this is the first version that support booting linux kernel on
riscv. The release of the final version was delayed again and again
so i have bootstrapped the rc1 from the git and fixed the path in 25_bli.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Reviewed-by: Michael Tremer <michael.tremer@ipfire.org>
Historically, the MD5 checksums in our LFS files serve as a protection
against broken downloads, or accidentally corrupted source files.
While the sources are nowadays downloaded via HTTPS, it make sense to
beef up integrity protection for them, since transparently intercepting
TLS is believed to be feasible for more powerful actors, and the state
of the public PKI ecosystem is clearly not helping.
Therefore, this patch switches from MD5 to BLAKE2, updating all LFS
files as well as make.sh to deal with this checksum algorithm. BLAKE2 is
notably faster (and more secure) than SHA2, so the performance penalty
introduced by this patch is negligible, if noticeable at all.
In preparation of this patch, the toolchain files currently used have
been supplied with BLAKE2 checksums as well on
https://source.ipfire.org/.
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremeripfire.org>
This patch removes support for i586 according to the decision being
taken over a year ago.
It removes the architecture from the build system and removes all
required hacks and other quirks that have been necessary before.
There is no need to ship any changed files to the remaining
architectures as the removed code branches have not been used.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This file will detect whether to do certain actions depending on the
environment it is running on.
Currently this detects whether IPFire is booting up on AWS EC2 and
selects the serial console boot entry.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
This also moves existing patches into their applications' directory
within ~/src/patches/, if already existant.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
on some systems (e.g. J1900 based) grub detects a too low resolution
and use it. This is no problem in grub itself but the kernel not render
the consoles in this mode.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
old binutis add an empty .symtab section at stripping
and grub check that this exists also on modules that export
no symbols.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Since the new toolchain the flags are not compiled into the
binaries any more which causes paxctl to fail.
On top of that, PaX and grsecurity won't be available freely
any more which requires us to remove it from the distribution.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
See: http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
"A vulnerability in Grub2 has been found. Versions from 1.98 (December, 2009)
to 2.02 (December, 2015) are affected. The vulnerability can be exploited
under certain circumstances, allowing local attackers to bypass any kind of
authentication (plain or hashed passwords). And so, the attacker may take
control of the computer."
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
We directly generate a grub2 compatible font file
from the main unifont font file, by using grub-mkfont.
This binary requires fontconfig as build dependency, so I moved it in
the build hirachy before the grub package.
