Instead of exporting various variables (unintendedly making them
available to the OpenWrt build, possibly bypassing .config), pass the
environment only to commands that need it.
By using .ONESHELL and adding -e to .SHELLFLAGS, we can simplify complex
shell commands (like manifest generation) and gain a simple way to pass
multi-line environment variables into shell commands.
The @ and + flags for recipe commands are moved to the top of each
recipe.
x86-geode does not include the common x86 target-settings. Thus we need
to specify the device class in order to build images with all necessary
packages included.
When adding device classes, targets without devices such as x86 were not
handled. As site and feature packages are included on such a per-device
decision, x86 images ended up without most packages.
Include a class setting for a target and include the class-packages
target-wide when this setting is configured.
Fixes 9c52365077 ("build: introduce device classes")
39405644d5 dnsmasq: add 'scriptarp' option
d5b1f4430f openssl: update to 1.1.1e
798ff37aaa openssl: add configuration example for afalg-sync
168acbb36d oxnas: yet another irqchip related patch
cf4520d15e oxnas: backport another fix for irqchip
456e1c60d6 ath79: add support for TP-Link WDR3500 v1
e7fae8fc97 ath79: add support for TP-Link Archer C60 v3
2bd9d2e08b oxnas: backport patch fixing hang after reboot
74a8e36975 layerscape: add kmod-i2c-mux to DEVICE_PACKAGES for traverse-ls1043
7ae345ecb7 ath79: add support for TP-Link TL-WR740N v5
76c1c1daea ar71xx: fix port order on TP-Link Archer C60 v1/v2
f1a3a6b79c ath79: fix port order on TP-Link Archer C60 v1/v2
e4107e30a7 ar71xx: remove wrong MAC address adjustment for Archer C60 v2
83f1015a6c ar71xx: fix swapped LAN/WAN MAC address for Archer C60 v1/v2
9f024d3587 ath79: fix swapped LAN/WAN MAC address for Archer C60 v1/v2
b32129d30b rssileds: add dependencies based on LDFLAGS
9da31d0fb4 mt76: update to the latest version
68351990dc ar71xx/ath79: ew-dorin, fix the trigger level for WPS button
6e4453aecc kernel: backport out-of-memory fix for non-Ethernet devices
06f5a8d3e9 kernel: bump 4.14 to 4.14.172
e7f1313bbb rpcd: add respawn param
f6f0cd54a2 rpcd: update to latest Git HEAD
Compile-tested: ipq40xx-generic, ramips-mt7621
This adds a helper method, which determines if the current platform
supports WPA3 or not.
WPA3 is supported if
- the device is not in the featureset category "tiny"
- the WiFi driver supports 802.11w management frame protection
The gluon-wireless-encryption package selects a WPA3 supporting
hostapd package as a dependency and stores the information, which
encryption method is supported to the device.
This commit assigns class-flags to devices. The following scheme is
used:
- ath9k & ath10k: tiny if RAM <128M
- ath10k & ath10k: tiny if RAM <256M
- all: tiny if RAM <64M
- all: tiny if flash <8M
All other devices automatically have the default device-class selected.
This commit allows to define a device-class flag in the target
definitions. This way, it is possible to distinguish between groups
of devices in the build-process in terms of package or feature
selection.
This package adds support for SAE on 802.11s mesh connections.
Enabling this package will require all 802.11s mesh connections
to be encrypted using the SAE key agreement scheme. The security
of SAE relies upon the authentication through a shared secret.
In the context of public mesh networks a shared secret is an
obvious oxymoron. Still this functionality provides an improvement
over unencrypted mesh connections in that it protects against a
passive attacker who did not observe the key agreement. In addition
Management Frame Protection (802.11w) gets automatically enabled on
mesh interfaces to prevent protocol-level deauthentication attacks.
If `wifi.mesh.sae` is enabled a shared secret will automatically be
derived from the `prefix6` variable. This is as secure as it gets
for a public mesh network.
For *private* mesh networks `wifi.mesh.sae_passphrase` should be
set to your shared secret.
Fixes#1636
Remove a lot of redundant code by switching to a match table listing
the targets and boards for each candidate for the primary MAC interface.
In addition, we add some flexiblity by allow to switch out the sysfs file
data source for the MAC address.