Turris Build issueshttps://gitlab.nic.cz/turris/os/build/-/issues2024-03-12T13:56:35+01:00https://gitlab.nic.cz/turris/os/build/-/issues/409Provide SDK2024-03-12T13:56:35+01:00Patrick GrimmProvide SDKWhy don't provide the SDK? It is easier to develop and distribute third party opkg feeds.
```
diff --git a/configs/common/basic_settings b/configs/common/basic_settings
index 08c99f23..3be3d260 100644
--- a/configs/common/basic_settings...Why don't provide the SDK? It is easier to develop and distribute third party opkg feeds.
```
diff --git a/configs/common/basic_settings b/configs/common/basic_settings
index 08c99f23..3be3d260 100644
--- a/configs/common/basic_settings
+++ b/configs/common/basic_settings
@@ -7,6 +7,9 @@ CONFIG_BUILD_NLS=y
CONFIG_ALL_KMODS=y
CONFIG_ALL=y
+# Build openwrt SDK pre-compiled toolchain designed to cross compile packages
+CONFIG_SDK=y
+
# Package output options
CONFIG_SIGNED_PACKAGES=y
CONFIG_IPK_FILES_CHECKSUMS=y
```https://gitlab.nic.cz/turris/os/build/-/issues/161[meta] Better IPv6 detection2024-03-11T09:33:49+01:00Jan Pavlinec[meta] Better IPv6 detectionThis issue should be used for brainstorming ideas about IPv6 detection.
The main idea is, that there should be one mechanism that can tell if the user has IPv6 and this information should be shared with init scripts (via uci for example...This issue should be used for brainstorming ideas about IPv6 detection.
The main idea is, that there should be one mechanism that can tell if the user has IPv6 and this information should be shared with init scripts (via uci for example) instead of doing separate detection for every service.
Examples of with detection:
* knot-resolver ping test for disabling IPv6: [turris-os-packages:net/knot-resolver/files/kresd.init#L270](https://gitlab.nic.cz/turris/turris-os-packages/-/blob/v5.1.0/net/knot-resolver/files/kresd.init#L270)
* hotplug - https://gitlab.nic.cz/turris/turris-os-packages/-/merge_requests/381/diffs#diff-content-160a8a7b73e11a0e3502870d06ac486732a69d98
cc @jschlehofer @kkoci @mhruseckyTurris OS 7.1.0https://gitlab.nic.cz/turris/os/build/-/issues/178Enable GCC_DEFAULT_SSP2024-03-01T14:34:28+01:00Jan PavlinecEnable GCC_DEFAULT_SSPWe should enabled GCC_DEFAULT_SSP by default on HBL
https://gitlab.nic.cz/turris/turris-build/-/commit/25d12eb1a8ceb5e1fcbfcc1473b9610f7e9d5314
This issue is a sort of reminder.We should enabled GCC_DEFAULT_SSP by default on HBL
https://gitlab.nic.cz/turris/turris-build/-/commit/25d12eb1a8ceb5e1fcbfcc1473b9610f7e9d5314
This issue is a sort of reminder.Turris OS 7.1.0https://gitlab.nic.cz/turris/os/build/-/issues/420Add macOS support in compile_pkgs script2023-11-09T19:30:16+01:00Aleksandr GumroianAdd macOS support in compile_pkgs scriptI've received this as feedback. There are two issues that prevent people on Macs build packages:
- shebang, most probably we should use `#!/usr/bin/env bash`
- https://stackoverflow.com/questions/4247068/sed-command-with-i-option-failin...I've received this as feedback. There are two issues that prevent people on Macs build packages:
- shebang, most probably we should use `#!/usr/bin/env bash`
- https://stackoverflow.com/questions/4247068/sed-command-with-i-option-failing-on-mac-but-works-on-linux
It would be nice to fix it. :slight_smile:https://gitlab.nic.cz/turris/os/build/-/issues/69Helpers/new_release.sh: Add release notes to tags2023-08-16T11:06:45+02:00Josef SchlehoferHelpers/new_release.sh: Add release notes to tagsI think it would be really cool if the script can add to tags release notes from `NEWS` file.I think it would be really cool if the script can add to tags release notes from `NEWS` file.Michal HruseckyMichal Hruseckyhttps://gitlab.nic.cz/turris/os/build/-/issues/75Use samba4 instead of samba32023-08-16T11:06:41+02:00Josef SchlehoferUse samba4 instead of samba3In PR !28, I noticed some changes regarding samba.
Shouldn't we use samba4 instead of samba(3)? The only issue what I am thinking is that samba4 is not available in OpenWrt 18.06.
In 19.07 or master is included. I asked in #openwrt-deve...In PR !28, I noticed some changes regarding samba.
Shouldn't we use samba4 instead of samba(3)? The only issue what I am thinking is that samba4 is not available in OpenWrt 18.06.
In 19.07 or master is included. I asked in #openwrt-devel why samba3 is still present in OpenWrt `master` branch.
```
20:13:11 <Pepe> I am wondering why in the master branch, there is still samba3, which was EOL 4 years ago.
20:31:18 <pkgadd> Pepe: because samba4 is unsuitable for most devices
22:45:51 <mangix> Pepe: size
22:45:56 <mangix> and laziness
22:47:07 <mangix> It should be removed from the main branch
```
We have powerful routers with a large amount of space, so it shouldn't be an issue to have supported version of samba4 or am I wrong? It depends how much we are going to diverge from OpenWrt. On the other hand, I am against it, but samba3 is vulnerable and reached EoL a long time ago. This should be handled directly in OpenWrt, they should decide what they are going to do with samba3, because this ancient version is not even in [Debian](https://packages.debian.org/search?keywords=samba).Turris OS 5.0https://gitlab.nic.cz/turris/os/build/-/issues/62[feature request] provide an easy to install foris package to enable multicas...2023-08-16T11:04:21+02:00Claude Nobs[feature request] provide an easy to install foris package to enable multicast iptv supportVarious isp's (telekom.de, fiber7.ch, ...) come with a bundled iptv solution based on multicast technology. Apart from internet access, access to tv is one of the features a router should support out-of-the-box or provide a checkbox solu...Various isp's (telekom.de, fiber7.ch, ...) come with a bundled iptv solution based on multicast technology. Apart from internet access, access to tv is one of the features a router should support out-of-the-box or provide a checkbox solution in it's gui.
However currently it's neither supported out-of-the box, nor is it possible to setup using either foris or luci. Only if one is comfortable using ssh/bash it's rather trivial to setup :
```
IP=`ip -4 -br addr show br-lan | grep -E -o '[0-9.]+' | head -n 1`
opkg install igmpproxy
sed -i -e "s/$IP\/24/0.0.0.0\/0/g" /etc/config/igmpproxy
sed -i -e "s/option ipaddr '$IP'/option ipaddr '$IP'\n\toption igmp_snooping '1'/g" /etc/config/network
/etc/init.d/igmpproxy enable
/etc/init.d/igmpproxy start
```https://gitlab.nic.cz/turris/os/build/-/issues/63[feature request] enable NFT's full potential in kernel conf2023-08-16T11:04:20+02:00Ghost User[feature request] enable NFT's full potential in kernel conf> {"kernel":"4.14.131","hostname":"to","system":"ARMv7 Processor rev 1 (v7l)","model":"Turris Omnia","board_name":"cznic,turris-omnia","release":{"distribution":"TurrisOS","version":"5.0-dev","revision":"c01f9ad","target":"mvebu/cortexa9...> {"kernel":"4.14.131","hostname":"to","system":"ARMv7 Processor rev 1 (v7l)","model":"Turris Omnia","board_name":"cznic,turris-omnia","release":{"distribution":"TurrisOS","version":"5.0-dev","revision":"c01f9ad","target":"mvebu/cortexa9","description":"TurrisOS 5.0-dev c01f9ad"}}
____
With the below settiings disabled NFT is sort of castrated. Fail to see any potential harm it could cause enabling the feature set.
`# CONFIG_NFT_RT is not set`
> This option adds the "rt" expression that you can use to match packet routing information such as the packet nexthop.
`# CONFIG_NFT_SET_BITMAP is not set`
> This option adds the "bitmap" set type that is used to build sets whose keys are smaller or equal to 16 bits.
`# CONFIG_NFT_OBJREF is not set`
> This option adds the "objref" expression that allows you to refer to stateful objects, such as counters and quotas.
`# CONFIG_NFT_QUEUE is not set`
> This is required if you intend to use the userspace queueing infrastructure (also known as NFQUEUE) from nftables.
`# CONFIG_NFT_COMPAT is not set`
> This is required if you intend to use any of existing x_tables match/target extensions over the nf_tables framework.
`# CONFIG_NFT_FIB_NETDEV is not set`
> This option allows using the FIB expression from the netdev table. The lookup will be delegated to the IPv4 or IPv6 FIB depending on the protocol of the packet.
`# CONFIG_NFT_DUP_IPV4 is not set`
> This module enables IPv4 packet duplication support for nf_tables.
`# CONFIG_NFT_DUP_IPV6 is not set`
> This module enables IPv6 packet duplication support for nf_tables.
____
`# CONFIG_NFT_RT is not set`
is likely causing some grievance with TCP MSS clamping (essential for PPPoE) since
`nft add rule ip filter forward oifname pppoe-wan tcp flags syn tcp option maxseg size set rt mtu`
`nft add rule ip filter forward oifname pppoe-wan tcp flags syn tcp option maxseg size set 1452`
either is producing
> Error: Could not process rule: No such file or directoryhttps://gitlab.nic.cz/turris/os/build/-/issues/64[feature suggestion] enhance NF filter capabilities2023-08-16T11:04:18+02:00Ghost User[feature suggestion] enhance NF filter capabilities> {"kernel":"4.14.131","hostname":"to","system":"ARMv7 Processor rev 1 (v7l)","model":"Turris Omnia","board_name":"cznic,turris-omnia","release":{"distribution":"TurrisOS","version":"5.0-dev","revision":"c01f9ad","target":"mvebu/cortexa9...> {"kernel":"4.14.131","hostname":"to","system":"ARMv7 Processor rev 1 (v7l)","model":"Turris Omnia","board_name":"cznic,turris-omnia","release":{"distribution":"TurrisOS","version":"5.0-dev","revision":"c01f9ad","target":"mvebu/cortexa9","description":"TurrisOS 5.0-dev c01f9ad"}}
___
Please consider enhancement of NF filter capabilities
`# CONFIG_NETFILTER_XT_TARGET_HMARK is not set`
> This option adds the "HMARK" target.
The target allows you to create rules in the "raw" and "mangle" tables which set the skbuff mark by means of hash calculation within a given range. The nfmark can influence the routing method and can also be used by other subsystems to change their behaviour.
`# CONFIG_NETFILTER_XT_TARGET_TCPOPTSTRIP is not set`
> This option adds a "TCPOPTSTRIP" target, which allows you to strip TCP options from TCP packets.
`# CONFIG_NETFILTER_XT_MATCH_CGROUP is not set`
> Socket/process control group matching allows you to match locally generated packets based on which net_cls control group processes belong to.
`# CONFIG_NETFILTER_XT_MATCH_IPCOMP is not set`
> This match extension allows you to match a range of CPIs(16 bits) inside IPComp header of IPSec packets.
`# CONFIG_NETFILTER_XT_MATCH_L2TP is not set`
> This option adds an "L2TP" match, which allows you to match against L2TP protocol header fields.
`# CONFIG_NETFILTER_XT_MATCH_OSF is not set`
> This option selects the Passive OS Fingerprinting match module that allows to passively match the remote operating system by analyzing incoming TCP SYN packets.
Rules and loading software can be downloaded from http://www.ioremap.net/projects/osf
`# CONFIG_NETFILTER_XT_MATCH_SCTP is not set`
> With this option enabled, you will be able to use the `sctp' match in order to match on SCTP source/destination ports and SCTP chunk types.https://gitlab.nic.cz/turris/os/build/-/issues/115Replace dependency and file insert patches for turris-webapps with dedicated ...2023-08-16T11:01:11+02:00Karel KociReplace dependency and file insert patches for turris-webapps with dedicated packages and conditional install requestsTurris updater now supports conditional install requests. We should use that instead of patching various packages for webapps. We have to create appropriate packages and then it is just:
```
Install("turris-webapps-FOO", { condition = "F...Turris updater now supports conditional install requests. We should use that instead of patching various packages for webapps. We have to create appropriate packages and then it is just:
```
Install("turris-webapps-FOO", { condition = "FOO" })
```Turris OS 5.2.0https://gitlab.nic.cz/turris/os/build/-/issues/293[Feature request]: Add watchcat plugin configuration directly to the reForris...2023-08-16T10:57:04+02:00Marek Ľach[Feature request]: Add watchcat plugin configuration directly to the reForris user interface itself, active by defaultBecause the WiFi sometimes disconnects in mid-day for me, and TurrisOS, by default, is not able to reboot/restart such a once lost connection immediately on its own, without the need for a lenghty manual intervention.
The `OpenWRT` pack...Because the WiFi sometimes disconnects in mid-day for me, and TurrisOS, by default, is not able to reboot/restart such a once lost connection immediately on its own, without the need for a lenghty manual intervention.
The `OpenWRT` package `watchcat` seems to be the sought after remedy in these situations, with which I was eventually able to configure an automated re-connect if ping's lost, so **TurrisOS** could _have watchcat included_, and active by default in its own *reForis* interface, to make it even more convenient, useful and user-friendly.
It’d be worth it implementing this plugin into the latest iteration of TurrisOS proper out-of-the-box in the future... for laymen like myself :-)https://gitlab.nic.cz/turris/os/build/-/issues/333UBNT SFP GPON support2023-08-16T10:55:31+02:00Karel KociUBNT SFP GPON supportBackport UBNT SFP GPON patches to ensure functionality.Backport UBNT SFP GPON patches to ensure functionality.Turris OS 6.0https://gitlab.nic.cz/turris/os/build/-/issues/32cfq & ionice for file/media centre2023-08-16T10:54:59+02:00dim-geocfq & ionice for file/media centrePlease activate CFQ on kernel io schedulers. No need to change the default io scheduler.
It is very useful for external hard disks (rotational) where competing processes try to access the hard disk. Also, if you can please activate ionic...Please activate CFQ on kernel io schedulers. No need to change the default io scheduler.
It is very useful for external hard disks (rotational) where competing processes try to access the hard disk. Also, if you can please activate ionice in busybox so cfq can be used as well.
It would help on scenarios where the turris acts as a small file/media centre.Turris OS 6.0https://gitlab.nic.cz/turris/os/build/-/issues/84sendbeacon and kwboot missing in repo2023-03-03T02:02:20+01:00Jan Pavlinecsendbeacon and kwboot missing in reposendbeacon and kwboot utilities used for loading uboot via serial link are missing in 4x/5x repo. It would be useful to have them.sendbeacon and kwboot utilities used for loading uboot via serial link are missing in 4x/5x repo. It would be useful to have them.https://gitlab.nic.cz/turris/os/build/-/issues/348MOX: Enable earlyprintk for easier UART debugging2022-07-27T13:51:46+02:00Josef SchlehoferMOX: Enable earlyprintk for easier UART debuggingSimilar as for Turris Omnia (turris/os/build#347), we need similar stuff for Turris MOX:
```
CONFIG_CMDLINE="earlycon=ar3700_uart,0xd0012000 console=ttyMV0,115200"
CONFIG_CMDLINE_FROM_BOOTLOADER=y
CONFIG_SERIAL_EARLYCON=y
CONFIG_SERIAL_...Similar as for Turris Omnia (turris/os/build#347), we need similar stuff for Turris MOX:
```
CONFIG_CMDLINE="earlycon=ar3700_uart,0xd0012000 console=ttyMV0,115200"
CONFIG_CMDLINE_FROM_BOOTLOADER=y
CONFIG_SERIAL_EARLYCON=y
CONFIG_SERIAL_MVEBU_UART=y
CONFIG_SERIAL_MVEBU_CONSOLE=y
```Turris OS 6.0https://gitlab.nic.cz/turris/os/build/-/issues/245suggestion: replace dnsmasq with odhcpd2022-03-24T07:53:35+01:00Rosen Penevsuggestion: replace dnsmasq with odhcpdIn TurrisOS, dnsmasq is used as a DHCP server and unbound as a DNS one.
odhcpd is used as a DHCPv6 server. It has the ability to run as a DHCPv4 server as well.
The whole point of using dnsmasq in OpenWrt is that it combines DHCP and D...In TurrisOS, dnsmasq is used as a DHCP server and unbound as a DNS one.
odhcpd is used as a DHCPv6 server. It has the ability to run as a DHCPv4 server as well.
The whole point of using dnsmasq in OpenWrt is that it combines DHCP and DNS. But since this is not the case in TurrisOS, it can be removed.https://gitlab.nic.cz/turris/os/build/-/issues/312PRPL Mesh packages feed2021-12-14T12:19:29+01:00Karel KociPRPL Mesh packages feedThink about inclusion of prplMesh packages (https://gitlab.com/prpl-foundation/prplos/feed-prpl).
* [ ] add feed
* [ ] test itThink about inclusion of prplMesh packages (https://gitlab.com/prpl-foundation/prplos/feed-prpl).
* [ ] add feed
* [ ] test ithttps://gitlab.nic.cz/turris/os/build/-/issues/162patch luci (-mod-network) to show a warning about DNS settings2021-11-03T18:36:35+01:00Vladimír Čunátvladimir.cunat@nic.czpatch luci (-mod-network) to show a warning about DNS settingsThis is the short-term plan after discussion with Pepe. Some people can be understandably confused that DNS settings in luci's "DHCP and DNS" don't have any effect, so we could at least show a warning on that page... until some better s...This is the short-term plan after discussion with Pepe. Some people can be understandably confused that DNS settings in luci's "DHCP and DNS" don't have any effect, so we could at least show a warning on that page... until some better solution is available, e.g. https://github.com/openwrt/luci/issues/4125https://gitlab.nic.cz/turris/os/build/-/issues/201Move lists to separate feed2021-09-21T12:25:59+02:00Karel KociMove lists to separate feedWe should move lists to separate feed. We build them separately but we do not have them separate in feeds description. Moving them to separate repository is not essential for separate hash but makes it cleaner as they are updated only wh...We should move lists to separate feed. We build them separately but we do not have them separate in feeds description. Moving them to separate repository is not essential for separate hash but makes it cleaner as they are updated only when it is required. It also opens doors for implementation of some sort of limit "use these lists only with build of specific commit and newer". This could fix common issue when packages take time to build but at the meantime lists are broken.Turris OS 5.3.0https://gitlab.nic.cz/turris/os/build/-/issues/247Replace Nikola with FWLogs2021-09-21T12:25:14+02:00Karel KociReplace Nikola with FWLogsFWLogs is much better implementation. We should use that.
On Sentinel meeting we checked that FWLogs is fully compatible with Nikola on Sentinel server side so there should be no issue in doing the replace.FWLogs is much better implementation. We should use that.
On Sentinel meeting we checked that FWLogs is fully compatible with Nikola on Sentinel server side so there should be no issue in doing the replace.Turris OS 5.3.0