Historically, the MD5 checksums in our LFS files serve as a protection
against broken downloads, or accidentally corrupted source files.
While the sources are nowadays downloaded via HTTPS, it make sense to
beef up integrity protection for them, since transparently intercepting
TLS is believed to be feasible for more powerful actors, and the state
of the public PKI ecosystem is clearly not helping.
Therefore, this patch switches from MD5 to BLAKE2, updating all LFS
files as well as make.sh to deal with this checksum algorithm. BLAKE2 is
notably faster (and more secure) than SHA2, so the performance penalty
introduced by this patch is negligible, if noticeable at all.
In preparation of this patch, the toolchain files currently used have
been supplied with BLAKE2 checksums as well on
https://source.ipfire.org/.
Cc: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
Acked-by: Michael Tremer <michael.tremeripfire.org>
There seems to be some problem where Cargo deadlocks during the build
when running on mutliple cores simulteneously.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Bumping across one of our scripts with very long trailing whitespaces, I
thought it might be a good idea to clean these up. Doing so, some
missing or inconsistent licence headers were fixed.
There is no need in shipping all these files en bloc, as their
functionality won't change.
Signed-off-by: Peter Müller <peter.mueller@ipfire.org>
* Add a Summary and Services field to the meta-* addon files.
* Add an INSTALL_INITSCRIPTS macro that takes a space seperated
list of initscripts to install.
* I kept the original INSTALL_INITSCRIPT as a method to install
individual initscripts for backwards compatibility and possible corner
cases.
Signed-off-by: Robin Roevens <robin.roevens@disroot.org>
Reviewed-by: Peter Müller <peter.mueller@ipfire.org>
This is required because some packages do not recommend building with
time_t when it is 32 bit (Y2038 problem).
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This does not seem to work very reliable, so we need manually disable
this for some packages.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Cargo will always require all depenendencies, even if the package is not
being built against them. In order to avoid that, we will need the
nightly build of the Rust compiler which supports skipping those
dependencies.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This is a small set of commands that will be needed to build Rust
packages.
The idea is to have a couple of macros which do not have to rewritten,
but can be customised across the lfs files.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch removes support for i586 according to the decision being
taken over a year ago.
It removes the architecture from the build system and removes all
required hacks and other quirks that have been necessary before.
There is no need to ship any changed files to the remaining
architectures as the removed code branches have not been used.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This patch uses the new Zstandard algorithm to compress the file system
image on the ISO image. This comes with these advantages:
* Compression is about twice as fast than XZ with the parameters we have
selected here
* We use a lot less memory during compression and can therefore utilise
all processor cores of the build machines
* Decompression (when installing IPFire and when creating the
flash-image) is substantically faster
The downside is that the generated ISO image is slighty larger (~10MiB)
which I am okay with as a trade-off for the points mentioned above.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
we have no supported armv5tel board left so we can switch to the higher
arch. This now can use the vpu (still in softfp calling convention to
not break existing installations.)
this fix many compile problems, also boost is now working again.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
If you have 2GB RAM the build of dnsdist will fail because MAX_PARALLELISM was
set to zero by RAM/2048 because a bit of RAM is used by the system.
This patch ensure that the lowest PARALLELISM value is 1.
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
System capabilities are stored in extended file system attributes
which are by default not stored in tar balls.
This patch ensures that they are packaged and extracted.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Those are now created in their own temporary directory, so that
no other files can be included by accident.
We also package with fewer temporary files.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Go leaves temporary build files in the directory
which we do not need and we should clean up after
every build.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Signed-off-by: Arne Fitzenreiter <arne_f@ipfire.org>
Exporting XZ_OPT caused that every time xz was called, it automatically
enabled parallelism. The make systemm also launches multiple processes
at the same time to use more processor cores at the same time.
The combination of this causes memory exhaustion even on large systems
and has no performance gain. Therefore this is disabled by default
and only enabled where we need it which is already the case.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This will now adjust MAKETUNING to not launch more processes
than MAX_PARALLELISM. Handy to limit builds that use a lot of memory.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
For details see:
https://www.gnu.org/software/tar/
Since new 'tar' has changes in commandline option parsing,
it was necessary to adjust 'lfs/Config, 'lfs/cdrom' and
'lfs/core-updates' (thanks to Marcel for diffs and Michael for
corrections).
I have tried to make only the most necessary changes.
As always, please check.
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
Some packages ship an older version which does not recognise
aarch64. To overcome this, we just update these scripts when
necessary.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This caused that the xz command was called without any
extra arguments. This will now create the tar archive
first and then pass the archive through xz with our
command line switches.
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
