[LEDE-DEV] Release 17.01.0 binary packages have changed and SDK inconsistency

Alberto Bursi alberto.bursi at outlook.it
Wed Mar 29 00:09:26 PDT 2017



On 03/29/2017 06:08 AM, James Feeney wrote:
> Realize?  No - I'm still learning how this build process works in LEDE.  My
> impression is that you are distinguishing between "packages" and some other type
> of thing, which the lede-project.org site seems to implicitly, and generically,
> refer to as just "firmware" - even though a "package" is also a type of
> "firmware", and this "firmware" is also a type of "package".  I will infer that
> you mean to distinguish between the "kernel and base filesystem" package from
> all other "packages".

LEDE is using the standard term for "package" in linux world, where a 
"package" is an archive containing a program or some scripts and its 
accompanying configuration and information used to integrate it in the 
system, installed by a package manager (opkg in this case), and the 
whole system is made of such packages assembled together around a Linux 
kernel.

Each package is compiled on its own and then when it's all done the 
packages are "installed" in a temporary root that will then be 
compressed to become the squashfs root in the device firmware.

Also the kernel is handled like a package for the build system, but 
since most devices expect it outside of root filesystem in various ways, 
it's added to the firmware image the way the device's bootloader expects it.


This is all pretty standard for any other Linux distro, Ubuntu, Debian, 
OpenSUSE, RHEL, whatever.

> You also seem to be implying that all the various "kernel and base filesystem"
> package builds are now precisely repeatable - even though this fact does not
> seem to be documented anywhere.

If you look at a random package makefile (the file defining settings for 
building a specific package)
https://github.com/lede-project/source/blob/master/package/utils/adb/Makefile

You will notice that it states the official download link for the 
sources, a SHA256 hash and a specific version for the package name.
On some other packages it will state git commit or other way to identify 
the same source to pull down and build.
They generally favor tarballs, archives with sources from official 
releases, but some upstream projects don't always have that.

In /patches folder of each package's folder you will find any patches 
that will be applied to the source after downloading it, before 
compiling, again the example package:
https://github.com/lede-project/source/blob/master/package/utils/adb/patches/001-create_Makefile.patch
There are also other folders for configuration files or for uci 
integration for each package that needs it (the example package does not).

The kernel's makefile is a bit more complex because of reasons, but you 
can see that it still uses the same structure,
pulling down the same kernel version (depending from device) every time.

https://github.com/lede-project/source/blob/master/package/kernel/linux/Makefile

Then all this stuff is compiled by LEDE's own toolchain, which is again 
handled like packages (see /toolchain and /tools) so you will always 
have the same compiler/tools as everyone else as they get downloaded 
from the same sources and at the same version.

When you run a "make" the LEDE build system will use your system's 
existing building infrastructure to compile the LEDE's toolchain first, 
and then use that to compile the packages. This also has the major 
benefit of not requiring the user to set up a cross-compiling toolchain 
that is rather annoying and relatively complex.

Is this enough for having repeatable builds?
I'm more like a long-time user so I don't know what "repeatable builds" 
mean beyond what I read from the internet, it seems this is more or less it.

>
> With respect to the lingo, "package feeds" and "project making the release", I
> have no understanding of the meaning of that statement.  Perhaps you could
> define precisely "package feeds" and "project making the release"?

Just as OpenWRT, there is a main project where the packages are 
maintained directly from core developers, and "package feeds" that are 
source repositories that contain additional packages, maintained by 
community (each package has its own maintainer).
This is LEDE's main repo (on github) https://github.com/lede-project/source

These are official package feeds (currently shared with OpenWRT):
https://github.com/openwrt/luci
https://github.com/openwrt/telephony
https://github.com/openwrt-routing/packages

Being "official feeds", the stuff from there will get compiled and 
offered in official download server, but it's not technically LEDE or 
OpenWRT proper, it's community-maintained.
The "package feed" system is designed to allow easy addition of your own 
custom feeds too in your custom firmware images, but you will have to 
compile them and host them on your own servers, of course.

If you look at the built packages here, 
https://downloads.lede-project.org/releases/17.01.0/packages/x86_64/

You find that they are divided by feed name.
Packages in "base" come from main repo, and also from main repo you get 
packages that are found in target-specific folders, like for example 
here 
https://downloads.lede-project.org/releases/17.01.0/targets/x86/64/packages/ 
that you see has mostly kmod-* and other drivers.

>
> Simply a combination of my uninformed state of mind, where I am left to "fill in
> the blanks" with the information presented in the past, specifically that "you
> don't really have a repeatable build."  Since that seems to have changed, it
> would be good to advertise that fact in public, which is to say, to document
> that fact on the lede-project.org website.

Yeah, I agree that adding this to the wiki would be good.
If you confirm that this answers your questions (more or less), I'm 
adding it to the wiki.


-Alberto




More information about the Lede-dev mailing list