtd_part "$mtdname")
 	if [ -z "$part" ]; then
@@ -109,15 +159,9 @@ mtd_get_mac_text() {
 		return
 	fi
 
-	if [ -z "$offset" ]; then
+	[ $((offset + length)) -le $(mtd_get_part_size "$mtdname") ] || return
-		echo "mtd_get_mac_text: offset missing!" >&2
-		return
-	fi
 
-	mac_dirty=$(dd if="$part" bs=1 skip="$offset" count=17 2>/dev/null)
+	macaddr_canonicalize $(dd bs=1 if="$part" skip="$offset" count="$length" 2>/dev/null)
-
-	# "canonicalize" mac
-	[ -n "$mac_dirty" ] && macaddr_canonicalize "$mac_dirty"
 }
 
 mtd_get_mac_binary() {
@@ -141,15 +185,6 @@ mtd_get_mac_binary_ubi() {
 	get_mac_binary "/dev/$part" "$offset"
 }
 
-mtd_get_mac_binary_mmc() {
-	local mtdname="$1"
-	local offset="$2"
-	local part
-
-	part=$(find_mmc_part "$mtdname")
-	get_mac_binary "$part" "$offset"
-}
-
 mtd_get_part_size() {
 	local part_name=$1
 	local first dev size erasesize name
@@ -162,6 +197,29 @@ mtd_get_part_size() {
 	done < /proc/mtd
 }
 
+mmc_get_mac_ascii() {
+	local part_name="$1"
+	local key="$2"
+	local part
+
+	part=$(find_mmc_part "$part_name")
+	if [ -z "$part" ]; then
+		echo "mmc_get_mac_ascii: partition $part_name not found!" >&2
+		return
+	fi
+
+	get_mac_ascii "$part" "$key"
+}
+
+mmc_get_mac_binary() {
+	local part_name="$1"
+	local offset="$2"
+	local part
+
+	part=$(find_mmc_part "$part_name")
+	get_mac_binary "$part" "$offset"
+}
+
 macaddr_add() {
 	local mac=$1
 	local val=$2
@@ -172,6 +230,14 @@ macaddr_add() {
 	echo $oui:$nic
 }
 
+macaddr_generate_from_mmc_cid() {
+	local mmc_dev=$1
+
+	local sd_hash=$(sha256sum /sys/class/block/$mmc_dev/device/cid)
+	local mac_base=$(macaddr_canonicalize "$(echo "${sd_hash}" | dd bs=1 count=12 2>/dev/null)")
+	echo "$(macaddr_unsetbit_mc "$(macaddr_setbit_la "${mac_base}")")"
+}
+
 macaddr_geteui() {
 	local mac=$1
 	local sep=$2
@@ -250,4 +316,8 @@ macaddr_canonicalize() {
 	[ ${#canon} -ne 17 ] && return
 
 	printf "%02x:%02x:%02x:%02x:%02x:%02x" 0x${canon// / 0x} 2>/dev/null
-}
+}
+
+dt_is_enabled() {
+	grep -q okay "/proc/device-tree/$1/status"
+}

package/base-files/files/lib/functions/uci-defaults.sh

@@ -96,7 +96,7 @@ ucidef_set_interfaces_lan_wan() {
 
 ucidef_set_bridge_device() {
 	json_select_object bridge
-	json_add_string name "${1:switch0}"
+	json_add_string name "${1:-switch0}"
 	json_select ..
 }
 
@@ -418,6 +418,15 @@ ucidef_set_led_default() {
 	json_select ..
 }
 
+ucidef_set_led_heartbeat() {
+	_ucidef_set_led_common "$1" "$2" "$3"
+
+	json_add_string trigger heartbeat
+	json_select ..
+
+	json_select ..
+}
+
 ucidef_set_led_gpio() {
 	local gpio="$4"
 	local inverted="$5"
@@ -629,6 +638,21 @@ ucidef_set_ntpserver() {
 	json_select ..
 }
 
+ucidef_add_wlan() {
+	local path="$1"; shift
+
+	ucidef_wlan_idx=${ucidef_wlan_idx:-0}
+
+	json_select_object wlan
+	json_select_object "wl$ucidef_wlan_idx"
+	json_add_string path "$path"
+	json_add_fields "$@"
+	json_select ..
+	json_select ..
+
+	ucidef_wlan_idx="$((ucidef_wlan_idx + 1))"
+}
+
 board_config_update() {
 	json_init
 	[ -f ${CFG} ] && json_load "$(cat ${CFG})"

package/base-files/files/lib/preinit/10_indicate_preinit

@@ -18,6 +18,9 @@ preinit_ip_config() {
 	fi
 
 	ip link set dev $netdev up
+	if [ -n "$vid" ]; then
+		ip link set dev $1 up
+	fi
 	ip -4 address add $pi_ip/$pi_netmask broadcast $pi_broadcast dev $1
 }
 
@@ -91,6 +94,8 @@ preinit_config_board() {
 	else
 		# trim any vlan ids
 		ifname=${ifname%\.*}
+		# trim any vlan modifiers like :t
+		ifname=${ifname%\:*}
 	fi
 
 	pi_ifname=$ifname

package/base-files/files/lib/preinit/30_failsafe_wait

@@ -40,35 +40,39 @@ fs_wait_for_key () {
 		rm -f $keypress_wait
 	} &
 
-	[ "$pi_preinit_no_failsafe" != "y" ] && echo "Press the [$1] key and hit [enter] $2"
+	local consoles="$(sed -e 's/ /\n/g' /proc/cmdline | grep '^console=' | sed -e 's/^console=//' -e 's/,.*//')"
-	echo "Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level"
+	[ -n "$consoles" ] || consoles=console
-	# if we're on the console we wait for input
+	for console in $consoles; do
-	{
+		[ -c "/dev/$console" ] || continue
-		while [ -r $keypress_wait ]; do
+		[ "$pi_preinit_no_failsafe" != "y" ] && echo "Press the [$1] key and hit [enter] $2" > "/dev/$console"
-			timer="$(cat $keypress_sec)"
+		echo "Press the [1], [2], [3] or [4] key and hit [enter] to select the debug level" > "/dev/$console"
+		{
+			while [ -r $keypress_wait ]; do
+				timer="$(cat $keypress_sec)"
 
-			[ -n "$timer" ] || timer=1
+				[ -n "$timer" ] || timer=1
-			timer="${timer%%\ *}"
+				timer="${timer%%\ *}"
-			[ $timer -ge 1 ] || timer=1
+				[ $timer -ge 1 ] || timer=1
-			do_keypress=""
+				do_keypress=""
-			{
+				{
-				read -t "$timer" do_keypress
+					read -t "$timer" do_keypress < "/dev/$console"
-				case "$do_keypress" in
+					case "$do_keypress" in
-				$1)
+					$1)
-					echo "true" >$keypress_true
+						echo "true" >$keypress_true
-					;;
+						;;
-				1 | 2 | 3 | 4)
+					1 | 2 | 3 | 4)
-					echo "$do_keypress" >/tmp/debug_level
+						echo "$do_keypress" >/tmp/debug_level
-					;;
+						;;
-				*)
+					*)
-					continue;
+						continue;
-					;;
+						;;
-				esac
+					esac
-				lock -u $keypress_wait
+					lock -u $keypress_wait
-				rm -f $keypress_wait
+					rm -f $keypress_wait
-			}
+				}
-		done
+			done
-	}
+		} &
+	done
 	lock -w $keypress_wait
 
 	keypressed=1

package/base-files/files/lib/preinit/80_mount_root

@@ -9,7 +9,7 @@ missing_lines() {
 	IFS=":"
 	while read line; do
 		set -- $line
-		grep -q "^$1:" "$file2" || echo "$*"
+		grep -q "^$1:" "$file2" || echo "$line"
 	done < "$file1"
 	IFS="$oIFS"
 }
@@ -17,6 +17,7 @@ missing_lines() {
 do_mount_root() {
 	mount_root
 	boot_run_hook preinit_mount_root
+	[ ! -f /etc/bench.log ] && touch /etc/bench.log
 	[ -f /sysupgrade.tgz -o -f /tmp/sysupgrade.tar ] && {
 		echo "- config restore -"
 		cp /etc/passwd /etc/group /etc/shadow /tmp

package/base-files/files/lib/preinit/99_10_failsafe_login

@@ -2,13 +2,14 @@
 # Copyright (C) 2010 Vertical Communications
 
 failsafe_shell() {
-	local console="$(sed -e 's/ /\n/g' /proc/cmdline | grep '^console=' | head -1 | sed -e 's/^console=//' -e 's/,.*//')"
+	local consoles="$(sed -e 's/ /\n/g' /proc/cmdline | grep '^console=' | sed -e 's/^console=//' -e 's/,.*//')"
-	[ -n "$console" ] || console=console
+	[ -n "$consoles" ] || consoles=console
-	[ -c "/dev/$console" ] || return 0
+	for console in $consoles; do
-	while true; do
+		[ -c "/dev/$console" ] && while true; do
-		ash --login <"/dev/$console" >"/dev/$console" 2>"/dev/$console"
+			ash --login <"/dev/$console" >"/dev/$console" 2>"/dev/$console"
-		sleep 1
+			sleep 1
-	done &
+		done &
+	done
 }
 
 boot_hook_add failsafe failsafe_shell

package/base-files/files/lib/upgrade/common.sh

@@ -65,16 +65,9 @@ _v() {
 	[ -n "$VERBOSE" ] && [ "$VERBOSE" -ge 1 ] && echo "$*" >&2
 }
 
-_vn() {
-	[ -n "$VERBOSE" ] && [ "$VERBOSE" -ge 1 ] && echo -n "$*" >&2
-}
-
 v() {
 	_v "$(date) upgrade: $@"
-}
+	logger -p info -t upgrade "$@"
-
-vn() {
-	_vn "$(date) upgrade: $@"
 }
 
 json_string() {
@@ -95,8 +88,7 @@ get_image() { # <source> [ <command> ]
 	if [ -z "$cmd" ]; then
 		local magic="$(dd if="$from" bs=2 count=1 2>/dev/null | hexdump -n 2 -e '1/1 "%02x"')"
 		case "$magic" in
-			1f8b) cmd="zcat";;
+			1f8b) cmd="busybox zcat";;
-			425a) cmd="bzcat";;
 			*) cmd="cat";;
 		esac
 	fi
@@ -135,6 +127,33 @@ get_magic_fat32() {
 	(get_image "$@" | dd bs=1 count=5 skip=82) 2>/dev/null
 }
 
+identify_magic_long() {
+	local magic=$1
+	case "$magic" in
+		"55424923")
+			echo "ubi"
+			;;
+		"31181006")
+			echo "ubifs"
+			;;
+		"68737173")
+			echo "squashfs"
+			;;
+		"d00dfeed")
+			echo "fit"
+			;;
+		"4349"*)
+			echo "combined"
+			;;
+		"1f8b"*)
+			echo "gzip"
+			;;
+		*)
+			echo "unknown $magic"
+			;;
+	esac
+}
+
 part_magic_efi() {
 	local magic=$(get_magic_gpt "$@")
 	[ "$magic" = "EFI PART" ]
@@ -146,6 +165,23 @@ part_magic_fat() {
 	[ "$magic" = "FAT" ] || [ "$magic_fat32" = "FAT32" ]
 }
 
+fitblk_get_bootdev() {
+	[ -e /sys/firmware/devicetree/base/chosen/rootdisk ] || return
+
+	local rootdisk="$(cat /sys/firmware/devicetree/base/chosen/rootdisk)"
+	local handle bootdev
+	for handle in /sys/class/block/*/of_node/phandle /sys/class/block/*/device/of_node/phandle; do
+		[ ! -e "$handle" ] && continue
+		if [ "$rootdisk" = "$(cat $handle)" ]; then
+			bootdev="${handle%/of_node/phandle}"
+			bootdev="${bootdev%/device}"
+			bootdev="${bootdev#/sys/class/block/}"
+			echo "$bootdev"
+			break
+		fi
+	done
+}
+
 export_bootdevice() {
 	local cmdline uuid blockdev uevent line class
 	local MAJOR MINOR DEVNAME DEVTYPE
@@ -163,9 +199,11 @@ export_bootdevice() {
 				fi
 			done
 		;;
+		PARTUUID=????????-????-????-????-??????????0?/PARTNROFF=1 | \
 		PARTUUID=????????-????-????-????-??????????02)
 			uuid="${rootpart#PARTUUID=}"
-			uuid="${uuid%02}00"
+			uuid="${uuid%/PARTNROFF=1}"
+			uuid="${uuid%0?}00"
 			for disk in $(find /dev -type b); do
 				set -- $(dd if=$disk bs=1 skip=568 count=16 2>/dev/null | hexdump -v -e '8/1 "%02x "" "2/1 "%02x""-"6/1 "%02x"')
 				if [ "$4$3$2$1-$6$5-$8$7-$9" = "$uuid" ]; then
@@ -175,6 +213,7 @@ export_bootdevice() {
 			done
 		;;
 		/dev/*)
+			[ "$rootpart" = "/dev/fit0" ] && rootpart="$(fitblk_get_bootdev)"
 			uevent="/sys/class/block/${rootpart##*/}/../uevent"
 		;;
 		0x[a-f0-9][a-f0-9][a-f0-9] | 0x[a-f0-9][a-f0-9][a-f0-9][a-f0-9] | \
@@ -211,7 +250,7 @@ export_partdevice() {
 		while read line; do
 			export -n "$line"
 		done < "$uevent"
-		if [ $BOOTDEV_MAJOR = $MAJOR -a $(($BOOTDEV_MINOR + $offset)) = $MINOR -a -b "/dev/$DEVNAME" ]; then
+		if [ "$BOOTDEV_MAJOR" = "$MAJOR" -a $(($BOOTDEV_MINOR + $offset)) = "$MINOR" -a -b "/dev/$DEVNAME" ]; then
 			export "$var=$DEVNAME"
 			return 0
 		fi
@@ -228,15 +267,6 @@ hex_le32_to_cpu() {
 	echo "$@"
 }
 
-get_partition_by_name() {
-	for partname in /sys/class/block/$1/*/name; do
-		[ "$(cat ${partname})" = "$2" ] && {
-			basename ${partname%%/name}
-			break
-		}
-	done
-}
-
 get_partitions() { # <device> <filename>
 	local disk="$1"
 	local filename="$2"

package/base-files/files/lib/upgrade/emmc.sh

@@ -19,8 +19,11 @@ emmc_upgrade_tar() {
 	[ "$has_kernel" = 1 -a "$EMMC_KERN_DEV" ] &&
 		export EMMC_KERNEL_BLOCKS=$(($(tar xf "$tar_file" ${board_dir}/kernel -O | dd of="$EMMC_KERN_DEV" bs=512 2>&1 | grep "records out" | cut -d' ' -f1)))
 
-	[ "$has_rootfs" = 1 -a "$EMMC_ROOT_DEV" ] &&
+	[ "$has_rootfs" = 1 -a "$EMMC_ROOT_DEV" ] && {
 		export EMMC_ROOTFS_BLOCKS=$(($(tar xf "$tar_file" ${board_dir}/root -O | dd of="$EMMC_ROOT_DEV" bs=512 2>&1 | grep "records out" | cut -d' ' -f1)))
+		# Account for 64KiB ROOTDEV_OVERLAY_ALIGN in libfstools
+		EMMC_ROOTFS_BLOCKS=$(((EMMC_ROOTFS_BLOCKS + 127) & ~127))
+	}
 
 	if [ -z "$UPGRADE_BACKUP" ]; then
 		if [ "$EMMC_DATA_DEV" ]; then
@@ -55,7 +58,7 @@ emmc_copy_config() {
 }
 
 emmc_do_upgrade() {
-	local file_type=$(identify $1)
+	local file_type=$(identify_magic_long "$(get_magic_long "$1")")
 
 	case "$file_type" in
 		"fit")  emmc_upgrade_fit $1;;

package/base-files/files/lib/upgrade/fwtool.sh

@@ -71,6 +71,7 @@ fwtool_check_image() {
 
 			# minor compat version -> sysupgrade with -n required
 			if [ "${devicecompat#.*}" != "${imagecompat#.*}" ] && [ "$SAVE_CONFIG" = "1" ]; then
+				[ "$IGNORE_MINOR_COMPAT" = 1 ] && return 0
 				v "The device is supported, but the config is incompatible to the new image ($devicecompat->$imagecompat). Please upgrade without keeping config (sysupgrade -n)."
 				[ -n "$compatmessage" ] && v "$compatmessage"
 				return 1

package/base-files/files/lib/upgrade/legacy-sdcard.sh

@@ -0,0 +1,91 @@
+legacy_sdcard_check_image() {
+	local file="$1"
+	local diskdev partdev diff
+
+	export_bootdevice && export_partdevice diskdev 0 || {
+		v "Unable to determine upgrade device"
+	return 1
+	}
+
+	get_partitions "/dev/$diskdev" bootdisk
+
+	v "Extract boot sector from the image"
+	get_image_dd "$1" of=/tmp/image.bs count=1 bs=512b
+
+	get_partitions /tmp/image.bs image
+
+	#compare tables
+	diff="$(grep -F -x -v -f /tmp/partmap.bootdisk /tmp/partmap.image)"
+
+	rm -f /tmp/image.bs /tmp/partmap.bootdisk /tmp/partmap.image
+
+	if [ -n "$diff" ]; then
+		v "Partition layout has changed. Full image will be written."
+		ask_bool 0 "Abort" && exit 1
+		return 0
+	fi
+}
+
+legacy_sdcard_do_upgrade() {
+	local board=$(board_name)
+	local diskdev partdev diff
+
+	export_bootdevice && export_partdevice diskdev 0 || {
+		v "Unable to determine upgrade device"
+	return 1
+	}
+
+	sync
+
+	if [ "$UPGRADE_OPT_SAVE_PARTITIONS" = "1" ]; then
+		get_partitions "/dev/$diskdev" bootdisk
+
+		v "Extract boot sector from the image"
+		get_image_dd "$1" of=/tmp/image.bs count=1 bs=512b
+
+		get_partitions /tmp/image.bs image
+
+		#compare tables
+		diff="$(grep -F -x -v -f /tmp/partmap.bootdisk /tmp/partmap.image)"
+	else
+		diff=1
+	fi
+
+	if [ -n "$diff" ]; then
+		get_image_dd "$1" of="/dev/$diskdev" bs=4096 conv=fsync
+
+		# Separate removal and addtion is necessary; otherwise, partition 1
+		# will be missing if it overlaps with the old partition 2
+		partx -d - "/dev/$diskdev"
+		partx -a - "/dev/$diskdev"
+	else
+		v "Writing bootloader to /dev/$diskdev"
+		get_image_dd "$1" of="$diskdev" bs=512 skip=1 seek=1 count=2048 conv=fsync
+		#iterate over each partition from the image and write it to the boot disk
+		while read part start size; do
+			if export_partdevice partdev $part; then
+				v "Writing image to /dev/$partdev..."
+				get_image_dd "$1" of="/dev/$partdev" ibs="512" obs=1M skip="$start" count="$size" conv=fsync
+			else
+				v "Unable to find partition $part device, skipped."
+			fi
+		done < /tmp/partmap.image
+
+		v "Writing new UUID to /dev/$diskdev..."
+		get_image_dd "$1" of="/dev/$diskdev" bs=1 skip=440 count=4 seek=440 conv=fsync
+	fi
+
+	sleep 1
+}
+
+legacy_sdcard_copy_config() {
+	local partdev
+
+	if export_partdevice partdev 1; then
+		mkdir -p /boot
+		[ -f /boot/kernel.img ] || mount -o rw,noatime /dev/$partdev /boot
+		cp -af "$UPGRADE_BACKUP" "/boot/$BACKUP_FILE"
+		sync
+		umount /boot
+	fi
+}

package/base-files/files/lib/upgrade/nand.sh

@@ -7,6 +7,8 @@
 CI_KERNPART="${CI_KERNPART:-kernel}"
 
 # 'ubi' partition on NAND contains UBI
+# There are also CI_KERN_UBIPART and CI_ROOT_UBIPART if kernel
+# and rootfs are on separated UBIs.
 CI_UBIPART="${CI_UBIPART:-ubi}"
 
 # 'rootfs' UBI volume on NAND contains the rootfs
@@ -26,7 +28,7 @@ ubi_mknod() {
 
 nand_find_volume() {
 	local ubidevdir ubivoldir
-	ubidevdir="/sys/devices/virtual/ubi/$1"
+	ubidevdir="/sys/class/ubi/"
 	[ ! -d "$ubidevdir" ] && return 1
 	for ubivoldir in $ubidevdir/${1}_*; do
 		[ ! -d "$ubivoldir" ] && continue
@@ -39,13 +41,12 @@ nand_find_volume() {
 }
 
 nand_find_ubi() {
-	local ubidevdir ubidev mtdnum
+	local ubidevdir ubidev mtdnum cmtdnum
 	mtdnum="$( find_mtd_index $1 )"
 	[ ! "$mtdnum" ] && return 1
-	for ubidevdir in /sys/devices/virtual/ubi/ubi*; do
+	for ubidevdir in /sys/class/ubi/ubi*; do
-		[ ! -d "$ubidevdir" ] && continue
+		[ ! -e "$ubidevdir/mtd_num" ] && continue
 		cmtdnum="$( cat $ubidevdir/mtd_num )"
-		[ ! "$mtdnum" ] && continue
 		if [ "$mtdnum" = "$cmtdnum" ]; then
 			ubidev=$( basename $ubidevdir )
 			ubi_mknod "$ubidevdir"
@@ -56,128 +57,175 @@ nand_find_ubi() {
 }
 
 nand_get_magic_long() {
-	dd if="$1" skip=$2 bs=4 count=1 2>/dev/null | hexdump -v -n 4 -e '1/1 "%02x"'
+	(${3}cat "$1" | dd bs=4 "skip=${2:-0}" count=1 | hexdump -v -n 4 -e '1/1 "%02x"') 2> /dev/null
 }
 
 get_magic_long_tar() {
-	( tar xf $1 $2 -O | dd bs=4 count=1 | hexdump -v -n 4 -e '1/1 "%02x"') 2> /dev/null
+	(tar xO${3}f "$1" "$2" | dd bs=4 count=1 | hexdump -v -n 4 -e '1/1 "%02x"') 2> /dev/null
 }
 
-identify_magic() {
-	local magic=$1
-	case "$magic" in
-		"55424923")
-			echo "ubi"
-			;;
-		"31181006")
-			echo "ubifs"
-			;;
-		"68737173")
-			echo "squashfs"
-			;;
-		"d00dfeed")
-			echo "fit"
-			;;
-		"4349"*)
-			echo "combined"
-			;;
-		*)
-			echo "unknown $magic"
-			;;
-	esac
-}
-
-
 identify() {
-	identify_magic $(nand_get_magic_long "$1" "${2:-0}")
+	identify_magic_long $(nand_get_magic_long "$@")
 }
 
 identify_tar() {
-	identify_magic $(get_magic_long_tar "$1" "$2")
+	identify_magic_long $(get_magic_long_tar "$@")
+}
+
+identify_if_gzip() {
+	if [ "$(identify "$1")" = gzip ]; then echo -n z; fi
 }
 
 nand_restore_config() {
-	sync
+	local ubidev=$( nand_find_ubi "${CI_ROOT_UBIPART:-$CI_UBIPART}" )
-	local ubidev=$( nand_find_ubi $CI_UBIPART )
 	local ubivol="$( nand_find_volume $ubidev rootfs_data )"
-	[ ! "$ubivol" ] &&
+	if [ ! "$ubivol" ]; then
-		ubivol="$( nand_find_volume $ubidev $CI_ROOTPART )"
+		ubivol="$( nand_find_volume $ubidev "$CI_ROOTPART" )"
+		if [ ! "$ubivol" ]; then
+			echo "cannot find ubifs data volume"
+			return 1
+		fi
+	fi
 	mkdir /tmp/new_root
 	if ! mount -t ubifs /dev/$ubivol /tmp/new_root; then
-		echo "mounting ubifs $ubivol failed"
+		echo "cannot mount ubifs volume $ubivol"
 		rmdir /tmp/new_root
 		return 1
 	fi
-	mv "$1" "/tmp/new_root/$BACKUP_FILE"
+	if mv "$1" "/tmp/new_root/$BACKUP_FILE"; then
-	umount /tmp/new_root
+		if umount /tmp/new_root; then
-	sync
+			echo "configuration saved"
+			rmdir /tmp/new_root
+			return 0
+		fi
+	else
+		umount /tmp/new_root
+	fi
+	echo "could not save configuration to ubifs volume $ubivol"
 	rmdir /tmp/new_root
+	return 1
+}
+
+nand_remove_ubiblock() {
+	local ubivol="$1"
+
+	local ubiblk="ubiblock${ubivol:3}"
+	if [ -e "/dev/$ubiblk" ]; then
+		umount "/dev/$ubiblk" && echo "unmounted /dev/$ubiblk" || :
+		if ! ubiblock -r "/dev/$ubivol"; then
+			echo "cannot remove $ubiblk"
+			return 1
+		fi
+	fi
+}
+
+nand_attach_ubi() {
+	local ubipart="$1"
+	local has_env="${2:-0}"
+
+	local mtdnum="$( find_mtd_index "$ubipart" )"
+	if [ ! "$mtdnum" ]; then
+		>&2 echo "cannot find ubi mtd partition $ubipart"
+		return 1
+	fi
+
+	local ubidev="$( nand_find_ubi "$ubipart" )"
+	if [ ! "$ubidev" ]; then
+		>&2 ubiattach -m "$mtdnum"
+		ubidev="$( nand_find_ubi "$ubipart" )"
+
+		if [ ! "$ubidev" ]; then
+			>&2 ubiformat /dev/mtd$mtdnum -y
+			>&2 ubiattach -m "$mtdnum"
+			ubidev="$( nand_find_ubi "$ubipart" )"
+
+			if [ ! "$ubidev" ]; then
+				>&2 echo "cannot attach ubi mtd partition $ubipart"
+				return 1
+			fi
+
+			if [ "$has_env" -gt 0 ]; then
+				>&2 ubimkvol /dev/$ubidev -n 0 -N ubootenv -s 1MiB
+				>&2 ubimkvol /dev/$ubidev -n 1 -N ubootenv2 -s 1MiB
+			fi
+		fi
+	fi
+
+	echo "$ubidev"
+	return 0
+}
+
+nand_detach_ubi() {
+	local ubipart="$1"
+
+	local mtdnum="$( find_mtd_index "$ubipart" )"
+	if [ ! "$mtdnum" ]; then
+		echo "cannot find ubi mtd partition $ubipart"
+		return 1
+	fi
+
+	local ubidev="$( nand_find_ubi "$ubipart" )"
+	if [ "$ubidev" ]; then
+		for ubivol in $(find /dev -name "${ubidev}_*" -maxdepth 1 | sort); do
+			ubivol="${ubivol:5}"
+			nand_remove_ubiblock "$ubivol" || :
+			umount "/dev/$ubivol" && echo "unmounted /dev/$ubivol" || :
+		done
+		if ! ubidetach -m "$mtdnum"; then
+			echo "cannot detach ubi mtd partition $ubipart"
+			return 1
+		fi
+	fi
 }
 
 nand_upgrade_prepare_ubi() {
 	local rootfs_length="$1"
 	local rootfs_type="$2"
-	local rootfs_data_max="$(fw_printenv -n rootfs_data_max 2>/dev/null)"
+	local rootfs_data_max="$(fw_printenv -n rootfs_data_max 2> /dev/null)"
 	[ -n "$rootfs_data_max" ] && rootfs_data_max=$((rootfs_data_max))
 
 	local kernel_length="$3"
 	local has_env="${4:-0}"
+	local kern_ubidev
+	local root_ubidev
 
 	[ -n "$rootfs_length" -o -n "$kernel_length" ] || return 1
 
-	local mtdnum="$( find_mtd_index "$CI_UBIPART" )"
+	if [ -n "$CI_KERN_UBIPART" -a -n "$CI_ROOT_UBIPART" ]; then
-	if [ ! "$mtdnum" ]; then
+		kern_ubidev="$( nand_attach_ubi "$CI_KERN_UBIPART" "$has_env" )"
-		echo "cannot find ubi mtd partition $CI_UBIPART"
+		[ -n "$kern_ubidev" ] || return 1
-		return 1
+		root_ubidev="$( nand_attach_ubi "$CI_ROOT_UBIPART" )"
+		[ -n "$root_ubidev" ] || return 1
+	else
+		kern_ubidev="$( nand_attach_ubi "$CI_UBIPART" "$has_env" )"
+		[ -n "$kern_ubidev" ] || return 1
+		root_ubidev="$kern_ubidev"
 	fi
 
-	local ubidev="$( nand_find_ubi "$CI_UBIPART" )"
+	local kern_ubivol="$( nand_find_volume $kern_ubidev "$CI_KERNPART" )"
-	if [ ! "$ubidev" ]; then
+	local root_ubivol="$( nand_find_volume $root_ubidev "$CI_ROOTPART" )"
-		ubiattach -m "$mtdnum"
+	local data_ubivol="$( nand_find_volume $root_ubidev rootfs_data )"
-		sync
+	[ "$root_ubivol" = "$kern_ubivol" ] && root_ubivol=
-		ubidev="$( nand_find_ubi "$CI_UBIPART" )"
-	fi
 
-	if [ ! "$ubidev" ]; then
+	# remove ubiblocks
-		ubiformat /dev/mtd$mtdnum -y
+	[ "$kern_ubivol" ] && { nand_remove_ubiblock $kern_ubivol || return 1; }
-		ubiattach -m "$mtdnum"
+	[ "$root_ubivol" ] && { nand_remove_ubiblock $root_ubivol || return 1; }
-		sync
+	[ "$data_ubivol" ] && { nand_remove_ubiblock $data_ubivol || return 1; }
-		ubidev="$( nand_find_ubi "$CI_UBIPART" )"
-		[ "$has_env" -gt 0 ] && {
-			ubimkvol /dev/$ubidev -n 0 -N ubootenv -s 1MiB
-			ubimkvol /dev/$ubidev -n 1 -N ubootenv2 -s 1MiB
-		}
-	fi
-
-	local kern_ubivol="$( nand_find_volume $ubidev $CI_KERNPART )"
-	local root_ubivol="$( nand_find_volume $ubidev $CI_ROOTPART )"
-	local data_ubivol="$( nand_find_volume $ubidev rootfs_data )"
-
-	local ubiblk ubiblkvol
-	for ubiblk in /dev/ubiblock*_? ; do
-		[ -e "$ubiblk" ] || continue
-		echo "removing ubiblock${ubiblk:13}"
-		ubiblkvol=ubi${ubiblk:13}
-		if ! ubiblock -r /dev/$ubiblkvol; then
-			echo "cannot remove $ubiblk"
-			return 1
-		fi
-	done
 
 	# kill volumes
-	[ "$kern_ubivol" ] && ubirmvol /dev/$ubidev -N $CI_KERNPART || true
+	[ "$kern_ubivol" ] && ubirmvol /dev/$kern_ubidev -N "$CI_KERNPART" || :
-	[ "$root_ubivol" -a "$root_ubivol" != "$kern_ubivol" ] && ubirmvol /dev/$ubidev -N $CI_ROOTPART || true
+	[ "$root_ubivol" ] && ubirmvol /dev/$root_ubidev -N "$CI_ROOTPART" || :
-	[ "$data_ubivol" ] && ubirmvol /dev/$ubidev -N rootfs_data || true
+	[ "$data_ubivol" ] && ubirmvol /dev/$root_ubidev -N rootfs_data || :
 
-	# update kernel
+	# create kernel vol
 	if [ -n "$kernel_length" ]; then
-		if ! ubimkvol /dev/$ubidev -N $CI_KERNPART -s $kernel_length; then
+		if ! ubimkvol /dev/$kern_ubidev -N "$CI_KERNPART" -s $kernel_length; then
 			echo "cannot create kernel volume"
 			return 1;
 		fi
 	fi
 
-	# update rootfs
+	# create rootfs vol
 	if [ -n "$rootfs_length" ]; then
 		local rootfs_size_param
 		if [ "$rootfs_type" = "ubifs" ]; then
@@ -185,157 +233,224 @@ nand_upgrade_prepare_ubi() {
 		else
 			rootfs_size_param="-s $rootfs_length"
 		fi
-		if ! ubimkvol /dev/$ubidev -N $CI_ROOTPART $rootfs_size_param; then
+		if ! ubimkvol /dev/$root_ubidev -N "$CI_ROOTPART" $rootfs_size_param; then
 			echo "cannot create rootfs volume"
 			return 1;
 		fi
 	fi
 
-	# create rootfs_data for non-ubifs rootfs
+	# create rootfs_data vol for non-ubifs rootfs
 	if [ "$rootfs_type" != "ubifs" ]; then
-		local availeb=$(cat /sys/devices/virtual/ubi/$ubidev/avail_eraseblocks)
-		local ebsize=$(cat /sys/devices/virtual/ubi/$ubidev/eraseblock_size)
-		local avail_size=$((availeb * ebsize))
 		local rootfs_data_size_param="-m"
-		if [ -n "$rootfs_data_max" ] &&
+		if [ -n "$rootfs_data_max" ]; then
-		   [ "$rootfs_data_max" != "0" ] &&
-		   [ "$rootfs_data_max" -le "$avail_size" ]; then
 			rootfs_data_size_param="-s $rootfs_data_max"
 		fi
-		if ! ubimkvol /dev/$ubidev -N rootfs_data $rootfs_data_size_param; then
+		if ! ubimkvol /dev/$root_ubidev -N rootfs_data $rootfs_data_size_param; then
-			echo "cannot initialize rootfs_data volume"
+			if ! ubimkvol /dev/$root_ubidev -N rootfs_data -m; then
-			return 1
+				echo "cannot initialize rootfs_data volume"
+				return 1
+			fi
 		fi
 	fi
-	sync
+
 	return 0
 }
 
-nand_do_upgrade_success() {
+# Write the UBI image to MTD ubi partition
-	local conf_tar="/tmp/sysupgrade.tgz"
-
-	sync
-	[ -f "$conf_tar" ] && nand_restore_config "$conf_tar"
-	echo "sysupgrade successful"
-	umount -a
-	reboot -f
-}
-
-# Flash the UBI image to MTD partition
 nand_upgrade_ubinized() {
 	local ubi_file="$1"
-	local mtdnum="$(find_mtd_index "$CI_UBIPART")"
+	local gz="$2"
 
-	[ ! "$mtdnum" ] && {
+	local ubi_length=$( (${gz}cat "$ubi_file" | wc -c) 2> /dev/null)
-		CI_UBIPART="rootfs"
-		mtdnum="$(find_mtd_index "$CI_UBIPART")"
-	}
 
-	if [ ! "$mtdnum" ]; then
+	nand_detach_ubi "$CI_UBIPART" || return 1
-		echo "cannot find mtd device $CI_UBIPART"
-		umount -a
-		reboot -f
-	fi
 
-	local mtddev="/dev/mtd${mtdnum}"
+	local mtdnum="$( find_mtd_index "$CI_UBIPART" )"
-	ubidetach -p "${mtddev}" || true
+	${gz}cat "$ubi_file" | ubiformat "/dev/mtd$mtdnum" -S "$ubi_length" -y -f - && ubiattach -m "$mtdnum"
-	sync
-	ubiformat "${mtddev}" -y -f "${ubi_file}"
-	ubiattach -p "${mtddev}"
-	nand_do_upgrade_success
 }
 
-# Write the UBIFS image to UBI volume
+# Write the UBIFS image to UBI rootfs volume
 nand_upgrade_ubifs() {
-	local rootfs_length=$( (cat $1 | wc -c) 2> /dev/null)
+	local ubifs_file="$1"
+	local gz="$2"
 
-	nand_upgrade_prepare_ubi "$rootfs_length" "ubifs" "" ""
+	local ubifs_length=$( (${gz}cat "$ubifs_file" | wc -c) 2> /dev/null)
+
+	nand_upgrade_prepare_ubi "$ubifs_length" "ubifs" "" "" || return 1
 
 	local ubidev="$( nand_find_ubi "$CI_UBIPART" )"
-	local root_ubivol="$(nand_find_volume $ubidev $CI_ROOTPART)"
+	local root_ubivol="$(nand_find_volume $ubidev "$CI_ROOTPART")"
-	ubiupdatevol /dev/$root_ubivol -s $rootfs_length $1
+	${gz}cat "$ubifs_file" | ubiupdatevol /dev/$root_ubivol -s "$ubifs_length" -
-
-	nand_do_upgrade_success
 }
 
+# Write the FIT image to UBI kernel volume
 nand_upgrade_fit() {
 	local fit_file="$1"
-	local fit_length="$(wc -c < "$fit_file")"
+	local gz="$2"
 
-	nand_upgrade_prepare_ubi "" "" "$fit_length" "1"
+	local fit_length=$( (${gz}cat "$fit_file" | wc -c) 2> /dev/null)
+
+	nand_upgrade_prepare_ubi "" "" "$fit_length" "1" || return 1
 
 	local fit_ubidev="$(nand_find_ubi "$CI_UBIPART")"
 	local fit_ubivol="$(nand_find_volume $fit_ubidev "$CI_KERNPART")"
-	ubiupdatevol /dev/$fit_ubivol -s $fit_length $fit_file
+	${gz}cat "$fit_file" | ubiupdatevol /dev/$fit_ubivol -s "$fit_length" -
-
-	nand_do_upgrade_success
 }
 
+# Write images in the TAR file to MTD partitions and/or UBI volumes as required
 nand_upgrade_tar() {
 	local tar_file="$1"
-	local kernel_mtd="$(find_mtd_index $CI_KERNPART)"
+	local gz="$2"
+	local jffs2_markers="${CI_JFFS2_CLEAN_MARKERS:-0}"
 
-	local board_dir=$(tar tf "$tar_file" | grep -m 1 '^sysupgrade-.*/$')
+	# WARNING: This fails if tar contains more than one 'sysupgrade-*' directory.
-	board_dir=${board_dir%/}
+	local board_dir="$(tar t${gz}f "$tar_file" | grep -m 1 '^sysupgrade-.*/$')"
+	board_dir="${board_dir%/}"
 
-	kernel_length=$( (tar xf "$tar_file" ${board_dir}/kernel -O | wc -c) 2> /dev/null)
+	local kernel_mtd kernel_length
-	local has_rootfs=0
+	if [ "$CI_KERNPART" != "none" ]; then
-	local rootfs_length
+		kernel_mtd="$(find_mtd_index "$CI_KERNPART")"
+		kernel_length=$( (tar xO${gz}f "$tar_file" "$board_dir/kernel" | wc -c) 2> /dev/null)
+		[ "$kernel_length" = 0 ] && kernel_length=
+	fi
+	local rootfs_length=$( (tar xO${gz}f "$tar_file" "$board_dir/root" | wc -c) 2> /dev/null)
+	[ "$rootfs_length" = 0 ] && rootfs_length=
 	local rootfs_type
+	[ "$rootfs_length" ] && rootfs_type="$(identify_tar "$tar_file" "$board_dir/root" "$gz")"
 
-	tar tf "$tar_file" ${board_dir}/root 1>/dev/null 2>/dev/null && has_rootfs=1
+	local ubi_kernel_length
-	[ "$has_rootfs" = "1" ] && {
+	if [ "$kernel_length" ]; then
-		rootfs_length=$( (tar xf "$tar_file" ${board_dir}/root -O | wc -c) 2> /dev/null)
+		if [ "$kernel_mtd" ]; then
-		rootfs_type="$(identify_tar "$tar_file" ${board_dir}/root)"
+			# On some devices, the raw kernel and ubi partitions overlap.
-	}
+			# These devices brick if the kernel partition is erased.
+			# Hence only invalidate kernel for now.
+			dd if=/dev/zero bs=4096 count=1 2> /dev/null | \
+				mtd write - "$CI_KERNPART"
+		else
+			ubi_kernel_length="$kernel_length"
+		fi
+	fi
 
-	local has_kernel=1
 	local has_env=0
+	nand_upgrade_prepare_ubi "$rootfs_length" "$rootfs_type" "$ubi_kernel_length" "$has_env" || return 1
 
-	[ "$kernel_length" != 0 -a -n "$kernel_mtd" ] && {
+	if [ "$rootfs_length" ]; then
-		tar xf "$tar_file" ${board_dir}/kernel -O | mtd write - $CI_KERNPART
+		local ubidev="$( nand_find_ubi "${CI_ROOT_UBIPART:-$CI_UBIPART}" )"
-	}
+		local root_ubivol="$( nand_find_volume $ubidev "$CI_ROOTPART" )"
-	[ "$kernel_length" = 0 -o ! -z "$kernel_mtd" ] && has_kernel=
+		tar xO${gz}f "$tar_file" "$board_dir/root" | \
+			ubiupdatevol /dev/$root_ubivol -s "$rootfs_length" -
+	fi
+	if [ "$kernel_length" ]; then
+		if [ "$kernel_mtd" ]; then
+			if [ "$jffs2_markers" = 1 ]; then
+				flash_erase -j "/dev/mtd${kernel_mtd}" 0 0
+				tar xO${gz}f "$tar_file" "$board_dir/kernel" | \
+					nandwrite "/dev/mtd${kernel_mtd}" -
+			else
+				tar xO${gz}f "$tar_file" "$board_dir/kernel" | \
+					mtd write - "$CI_KERNPART"
+			fi
+		else
+			local ubidev="$( nand_find_ubi "${CI_KERN_UBIPART:-$CI_UBIPART}" )"
+			local kern_ubivol="$( nand_find_volume $ubidev "$CI_KERNPART" )"
+			tar xO${gz}f "$tar_file" "$board_dir/kernel" | \
+				ubiupdatevol /dev/$kern_ubivol -s "$kernel_length" -
+		fi
+	fi
 
-	nand_upgrade_prepare_ubi "$rootfs_length" "$rootfs_type" "${has_kernel:+$kernel_length}" "$has_env"
+	return 0
+}
 
-	local ubidev="$( nand_find_ubi "$CI_UBIPART" )"
+nand_verify_if_gzip_file() {
-	[ "$has_kernel" = "1" ] && {
+	local file="$1"
-		local kern_ubivol="$( nand_find_volume $ubidev $CI_KERNPART )"
+	local gz="$2"
-		tar xf "$tar_file" ${board_dir}/kernel -O | \
-			ubiupdatevol /dev/$kern_ubivol -s $kernel_length -
-	}
 
-	[ "$has_rootfs" = "1" ] && {
+	if [ "$gz" = z ]; then
-		local root_ubivol="$( nand_find_volume $ubidev $CI_ROOTPART )"
+		echo "verifying compressed sysupgrade file integrity"
-		tar xf "$tar_file" ${board_dir}/root -O | \
+		if ! gzip -t "$file"; then
-			ubiupdatevol /dev/$root_ubivol -s $rootfs_length -
+			echo "corrupted compressed sysupgrade file"
-	}
+			return 1
-	nand_do_upgrade_success
+		fi
+	fi
+}
+
+nand_verify_tar_file() {
+	local file="$1"
+	local gz="$2"
+
+	echo "verifying sysupgrade tar file integrity"
+	if ! tar xO${gz}f "$file" > /dev/null; then
+		echo "corrupted sysupgrade tar file"
+		return 1
+	fi
+}
+
+nand_do_flash_file() {
+	local file="$1"
+
+	local gz="$(identify_if_gzip "$file")"
+	local file_type="$(identify "$file" "" "$gz")"
+
+	[ ! "$(find_mtd_index "$CI_UBIPART")" ] && CI_UBIPART=rootfs
+
+	case "$file_type" in
+		"fit")
+			nand_verify_if_gzip_file "$file" "$gz" || return 1
+			nand_upgrade_fit "$file" "$gz"
+			;;
+		"ubi")
+			nand_verify_if_gzip_file "$file" "$gz" || return 1
+			nand_upgrade_ubinized "$file" "$gz"
+			;;
+		"ubifs")
+			nand_verify_if_gzip_file "$file" "$gz" || return 1
+			nand_upgrade_ubifs "$file" "$gz"
+			;;
+		*)
+			nand_verify_tar_file "$file" "$gz" || return 1
+			nand_upgrade_tar "$file" "$gz"
+			;;
+	esac
+}
+
+nand_do_restore_config() {
+	local conf_tar="/tmp/sysupgrade.tgz"
+	[ ! -f "$conf_tar" ] || nand_restore_config "$conf_tar"
 }
 
 # Recognize type of passed file and start the upgrade process
 nand_do_upgrade() {
-	local file_type=$(identify $1)
+	local file="$1"
 
-	[ ! "$(find_mtd_index "$CI_UBIPART")" ] && CI_UBIPART="rootfs"
+	sync
-
+	nand_do_flash_file "$file" && nand_do_upgrade_success
-	case "$file_type" in
+	nand_do_upgrade_failed
-		"fit")		nand_upgrade_fit $1;;
-		"ubi")		nand_upgrade_ubinized $1;;
-		"ubifs")	nand_upgrade_ubifs $1;;
-		*)		nand_upgrade_tar $1;;
-	esac
 }
 
-# Check if passed file is a valid one for NAND sysupgrade. Currently it accepts
+nand_do_upgrade_success() {
-# 3 types of files:
+	if nand_do_restore_config && sync; then
-# 1) UBI - should contain an ubinized image, header is checked for the proper
+		echo "sysupgrade successful"
-#    MAGIC
+		umount -a
-# 2) UBIFS - should contain UBIFS partition that will replace "rootfs" volume,
+		reboot -f
-#    header is checked for the proper MAGIC
+	fi
-# 3) TAR - archive has to include "sysupgrade-BOARD" directory with a non-empty
+	nand_do_upgrade_failed
-#    "CONTROL" file (at this point its content isn't verified)
+}
+
+nand_do_upgrade_failed() {
+	sync
+	echo "sysupgrade failed"
+	# Should we reboot or bring up some failsafe mode instead?
+	umount -a
+	reboot -f
+}
+
+# Check if passed file is a valid one for NAND sysupgrade.
+# Currently it accepts 4 types of files:
+# 1) UBI: a ubinized image containing required UBI volumes.
+# 2) UBIFS: a UBIFS rootfs volume image.
+# 3) FIT: a FIT image containing kernel and rootfs.
+# 4) TAR: an archive that includes directory "sysupgrade-${BOARD_NAME}" containing
+#         a non-empty "CONTROL" file and required partition and/or volume images.
 #
 # You usually want to call this function in platform_check_image.
 #
@@ -343,14 +458,25 @@ nand_do_upgrade() {
 # $(2): file to be checked
 nand_do_platform_check() {
 	local board_name="$1"
-	local tar_file="$2"
+	local file="$2"
-	local control_length=$( (tar xf $tar_file sysupgrade-$board_name/CONTROL -O | wc -c) 2> /dev/null)
-	local file_type="$(identify $2)"
 
-	[ "$control_length" = 0 -a "$file_type" != "ubi" -a "$file_type" != "ubifs" -a "$file_type" != "fit" ] && {
+	local gz="$(identify_if_gzip "$file")"
-		echo "Invalid sysupgrade file."
+	local file_type="$(identify "$file" "" "$gz")"
-		return 1
+	local control_length=$( (tar xO${gz}f "$file" "sysupgrade-${board_name//,/_}/CONTROL" | wc -c) 2> /dev/null)
-	}
+
+	if [ "$control_length" = 0 ]; then
+		control_length=$( (tar xO${gz}f "$file" "sysupgrade-${board_name//_/,}/CONTROL" | wc -c) 2> /dev/null)
+	fi
+
+	if [ "$control_length" != 0 ]; then
+		nand_verify_tar_file "$file" "$gz" || return 1
+	else
+		nand_verify_if_gzip_file "$file" "$gz" || return 1
+		if [ "$file_type" != "fit" -a "$file_type" != "ubi" -a "$file_type" != "ubifs" ]; then
+			echo "invalid sysupgrade file"
+			return 1
+		fi
+	fi
 
 	return 0
 }

package/base-files/files/lib/upgrade/stage2

@@ -39,20 +39,26 @@ switch_to_ramfs() {
 	for binary in \
 		/bin/busybox /bin/ash /bin/sh /bin/mount /bin/umount	\
 		pivot_root mount_root reboot sync kill sleep		\
-		md5sum hexdump cat zcat bzcat dd tar			\
+		md5sum hexdump cat zcat dd tar gzip			\
 		ls basename find cp mv rm mkdir rmdir mknod touch chmod \
-		'[' printf wc grep awk sed cut				\
+		'[' printf wc grep awk sed cut sort tail		\
 		mtd partx losetup mkfs.ext4 nandwrite flash_erase	\
 		ubiupdatevol ubiattach ubiblock ubiformat		\
 		ubidetach ubirsvol ubirmvol ubimkvol			\
-		snapshot snapshot_tool date				\
+		snapshot snapshot_tool date logger			\
+		/usr/sbin/fw_printenv /usr/bin/fwtool			\
 		$RAMFS_COPY_LOSETUP $RAMFS_COPY_LVM			\
 		$RAMFS_COPY_BIN
 	do
 		local file="$(command -v "$binary" 2>/dev/null)"
 		[ -n "$file" ] && install_bin "$file"
 	done
-	install_file /etc/resolv.conf /lib/*.sh /lib/functions/*.sh /lib/upgrade/*.sh /lib/upgrade/do_stage2 /usr/share/libubox/jshn.sh $RAMFS_COPY_DATA
+	install_file /etc/resolv.conf /lib/*.sh /lib/functions/*.sh	\
+		/lib/upgrade/*.sh /lib/upgrade/do_stage2 		\
+		/usr/share/libubox/jshn.sh /usr/sbin/fw_setenv		\
+		/etc/fw_env.config $RAMFS_COPY_DATA
+
+	mkdir -p $RAM_ROOT/var/lock
 
 	[ -L "/lib64" ] && ln -s /lib $RAM_ROOT/lib64
 
@@ -64,6 +70,10 @@ switch_to_ramfs() {
 	/bin/mount -o remount,ro /mnt
 	/bin/umount -l /mnt
 
+	grep -e "^/dev/dm-.*" -e "^/dev/loop.*" /proc/mounts | while read bdev mp _r; do
+		umount $mp
+	done
+
 	[ "$RAMFS_COPY_LOSETUP" ] && losetup -D
 	[ "$RAMFS_COPY_LVM" ] && {
 		mkdir -p /tmp/lvm/cache
@@ -85,7 +95,7 @@ kill_remaining() { # [ <signal> [ <loop> ] ]
 	local stat
 	local proc_ppid=$(cut -d' ' -f4  /proc/$$/stat)
 
-	vn "Sending $sig to remaining processes ..."
+	v "Sending $sig to remaining processes ..."
 
 	while $run; do
 		run=false
@@ -93,45 +103,62 @@ kill_remaining() { # [ <signal> [ <loop> ] ]
 			[ -f "$stat" ] || continue
 
 			local pid name state ppid rest
-			read pid name state ppid rest < $stat
+			read pid rest < $stat
-			name="${name#(}"; name="${name%)}"
+			name="${rest#\(}" ; rest="${name##*\) }" ; name="${name%\)*}"
+			set -- $rest ; state="$1" ; ppid="$2"
 
 			# Skip PID1, our parent, ourself and our children
 			[ $pid -ne 1 -a $pid -ne $proc_ppid -a $pid -ne $$ -a $ppid -ne $$ ] || continue
 
+			[ -f "/proc/$pid/cmdline" ] || continue
+
 			local cmdline
 			read cmdline < /proc/$pid/cmdline
 
 			# Skip kernel threads
 			[ -n "$cmdline" ] || continue
 
-			_vn " $name"
+			v "Sending signal $sig to $name ($pid)"
 			kill -$sig $pid 2>/dev/null
 
-			[ $loop -eq 1 ] && run=true
+			[ $loop -eq 1 ] && sleep 2 && run=true
 		done
 
 		let loop_limit--
 		[ $loop_limit -eq 0 ] && {
-			_v
 			v "Failed to kill all processes."
 			exit 1
 		}
 	done
-	_v
 }
 
 indicate_upgrade
 
-killall -9 telnetd
+while read -r a b c; do
-killall -9 dropbear
+	case "$a" in
-killall -9 ash
+		MemT*) mem="$b" ;; esac
+done < /proc/meminfo
+
+[ "$mem" -gt 32768 ] && \
+	skip_services="dnsmasq log network"
+for service in /etc/init.d/*; do
+	service=${service##*/}
+
+	case " $skip_services " in
+		*" $service "*) continue ;; esac
+
+	ubus call service delete '{ "name": "'"$service"'" }' 2>/dev/null
+done
+
+killall -9 telnetd 2>/dev/null
+killall -9 dropbear 2>/dev/null
+killall -9 ash 2>/dev/null
 
 kill_remaining TERM
-sleep 3
+sleep 4
 kill_remaining KILL 1
 
-sleep 1
+sleep 6
 
 echo 3 > /proc/sys/vm/drop_caches
 

package/base-files/files/sbin/sysupgrade

@@ -19,6 +19,7 @@ export CONF_IMAGE=
 export CONF_BACKUP_LIST=0
 export CONF_BACKUP=
 export CONF_RESTORE=
+export IGNORE_MINOR_COMPAT=0
 export NEED_IMAGE=
 export HELP=0
 export FORCE=0
@@ -44,6 +45,7 @@ while [ -n "$1" ]; do
 		-F|--force) export FORCE=1;;
 		-T|--test) export TEST=1;;
 		-h|--help) export HELP=1; break;;
+		--ignore-minor-compat-version) export IGNORE_MINOR_COMPAT=1;;
 		-*)
 			echo "Invalid option: $1" >&2
 			exit 1
@@ -80,6 +82,8 @@ upgrade-option:
 	             Verify image and config .tar.gz but do not actually flash.
 	-F | --force
 	             Flash image even if image checks fail, this is dangerous!
+	--ignore-minor-compat-version
+		     Flash image even if the minor compat version is incompatible.
 	-q           less verbose
 	-v           more verbose
 	-h | --help  display this help

package/base-files/files/sbin/wifi

@@ -6,7 +6,7 @@
 
 usage() {
 	cat <<EOF
-Usage: $0 [config|up|down|reconf|reload|status]
+Usage: $0 [config|up|down|reconf|reload|status|isup]
 enables (default), disables or configures devices not yet configured.
 EOF
 	exit 1
@@ -21,6 +21,22 @@ ubus_wifi_cmd() {
 	ubus call network.wireless "$1" "$(json_dump)"
 }
 
+wifi_isup() {
+	local dev="$1"
+
+	json_load "$(ubus_wifi_cmd "status" "$dev")"
+	json_get_keys devices
+
+	for device in $devices; do
+		json_select "$device"
+			json_get_var up up
+			[ $up -eq 0 ] && return 1
+		json_select ..
+	done
+
+	return 0
+}
+
 find_net_config() {(
 	local vif="$1"
 	local cfg
@@ -128,14 +144,14 @@ wifi_updown() {
 	[ enable = "$1" ] && {
 		_wifi_updown disable "$2"
 		ubus_wifi_cmd "$cmd" "$2"
+		ubus call network reload
 		scan_wifi
 		cmd=up
-		ubus call network reload
 	}
 	[ reconf = "$1" ] && {
+		ubus call network reload
 		scan_wifi
 		cmd=reconf
-		ubus call network reload
 	}
 	ubus_wifi_cmd "$cmd" "$2"
 	_wifi_updown "$@"
@@ -245,6 +261,7 @@ case "$1" in
 	detect) wifi_detect_notice ;;
 	config) wifi_config ;;
 	status) ubus_wifi_cmd "status" "$2";;
+	isup) wifi_isup "$2"; exit $?;;
 	reload) wifi_reload "$2";;
 	reload_legacy) wifi_reload_legacy "$2";;
 	--help|help) usage;;