Generate the certificate only once and make it available. The preferred
option that doesn't generate warnings would be to use secrets in the
repository config, in that case no certificate is generated or archived.
Enable PCI card reader found on some Intel NUC models, along with the USB
drivers as well.
Adds two new modules (listed with size):
30104 /lib/modules/6.1.68-haos/kernel/drivers/misc/cardreader/rtsx_usb.ko
167240 /lib/modules/6.1.68-haos/kernel/drivers/misc/cardreader/rtsx_pci.ko
Fixes#2688
There is bunch of kernel config options that are not propagated
correctly to the kernel configuration after fragments are merged
and processed by Kconfig. Current Buildroot tools are not good at
discovering these - while we cleaned up most inconsistencies by using
linux-diff-config and output from the merge_config.sh script, there
are still options that were removed or get a different value than
intended because of dependencies, etc.
This commit adds a Python script that is using Kconfiglib to parse
current kernel's Kconfig files and the generated .config and compare
the requested values from individual kernel config fragments. The
script can be used manually by running `make linux-check-dotconfig`
from the buildroot directory (with path to BR2_EXTERNAL directory set)
and it's called also from the CI, where it generates Github Workflow
warning annotations when some of the values are not present or when set
incorrectly.
The kconfiglib.py is checked-in to the repo as well, because the library
is currently abandoned on PyPI and packaged version has a bug that causes
errors parsing Kconfigs in newer Linux versions, fixed in outstanding
pull request ulfalizer/Kconfiglib#119 - so version from this PR is used
here.
If pypi/support#2526 is ever resolved, we could remove it from our repo
and use pip for installing the package as a requirement during build
of the build container.
Add new firmwares and enable them for all targets.
Bloat in rootfs in my x86_64 test build was ~2.16 MiB.
Buildroot bump:
* buildroot 8a75878da4...4c89661fd1 (2):
> package/linux-firmware: add WiFi and BT firmware for MT7921 and MT7922
> package/linux-firmware: add rtw89 firmware files
Make it possible to run build on feature branches by adding a flag that
can be used to select whether the build output will be uploaded to the
R2 artifacts bucket or kept only as build artifact on GH. The latter is
also used for 3rd party repos, allowing builds in forked repositories.
Feature builds are using Unix timestamp as the dev version suffix. This
makes them easily distiguishable, yet it makes them appear to be newer
than standard daily dev version builds when compared by AwesomeVersion.
Compress firmware files from linux-firmware using ZSTD algorithm.
This should grant us some more space to add more firmwares and should
not have any major performance impact, because firmwares are not accessed
frequently.
Includes buildroot submodule bump:
* buildroot 07e08e01b2...8a75878da4 (1):
> linux-firmware: add option for firmware files compression
This allows for rudimentary image/partition size tracking between builds,
potentially this could be further extended with more useful information
about the build (TBD).
* Add initial Raspberry Pi 5 buildroot config
* Add machine-id support via cmdline.txt
* Add new entry if entry is missing
* Don't overwrite cmdline.txt when adding machine-id
Use sed to append the new cmdline parameter to the first line.
* Skeleton script for RAUC custom bootloader interface
* Deploy kernel/device-tree into a RAUC slot specific directory
This allows us to use the os_prefix feature to switch between slot A and
B. Compared to the boot_partition option, this option allows to use a
shared config.txt and cmdline.txt, which makes it more like how HAOS
currently works on other Raspberry Pis.
* Deploy new kernel/device-tree to correct slot on installation
* Increase boot size to 128MB
This makes sure we can store up to three kernels (slot A, B and an
temporary one while installing the OTA update).
* Initial tryboot implementation using os_prefix
* Make sure to delete the old slot completely
* Add Busybox xargs for tryboot bootloader script
* Compare tryboot bootloader file silently
* Revert "Increase boot size to 128MB"
This reverts commit 7f2c69b58f02f500d6aeee4f0a419046899b5e38.
* Use compressed kernel
* Address shellcheck
* Address shellcheck issue in rauc-hook
* Fix shellcheck for rpi-tryboot.sh
* Do not follow source - it gets checked separately
* Correctly set the slot to boot
* Apply suggestions from code review
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
* Drop serial console from default cmdline.txt
* Resync rpi5_64_defconfig with rpi4_64_defconfig
* Improve machine-id match
Only match actual hexadecimal characters.
* Deploy firmware overlays to OS prefix directory
* Add Raspberry Pi 5 to documentation
* Bump buildroot
* buildroot fd1dc86f40...f13ad03408 (1):
> linux: add in-tree device tree overlay support
* Install device tree overlays from Kernel sources
* Drop RPi RF modules for now
No Raspberry Pi 5 specific device tree overlays are available, drop RPi
RF mod for now.
* Use Raspberry 5 specific identifiers for Supervisor/OS Agent
* Bump buildroot
* buildroot f13ad03408...07e08e01b2 (1):
> linux: fix add in-tree device tree overlay support
* Revert "Drop RPi RF modules for now"
This reverts commit 46fc1701e4b66dab7367d8a0face79cfa3b98cbd.
---------
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
There is no sanity check when creating OS images, so when some of the
partitions gets too big, part of its data may get overwritten by the
following partition, resulting in corrupted image. Add checks for the
defined partition sizes and bail out if they're too big.
* Fix Supervisor image corruption detection
When multiple images match the reference, multiple IDs are passed as a
single argument to docker image rm, leading to an error:
Error response from daemon: page not found
Make sure to pass the ids as separate argument to make the delete work
in any case.
* Cleanup reusing Supervisor from an old/unused reference
As noted in #2113, we don't need this logic anymore after a major OS
releases. So simply drop the logic to also make the image corruption
detection work again.
* Make sure image IDs are sorted to make them unique
Current mainline contains support for two more WiFi cards in the mt7921u
driver that only use a proprietary VID/PID but are compatible with the
standard driver. Backport support for those via a simple driver patch.
Fixes#2926
* Fix Supervisor image corruption detection
When multiple images match the reference, multiple IDs are passed as a
single argument to docker image rm, leading to an error:
Error response from daemon: page not found
Make sure to pass the ids as separate argument to make the delete work
in any case.
* Cleanup reusing Supervisor from an old/unused reference
As noted in #2113, we don't need this logic anymore after a major OS
releases. So simply drop the logic to also make the image corruption
detection work again.
* Make sure image IDs are sorted to make them unique
Preemptively enable larger set of WiFi drivers for all platforms and add more firmwares for them with the aim to harmonize WiFi device support among all boards and to have implicit support of devices that users might want to use. Targets `generic_aarch64`, `generic_x86_64` and `ova` also include options and firmwares for cards that are using PCI/PCIe bus - support for these is in a separate config fragment.
Especially the `generic_x86_64` is currently very tight with the rootfs space, so I had to do some triaging and select only sensible drivers and firmwares - especially archaic PCMCIA devices or devices not supporting only 802.11g or lower standards were among the first that I removed during the triaging - we can consider enabling those but this time on an someone's explicit need to have them enabled.
This closes#2815 and replaces large part of #2761, also potentially addresses (at least) these: #2806, #2783, #2841, #2776, #2725, #2600
-------------
* Remove WiFi options from generic and board kernel config fragments
* Enable MMC in OVA kernel
This is needed for SDIO drivers to work. Use the same options as we
currently use for generic_x86_64.
* Add CRYPTO_MICHAEL_MIC to the common kernel config
This is requirement for TKIP and is a dependency of ATH11K driver.
* Add kernel config fragments with wireless cards support
* Add firmwares for WiFi cards
* Enable more Bluetooth device drivers
* Remove kernel HCI driver if no WiFi/Bluetooth module present (#2944)
If the WiFi/Bluetooth module is not present on the SDIO bus, remove the
HCI driver. This avoids hci0 interface to be present. Current Home
Assistant Core versions show a Bluetooth device as soon as a hci device
is present. With this change there won't be a Bluetooth device shown.
* Update buildroot-external/package/pi-bluetooth/hcidisable.service
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
---------
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
* Do not start hciuart.service if krnbt is used
Avoid starting (and failing to start) hciuart.service if krnbt is used.
This avoid unnecessary failed services showing up.
* Update buildroot-external/package/pi-bluetooth/hciuart.service
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
* Drop duplicate bluetooth in path
* Avoid bthelper@hci0.service failing
* Revert "Avoid bthelper@hci0.service failing"
This reverts commit f79777e63ec83ab45f27fbecb2da8b0c97992c64.
* Add ExecConditiono to bthelper@.service as well
---------
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
* Remove kernel HCI driver if no WiFi/Bluetooth module present (#2944)
If the WiFi/Bluetooth module is not present on the SDIO bus, remove the
HCI driver. This avoids hci0 interface to be present. Current Home
Assistant Core versions show a Bluetooth device as soon as a hci device
is present. With this change there won't be a Bluetooth device shown.
* Update buildroot-external/package/pi-bluetooth/hcidisable.service
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
---------
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
* Do not start hciuart.service if krnbt is used
Avoid starting (and failing to start) hciuart.service if krnbt is used.
This avoid unnecessary failed services showing up.
* Update buildroot-external/package/pi-bluetooth/hciuart.service
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
* Drop duplicate bluetooth in path
* Avoid bthelper@hci0.service failing
* Revert "Avoid bthelper@hci0.service failing"
This reverts commit f79777e63ec83ab45f27fbecb2da8b0c97992c64.
* Add ExecConditiono to bthelper@.service as well
---------
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
* Generate self-signed certificates for development
To simplify development generate a self-signed certificate on first
build. Also make sure that the self-signed certificate is being added
the RAUC keyring so that manual updates can be performed.
* Add self-signed certificat independent of deployment type
* Add a warning when building with self-signed certificate
Bluetooth initialization was broken on Yellow because RPi's kernel
started to use initialization by the kernel driver by default, yet
changes from the miniuart-bt overlay are applied directly to Yellow
DTS and had to be updated too. This commit replaces the previous
patch forcing the miniUART usage for Bluetooth with a new one which
is based on the current miniuart-bt-overlay.dts.
