* add hook to allow customizing before kernel make env creation
* Hook runs in docker_cli_prepare_launch() just before DOCKER_EXTRA_ARGS
is processed, allowing extensions to add Docker arguments with a more
descriptive hook name than add_host_dependencies.
* Extension: ccache-remote
Enables ccache with remote Redis storage for sharing compilation cache across build hosts.
Features:
- Auto-discovery via Avahi/mDNS (ccache.local hostname)
- Explicit Redis server configuration via CCACHE_REMOTE_STORAGE
- Build statistics display at end of build (hit/miss/error rates)
- Support for both Docker and native builds
- Hooks for kernel and u-boot compilation environments
Documentation includes server setup instructions with security warnings,
client mDNS configuration, and cache sharing requirements.
* uboot: fix ccache environment and add extension hook
U-Boot build uses `env -i` which clears all environment variables.
CCACHE_DIR and CCACHE_TEMPDIR were not explicitly passed to make,
unlike kernel build (kernel-make.sh). This caused ccache to use
default directory instead of configured Armbian one, breaking
cache statistics and shared cache functionality.
Changes:
- Add CCACHE_DIR and CCACHE_TEMPDIR to uboot_make_envs
- Add uboot_make_config hook for extensions (similar to kernel_make_config),
allowing modification of environment variables before compilation
* add long list of allowed ccache-related env vars
* set permissions to ccache files RW for everyone if cache not private
* ccache: add ccache_post_compilation hook for extensions
* ccache-remote: use ccache_post_compilation hook instead of cleanup handler
Show remote ccache stats after each compilation (kernel, uboot) via hook,
instead of once at the end via cleanup handler. Stats now shown even on
build failure.
* ccache: show stats with safe arithmetic
* ccache/uboot: improve code comments per review feedback
- uboot.sh: clarify ARMBIAN=foe workaround for dual-compiler scenario
- ccache-remote.sh: document that CCACHE_REDIS_CONNECT_TIMEOUT must be
set before extension loads
* ccache-remote: mask storage URLs in logs
Mask CCACHE_REMOTE_STORAGE when emitting Docker env debug logs.
* ccache-remote: extract ccache_inject_envs() helper to deduplicate passthrough loops
Extract ccache_inject_envs() helper to deduplicate identical passthrough
loops in kernel and uboot make config hooks.
ccache-remote: rename functions to follow project naming conventions
Rename get_redis_stats and mask_storage_url to ccache_get_redis_stats
and ccache_mask_storage_url to follow project naming conventions.
ccache-remote: mask credentials in debug log output for passthrough loops
Mask CCACHE_REMOTE_STORAGE value through ccache_mask_storage_url() before
logging in both Docker env and make env passthrough loops to avoid leaking
credentials into build logs.
* ccache-remote: add HTTP/WebDAV backend and DNS discovery
* ccache-remote: move extension script into directory layout
* ccache-remote: add server setup docs and config files
* ccache-remote: validate Redis credentials in URLs
* ccache-remote: document Redis auth options and safe passwords
Add separate insecure config example for trusted networks.
Recommend URL-safe hex passwords and update setup docs.
* ccache-remote: improve Docker loopback handling and IPv6 host parsing
Other read calls in the same file already use -r.
Without -r, backslashes in user input are interpreted as escape characters.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
При упаковке linux-headers скомпилированные бинарники из scripts/ удаляются,
так как они собраны под хост сборки, а не под целевую машину (типичный случай
кросс-сборки). Поэтому postinst при установке пакета пересобирает их нативно,
предварительно запустив `make olddefconfig`.
Однако olddefconfig не только подготавливает окружение — он заново вычисляет
конфигурацию ядра, проверяя тулчейн, доступный на целевом хосте при установке.
Если инструменты, использовавшиеся при сборке ядра, на целевой машине отсутствуют
или имеют другую версию, olddefconfig молча отключает соответствующие CONFIG_*
опции (например, CONFIG_CC_IS_CLANG, CONFIG_LTO_CLANG, CONFIG_DEBUG_INFO_BTF).
В результате установленный пакет заголовков описывает не то ядро, которое
реально собрано и работает, а то, которое можно было бы собрать на данном хосте.
Это затрагивает:
- include/generated/autoconf.h (используется препроцессором C)
- include/config/auto.conf + маркер-файлы include/config/ (используются
make-правилами kbuild)
- include/generated/rustc_cfg (используется Rust-сборками)
Все эти файлы — артефакты сборки и должны описывать скомпилированное ядро,
а не возможности хоста установки.
Исправление: при упаковке сохраняем сайдкар-тарбол с build-time версиями
include/config/ и include/generated/{autoconf.h,rustc_cfg}; восстанавливаем
его в postinst в самом конце, после всех make-шагов.
Fixes: https://github.com/armbian/build/issues/9425
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Add version-gated NETFILTER_XTABLES_LEGACY and BRIDGE_NF_EBTABLES_LEGACY
support in armbian-kernel.sh for kernels >= 6.18. Also add missing
ebtables table modules (BRIDGE_EBT_BROUTE, BRIDGE_EBT_T_FILTER,
BRIDGE_EBT_T_NAT) unconditionally to the nftables config function.
This ensures all hardware families automatically get legacy xtables
support when building kernels 6.18+, fixing Docker and Proxmox
firewall breakage without requiring per-family config changes.
Integrate the libc0607/rtl88x2eu-20230815 out-of-tree driver into the build
system under EXTRA_WIFI for kernels >= 3.14 and < 6.19.
- Fetch pinned upstream commit ccb31f4ee346d5c2dd45475d276171b2f8de8350
- Install sources under drivers/net/wireless/rtl8822eu
- Enable AP and P2P modes in driver Makefile
- Hook into kernel Kconfig and Makefile via CONFIG_RTL8822EU
Tested working on `6.12.74-current-sunxi` and `6.6.75-legacy-sunxi`.
Fixes wrong CPU vulnerability output:
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation:Vulnerable: Unprivileged eBPF enabled
It's enabled but CONFIG_BPF_UNPRIV_DEFAULT_OFF being unset causes the warning.
This warning happens on ARM32 and ARM64 devices.
Edited with:
find -name "*.config" -exec sed -i 's/# CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set/CONFIG_BPF_UNPRIV_DEFAULT_OFF=y/g' '{}' ;
CONFIG_BPF_UNPRIV_DEFAULT_OFF is a Linux kernel build-time hardening option that disables unprivileged use of the bpf() syscall (and thus unprivileged eBPF loading) by default by setting kernel.unprivileged_bpf_disabled=2 at boot. With this default, only privileged processes (e.g., with CAP_SYS_ADMIN / CAP_BPF, depending on kernel) can load eBPF unless an administrator explicitly relaxes it. [1], [2]
Operational behavior you should know
kernel.unprivileged_bpf_disabled semantics (as documented in the kernel sysctl docs/patch):
0: unprivileged bpf() allowed
1: unprivileged bpf() blocked and cannot be re-enabled until reboot (no transition back to 0 while running)
2: unprivileged bpf() blocked but admin can later switch to 0 or 1 if needed
If CONFIG_BPF_UNPRIV_DEFAULT_OFF=y, the default becomes 2 instead of 0. [2]
Signed-off-by: Rosen Penev <rosenp@gmail.com>
When building kernels with KERNEL_COMPILER=clang, compiler warnings
were displayed without color despite -fdiagnostics-color=always being
set in KCFLAGS. This GCC-native flag is not reliably honored by clang
when invoked through ccache and the kernel build system with LLVM=1.
Add -fcolor-diagnostics (clang's native flag) to the clang-specific
extra_warnings to ensure colored warning output.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
In Linux 6.19, net_device->dev_addr is const unsigned char *.
Clang with -Werror,-Wincompatible-pointer-types-discards-qualifiers
rejects passing dev_addr to non-const parameters and memcpy into it.
Fix by:
- Replacing memcpy(dev->dev_addr, ...) with dev_addr_set()
- Using local buffer + ether_addr_copy for sprdwl_set_mac_addr call
that needs mutable addr (the function modifies it in-place)
- Changing u8 *mac pointer to u8 mac[ETH_ALEN] array in cfg80211.c
where dev_addr was assigned to a non-const pointer
Relates to #9049
Add a new extension hook point in run_kernel_make_internal() that allows
extensions to modify kernel make parameters before compilation.
Extensions can now modify:
- common_make_params_quoted - parameters passed to make
- common_make_envs - environment variables for make
This enables features like CROSS_COMPILE_COMPAT for 32-bit compat vDSO
on arm64 builds without modifying core build scripts.
Refs: https://github.com/armbian/build/issues/9216
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- we've had SKIP_EXTERNAL_TOOLCHAINS=yes for ~5 years now
- drop all usages, mostly through `find_toolchains()`
- drop all manual PATH env injections (we've centralized if ever needed)
- optionally, if UBOOT_BINS_TO_OUTPUT=yes, copy them out to output/
- this might reveal differences in binwalk itself more than u-boot
- but better than nothing
- turns out everybody was wrong, including me
- some (older?) ATF sources won't work, ever; thus
- introduce ATF_SKIP_LDFLAGS=yes to skip it completely
- introduce ATF_SKIP_LDFLAGS_WL=yes to only skip the `-Wl,` prefix
- this is for ATF's that pass flag directly to linker, not gcc
- artifact-uboot: hash atf-building code into artifact version
This flag was breaking kernel's cc-option detection, causing GCC-specific
warnings (-Wpacked-not-aligned, -Wstringop-truncation, -Wmaybe-uninitialized)
to be incorrectly added to btrfs/drm/coresight builds when using clang.
* rtw88 mainline driver has good enough support for rtl8723cs
so stop patching the kernel with this ancient driver
* fixes rtl8703b (same chip as 8723cs) bluetooth firmware name file
Update all copyright notices in shell scripts from 2025 to 2026.
## Changes
- **Igor Pecovnik**: 2013-2025 → 2013-2026 (129 files)
- **Ricardo Pardini**: 2023-2025 → 2023-2026, 2020-2025 → 2020-2026 (5 files)
## Additional Improvements
Also updated the backtitle in `lib/functions/configuration/interactive.sh`:
- Changed title from "Armbian building script" to "Armbian Linux build framework"
- Removed docs link for cleaner display
- Uses dynamic year calculation with separate declaration (fixes shellcheck SC2155)
* sunxi-6.18: make the mess even worse
* fixing one of megis patches and add sunxi 32bit to the mess
* rewrite against 6.18
* fix media-ov5640-Don-t-powerup-the-sensor-during-driver-probe.patch
* fix media-sun6i-csi-implement-vidioc_enum_framesizes.patch
* fix misc-modem-power-Power-manager-for-modems.patch
* Fix usb-gadget-Fix-dangling-pointer-in-netdev-private-data.patch, include rewrite
* fix mmc-sunxi-mmc-Remove-runtime-PM.patch, two hunks no longer apply
* re-extract all of megis patches
* remove unneeded branch
* add note to disabled patch
* auto-generated, out of date
* drop megous drm patches in favor of Jernej's work. disable broken patches
* disable patch which breaks compilation for armhf
* disable breaking patch, rewrite everything
* remove patches unrelated to sunxi family
* fix spi dev compatible patch
* fix tsc2007 patch
* drop mainlined patch, adjust x96 mate T95 eth sd card hack
* remove upstreamed patch
* re-enable no longer broken
* another rewrite to align stuff properly
* adjust various comments in series.conf
* recover lost overlays
* uew5622: fix compilation against Linux 6.18
* fix Add-sunxi-addr-driver-Used-to-fix-uwe5622-bluetooth-MAC-address.patch
* adjust patch subject to make sense
* restore fixup creation
restore overlay prefix on opiz2
this needs to be properly sorted at some point
* bump to 6.18.1
sunxi and sunxi64 build just fine
* fix and re-enable drv-mfd-axp20x-add-sysfs-interface.patch
* rewrite patches
- Created patch/misc/rtw88/6.18/ directory with upstream driver patches
- Removed obsolete kernel 6.16 reference from patch conditions
- Updated comment to clarify that RF path detection fix is only needed
for kernel 6.1.x (upstreamed in 6.18+)
This fixes RTL8822CS WiFi initialization failures on kernel 6.18 where
the driver was not being properly patched due to missing version directory.
Fixes SDIO timeout errors during chip initialization.
- call_extensions_kernel_config() now declares the vars and calls
armbian_kernel_config_apply_opts_from_arrays() at the end
- so each individual hook doesn't need to
- adapt family code using the old way too
- one shall NOT use the contents of .config to determine what's in the .config
- also: introduce `opts_m` for armbian_kernel_config_apply_opts_from_arrays()
* Wireless driver patching: fix inconsistency in matching
Mathing Allwinner family via LINUXFAMILY is giving different results. sunxi doesn't cover sun5* ...
* Re-adding wireless drivers that fall out of this bug + few additional
