a firewall with no configuration will get a relatively sane ruleset. a
firewall with `extraRules` will get them deep merged into the default
rules. Specifying `rules` will override the defaults
config.boot.commandLineDtbNode can be set from `bootargs` to
`bootargs-override` (used for boards where the u-boot on the board does
set `bootargs` on its own).
In that case, the code updating the cmdline for tftpboot purposes also
needs to update this node, not the `bootargs` node.
Otherwise the kernel won't find the phram device, as it never heard
about it, as it didn't get the necessary cmdline options.
this is a bit of an experiment to reduce the copy-paste in
examples by turning them into "application" modules.
planning to follow up with another module for "wifi router"
This adds a simple boot blessing module, to be used, with the Zyxel NWA50AX.
There's a lot of elephant in the rooms: how do you upgrade kernel, etc.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
Zyxel "firmware" format is just… a FIT with some metadata on the models.
This FIT is like this:
--------------------------
uImage FIT header
--------------------------
Linux kernel
--------------------------
FDT DTB
--------------------------
Padding so that
this makes
8192kb [1]
--------------------------
UBI volume
as a root filesystem
--------------------------
We just reproduce this in a very brutal and naive way.
In the future, this seems worth to generalize and modularize this idea
so that zyxel-nwa-fit is just an instance of a more general output.
[1]: https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=target/linux/ramips/image/mt7621.mk;h=ab1b829ba0086cb9fc9ca8cbbf3cbc14735034d6;hb=refs/heads/main#l3097
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
I believe there should be another module exposing `rootubifs` as `rootfs`
or let any other module just subsume that component like `zyxel-nwa-fit` output.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
Some devices have a U-boot variant that does not accept a third
parameter on the "bootm" command, meaning we can't override the dtb
in the bootloader so have to smush it back into the kernel image
This doesn't work in QEMU but I think the problem is with the
U-Boot configuration for QEMU. It does work on at least one
hardware device so I'm pushing it anyway
Based on
https://gti.telent.net/raboof/liminix/src/branch/tftp-old-uboot
Co-authored-by: Arnout Engelen <arnout@bzzt.net>
This changes the practice for building kernel modules: now we expect
that the appropriate Kconfig symbols are set to =m in
config.kernel.config, and then use pkgs.kmodloader to create
a service that loads and unloads all the modules depended on by
a particular requirement.
Note that modules won't be installed on the target device just by
virue of having been built: only the modules that are referenced by a
kmodloader package will be in the closure.
An example may make this clearer: see modules/firewall/default.nix
in this commit.
Why?
If you have a compiled Linux kernel source tree and you change some
symbol from "is not set" to m and then run make modules, you cannot in
general expect that newly compiled module to work. This is because
there are places in the build of the main kernel where it looks to see
which modules _may_ be defined and uses that information to
accommodate them.
For example in an in-kernel build of
https://github.com/torvalds/linux/blob/master/net/netfilter/core.c#L689
some symbols are defined only if CONFIG_NF_CONNTRACK is set, meaning
this code won't work if we have it unset initially then try later to
enable it and build modules only. Or see
https://github.com/torvalds/linux/blob/master/include/linux/netdevice.h#L160
imagine: you are using a device that requires
CONFIG_MYDEVICE_FROBOZZ_DRIVER but only if CONFIG_FROBOZZ has been
specified elsewhere. Because we check that every requested config
symbol actually appears in .config then it can't be added
unconditionally or the build will fail if CONFIG_FROBOZZ wasn't asked
for.
I'm not 100% happy about this design but it's the best I've thought of
so far.
Adding the reserved-memory node to the dtb can cause it to grow
by enough that it needs an extra page - this will overlap the start
of the kernel image if we calculate offsets based on the original size
Reported-by: sinavir
Authored-by: sinavir
new layout has rootfs followed by kernel and dtb, so that we
know the rootfs start and size to embed them into the dtb instead
of having to use dummy values and fill them in afterwards
This is for QEMU where we won't have to provide a dtb because the
device tree is built by the platform according the (emulated) hardware
present.
Maybe in future there will be other hardware devices where we
don't need to provide a dtb.
this means that net devices in devices/foo/default.nix can be
specified by their sysfs paths (instead of by "eth0" and "eth1" that
may change from one kernel version to the next) and given mnenomic
names that are helpful for the hardware. Like "wan" and "lan[1..4]"