forked from dan/liminix
Compare commits
10 Commits
main
...
mainline-o
| Author | SHA1 | Date | |
|---|---|---|---|
| 3792ec1f39 | |||
| f71e8d5710 | |||
| d3bde4533b | |||
| 0e941a8686 | |||
| f023f7a0de | |||
| 6c61d88a3a | |||
| bbce605a14 | |||
| e6705c4d06 | |||
| 6684d34a43 | |||
| a8c6d5d8a4 |
61
THOUGHTS.txt
61
THOUGHTS.txt
@ -3952,3 +3952,64 @@ I can actually use it as a CPE. This means
|
||||
|
||||
- would be quite cool to run sniproxy instead of forwarding to
|
||||
loaclhost (extra credit)
|
||||
|
||||
Sat Feb 10 12:41:12 GMT 2024
|
||||
|
||||
s6-linux-init version 1.1.2.0
|
||||
|
||||
nfnetlink: module verification failed: signature and/or required key missing - tainting kernel
|
||||
------------[ cut here ]------------
|
||||
kernel BUG at net/wireless/core.h:125!
|
||||
Internal error: Oops - BUG: 0 [#1] SMP ARM
|
||||
Modules linked in: cfg80211(E+) nfnetlink(E)
|
||||
CPU: 0 PID: 197 Comm: insmod Tainted: G E 6.7.4 #1
|
||||
Hardware name: Marvell Armada 380/385 (Device Tree)
|
||||
PC is at cfg80211_netdev_notifier_call+0x2cc/0x3e0 [cfg80211]
|
||||
LR is at call_netdevice_register_net_notifiers+0x4c/0xec
|
||||
pc : [<bf010024>] lr : [<c0672e30>] psr: 60000013
|
||||
sp : f0ba5c10 ip : fffffffb fp : c328df00
|
||||
r10: c15c4170 r9 : c328df00 r8 : 00000000
|
||||
r7 : 00000000 r6 : bf04c620 r5 : c10c9000 r4 : c11ff414
|
||||
r3 : 00000000 r2 : f0ba5df4 r1 : 00000005 r0 : bf04c620
|
||||
Flags: nZCv IRQs on FIQs on Mode SVC_32 ISA ARM Segment none
|
||||
Control: 10c5387d Table: 0320804a DAC: 00000051
|
||||
R
|
||||
cfg80211_netdev_notifier_call [cfg80211] from call_netdevice_register_net_notifiers+0x4c/0xec
|
||||
|
||||
setenv omnia_reset 1; run bootcmd_rescue
|
||||
|
||||
Sat Feb 10 18:23:54 GMT 2024
|
||||
|
||||
ARGH KERNEL
|
||||
|
||||
You can't define CONFIG_NETFILTER=y in a monolithic kernel and expect
|
||||
later to separately build some modules that use it, because there are
|
||||
a bunch of symbols that only get defined if certain other CONFIG
|
||||
options are set at the time that the monolithic kernel is built.
|
||||
|
||||
https://github.com/torvalds/linux/blob/master/net/netfilter/core.c#L689
|
||||
|
||||
Another example is
|
||||
https://github.com/torvalds/linux/blob/master/include/linux/netdevice.h#L160
|
||||
- if you decide after building the kernel that you're going to build
|
||||
some wireless modules, you can't do that without rebuilding the kernel
|
||||
so that it knows to expect them
|
||||
|
||||
The moral of the story seems to be: if you have a compiled Linux kernel source tree and you change some symbol from "is not set" to m and then run make modules, you cannot in general expect that newly compiled module to work.
|
||||
|
||||
AP advertised VHT without HT, disabling HT/VHT/HE
|
||||
|
||||
TODO
|
||||
|
||||
- support kernel version as parameter to builder pkgs/kernel/default.nix
|
||||
- extract the change in how module loading works from omnia device config,
|
||||
and fix the other thing that uses it
|
||||
- wlan module to take 'backported' as a parameter
|
||||
half of the omnia conditionalConfig can go into the module
|
||||
- upgrade omnia to kernel v6
|
||||
- figure out what mdns we need for local hostname resolution
|
||||
(maybe bridging lan/wlan)?
|
||||
- [DONE] slow wifi because "AP advertised VHT without HT, disabling HT/VHT/HE"
|
||||
- [DONE] add local domain to secrets
|
||||
- run sniproxy instead of forwarding
|
||||
- forward some port to loaclhost 22 for inbound ipv4 ssh
|
||||
|
||||
@ -182,12 +182,10 @@
|
||||
kernel = {
|
||||
src = pkgs.pkgsBuildBuild.fetchurl {
|
||||
name = "linux.tar.gz";
|
||||
url = "https://cdn.kernel.org/pub/linux/kernel/v5.x/linux-5.15.137.tar.gz";
|
||||
hash = "sha256-PkdzUKZ0IpBiWe/RS70J76JKnBFzRblWcKlaIFNxnHQ=";
|
||||
url = "https://cdn.kernel.org/pub/linux/kernel/v6.x/linux-6.7.4.tar.gz";
|
||||
hash = "sha256-wIrmL0BS63nRwWfm4nw+dRNVPUzGh9M4X7LaHzAn5tU=";
|
||||
};
|
||||
extraPatchPhase = ''
|
||||
${pkgs.openwrt.applyPatches.mvebu}
|
||||
'';
|
||||
version = "6.7.4";
|
||||
config = {
|
||||
PCI = "y";
|
||||
OF = "y";
|
||||
@ -203,6 +201,10 @@
|
||||
RTC_CLASS = "y";
|
||||
RTC_DRV_ARMADA38X = "y"; # this may be useful anyway?
|
||||
|
||||
EXPERT = "y";
|
||||
ALLOW_DEV_COREDUMP = "n";
|
||||
|
||||
|
||||
# dts has a compatible for this but dmesg is not
|
||||
# showing it
|
||||
EEPROM_AT24 = "y"; # atmel,24c64
|
||||
@ -213,9 +215,9 @@
|
||||
|
||||
MACH_ARMADA_38X = "y";
|
||||
SMP = "y";
|
||||
# this is disabled for the moment because it relies on a GCC
|
||||
# plugin that requires gmp.h to build, and I can't see right now
|
||||
# how to confgure it to find gmp
|
||||
# this is disabled for the moment because it relies on a
|
||||
# GCC plugin that requires gmp.h to build, and I can't see
|
||||
# right now how to confgure it to find gmp
|
||||
STACKPROTECTOR_PER_TASK = "n";
|
||||
NR_CPUS = "4";
|
||||
VFP = "y";
|
||||
@ -227,7 +229,7 @@
|
||||
PSTORE = "y";
|
||||
PSTORE_RAM = "y";
|
||||
PSTORE_CONSOLE = "y";
|
||||
PSTORE_DEFLATE_COMPRESS = "n";
|
||||
# PSTORE_DEFLATE_COMPRESS = "n";
|
||||
|
||||
BLOCK = "y";
|
||||
MMC="y";
|
||||
@ -286,9 +288,25 @@
|
||||
USB_XHCI_MVEBU = "y";
|
||||
USB_XHCI_HCD = "y";
|
||||
};
|
||||
WLAN = {
|
||||
CFG80211 = "m";
|
||||
MAC80211 = "m";
|
||||
|
||||
CFG80211_CERTIFICATION_ONUS = "y";
|
||||
CFG80211_REQUIRE_SIGNED_REGDB = "n"; # depends on ONUS
|
||||
|
||||
CFG80211_CRDA_SUPPORT = "n";
|
||||
|
||||
WLAN_VENDOR_ATH = "y";
|
||||
ATH_COMMON = "m";
|
||||
ATH9K = "m";
|
||||
ATH9K_PCI = "y";
|
||||
ATH10K = "m";
|
||||
ATH10K_PCI = "m";
|
||||
ATH10K_DEBUG = "y";
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
boot = {
|
||||
commandLine = [
|
||||
"console=ttyS0,115200"
|
||||
@ -328,10 +346,41 @@
|
||||
};
|
||||
|
||||
hardware = let
|
||||
mac80211 = pkgs.mac80211.override {
|
||||
drivers = ["ath9k_pci" "ath10k_pci"];
|
||||
klibBuild = config.system.outputs.kernel.modulesupport;
|
||||
};
|
||||
mac80211 =
|
||||
let
|
||||
targets = [
|
||||
"ath9k"
|
||||
"ath10k_pci"
|
||||
];
|
||||
kmodules = pkgs.runCommand "modules" {
|
||||
nativeBuildInputs = with pkgs.pkgsBuildBuild ;[
|
||||
kmod cpio gawk
|
||||
];
|
||||
} ''
|
||||
kernel=${config.system.outputs.kernel.modulesupport}
|
||||
mkdir -p lib/modules/0.0
|
||||
(cd $kernel && find . -name \*.ko | cpio --verbose --make-directories -p $NIX_BUILD_TOP/lib/modules/0.0)
|
||||
cp $kernel/modules.* lib/modules/0.0
|
||||
depmod -b . 0.0
|
||||
|
||||
(for i in ${lib.concatStringsSep " " targets}; do
|
||||
modprobe -S 0.0 -d $NIX_BUILD_TOP --show-depends $i | sed "s,^insmod $NIX_BUILD_TOP/lib/modules/0.0/,,g"
|
||||
done) | awk '!a[$0]++' > load-order
|
||||
|
||||
mkdir $out
|
||||
for i in $(cat load-order); do
|
||||
install -v $NIX_BUILD_TOP/lib/modules/0.0/$i -D $out/$i
|
||||
done
|
||||
echo "O=$out" > $out/load.sh
|
||||
sed "s,^,insmod \$O/,g" < load-order >> $out/load.sh
|
||||
echo "O=$out" > $out/unload.sh
|
||||
tac load-order | sed "s,^,rmmod \$O/,g" > $out/unload.sh
|
||||
''; in
|
||||
oneshot {
|
||||
name = "mac80211-modules";
|
||||
up = "sh ${kmodules}/load.sh";
|
||||
down = "sh ${kmodules}/unload.sh";
|
||||
};
|
||||
in {
|
||||
defaultOutput = "mtdimage";
|
||||
loadAddress = lim.parseInt "0x00800000"; # "0x00008000";
|
||||
@ -339,9 +388,9 @@
|
||||
rootDevice = "/dev/mmcblk0p1";
|
||||
|
||||
dts = {
|
||||
src = "${config.system.outputs.kernel.modulesupport}/arch/arm/boot/dts/armada-385-turris-omnia.dts";
|
||||
src = "${config.system.outputs.kernel.modulesupport}/arch/arm/boot/dts/marvell/armada-385-turris-omnia.dts";
|
||||
includes = [
|
||||
"${config.system.outputs.kernel.modulesupport}/arch/arm/boot/dts/"
|
||||
"${config.system.outputs.kernel.modulesupport}/arch/arm/boot/dts/marvell/"
|
||||
];
|
||||
};
|
||||
flash.eraseBlockSize = 65536; # only used for tftpboot
|
||||
|
||||
@ -145,7 +145,7 @@ in rec {
|
||||
};
|
||||
|
||||
users.root = {
|
||||
passwd = lib.mkForce secrets.root_password;
|
||||
passwd = lib.mkForce secrets.root.passwd;
|
||||
# openssh.authorizedKeys.keys = [
|
||||
# (builtins.readFile "/home/dan/.ssh/id_rsa.pub")
|
||||
# ];
|
||||
|
||||
@ -107,6 +107,7 @@ in {
|
||||
|
||||
rules = [
|
||||
(accept "udp dport 547") # dhcp, could restrict to daddr ff02::1:2
|
||||
(accept "udp dport 53") # dns
|
||||
(accept "tcp dport 22")
|
||||
];
|
||||
};
|
||||
|
||||
@ -131,6 +131,6 @@ in rec {
|
||||
dependencies = [services.dhcpc];
|
||||
};
|
||||
|
||||
users.root.passwd = lib.mkForce secrets.root_password;
|
||||
users.root.passwd = lib.mkForce secrets.root.passwd;
|
||||
defaultProfile.packages = with pkgs; [nftables strace tcpdump swconfig];
|
||||
}
|
||||
|
||||
@ -1,5 +1,6 @@
|
||||
rec {
|
||||
{
|
||||
wpa_passphrase = "you bring light in";
|
||||
ssid = "liminix";
|
||||
l2tp = {
|
||||
name = "abcde@a.1";
|
||||
password = "NotMyIspPassword";
|
||||
@ -10,9 +11,9 @@ rec {
|
||||
openssh.authorizedKeys.keys = [
|
||||
];
|
||||
};
|
||||
root_password = root.passwd;
|
||||
|
||||
lan = {
|
||||
prefix = "10.8.0"; # "192.168.8";
|
||||
prefix = "10.8.0";
|
||||
};
|
||||
|
||||
}
|
||||
|
||||
@ -8,7 +8,10 @@
|
||||
|
||||
{ config, pkgs, lib, ... } :
|
||||
let
|
||||
secrets = import ./rotuer-secrets.nix;
|
||||
secrets = {
|
||||
domainName = "fake.liminix.org";
|
||||
firewallRules = {};
|
||||
} // (import ./rotuer-secrets.nix);
|
||||
inherit (pkgs.liminix.services) oneshot longrun bundle;
|
||||
inherit (pkgs) serviceFns;
|
||||
svc = config.system.service;
|
||||
@ -23,6 +26,7 @@ let
|
||||
wmm_enabled = 1;
|
||||
};
|
||||
|
||||
|
||||
in rec {
|
||||
boot = {
|
||||
tftp = {
|
||||
@ -55,7 +59,7 @@ in rec {
|
||||
services.hostap = svc.hostapd.build {
|
||||
interface = config.hardware.networkInterfaces.wlan;
|
||||
params = {
|
||||
ssid = "liminix";
|
||||
ssid = secrets.ssid;
|
||||
hw_mode="g";
|
||||
channel = "2";
|
||||
ieee80211n = 1;
|
||||
@ -65,7 +69,7 @@ in rec {
|
||||
services.hostap5 = svc.hostapd.build {
|
||||
interface = config.hardware.networkInterfaces.wlan5;
|
||||
params = rec {
|
||||
ssid = "liminix_5";
|
||||
ssid = "${secrets.ssid}5";
|
||||
hw_mode="a";
|
||||
channel = 36;
|
||||
ht_capab = "[HT40+]";
|
||||
@ -84,7 +88,8 @@ in rec {
|
||||
services.bridge = svc.bridge.members.build {
|
||||
primary = services.int;
|
||||
members = with config.hardware.networkInterfaces;
|
||||
[ wlan
|
||||
[
|
||||
wlan
|
||||
wlan5
|
||||
lan0
|
||||
lan1
|
||||
@ -120,8 +125,8 @@ in rec {
|
||||
# You can add static addresses for the DHCP server here. I'm
|
||||
# not putting my actual MAC addresses in a public git repo ...
|
||||
hosts = { } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix);
|
||||
|
||||
domain = "fake.liminix.org";
|
||||
upstreams = [ "/${secrets.domainName}/" ];
|
||||
domain = secrets.domainName;
|
||||
};
|
||||
|
||||
services.wan = svc.pppoe.build {
|
||||
@ -194,6 +199,9 @@ in rec {
|
||||
|
||||
defaultProfile.packages = with pkgs; [
|
||||
min-collect-garbage
|
||||
nftables
|
||||
strace
|
||||
tcpdump
|
||||
];
|
||||
|
||||
programs.busybox.applets = [
|
||||
|
||||
@ -27,6 +27,7 @@ in {
|
||||
options = {
|
||||
kernel = {
|
||||
src = mkOption { type = types.path; } ;
|
||||
version = mkOption { type = types.str; default = "5.15.137";} ;
|
||||
modular = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
@ -79,7 +80,8 @@ in {
|
||||
config.kernel.conditionalConfig;
|
||||
k = liminix.builders.kernel.override {
|
||||
config = mergedConfig;
|
||||
inherit (config.kernel) src extraPatchPhase;
|
||||
version = builtins.trace config.kernel.version config.kernel.version;
|
||||
inherit (config.kernel) src extraPatchPhase;
|
||||
targets = config.kernel.makeTargets;
|
||||
};
|
||||
in {
|
||||
|
||||
@ -46,6 +46,10 @@ in {
|
||||
CRYPTO_SHA1 = "y";
|
||||
ENCRYPTED_KEYS = "y";
|
||||
KEYS = "y";
|
||||
|
||||
# see note in include/linux/netdevice.h re LL_MAX_HEADER
|
||||
WLAN = "y";
|
||||
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
@ -6,6 +6,7 @@
|
||||
|
||||
, config
|
||||
, src
|
||||
, version ? "1"
|
||||
, extraPatchPhase ? "echo"
|
||||
, targets ? ["vmlinux"]
|
||||
} :
|
||||
@ -23,6 +24,7 @@ stdenv.mkDerivation rec {
|
||||
(with buildPackages.pkgs; [
|
||||
rsync bc bison flex pkg-config
|
||||
openssl ncurses.all perl
|
||||
cpio
|
||||
]);
|
||||
CC = "${stdenv.cc.bintools.targetPrefix}gcc";
|
||||
HOSTCC = with buildPackages.pkgs;
|
||||
@ -51,9 +53,9 @@ stdenv.mkDerivation rec {
|
||||
|
||||
patches = [
|
||||
./cmdline-cookie.patch
|
||||
./phram-allow-cached-mappings.patch
|
||||
./mips-malta-fdt-from-bootloader.patch
|
||||
];
|
||||
] ++ lib.optional (lib.versionOlder version "6.0")
|
||||
./phram-allow-cached-mappings.patch;
|
||||
|
||||
# this is here to work around what I think is a bug in nixpkgs
|
||||
# packaging of ncurses: it installs pkg-config data files which
|
||||
@ -103,8 +105,8 @@ stdenv.mkDerivation rec {
|
||||
mkdir -p $headers
|
||||
cp -a include .config $headers/
|
||||
mkdir -p $modulesupport
|
||||
cp modules.* $modulesupport
|
||||
make clean modules_prepare
|
||||
cp modules.* vmlinux.o $modulesupport
|
||||
make modules
|
||||
cp -a . $modulesupport
|
||||
'';
|
||||
}
|
||||
|
||||
Loading…
Reference in New Issue
Block a user