- Add vulkan-tools: Vulkan utilities (vulkaninfo) for testing and debugging
- Add mesa-vulkan-drivers: Vulkan drivers for Mesa GPUs (Panfrost, Lima, Radeon, Intel)
- Expand package definitions with individual inline comments describing each package:
- libglx-mesa0: Mesa OpenGL extension library for X11
- mesa-utils: Mesa utilities for OpenGL information and testing
- mesa-utils-extra: Additional Mesa demonstration programs
- glmark2 variants: OpenGL 2.0/3.0 and ES 2.0 benchmark suite with Wayland/X11 backends
- Improves code documentation and makes package purposes clear for maintainers
Signed-off-by: Igor Pecovnik <igor@armbian.com>
Disable several patches in the rockchip-6.19 kernel series including:
- PCI Link-Up IRQ handler patches
- USB phy patches
- ASoC and pmdomain fixes
- AV1 media codec patches
Signed-off-by: Igor Pecovnik <igor@armbian.com>
Replace all 43 POSIX `[ ]` tests with bash `[[ ]]` across five board-side
package hook functions (preinst, postinst_base, postinst_finish,
postinst_update_uboot_bootscript, get_bootscript_info).
Normalise `=` to `==` in the `"$1" == "upgrade"` comparison.
Collapse paired `[ A ] && [ B ]` into a single `[[ A && B ]]` where possible.
Variables that were previously unquoted inside `[ ]` (e.g. ${BOOTSCRIPT_DST},
${BOOTSCRIPT_BACKUP_VERSION}) are now properly quoted.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace POSIX `[ ]` with bash `[[ ]]`; also quote the unquoted `${2}boot0`
expansion to prevent word-splitting on the path.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace POSIX `[ ]` with bash `[[ ]]`; also quote the unquoted `$1`
positional parameter inside the file test.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace two chained POSIX `[ ]` with a single bash `[[ ]]` using `&&`
inside the double brackets.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace POSIX `[ ]` with bash `[[ ]]` on four conditionals: file/path
existence checks and an array length comparison.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace POSIX `[ ]` with bash `[[ ]]` on six conditionals: file existence
checks, string comparisons, and -n tests. Also normalise `=` to `==` in
the string comparison.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Replace POSIX `[ ]` with bash `[[ ]]` on three remaining single-bracket
conditionals: two numeric comparisons on sfdisk version (lines 251, 270)
and one -z test with unquoted variable (line 485, also adds quoting).
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
If patch B sorts after patch A but has an older mtime, it would
overwrite A's timestamp on the shared file, causing the kernel Makefile
to skip recompilation.
Fix: only call os.utime() when the new mtime is strictly greater than
the file's current mtime.
`/__pycache__/*` only covered the root level. Replace with `**/__pycache__/`
so that generated bytecode directories in lib/tools/ and elsewhere are ignored.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Add dwc2_force_mode(hsotg, true) call in USB_DR_MODE_HOST case
- Ensures proper host mode initialization for Rockchip platforms
- Applies to both 6.18 and 6.19 kernel patches
* SakuraPi RK3308B: Move to official support
* Sakura Pi RK3308B: Use mainline dts instead
* Sakura Pi RK3308B: Fix brcm wlan broken due to sdio freq was set too high
* Sakura Pi RK3308B: Fix vop panel outpout and spidev
* Use "armbian,spi-dev" compatible string instead of "rockchip,spidev"
as it is already registered in the spidev driver's OF match-table,
ensuring the driver binds correctly at runtime.
Enable the PCIe Gen2x1 controller and combo PHY on the NanoPi Zero2
to support the M.2 Key-E 2230 slot used for WiFi/BT cards (e.g. Intel
AX210).
The reset GPIO (gpio1 RK_PA2) and pinctrl (pciem1_pins) match the
vendor kernel device tree.
Note: Intel AX210 requires iwlwifi firmware >= v89
(iwlwifi-ty-a0-gf-a0-89.ucode) which may not be included in minimal
images. Install linux-firmware or armbian-firmware-full if needed.
Firmware available at:
https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/
Tested on hardware with Intel AX210 on kernel 6.18 (current branch).
Enable mainline kernel (current/edge) for the NanoPi Zero2 (RK3528):
- Add current,edge to KERNEL_TARGET
- Override BOOT_FDT_FILE to rk3528-nanopi-zero2.dtb for mainline branches
(vendor kernel uses rk3528-nanopi-rev01.dtb)
- Set SERIALCON=ttyS0 and patch boot script for mainline, as RK3528 debug
UART is UART0 (ttyS0), not UART2 (ttyS2) like other RK35xx SoCs
Tested on hardware with kernel 6.18 (current branch).
- Freeze KERNELBRANCH at v6.12.28 for current branch
- Fix max_hdmi_phy_freq value from 1650000000 to 1650000 Hz
Signed-off-by: Igor Pecovnik <igor@armbian.com>
* uefi-arm64-6.18: fix stmmac Phytium driver compilation
Remove obsolete 'has_gmac' member assignment from struct plat_stmmacenet_data.
The field was removed in newer kernels as MAC version detection is now
handled automatically from hardware registers.
Fixes compilation error:
error: 'struct plat_stmmacenet_data' has no member named 'has_gmac'
* meson64-6.19: drop upstreamed odroid regulator boot-on patch
The Odroid HC4 regulator-boot-on fix has been upstreamed in kernel 6.19.
Original patch:
Fixes: 164147f094ec ("arm64: dts: meson-sm1-odroid-hc4: add regulators")
Fixes: 45d736ab17b4 ("arm64: dts: meson-sm1-odroid: add 5v regulator gpio")
Fixes: 1f80a5cf74a6 ("arm64: dts: meson-sm1-odroid: add missing enable gpio")
Fixes: 88d537bc92ca ("arm64: dts: meson: convert meson-sm1-odroid-c4 to dtsi")
* meson64-6.18: update meson-axg mmc phase configuration
Add amlogic,mmc-phase properties to sd_emmc_b and sd_emmc_c nodes
for proper MMC timing configuration on Amlogic AXG SoCs.
* Disable Pythium onboard nic driver
* add hook to allow customizing before kernel make env creation
* Hook runs in docker_cli_prepare_launch() just before DOCKER_EXTRA_ARGS
is processed, allowing extensions to add Docker arguments with a more
descriptive hook name than add_host_dependencies.
* Extension: ccache-remote
Enables ccache with remote Redis storage for sharing compilation cache across build hosts.
Features:
- Auto-discovery via Avahi/mDNS (ccache.local hostname)
- Explicit Redis server configuration via CCACHE_REMOTE_STORAGE
- Build statistics display at end of build (hit/miss/error rates)
- Support for both Docker and native builds
- Hooks for kernel and u-boot compilation environments
Documentation includes server setup instructions with security warnings,
client mDNS configuration, and cache sharing requirements.
* uboot: fix ccache environment and add extension hook
U-Boot build uses `env -i` which clears all environment variables.
CCACHE_DIR and CCACHE_TEMPDIR were not explicitly passed to make,
unlike kernel build (kernel-make.sh). This caused ccache to use
default directory instead of configured Armbian one, breaking
cache statistics and shared cache functionality.
Changes:
- Add CCACHE_DIR and CCACHE_TEMPDIR to uboot_make_envs
- Add uboot_make_config hook for extensions (similar to kernel_make_config),
allowing modification of environment variables before compilation
* add long list of allowed ccache-related env vars
* set permissions to ccache files RW for everyone if cache not private
* ccache: add ccache_post_compilation hook for extensions
* ccache-remote: use ccache_post_compilation hook instead of cleanup handler
Show remote ccache stats after each compilation (kernel, uboot) via hook,
instead of once at the end via cleanup handler. Stats now shown even on
build failure.
* ccache: show stats with safe arithmetic
* ccache/uboot: improve code comments per review feedback
- uboot.sh: clarify ARMBIAN=foe workaround for dual-compiler scenario
- ccache-remote.sh: document that CCACHE_REDIS_CONNECT_TIMEOUT must be
set before extension loads
* ccache-remote: mask storage URLs in logs
Mask CCACHE_REMOTE_STORAGE when emitting Docker env debug logs.
* ccache-remote: extract ccache_inject_envs() helper to deduplicate passthrough loops
Extract ccache_inject_envs() helper to deduplicate identical passthrough
loops in kernel and uboot make config hooks.
ccache-remote: rename functions to follow project naming conventions
Rename get_redis_stats and mask_storage_url to ccache_get_redis_stats
and ccache_mask_storage_url to follow project naming conventions.
ccache-remote: mask credentials in debug log output for passthrough loops
Mask CCACHE_REMOTE_STORAGE value through ccache_mask_storage_url() before
logging in both Docker env and make env passthrough loops to avoid leaking
credentials into build logs.
* ccache-remote: add HTTP/WebDAV backend and DNS discovery
* ccache-remote: move extension script into directory layout
* ccache-remote: add server setup docs and config files
* ccache-remote: validate Redis credentials in URLs
* ccache-remote: document Redis auth options and safe passwords
Add separate insecure config example for trusted networks.
Recommend URL-safe hex passwords and update setup docs.
* ccache-remote: improve Docker loopback handling and IPv6 host parsing
Was only used once (orangepi5pro.csc) and has been deprecated.
Remove the implementation, the board config, and the README entry.
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Other read calls in the same file already use -r.
Without -r, backslashes in user input are interpreted as escape characters.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add extension that enables CONFIG_RUST in kernel menuconfig and
configures the build environment (rustc, rustfmt, bindgen, rust-src)
using versioned APT packages from noble-security/noble-updates.
Handles env -i in run_kernel_make_internal by passing tool paths
via RUSTC, RUSTFMT, BINDGEN make params and RUST_LIB_SRC env var.
Includes optional RUST_KERNEL_SAMPLES=yes for building sample
Rust modules (rust_minimal, rust_print, rust_driver_faux) as a
toolchain smoke test.
Tested: kernel 6.19 build for rockchip64 on aarch64, both with
and without Docker.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
При упаковке linux-headers скомпилированные бинарники из scripts/ удаляются,
так как они собраны под хост сборки, а не под целевую машину (типичный случай
кросс-сборки). Поэтому postinst при установке пакета пересобирает их нативно,
предварительно запустив `make olddefconfig`.
Однако olddefconfig не только подготавливает окружение — он заново вычисляет
конфигурацию ядра, проверяя тулчейн, доступный на целевом хосте при установке.
Если инструменты, использовавшиеся при сборке ядра, на целевой машине отсутствуют
или имеют другую версию, olddefconfig молча отключает соответствующие CONFIG_*
опции (например, CONFIG_CC_IS_CLANG, CONFIG_LTO_CLANG, CONFIG_DEBUG_INFO_BTF).
В результате установленный пакет заголовков описывает не то ядро, которое
реально собрано и работает, а то, которое можно было бы собрать на данном хосте.
Это затрагивает:
- include/generated/autoconf.h (используется препроцессором C)
- include/config/auto.conf + маркер-файлы include/config/ (используются
make-правилами kbuild)
- include/generated/rustc_cfg (используется Rust-сборками)
Все эти файлы — артефакты сборки и должны описывать скомпилированное ядро,
а не возможности хоста установки.
Исправление: при упаковке сохраняем сайдкар-тарбол с build-time версиями
include/config/ и include/generated/{autoconf.h,rustc_cfg}; восстанавливаем
его в postinst в самом конце, после всех make-шагов.
Fixes: https://github.com/armbian/build/issues/9425
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- that was for otg/ums bringup
- now `-u-boot.dts` does it instead
- add missing usbdp_phy0 with lane mux split with DP (type-c/DP)
- drop DP mux from usbdp_phy1 (which should just be type-a and no DP)
- for the Mekotronics R58X Pro LCD
- The Vinka VK2C21 (and pin-compatible VK2C21A/VK2C21B) is a memory-mapping
segment LCD controller that communicates over I2C. It can drive up to
128 segments (e.g. 32 SEG × 4 COM in 1/3 bias mode).
- Some SBCs wire this chip to GPIO pins without I2C pull-up
resistors, making the standard i2c-gpio (open-drain) driver unusable.
This driver therefore bit-bangs I2C in push-pull mode directly via GPIO,
requiring no external pull-ups.
- extra glyphs and fix for top-bar
Signed-off-by: Ricardo Pardini <ricardo@pardini.net>
Add version-gated NETFILTER_XTABLES_LEGACY and BRIDGE_NF_EBTABLES_LEGACY
support in armbian-kernel.sh for kernels >= 6.18. Also add missing
ebtables table modules (BRIDGE_EBT_BROUTE, BRIDGE_EBT_T_FILTER,
BRIDGE_EBT_T_NAT) unconditionally to the nftables config function.
This ensures all hardware families automatically get legacy xtables
support when building kernels 6.18+, fixing Docker and Proxmox
firewall breakage without requiring per-family config changes.
Force GFP_DMA32 allocation for Rockchip IOMMU v2 page tables to fix
NPU operation on systems with >4GB RAM. Without this patch, IOMMU
allocates page tables above 4GB which the NPU cannot access, causing
DMA mapping failures.
Tested on ODROID-M1 with 8GB RAM, kernel 6.18.9-current-rockchip64.
- Change Pin from origin domain to release origin for more reliable pinning
- Improve comments to clarify priority behavior (1001 prevents downgrades)
- Add explanatory comments for Ubuntu repository deprioritization
- Fix typo in upstream comment
This ensures Firefox and Thunderbird are consistently installed from the
Armbian repository with proper pinning rules.
Integrate the libc0607/rtl88x2eu-20230815 out-of-tree driver into the build
system under EXTRA_WIFI for kernels >= 3.14 and < 6.19.
- Fetch pinned upstream commit ccb31f4ee346d5c2dd45475d276171b2f8de8350
- Install sources under drivers/net/wireless/rtl8822eu
- Enable AP and P2P modes in driver Makefile
- Hook into kernel Kconfig and Makefile via CONFIG_RTL8822EU
Tested working on `6.12.74-current-sunxi` and `6.6.75-legacy-sunxi`.
Add konsole to the kde-neon base package list for a complete terminal experience.
Also add bluedevil, kscreen, pipewire-audio, pipewire-pulse, and wireplumber,
and sort the entire package list alphabetically.
Driver for Ethernet/PCI as found with Xunlong/Ky on the
OrangePi RV2/R2S source tree. Added as kernel patch since
the current spacemit family has conflicting changes with
rtl8852bs when enabling EXTRAWIFI=yes
Note: on the Xunlong/Ky tree, there is also a realtek_pgtool/
subdir that compiles a pgdrv.ko. B/c this does not have a
license indication, is only needed e.g. for MAC address
programming of efuse / eeprom, and generally does not look
required this is ommited here. For details, you may refer
to https://github.com/redchenjs/rtnicpg
Signed-off-by: Sven-Ola Tuecke <sven-ola@gmx.de>
Disable U-Boot CONFIG_MMC_UHS_SUPPORT otherwise a fast SD card does not
report "1.8 Volt mode switch possible" on kernel init which in turn does
not enable SDR104 for my SDXC card.
Fast mode ok is visible in the kernel log after booting from SD card:
root@orangepirv2:~# dmesg |grep mmc
[ 2.198816] mmc0: SDHCI controller on d4280000.sdh [d4280000.sdh] using ADMA
[ 2.224576] mmc1: SDHCI controller on d4280800.sdh [d4280800.sdh] using ADMA
[ 2.272657] mmc0: set tx_delaycode: 159
[ 2.273950] mmc0: pass window [6 68)
[ 2.276301] mmc0: pass window [72 198)
[ 2.277591] mmc0: pass window [219 255)
[ 2.277599] mmc0: tuning done, use the firstly delay_code:134
[ 2.277611] mmc0: new ultra high speed SDR104 SDXC card at address b36b
With UHS already enabled in u-boot, no tuning and no SDR104 mode is switched on
in the Linux kernel. Seems to be a side effect of an un-complete mmc_deinit() in
u-boot/driver/mmc/mmc.c. With MMC_UHS_SUPPORT disabled, the SD card does report
SD_ROCR_S18A with then leads to enter spacemit_sdhci_execute_sw_tuning() and the
subsequent switch to SDK104 or probably other 1.8 Volt modes is fine. This is at
least true for my OrangePi RV2 board.
Signed-off-by: Sven-Ola Tuecke <sven-ola@gmx.de>
This is for use with fdtoverlays directive in extlinux.conf
to enabled different configs for the Opi rv2 pin headers
Signed-off-by: Sven-Ola Tuecke <sven-ola@gmx.de>
Note: HW AES is really slow with LUKS2 when using default 512 byte block
size, regardless what cryptsetup benchmark prints out (this uses 65536
bytes). Performance is much better with luksFormat --sector-size 4096.
Signed-off-by: Sven-Ola Tuecke <sven-ola@gmx.de>
- This reverts commit e94425f6944b5a751e19f4bf7ac7dfce9f8b1035.
- I am clearly not up to par with type-c/fusb302 stuff yet
- sending this for future reference
- u-boot v2026.04-rcX has bumped dt-rebasing to v6.18, thus it knows about
NPU nodes now and we can simply symlink to kernel DT, reducing duplication by a lot
- fileenv patch (same as v2026.01)
- fdt_fixup_ethernet logging patch (same as v2026.01)
- 0000.patching_config.yaml: defconfig/dt_upstream_rockchip/dt_uboot
- notable in v2026.04:
- dt-rebasing bumped up to v6.18 (which has NPU nodes)
- this allows us to share complete DTs between kernel and u-boot via symlinks
- Kwiboo had a go at LWIP which should be usable now; Kwiboo rocks.
- drop invalid and useless enable-gpios on hdmi0 node
- was from vendor kernel
- does nothing in mainline
- is not required in mainline for working HDMI
and 8002936aac
because:
The ...fix-10mbit-ethernet patch is still necessary
Without it, the RK3308 does not connect via DHCP to 10-mbit Ethernets
The ...pinctl-slow-mux patch still compiles without error
It is <100 bytes and helps debugging GPIO issues.
I don't understand why above patches were flagged as "broken"
- rockchip64-6.19: mainline kernel (edge/6.19):
- most stuff works, incl 4G modem, NPU, RS-485, RS-232, HDMI-RX
- except:
- type-c (fusb302, I've no schematics nor will to reverse)
- DisplayPort (I don't have test hardware)
- Analog Audio (ditto)
- keep vendor u-boot for vendor branch
- mainline u-boot v2026.01:
- same DT as edge kernel, save for NPU nodes
- boot order: NVMe -> SATA -> USB -> eMMC -> Ethernet/PXE
- stable MAC addresses for GMAC0/1 via DT aliases (confirm with logging patch)
This commit enables generation of `u-boot-rockchip-spi-sata.bin`.
Flashing this to SPI flash enables U-Boot to communicate with an
attached SATA m.2 SSD, thereby allowing booting directly from SPI flash
to SATA SSD.
CONFIG_ROCKCHIP_MINI_KERNEL implicitly sets
CONFIG_DTC_OMIT_DISABLED=y
CONFIG_DTC_OMIT_EMPTY=y
this causes bundled devicetree overlays which set nodes to "disabled" to become noop.
Disable these DTC_OMIT options to restore overlay disable functionality.
Kwiboo's `rk3506` branch is WIP / rebased often. Pin to commit hash while upstreaming work is underway.
Also revert (broken) changes that attempted to keep up with this branch.
Add opt-in extension that includes gcc/clang major.minor version in the
kernel artifact version string for cache invalidation when the toolchain
changes. Enable with ENABLE_EXTENSIONS="kernel-version-toolchain".
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Replace single-line version suffix assembly with an extensible two-array
approach: artifact_version_parts (associative, key=value) and
artifact_version_part_order (indexed, "NNNN-KEY" for sortable insertion).
Extensions can add, modify, or remove parts via the
artifact_kernel_version_parts hook. Keys starting with "_" are
internal-only and not prefixed in the output.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Reduce kernel_config_modifying_hashes to last assignment per key before
hashing, so that overridden config options do not cause unnecessary
cache invalidation. Uses tac|sort to implement last-value-wins
deduplication.
Co-Authored-By: tabrisnet <tabrisnet@users.noreply.github.com>
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Fixes wrong CPU vulnerability output:
/sys/devices/system/cpu/vulnerabilities/spectre_v2:Mitigation:Vulnerable: Unprivileged eBPF enabled
It's enabled but CONFIG_BPF_UNPRIV_DEFAULT_OFF being unset causes the warning.
This warning happens on ARM32 and ARM64 devices.
Edited with:
find -name "*.config" -exec sed -i 's/# CONFIG_BPF_UNPRIV_DEFAULT_OFF is not set/CONFIG_BPF_UNPRIV_DEFAULT_OFF=y/g' '{}' ;
CONFIG_BPF_UNPRIV_DEFAULT_OFF is a Linux kernel build-time hardening option that disables unprivileged use of the bpf() syscall (and thus unprivileged eBPF loading) by default by setting kernel.unprivileged_bpf_disabled=2 at boot. With this default, only privileged processes (e.g., with CAP_SYS_ADMIN / CAP_BPF, depending on kernel) can load eBPF unless an administrator explicitly relaxes it. [1], [2]
Operational behavior you should know
kernel.unprivileged_bpf_disabled semantics (as documented in the kernel sysctl docs/patch):
0: unprivileged bpf() allowed
1: unprivileged bpf() blocked and cannot be re-enabled until reboot (no transition back to 0 while running)
2: unprivileged bpf() blocked but admin can later switch to 0 or 1 if needed
If CONFIG_BPF_UNPRIV_DEFAULT_OFF=y, the default becomes 2 instead of 0. [2]
Signed-off-by: Rosen Penev <rosenp@gmail.com>
For "reasons" extlinux provides a more stable boot.
Remove aw859a-wifi.service:
The service modprobes sprdwl_ng later in the boot process. Which
is not required. Just enabling it in modules-load.d will suffice.
I believe the reasoning for this service was to prevent a crash
which occurs if sprdwl_ng loads before cpufreq_dt. To prevent
the crash we will set in the defconfig CONFIG_CPUFREQ_DT=y.
Signed-off-by: Patrick Yavitz <pyavitz@gmail.com>
- it's not a legacy. it's just an old LTS
- config
- from last 6.12 rewrite back when 6.12 was current: eaac082190
- plus enablements from 6.19 (mostly rtw wifi et al)
- since no boards enable it, it should have zero impact on CI etc
- but still allows to build it by specifying `BRANCH=oldlts`
* Jetson Nano: retire automatic images generation - they don't work
* Cubox-i: move it to the EOS as it doesn't boot anymore and since old.
* Odroid M2: promote the board to standard support
* Orangepi3 LTS: Promote back to the supported list
- tested on actual hardware
- small fixes for:
- LEDs (new names; was wrong also in v2025.10 and previous)
- remove duplicate enablement of CONFIG_CMD_USB_MASS_STORAGE
- comment about lower USB3 port not working due share with OTG/UMS
micro-usb port that is enabled
Enable AMD Display Controller support for AMD Radeon GPUs on UEFI systems.
Add custom_kernel_config__enable_amd_dc() to uefi_common.inc with the
following kernel options for all UEFI boards except cloud:
- DRM_AMD_DC: AMD Display Controller
- DRM_AMD_DC_DCN: Display Core Next support
- DRM_AMD_DC_DSC_SUPPORT: Display Stream Compression
Provides proper display engine support for AMD graphics cards on x86,
arm64, and loong64 UEFI platforms.
Signed-off-by: Igor Pecovnik <igor@armbian.com>
- Change BOOTCONFIG from rk3506b to rk3506j variant
- Update btrfs patch to target correct defconfig
- Add OPTEE image support for secure boot functionality
apt-daily-upgrade.service uses `apt-helper wait-online` as an ExecStartPre
step. On multi-NIC systems with systemd-networkd this helper directly calls
systemd-networkd-wait-online in strict mode, waiting for all managed links
to become online.
On boards with multiple Ethernet ports where some interfaces are commonly
unplugged, this results in repeated timeouts and causes
apt-daily-upgrade / unattended-upgrades to abort, even when at least one
interface is already fully routable.
Replace the ExecStartPre step with a direct invocation of
systemd-networkd-wait-online using `--any`, allowing the service to proceed
as soon as one interface is online.
This preserves the intent of waiting for network availability while making
the behavior robust on multi-NIC and router-style systems.
Multi-port boards (e.g. NanoPi R6S) frequently have unused interfaces with
no-carrier. With the default systemd-networkd-wait-online behavior this can
result in "Online state: partial" and a timeout while waiting for all managed
links to become online.
That failure breaks units that depend on network-online.target such as
apt-daily-upgrade / unattended-upgrades.
Install a systemd drop-in overriding ExecStart to use:
systemd-networkd-wait-online --any --timeout=20
This keeps the intended "wait for networking" semantics while preventing
unplugged/unused ports from blocking boot and timers.
- Add ARMBIAN_DOCKER_AUTO_PULL environment variable (opt-in, must be explicitly set to "yes")
- Move auto-pull cronjob setup from requirements to docker CLI
- Add automatic cleanup of cronjob files when flag is disabled/removed
- Remove verbose "unchanged" messages for cleaner output
- Simplify control flow in docker_ensure_auto_pull_cronjob()
- Add docker_cleanup_old_images() to remove dangling images and keep only 2 most recent per tag
- Add docker_pull_with_marker() to pull images and update marker files tracking last pull time
- Add docker_setup_auto_pull_cronjob() to create/update system cronjob and wrapper script via hash-based detection
- Add docker_ensure_auto_pull_cronjob() to ensure cronjob is installed and up-to-date
- Create self-contained wrapper script at /usr/local/bin/armbian-docker-pull for cron execution
- Store configuration hash in /var/lib/armbian/docker-pull.hash for smart update detection
- Install cronjob at /etc/cron.d/armbian-docker-pull to pull images every 12 hours
- Move cronjob setup from docker_cli_prepare() to requirements command
- Cronjob is now only installed when users explicitly run ./compile.sh requirements
- Prevents "12 hours since last pull, pulling again" delay during builds
Signed-off-by: Igor Pecovnik <igor@armbian.com>
Requires hciattach_opi_arm64_upstream blob
Drops dependency on Add sunxi-addr driver - Used to fix uwe5622
bluetooth MAC addresses patch
Signed-off-by: Patrick Yavitz <pyavitz@gmail.com>
When building kernels with KERNEL_COMPILER=clang, compiler warnings
were displayed without color despite -fdiagnostics-color=always being
set in KCFLAGS. This GCC-native flag is not reliably honored by clang
when invoked through ccache and the kernel build system with LLVM=1.
Add -fcolor-diagnostics (clang's native flag) to the clang-specific
extra_warnings to ensure colored warning output.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
In Linux 6.19, net_device->dev_addr is const unsigned char *.
Clang with -Werror,-Wincompatible-pointer-types-discards-qualifiers
rejects passing dev_addr to non-const parameters and memcpy into it.
Fix by:
- Replacing memcpy(dev->dev_addr, ...) with dev_addr_set()
- Using local buffer + ether_addr_copy for sprdwl_set_mac_addr call
that needs mutable addr (the function modifies it in-place)
- Changing u8 *mac pointer to u8 mac[ETH_ALEN] array in cfg80211.c
where dev_addr was assigned to a non-const pointer
Relates to #9049
Replace verbose "1 day, 6 hours, 17 minutes" format with compact
"1d 6h" style for better readability. Fix alignment with Load
and Local users fields. Reads uptime directly from /proc/uptime.
The paste -sd', ' - command treats each character as a separate
delimiter to alternate between, resulting in inconsistent spacing.
Fix by using single comma delimiter then adding spaces with sed.
- Simplify printf format string and fix invalid %-0s specifier
- Use underscore for intentionally unused sudo variable
- Add proper color formatting to commands
- Improve alignment of command output
- Replace unquoted variable parsing with IFS+read for proper splitting
- Quote all variables to prevent word splitting and globbing
- Use proper [[ test ]] instead of [ test ] for consistency
- Fix printf format string to use proper argument passing
- Add short-circuit evaluation for "true" conditions to avoid eval
- Maintain same functionality with improved security
Fixes "printf: : invalid number" error when ambient temperature or board
temperature values are empty on systems without temperature sensors.
Adds error suppression and fallback to "0" for temperature formatting
to prevent script errors on systems without these sensors.
From https://lore.kernel.org/all/20251230-ncm-refactor-v1-0-793e347bc7a7@google.com/
To fix slow startup, and the issue where the system fails
to release ncm devices when shutting down after plugging
or unplugging a usb hub, which references a null pointer
This is important for devices without serial ports,
such as the Elixir, because they enable NCM
by default for headless debugging,
making it easy to trigger related bugs.
Signed-off-by: CodeChenL <2540735020@qq.com>
Add extension that enables 32-bit compat vDSO for arm64 kernels.
Without vDSO, 32-bit applications using gettimeofday() syscall heavily
suffer significant performance penalty on arm64 systems.
The extension:
- Adds gcc-arm-linux-gnueabi as build dependency
- Sets CROSS_COMPILE_COMPAT for kernel make
- Enables CONFIG_COMPAT_VDSO in kernel config
Enable with: ENABLE_EXTENSIONS=arm64-compat-vdso
Refs: https://github.com/armbian/build/issues/9216
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Add a new extension hook point in run_kernel_make_internal() that allows
extensions to modify kernel make parameters before compilation.
Extensions can now modify:
- common_make_params_quoted - parameters passed to make
- common_make_envs - environment variables for make
This enables features like CROSS_COMPILE_COMPAT for 32-bit compat vDSO
on arm64 builds without modifying core build scripts.
Refs: https://github.com/armbian/build/issues/9216
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Mainline TF-A doesn't initialize SGRF_SOC_CON8-CON15 which control
DMAC0 and DMAC1 configuration. Without this, the PL330 DMA controllers
cannot be accessed from Linux and PERIPH_ID reads as 0x0.
The fix configures SGRF registers to set DMAC manager threads to
running state and non-secure mode, then pulses DMAC reset to apply
the new configuration.
Based on community reverse-engineering:
- https://lists.denx.de/pipermail/u-boot/2023-April/514267.html
- https://gist.github.com/CrystalGamma/a68333fa4c9fda7eb6c09d30ad4937fe
Tested on Helios64 (RK3399).
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- mainline AT-F only for non-vendor BRANCH
- vendor branch uses vendor u-boot with rkbin blobs
- sorry for the confusion; I overlooked the conditional here
- Fixes: f45765e510
Add loong64 to the list of architectures prepared by prepare_host_binfmt_qemu_cross().
This allows automatic registration and use of qemu-user emulation for LoongArch64
guests, enabling rootfs bootstrap and CI workflows targeting loong64.
This aligns Armbian with Debian’s upcoming native loong64 support (Forky) and allows
testing already via debian-ports and qemu-system-loongarch64.
Signed-off-by: Igor Pecovnik <igor@armbian.com>
When the memoize cache lock is held by another process (e.g., a stale
Docker container from a previous interrupted build), the build would
hang indefinitely without any feedback to the user.
This change:
- First tries non-blocking flock, acquiring immediately if available
- If lock is busy, informs user and waits with periodic status messages
- Adds MEMOIZE_FLOCK_WAIT_INTERVAL (default 10s) for message frequency
- Adds MEMOIZE_FLOCK_MAX_WAIT (default 0=infinite) for optional timeout
- Allows user to interrupt with Ctrl+C
- Suggests checking for stale containers: docker ps -a | grep armbian
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
- LWIP has issues with TFTP (serverip/tftpserverip) on v2026.01
- Kwiboo is already sending fixes, few separate series; check v2026.04 one day
- for now just disable the 2 boards I had enabled it for and use the legacy network stack again
- Fixes: 332e43bc8c
- Fixes: d88d32b248
- Eric submitted upstream, thanks!
- Neil RB'ed it
- `b4 am -o- --add-link --check-newer-revisions "https://lore.kernel.org/all/20260116-odroid-hc4-dts-v1-1-459b601cd5cf@linuxdev.slmail.me/" > patch/kernel/archive/meson64-6.19/board-odroid-sm1-regulators-boot-on.patch`
- Armbian's patching.py chokes on b4's "cover-below-the-fold" style, small manual fix needed before rewrite
Enable CONFIG_DRM_AMD_DC, CONFIG_DRM_AMD_DC_DCN, and
CONFIG_DRM_AMD_DC_DSC_SUPPORT for all arm64 UEFI kernel configs.
This enables proper display support for modern AMD GPUs including
Radeon RX 6000 series (RDNA2 architecture) such as the Radeon 6400.
The Display Controller (DC) is required for display output on modern
AMD GPUs, while DCN (Display Core Next) provides support for newer
architectures. DSC (Display Stream Compression) enables better
bandwidth utilization for high-resolution displays.
Signed-off-by: Igor Pecovnik <igor@armbian.com>
Reorganize workflow files and names into 3 main categories:
- Data: Data collection and synchronization workflows
- Infrastructure: Infrastructure tasks (mirroring, forking)
- Maintenance: All PR checks, labels, notifications, and maintenance tasks
All workflows now have capitalized category prefixes for consistency.
Also update internal workflow references to reflect new names.
Remove usb-role-switch property from fusb302 node and replace with
extcon property. The usb-role-switch property breaks PD negotiation
and DP alt mode on kernel 6.18+.
Fix based on PR #9245 (Pinebook Pro) by amazingfate.
Apply Helios64: fix Type-C PHY registration #9158 to 6.19.
- use LWIP for networking
- enable some USB network drivers
- drop (now-default) kaslrseed as it was redundant
- add gpio expander support (for "red" LED)
- flash leds once on preboot (incl red one)
- Fixes: 4eac206ecf which over-dropped
- meanwhile for increased insanity, patch changed name as it went upstream:
- ML was `PCI: meson: Remove meson_pcie_link_up() timeout, message, speed check`
- torvalds got `PCI: meson: Report that link is up while in ASPM L0s and L1 states`
- Greg KH has already queued for 6.18.6 (coming from 6.19-rc5, so torvalds name), so remove this when that is released
- we've had SKIP_EXTERNAL_TOOLCHAINS=yes for ~5 years now
- drop all usages, mostly through `find_toolchains()`
- drop all manual PATH env injections (we've centralized if ever needed)
- a bit verbose but confirms missing `ethernet0`/`1` alias was the cause of random MACs for at least a few boards
- there's quite a few boards to fix, so we might want to pull this one level up later
- By fully describing the pcie hardware for the RTL8125s (rtl8169) present on the
board, we get to alias them to ethernet0/1. In return, (mainline) u-boot will by
default patch the runtime FDT though it's fdt_fixup_ethernet() implementation,
hopefully resulting in fully stable MAC addresses without the need to program
the RTL NIC's EEPROM; as an added benefit, u-boot MAC & kernel MAC would match,
facilitating network-boot setups.
- optionally, if UBOOT_BINS_TO_OUTPUT=yes, copy them out to output/
- this might reveal differences in binwalk itself more than u-boot
- but better than nothing
Problem:
On Helios64 boot, the Type-C PHY (ff7c0000.phy) gets stuck in
"deferred probe" state with unknown reason. This causes:
- USB 3.0 SuperSpeed via Type-C port not working
- DisplayPort via Type-C (Alt Mode) not working
The following messages appear in dmesg:
platform ff7c0000.phy: deferred probe pending: (reason unknown)
platform fe800000.usb: deferred probe pending: wait for supplier /phy@ff7c0000/usb3-port
platform fec00000.dp: deferred probe pending: wait for supplier /phy@ff7c0000/dp-port
Along with dependency cycle warnings:
/phy@ff7c0000/dp-port: Fixed dependency cycle(s) with /i2c@ff3d0000/typec-portc@22/connector
Root cause:
The Helios64 DTS uses a legacy Type-C connection method:
&tcphy0 {
extcon = <&fusb0>; // Expects extcon from fusb302
};
However:
1. The FUSB302 driver with TCPM support (since kernel ~4.14) does NOT
create extcon devices
2. Instead, it uses the Type-C connector class (/sys/class/typec/)
3. The phy-rockchip-typec driver calls extcon_get_edev_by_phandle(),
fails to find an extcon device at the specified phandle, and
returns -EPROBE_DEFER
4. The PHY remains in deferred probe indefinitely
The extcon-cables property is present in the DTS, but without a
typec_extcon_bridge node it serves no purpose.
This bug has existed since Type-C support was added to Helios64
(at least since kernel 6.6). It likely worked with older fusb302
driver versions, but broke after the transition to TCPM.
Solution:
Use the typec-extcon-bridge driver (Armbian patch from Ondrej Jirman/megi)
which translates Type-C connector class events to the extcon interface.
The Pinebook Pro patch (board-pbp-add-dp-alt-mode.patch) implements this
correctly: it has a typec_extcon_bridge node, and all extcon references
point to it rather than directly to fusb0.
Changes:
1. Add typec_extcon_bridge node with compatible = "linux,typec-extcon-bridge"
2. Change extcon = <&fusb0> to extcon = <&typec_extcon_bridge> in
tcphy0, cdn_dp, u2phy0, usbdrd_dwc3_0 nodes
3. Add usb-role-switch, mode-switch, orientation-switch properties
to fusb0 connector for integration with the bridge
4. Update PDO definitions with DUAL_ROLE and DATA_SWAP flags
5. Convert typec-altmodes property to modern altmodes subnode format
(required for TCPM port registration)
6. Add extcon,ignore-usb to u2phy0 (following Pinebook Pro pattern)
7. Add snps,usb3-phy-reset-quirk to usbdrd_dwc3_0
After this fix:
- Type-C PHY (ff7c0000.phy) no longer stuck in deferred probe
- USB 3.0 SuperSpeed via Type-C port should work
- DisplayPort via Type-C (Alt Mode) should work
- Correct cable orientation detection
- USB role switching (host/device)
Known remaining issues:
- FUSB302 fails to register TCPM port with error:
4-0022 typec_fusb302: cannot register tcpm port
This prevents USB Power Delivery negotiation. The root cause
appears to be in the connector configuration and requires
further investigation.
- Use SERIALCON instead of systemd override for serial console
- Remove fdtfile from bootenv (use BOOT_FDT_FILE instead)
- Remove ATF_COMPILER (arm64 default)
- Inline OPTEE variables into fetch_sources_tools hook
- Remove empty family_tweaks() and family_tweaks_bsp()
- Use only debug mode for ATF build
- Build fiptool in atf_custom_postprocess
- Move header creation inline into uboot_custom_postprocess
- Use <<- heredoc for Python script
This commit implements a complete parallel repository management system
that allows building and publishing Debian repositories in parallel,
significantly reducing build time for multiple distributions.
- `update-main`: Builds common/main component once for all releases
- `update -R <release>`: Builds release-specific components in isolated DBs
- `merge`: Combines common + release-specific components into final repos
- Isolated databases (aptly-isolated-<release>) avoid locking during parallel builds
- Common component built once, not duplicated per release
- Release-specific components (utils, desktop) built independently
- Final merge combines all components with proper GPG signing
- Fixed GPG signing to target top-level Release files (dists/{release}/Release)
- Pool cleanup before publishing avoids "file already exists" errors
- Smart package import skips duplicates during merge
- Proper handling of empty repositories and missing components
- Improved error handling and logging throughout
1. update-main: Build common component (once)
2. update -R <release>: Parallel workers build release-specific components
3. merge: Combine all components and publish with GPG signatures
This enables GitHub Actions to run multiple release builders in parallel,
reducing total repository build time from hours to minutes.
Signed-off-by: Igor Pecovnik <igor@armbian.com>
- move patches into version folder (`atf-rockchip` -> `atf-rockchip/v2.13`)
- also prepares patches for v2.14 since I had them anyway
- keeps using v2.13 for now, someone can test v2.14 later and bump; I've no rk3399
- new patches:
- add `-no-pie` to rk3399's m0 build LDFLAGS (since upstream doesn't honor M0_LDFLAGS)
- bump PMSURAM_RSIZE from 8k to 16k to avoid overflows - confirmed working by Amazingfate
- build tested OK on jammy/bookworm/trixie/noble/resolute
- resolute's gcc 15 and it still builds
- now each arch has its own dt folder, with its own Makefile auto-patched
- simple Makefile autopatching with `add-only: true`
- as example convert 01 null-patch to bare-dt in `dt_32/` (drop from series too)
- Autopatcher was commiting atrocities to the upstream DTs that are so
carefully hand-crafted, by simply rewriting everything, or trying to be
smart and failing at it (`incremental: true`)
- Instead, add `add-only: true` mode, where we simply only ever add to the
end of the Makefile, adding each new .dts and optionally the `subdir-y`
for overlays
- desktop images have half the world in their initrd (plymouth?)
- `bdinfo` shows reserved regions, which are hit depending on the size of initrd
- when reserved region is hit, u-boot says `** Reading file would overwrite reserved memory **`
- done by AI after looking at `bdinfo` reserved regions
- hard lesson: all `0x` hex have to be double quoted, otherwise `Wrong image format for "source" command`
- add note about Meco having conjured up `load_addr` (it's `loadaddr`); doesn't hurt
- while at it, remove copypasta/duplicate bootlogo/consoleargs stanza
- similar to `rkdevflash`, but for Mediatek devices
- also simpler; lk.bin & fip.img are produced by image build and directly used
- requires Rust+Cargo, so add those to hostdeps
- since this is a core extension, those will be included in all Docker images too
- which was bound to happen anyway since Rust in Linux Kernel is no longer an experiment
- extensions/mtkflash: sha1-based bin path, use fork & add `--no-erase-boot1`
- example invocation:
- `BOARD=radxa-nio-12l BRANCH=collabora RELEASE=trixie EXT=ufs,mtkflash MTKFLASH_TTYACM_DEVICE=1`
- u-boot stores env in UFS LUN 1
- use a 2mb offset (different from vendor/Collabora's) to avoid any env conflict
- point fw_printenv/setenv at it at the correct offset and size
- set SRC_CMDLINE, used in extlinux/EXT=u-boot-menu scenarios
- note about d4/d8/d16 irrelevance now as we have RAM autodetection
- note about where the blobs (libdram/libbase/lk.bin) live in GH: https://github.com/armbian/mtkbin
- this patches u-boot default addresses with the same values used in the boot-genio bootscript
- this enables booting extlinux with large kernels and initrd (eg: `EXT=u-boot-menu`)
- backport fixes from upstream u-boot for
- BTRFS (plus enable BTRFS and BZIP2 support for radxa-nio-12l)
- tested with `CARD_DEVICE=/dev/mmcblk1 ROOTFS_TYPE=btrfs BTRFS_COMPRESSION=zstd` (no UFS!)
- also with `EXT=ufs CARD_DEVICE=/dev/sdc ROOTFS_TYPE=btrfs BTRFS_COMPRESSION=zstd` (UFS!)
- 4k block size UFS for UMS: fixes block size issue (USB issues unhandled)
- Enable "bind" command for the Mediatek-standard USB Gadget Ethernet
- this way, one doesn't need to cripple UFS to be able to boot from SD
- USB didn't get the same treatment as it's slow and **not working**...
- ...and beyond me to fix; both OTG and Host mode are funky in u-boot...
- ...but seem to work fine in kernel
- IMPORTANT: keep in mind: "SDcard is NOT UFS (4k block)" and don't fall for traps!
- Network note:
- `setenv ethaddr xx:xx:xx:xx:xx:xx` & `saveenv` & `reset`
- required for network booting; mtk doesn't use random/cpu# MAC
- required for stable MAC in kernel (keep IP from changing, etc)
- Use TFA + libdram to obtain and set the actual memory size.
- Overwrite the memory size in the devicetree that is passed to the kernel with the actual size detected.
- All credit to Bartosz Bilas' work for the mt8188/mt8370.
- This doesn't really "use" TF-A/libdram though, those call bl33 with magic arguments which we read here.
- That is implemented by a patch in TF-A for the mt8195 platform.
- With this, bl2 will pass down the DRAM size it gets from libdram
down to bl33 (u-boot proper) via a magic location
- This is a rework of the implementation for another MTK plat (GRINN)
- genio: implemented complete bootloader build according to Collabora's scripts
- main difference from other similar stack is that TF-A builds final FIP, not u-boot
- thus I first disable ATF build initially, then build it in hook
- alternatively: we could build our own FIP, but that would diverge too much
- declare functions inside hook so hashing does all the versioning automatically
- write_uboot_platform() is a no-op; don't write bootloader to image
- ensure bootloader _builds_ across bookworm/trixie/jammy/noble/resolute
- keep in mind original code is for bookworm (tested to build and work on trixie)
- need to juggle the `-Wl,` prefix on LDFLAGS
- this is not mainline ATF and it does "stupid with flags"
- genio: u-boot: always clean optee & first atf build before building
- so one can switch build host with `DOCKER_ARMBIAN_BASE_IMAGE` (UFS...)
- genio: u-boot: using `armbian/mtkbin` repo
- outputs fip.img & lk.bin directly to output(/images)
- disk images do _not_ contain any bootloader
- small hack to get around stupid "From xx" parsing in Armbian patcher
- also: fix attribution in `0023-watchdog-mtk_wdt-Correct-maximum-timeout-from-15-to`
- Switched to the binman-atf-mainline scenario with the same rkbin DDR blob
rk3399_ddr_933MHz_v1.25.bin (TPL blob, as in the old working loader). DRAM init is correct, full
4 GB visible, Linux boots.
- U-Boot and DTS updated to v2026.01-rc5. Added MDIO/PHY node and phy-handle in rk3399-kobol-
helios64.dts, fixing “mdio node is missing”. Disabled i2s2 in the U-Boot DT to avoid rockchip-
i2s ... Could not register PCM.
- boot_targets in U-Boot config shortened (mmc1, scsi0, usb0, pxe, dhcp) to avoid env_buf ... too
small; however, the last built binary still shows the warning (needs rebuild with the shortened
list or enlarging the buffer).
- Boot flow: bootstd scans SD (mmc0) and eMMC (mmc1); SD boot works even without mmc0 in
boot_targets.
- Other changes: defconfig has CONFIG_ROCKCHIP_EXTERNAL_TPL=y to use the external DDR blob.
Boots.
The `DEST_LANG` variable affects rootfs cache content (locale is generated via
`locale-gen "${DEST_LANG}"` before cache is packaged), but it was not included in the
cache hash calculation.
This meant that changing `DEST_LANG` would not invalidate the existing cache,
potentially resulting in images with incorrect locale.
Include `DEST_LANG` in the `hash_hooks` calculation in `calculate_rootfs_cache_id()`.
Changes
- `lib/functions/rootfs/create-cache.sh`: Add `LANG=${DEST_LANG}` to the hash input
Result
Changing `DEST_LANG` now properly invalidates rootfs cache, ensuring the correct locale
is generated.
Build process generated numerous locale warnings like:
bash: warning: setlocale: LC_ALL: cannot change locale (en_US.UTF-8)
perl: warning: Setting locale failed
This happened because the Docker container and host environment were
configured to use `en_US.UTF-8`, but the rootfs cache may not contain
this locale (only `C.utf8` and whatever `DEST_LANG` specifies,
e.g. `en_GB.utf8`).
When `chroot_sdcard` runs commands inside the rootfs, environment variables
are inherited from the host/Docker, causing locale lookup failures.
Then use `C.UTF-8` locale for the build environment instead of `en_US.UTF-8`.
This locale is always available in rootfs immediately after mmdebstrap,
requiring no generation.
Changes
`lib/functions/host/docker.sh`: Remove `en_US.UTF-8` locale generation,
set `LANG=C.UTF-8` in container environment
`lib/functions/host/prepare-host.sh`: Change locale exports
from `en_US.UTF-8` to `C.UTF-8`
* tools/repository/extract-repo.sh: simplify extraction by copying directly from pool
Remove dependency on Packages index files. Instead of parsing package metadata
to find file locations, directly scan the pool/ directory structure and copy all
.deb files found in each component subdirectory.
This simplifies the code and makes it more robust since it doesn't rely on
index files being present or correctly formatted.
Signed-off-by: Igor Pecovnik <igor@armbian.com>
* Add helper script: recursively clean Armbian Debian package artifacts
* Update tools/repository/cleanup-debs.sh
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
---------
Signed-off-by: Igor Pecovnik <igor@armbian.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
- turns out everybody was wrong, including me
- some (older?) ATF sources won't work, ever; thus
- introduce ATF_SKIP_LDFLAGS=yes to skip it completely
- introduce ATF_SKIP_LDFLAGS_WL=yes to only skip the `-Wl,` prefix
- this is for ATF's that pass flag directly to linker, not gcc
- artifact-uboot: hash atf-building code into artifact version
- this prepares everything for the more boards in the family
- which will need `dt/` folder to avoid null-patches
- label & make LEDs useful
- alias mmc0/mmc1 so they match u-boot
- expose i2c3 which is exposed in the 40-pin 27:SCL3 28:SDA3 (blue pins)
- shows up at i2c1 to userspace; why would Collabora alias an undescribed bus?
- while it is nice having them, and also a good test of being able to
build the headers "board-side", enabling it by default should be a
global change, and not specific to genio
- fix bootorder (SD -> NVMe -> eMMC); USB disabled as nonworking with mainline still
- use the DT from rockchip64-6.18 so a single source for both u-boot and kernel
- note: the first (and only) RTL8169 used by u-boot is the port closest to board edge
- For 6.18 + 6.19
- mixtile-blade3: add 4-pin header fan at 40c
- mixtile-blade3: add gpu nodes
- mixtile-blade3: add vcc5v0-host-en "usb" pinctrl
- somehow results in 2 working RTL8169's behind the ASM1182e on pcie2x1l0
- which just means the _schematics lie_
- mixtile-blade3: drop rst pinctrl from pcie2x1l0 and pcie2x1l1
- this is me probably being stupid, but also required for working ASM1182e/RTL8169
- Status of this mainline port:
- Initially started by Joshua Riek (2023?)
- I then added some PCIe3x4 stuff, but never got around to finishing it
- Specifically, the 2 FUSB302's are beyond me for now
- One of them _powers_ the board. To use with mainline, power the board some other way with 12V, otherwise kaboom.
- See sre's talk on this issue; Blade3 should be similar to Rock-5b in this aspect.
- A challenge has been the PCI2x1 lanes to the miniPCIe and ASM1182e switch
- Which by themselves seem to work, but the devices behind them (Switch + RTL8169 NICs) do not get powered
- Until one day I tried to describe a (in theory) USB-related power pin, and suddenly both PCIe NICs started working!
- All that said, the board is really not stable with this; end-users are much better off with vendor kernel for now.
- Any and all help is appreciated. Those boards are nice, they've 2 FUSB302, and fancy PCIe Endpoint mode stuff.
- Schematics we have access to are in https://damwold5pt25n.cloudfront.net/blade3/file/Schematic_Blade_3_v1.1.0.pdf
- Those clearly lie.
This flag was breaking kernel's cc-option detection, causing GCC-specific
warnings (-Wpacked-not-aligned, -Wstringop-truncation, -Wmaybe-uninitialized)
to be incorrectly added to btrfs/drm/coresight builds when using clang.
* rtw88 mainline driver has good enough support for rtl8723cs
so stop patching the kernel with this ancient driver
* fixes rtl8703b (same chip as 8723cs) bluetooth firmware name file
- The deleted patch is not necessary because rkvdec patch v7 has removed
h264 sps check at start. And future version of chromium can also get rid
of the issue that patch has fixed.
- rpardini: squash with removal of v5
* DFI driver fix to let DDR3 rk322x handle DMC driver
* edge kernel: removal for Gigabit Ethernet DMA
workaround for rk3288
* reinstate CONFIG_DEBUG_FS=y with both current/edge kernels
- Remove redundant run_cmd function, use run_aptly consistently
- Include EOS releases in repository processing (remove -ve 'eos' filter)
- Fix showall command to auto-discover repos from isolated databases
- Fix source file preservation in parallel mode (keep sources for workers)
- Fix snapshot management to handle published snapshots correctly
- Fix drop_unsupported_releases to only drop unsupported, not all repos
- Remove isolated DB cleanup that caused data loss on each run
- Remove inappropriate sudo usage from html and date commands
- Enable FORCE_PUBLISH by default for better workflow
- Improve common snapshot creation in isolated mode
- Add isolated database support to showall function
Signed-off-by: Igor Pecovnik <igor@armbian.com>
* Modify radxa-e54c board config to fix leds, network and Gnome
Modify led setup section to use new led device names
Add a keyfile /etc/NetworkManager/conf.d/99-unmanaged-devices.conf to set the internal ethernet, end1, used to connect to the internal switch chip to unmanaged. This interface doesn't accept dhcp IP addresses and Network Manager attempts to connect it via dhcp causing errors.
A vendor kernel build with Gnome desktop attempts to use Wayland unsuccessfully causing the desktop to take over 10 minutes to initialise eventually using X11. Modify the board /usr/lib/armbian/armbian-firstlogin file to set WaylandEnable = false if the build is for a vendor kernel with a Gnome desktop.
* Update config/boards/radxa-e54c.conf
Tested the suggestion and it works.
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* Removing the RedHat-specific plugin
---------
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Ubuntu 25.04+ replaced GNU coreutils with uutils coreutils, a Rust-based
reimplementation of Unix core utilities. These are different projects
with the same package name:
- GNU coreutils 9.x (C) - Ubuntu ≤24.04
- uutils coreutils 0.x (Rust) - Ubuntu ≥25.04
The uutils comm doesn't recognize sort output as sorted, causing
"comm: file is not in sorted order" errors.
Replace comm patterns with:
- grep -vxFf for set difference (lines in B but not in A)
- sort | uniq -d for finding duplicates
These alternatives don't depend on comm, ensuring compatibility
with both GNU and uutils coreutils.
**Repository tools: enable parallel repo generation and refactor repo.sh**
Add support for parallel repository generation using GitHub Actions, allowing
multiple workers to build different releases concurrently without database
locking conflicts.
### Highlights
- Add `-R/--single-release`, `update-main`, and `merge` for CI-level parallelism
- Use isolated per-release databases; remove local `-j/--parallel-jobs`
- Sign all Release files; optimize signing order
- Add `extract-repo.sh` for extracting and reorganizing packages from repositories
- Replace file-based logging with syslog (`logger`), removing sudo requirement
- Improve error handling, signing logic, and robustness
- Refactor repo.sh for better readability and documentation
- Apply CodeRabbit-recommended fixes
Signed-off-by: Igor Pecovnik <igor@armbian.com>
- https://github.com/t2linux/linux-t2-patches/tree/6.19
- except `1002-Put-apple-bce-in-drivers-staging.patch` where we had already diverged
- except `7001-drm-i915-fbdev-Discard-BIOS-framebuffers-exceeding-h.patch` to keep attribution
- (don't) Apply suggestion from rabbit (loose quote) - rabbit was wrong
- rewritten against 6.19-rc3
- Add mainline device tree for YY3588 board
- Enable all peripherals: USB 3.0, Ethernet, PCIe, HDMI
- Add RK8602 PMIC regulators for CPU/NPU power
- Enable I2C buses for PMIC and RTC
- Fix pinctrl conflicts (I2C1 M2, disable SFC for UART7)
- Configure USB-C and USB 3.0 host ports
- Add HDMI0 output with HDPTX PHY
- Enable thermal management with PWM fan
- Add SD card and eMMC storage support
- Configure all UARTs, I2S audio, and SPI buses
- ES8323 audio codec currently disabled for further debugging
- no need for vendor u-boot, as mainline can boot vendor kernel fine
- update comments with hardware pin references
- mainline boot order: NVMe -> USB -> eMMC
- boot order: NVMe -> MMC
- GMAC works
- nvme works
- `ums` et al working
- usb3 ports (on carrier board) work
- DT is copy (not symlink) from kernel DT due to NPU nodes
- vendor:
- kernel: armbian/linux-rockchip already had a DTS from jriek
- u-boot: taken from jriek (reorg'ed the defconfig)
- edge:
- kernel: taken from jriek's 6.11 wip branch
- u-boot: generic (can only boot SD/eMMC)
Switch to NO_HZ_IDLE for energy saving. Also enable Menu cpuidle
governor for tickless systems.
Signed-off-by: Rosen Penev <rosenp@gmail.com>
Signed-off-by: Igor Pecovnik <igor@armbian.com>
> merry everything and a happy always
- mainline:
- enable "edge" branch, with custom DT
- works: almost everything
- does NOT work:
- USB-C port is only for OTG/UMS (NOT USB3-host) - didn't describe fusb302 et al in DT
- any of the 3x HDMI -> MIPI (or whatever) HDMI-In's (thus this is a 1x1, not 4x1)
- front USB3 blue ports are actually USB2 (also in vendor kernel)
- front USB2 black ports don't work (but are powered)
- Analog audio - didn't describe, could be, but I've no way to test
- use mainline u-boot v2026.01-rc5 (with custom DT/defconfig/etc) with mainline ATF
- boot order: SD -> NVMe -> USB -> eMMC -> ETH
- adapt usage of shared "mekotronics" vendor include only for vendor/legacy
- also fix DTB: `rockchip/rk3588-blueberry-r58-4x4.dtb` for vendor
- same across vendor and mainline
- mainline u-boot kinda-boots vendor kernel, but TF-A mismatch ref HDMI-rx
- so use vendor u-boot and rk blob for vendor branch/kernel
- straight-ish from vendor (which is a complete mess)
- front:
- blue ports work (in usb2.0 mode, which also happens in vendor kernel)
- black ports do NOT work (but are powered...?)
- back:
- white ports work in usb 2.0 mode (as expected, also in vendor kernel)
- those ports have too-long wires (flat cable) and reset all the time
- in summary: blue "USB3" ports at the front work in USB2.0 mode
- rest doesn't
- also enable CONFIG_ROCKCHIP_MASKROM_IMAGE for quick development
- fix conflicting vendor hook
- only hack the vendor u-boot down to next-dev-v2024.03 for vendor/legacy
* fix(rootfs): pass GIT_FIXED_WORKDIR inline to fetch_from_repo
Instead of using 'export GIT_FIXED_WORKDIR' and then 'unset' after,
pass the variable inline to the fetch_from_repo call. This ensures
the variable only exists in the context of that specific command
and doesn't leak into subsequent calls.
This follows the same pattern used in uboot-git.sh and kernel-git.sh.
---------
Co-authored-by: Viacheslav Bocharov <adeep@lexina.in>
- Remove redundant daily cron schedule (already runs on push to main)
- Add concurrency control to cancel old runs
- Improve formatting and add clarifying comments
- Add push trigger for main branch
- Restructure README for better scannability and information hierarchy
- Add prominent Armbian Imager recommendation at the top
- Improve Build Host Requirements organization (Hardware/OS/Software)
- Simplify and clarify language throughout
- Better resource link descriptions
- Remove redundant "Download Prebuilt Images" section
The README now better guides users to Armbian Imager while still
providing clear information for those building from source.
Update all copyright notices in shell scripts from 2025 to 2026.
## Changes
- **Igor Pecovnik**: 2013-2025 → 2013-2026 (129 files)
- **Ricardo Pardini**: 2023-2025 → 2023-2026, 2020-2025 → 2020-2026 (5 files)
## Additional Improvements
Also updated the backtitle in `lib/functions/configuration/interactive.sh`:
- Changed title from "Armbian building script" to "Armbian Linux build framework"
- Removed docs link for cleaner display
- Uses dynamic year calculation with separate declaration (fixes shellcheck SC2155)
Problem: armbian-base-files artifact for jammy fails to build because
apt_find_upstream_package_version_and_download_url() looks for 'jammy-updates'
in https://github.armbian.com/base-files.json, but only 'jammy' key exists.
Root cause:
- For Ubuntu LTS (focal, jammy), code sets package_download_release to '${RELEASE}-updates'
- JSON file from github.armbian.com only has base release keys (jammy, noble, etc)
- jq query returns null for 'jammy-updates'
- Artifact excluded from build matrix after 10 retries
Solution: Add fallback logic
- First try with '-updates' suffix (jammy-updates)
- If not found and release ends with '-updates', retry with base release (jammy)
- This allows using base release data when -updates is not available
Impact:
- Fixes jammy base-files artifact build
- Allows jammy images to build (they depend on this artifact)
- Maintains preference for -updates when available
- No impact on other releases (Debian, non-LTS Ubuntu)
- works pretty nice (albeit no USB support in kernel, only u-boot)
- this is still `WiP`: once Kwiboo lands his rk3528 patchset,
most of this will change / be much simpler. Just be patient!
- Important: the Realtek DSA switch chip is not really understood
by the likes of NetworkManager and systemd-networkd; they'll think
the board has 4 ethernet interfaces, which is not really true.
Only one real MAC address (the SoC's GMAC) exists; in front of it
is a programmable switch; to make it work one needs custom setup
to bridge the LANx ports and keep WAN separate. Even then, the
WAN port will have the same MAC as LANx and needs to be really
used on a separate physical network, otherwise chaos/conflicts.
For simple usage/testing, I recommend to connect only LAN1 and
disable the other ports in NetworkManager after the first boot.
- Note: `edge` u-boot can be written to MTD/SPI-FLASH and works.
But keep in mind it _cannot_ boot the vendor kernel (it hangs
during pcie init); might work when booting from SD, if pcie is
not enumerated by u-boot.
- works: PCIe/NVMe, GMAC, Realtek DSA switch, SD, SPI-NOR
- does not work: USB (I didn't manage to pick correctly; lets wait for Kwiboo on this)
- untested: everything else
- the gmac works, but is connected to switch chip that is not supported by u-boot
- here I disable gmac1 for the u-boot DT
- that allows for easier booting from USB ethernet adapters
* sunxi-6.18: make the mess even worse
* fixing one of megis patches and add sunxi 32bit to the mess
* rewrite against 6.18
* fix media-ov5640-Don-t-powerup-the-sensor-during-driver-probe.patch
* fix media-sun6i-csi-implement-vidioc_enum_framesizes.patch
* fix misc-modem-power-Power-manager-for-modems.patch
* Fix usb-gadget-Fix-dangling-pointer-in-netdev-private-data.patch, include rewrite
* fix mmc-sunxi-mmc-Remove-runtime-PM.patch, two hunks no longer apply
* re-extract all of megis patches
* remove unneeded branch
* add note to disabled patch
* auto-generated, out of date
* drop megous drm patches in favor of Jernej's work. disable broken patches
* disable patch which breaks compilation for armhf
* disable breaking patch, rewrite everything
* remove patches unrelated to sunxi family
* fix spi dev compatible patch
* fix tsc2007 patch
* drop mainlined patch, adjust x96 mate T95 eth sd card hack
* remove upstreamed patch
* re-enable no longer broken
* another rewrite to align stuff properly
* adjust various comments in series.conf
* recover lost overlays
* uew5622: fix compilation against Linux 6.18
* fix Add-sunxi-addr-driver-Used-to-fix-uwe5622-bluetooth-MAC-address.patch
* adjust patch subject to make sense
* restore fixup creation
restore overlay prefix on opiz2
this needs to be properly sorted at some point
* bump to 6.18.1
sunxi and sunxi64 build just fine
* fix and re-enable drv-mfd-axp20x-add-sysfs-interface.patch
* rewrite patches
- otherwise it is lost in a temp dir that is cleaned before the end of run
- same place as the `sample-extension.sh`
- keep in mind original limitations of this still apply:
- only extension methods _actually used_ by the specific run are included
- thus, it will _never_ be complete
6.6-stable commit 4e83377 is not easily mergeable with hardkernel 0cd454a
and it is not clear whether the memleak it fixes occurs with the
hardkernel code at all. As such, drop it entirely.
* Add BOARD_VENDOR to board configs
* Add BOARD_VENDOR to all board configuration files
- Added BOARD_VENDOR variable to board configuration files
- Using lowercase vendor slugs (e.g., friendlyelec, radxa, xunlong)
- Set 'generic' for boards without clear vendor match
- TV box files (.tvb) excluded as they have no clear vendor
- Enables better board categorization and vendor-specific handling
* Manual adjustements on top of AI matching
* Drop doubled definition and add retroid vendor
- vendor stuff boots, mostly works
- edge started, using Kwiboo's tree, but not enabled
- u-boot mostly works, but needs rework against v2026.01
- revisit after 6.19
- rk3528 pcie already landed
- the RTL8367RB switch vs the GMAC might need more work
This is a rk3566 tv box evaluation demo board.
Specification:
- Rockchip RK3566
- DDR4 4GB
- TF sd scard slot
- eMMC
- AP6398S for WiFi + BT
- Gigabit ethernet
- HDMI out
- USB HOST 2.0 x 2
- USB 3.0 x 1
- USB OTG 2.0 x 1
- 12V DC Power supply
Signed-off-by: Andy Yan <andyshrk@gmail.com>
Add asound.state configuration for NanoPC T6 and T6 LTS to properly
configure audio devices and mixer settings.
- Set ASOUND_STATE variable in board config
- Add asound.state.nanopct6 blob with preconfigured mixer settings
This ensures audio devices are properly initialized on first boot.
- Created patch/misc/rtw88/6.18/ directory with upstream driver patches
- Removed obsolete kernel 6.16 reference from patch conditions
- Updated comment to clarify that RF path detection fix is only needed
for kernel 6.1.x (upstreamed in 6.18+)
This fixes RTL8822CS WiFi initialization failures on kernel 6.18 where
the driver was not being properly patched due to missing version directory.
Fixes SDIO timeout errors during chip initialization.
Use $DOCKER_INFO to check for podman vs dockerd, and conditionally
`exec` and `dev` volume options, which are needed on podman but not
allowed on dockerd.
It hasn't been an issue for Docker because their defaults didn't
conflict, but Podman mounts volumes with nodev (and formerly noexec) by
default, which would break the build. Adding `dev` and `exec` to the
volume mount options ensures the needed setting whatever the defaults.
- having CONFIG_DUMMY=y causes a fake/dummy interface `dummy0` to be
_always_ present
- that in turn can confuse things like cloud-init in nocloud-net mode
- changing it to module, it can still be used (just modprobe)
- I found this using `linux-rk35xx-vendor`, but I reason it applies to
all kernels; most other kernels already have it `=m`
A couple of these configs have gotten out of sync with is making it
difficult for the automation scripting to properly re-write these
configs correctly. Mostly due to the "edge" kernel being updated
to the latest v6.18 kernel, but also due to the RT config not being
updated in some time. Manually update these configs and check for
correctness.
Signed-off-by: Andrew Davis <afd@ti.com>
The device tree aliases show:
- mmc0 = sdhci (eMMC, 8-bit, non-removable)
- mmc1 = sdmmc (SD card, 4-bit, removable)
Previous boot order (mmc0, nvme, mmc1) caused the system to always
boot from eMMC when multiple storage devices were present, ignoring
bootable SD cards.
New boot order (mmc1, nvme, mmc0) now correctly prioritizes:
1. SD card
2. NVMe
3. eMMC
This ensures consistent boot behavior when using SD card as primary
boot device.
- Add mainline U-Boot support for edge branch (v2026.01-rc2)
- Add U-Boot defconfig patch for nanopi-r76s
- Fix USB3.0 Type-A host port configuration in DTS
- Enable USB OTG0 controller in host mode with power GPIO control
- Set KERNEL_TEST_TARGET to edge
run-name:Update Tools in Scripts by @${{ github.actor }}
#
# Some of our scripts download tools from a repo. These can't be bumped by dependabot, so this workflow is a self-created dependabot to bump versions of those tools to stay up-to-date.
# This workflow only creates a PR if the version was actually updated.
# To add a new tool, it just needs to be added to the matrix below by filling out all the variables.
#
permissions:
contents:write
pull-requests:write
on:
workflow_dispatch:
schedule:
- cron:"42 3 16 * *"# Run monthly on the 16th day of the month at 03:42 AM (random value as to not overload GitHub)
jobs:
update-tool-version:
name:Update ${{ matrix.tool.REPO_NAME }} version
runs-on:ubuntu-latest
# Add new tools here, no need to add anything anywhere else.
# Only works for tools hosted on GitHub for now.
strategy:
matrix:
tool:
# Shellcheck
- USER_NAME:"koalaman"# GitHub user name
REPO_NAME:"shellcheck"# GitHub repo name
PROJECT_NAME:"koalaman/shellcheck"# This is always USER_NAME/REPO_NAME (like in the GitHub URL)
VAR_FILE:"lib/tools/shellcheck.sh"# Where the version variable of the tool is saved
VERSION_VAR:"SHELLCHECK_VERSION"# Version variable how it appears in the script
# Shellcheck #2
- USER_NAME:"koalaman"
REPO_NAME:"shellcheck"
PROJECT_NAME:"koalaman/shellcheck"
VAR_FILE:"lib/functions/general/shellcheck.sh"
VERSION_VAR:"SHELLCHECK_VERSION"
# Shellfmt
- USER_NAME:"mvdan"
REPO_NAME:"sh"
PROJECT_NAME:"mvdan/sh"
VAR_FILE:"lib/tools/shellfmt.sh"
VERSION_VAR:"SHELLFMT_VERSION"
# ORAS
- USER_NAME:"oras-project"
REPO_NAME:"oras"
PROJECT_NAME:"oras-project/oras"
VAR_FILE:"lib/functions/general/oci-oras.sh"
VERSION_VAR:"ORAS_VERSION"
# Bat
- USER_NAME:"sharkdp"
REPO_NAME:"bat"
PROJECT_NAME:"sharkdp/bat"
VAR_FILE:"lib/functions/general/bat-cat.sh"
VERSION_VAR:"BATCAT_VERSION"
steps:
- name:Checkout repository
uses:actions/checkout@v6
- name:Get current ${{ matrix.tool.PROJECT_NAME }} version
title:"Bump ${{ matrix.tool.PROJECT_NAME}} from ${{ steps.get-version-current.outputs.version_current }} to ${{ steps.get-version-latest.outputs.version_latest }} in `${{ matrix.tool.VAR_FILE}}`"
body:|
Bump [${{ matrix.tool.PROJECT_NAME}}](https://github.com/${{ matrix.tool.PROJECT_NAME }}) from ${{ steps.get-version-current.outputs.version_current }} to ${{ steps.get-version-latest.outputs.version_latest }} by bumping `${{ matrix.tool.VERSION_VAR}}` in `${{ matrix.tool.VAR_FILE}}`.
:arrow_heading_up:**Pullrequest** to [$GITHUB_REPOSITORY](<$GITHUB_SERVER_URL/$GITHUB_REPOSITORY>) by [$GITHUB_ACTOR](<$GITHUB_SERVER_URL/$GITHUB_ACTOR>) - **Please review!** \
:point_right:[Link](<$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/pull/${{github.event.pull_request.number}}>): *$(git show -s --format=%s)*\"}" ${{ secrets.WEBHOOKURL }}
# Run kernel-hardening-checker for each kernel config file excluding RISC-V configs, since they are not supported yet.
# See https://github.com/a13xp0p0v/kernel-hardening-checker/issues/56
# sed explanation: 1) Put spaces in front of every line 2) replace colored output with emojis since GitHub Actions job summaries don't support colored output
run:|
for file in ${{ steps.changed-files.outputs.all_changed_files }}; do
if [[ "${file}" = config/kernel/*.config && ! $(head -n 10 "${file}" | grep -q "riscv") ]]; then
:arrow_heading_up:**Pullrequest** to [$GITHUB_REPOSITORY](<$GITHUB_SERVER_URL/$GITHUB_REPOSITORY>) by [$GITHUB_ACTOR](<$GITHUB_SERVER_URL/$GITHUB_ACTOR>) - **Please review!** \
:point_right:[Link](<$GITHUB_SERVER_URL/$GITHUB_REPOSITORY/pull/${{github.event.pull_request.number}}>): *$(git show -s --format=%s)*\"}" ${{ secrets.WEBHOOKURL }}
# Run kernel-hardening-checker for each kernel config file excluding RISC-V configs, since they are not supported yet.
# See https://github.com/a13xp0p0v/kernel-hardening-checker/issues/56
# sed explanation: 1) Put spaces in front of every line 2) replace colored output with emojis since GitHub Actions job summaries don't support colored output
run:|
for file in ${{ steps.changed-files.outputs.all_changed_files }}; do
if [[ "${file}" = config/kernel/*.config && ! $(head -n 10 "${file}" | grep -q "riscv") ]]; then
run-name:Update Tools in Scripts by @${{ github.actor }}
#
# Some of our scripts download tools from a repo. These can't be bumped by dependabot, so this workflow is a self-created dependabot to bump versions of those tools to stay up-to-date.
# This workflow only creates a PR if the version was actually updated.
# To add a new tool, it just needs to be added to the matrix below by filling out all the variables.
#
permissions:
contents:write
pull-requests:write
on:
workflow_dispatch:
schedule:
- cron:"42 3 16 * *"# Run monthly on the 16th day of the month at 03:42 AM (random value as to not overload GitHub)
jobs:
update-tool-version:
name:Update ${{ matrix.tool.REPO_NAME }} version
runs-on:ubuntu-latest
# Add new tools here, no need to add anything anywhere else.
# Only works for tools hosted on GitHub for now.
strategy:
matrix:
tool:
# Shellcheck
- USER_NAME:"koalaman"# GitHub user name
REPO_NAME:"shellcheck"# GitHub repo name
PROJECT_NAME:"koalaman/shellcheck"# This is always USER_NAME/REPO_NAME (like in the GitHub URL)
VAR_FILE:"lib/tools/shellcheck.sh"# Where the version variable of the tool is saved
VERSION_VAR:"SHELLCHECK_VERSION"# Version variable how it appears in the script
# Shellcheck #2
- USER_NAME:"koalaman"
REPO_NAME:"shellcheck"
PROJECT_NAME:"koalaman/shellcheck"
VAR_FILE:"lib/functions/general/shellcheck.sh"
VERSION_VAR:"SHELLCHECK_VERSION"
# Shellfmt
- USER_NAME:"mvdan"
REPO_NAME:"sh"
PROJECT_NAME:"mvdan/sh"
VAR_FILE:"lib/tools/shellfmt.sh"
VERSION_VAR:"SHELLFMT_VERSION"
# ORAS
- USER_NAME:"oras-project"
REPO_NAME:"oras"
PROJECT_NAME:"oras-project/oras"
VAR_FILE:"lib/functions/general/oci-oras.sh"
VERSION_VAR:"ORAS_VERSION"
# Bat
- USER_NAME:"sharkdp"
REPO_NAME:"bat"
PROJECT_NAME:"sharkdp/bat"
VAR_FILE:"lib/functions/general/bat-cat.sh"
VERSION_VAR:"BATCAT_VERSION"
steps:
- name:Checkout repository
uses:actions/checkout@v5
- name:Get current ${{ matrix.tool.PROJECT_NAME }} version
title:"Bump ${{ matrix.tool.PROJECT_NAME}} from ${{ steps.get-version-current.outputs.version_current }} to ${{ steps.get-version-latest.outputs.version_latest }} in `${{ matrix.tool.VAR_FILE}}`"
body:|
Bump [${{ matrix.tool.PROJECT_NAME}}](https://github.com/${{ matrix.tool.PROJECT_NAME }}) from ${{ steps.get-version-current.outputs.version_current }} to ${{ steps.get-version-latest.outputs.version_latest }} by bumping `${{ matrix.tool.VERSION_VAR}}` in `${{ matrix.tool.VAR_FILE}}`.
The **Armbian Linux Build Framework** creates minimal, efficient, and fully [customizable operating system images](https://docs.armbian.com/#key-features) based on **Debian** or **Ubuntu**. It is designed specifically for **low-resource single board computers (SBCs)** and other embedded devices.
The **Armbian Linux Build Framework** creates customizable OS images based on **Debian** or **Ubuntu** for **single-board computers (SBCs)** and embedded devices.
This toolchain compiles a custom **Linux kernel**, **bootloader**, and **root filesystem**, providing fine-grained control over:
It builds a complete Linux system including kernel, bootloader, and root filesystem, giving you control over versions, configuration, firmware, device trees, and system optimizations.
- Kernel versions and configuration
- Bootloader selection and customization
- Filesystem layout and compression
- Additional firmware, overlays, and device trees
- System optimizations for performance and size
The framework supports **native**, **cross**, and **containerized** builds for multiple architectures (`x86_64`, `aarch64`, `armhf`, `riscv64`) and is suitable for development, testing, production, or automation.
The framework supports **native**, **cross**, and **containerized** builds for multiple architectures (`x86_64`, `aarch64`, `armhf`, `riscv64`), and is suitable for development, testing, production deployment, or automation pipelines.
> **Looking for prebuilt images?** Use [Armbian Imager](https://github.com/armbian/imager/releases) — the easiest way to download and flash Armbian to your SD card or USB drive. Available for Linux, macOS, and Windows.
It ensures **consistency across devices** while remaining modular and extensible through a variety of configuration files, templates, and user patches.
Armbian's [partnership program](https://forum.armbian.com/subscriptions) helps to support Armbian and the Armbian community! Please take a moment to familiarize yourself with [our Partners](https://armbian.com/partners).
Our [partnership program](https://forum.armbian.com/subscriptions) supports Armbian's development and community. Learn more about [our Partners](https://armbian.com/partners).
@ -80,7 +80,6 @@ If you are unsure about the documentation then invoke `$ grep -r -A5 -B5 "BUILD_
- [branch]: Use specified [branch] kernel
- [none]: Exits with error
- **KERNEL_TEST_TARGET** ( comma-separated list of kernel releases or branches ): if test targets are different for testings. Also applies to build list generation. (internal switch)
- **KERNEL_UPGRADE_FREEZE** ( comma-separated list of kernels with versions obove which they stop updating, example: KERNEL_UPGRADE_FREEZE="vendor-rk35xx@24.8.1,current-rockchip-rk3588@24.8.2" )
- **FULL_DESKTOP** ( boolean ): defines whether to install desktop stack of applications such as office, thunderbird, etc..
BOARD_NAME="T95Z Plus" # (a q201 Chinese clone with internal amlogic ethernet 1gbit, complete with a chunk of metal inside to delay thermal throttling)
BOARD_VENDOR="amlogic"
BOOT_FDT_FILE="amlogic/meson-gxm-t95z-plus.dtb" # From chewitt's patches
BOARDFAMILY="meson-gxl" # s912's are actually meson-gxm, no harm done.
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.
