Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:additional-software:imagebuilder [2021/07/28 12:39] – Add troubleshooting section someothertimedocs:guide-user:additional-software:imagebuilder [2024/04/01 16:18] – [Arch / Manjaro / EndeavourOS] sixx
Line 1: Line 1:
 ====== Using the Image Builder ====== ====== Using the Image Builder ======
 +See also:
 +[[docs:guide-developer:imagebuilder_frontends|Image Builder frontends]],
 +[[docs:guide-developer:start#using_the_toolchain|Using the toolchain]],
 +[[docs:guide-developer:toolchain:beginners-build-guide|Quick image building guide]]
 +
 The Image Builder (previously called the Image Generator) is a pre-compiled environment suitable for creating custom images without the need for compiling them from source. The Image Builder (previously called the Image Generator) is a pre-compiled environment suitable for creating custom images without the need for compiling them from source.
 It downloads pre-compiled packages and integrates them in a single flashable image. It downloads pre-compiled packages and integrates them in a single flashable image.
Line 8: Line 13:
   * your device has 32MB or less RAM and opkg does not work properly   * your device has 32MB or less RAM and opkg does not work properly
   * you want to mass-flash dozens of devices and you need a specific firmware setup   * you want to mass-flash dozens of devices and you need a specific firmware setup
- 
-Alternative guides to achieving the same goal: 
-[[docs:guide-developer:quickstart-build-images|Quick Image Building Guide]], 
-[[docs:guide-user:additional-software:beginners-build-guide|Beginners guide to building your own firmware]]. 
- 
-Consider also removing packages if you have a device with very little firmware space: 
-[[docs:guide-user:additional-software:saving_space|Saving Firmware Space]]. 
  
 <WRAP important> <WRAP important>
-Imagebuilder images are not identical to official images as they obtain pre-generated packages.+The Image Builder images are not identical to official images as they obtain pre-generated packages.
 When recent/important changes are made, there can be some delay for these packages to propagate and it is best to check that packages were uploaded after the date of the imagebuilder/change. When recent/important changes are made, there can be some delay for these packages to propagate and it is best to check that packages were uploaded after the date of the imagebuilder/change.
 </WRAP> </WRAP>
- 
-===== Frontends based on imagebuilder ===== 
-There are several tools that provide a frontend interface to the imagebuilder (either web-interface, or template-based). 
- 
-See [[docs:guide-developer:imagebuilder_frontends|ImageBuilder frontends]]. 
  
 ===== Prerequisites ===== ===== Prerequisites =====
 <WRAP important> <WRAP important>
   * The Image Builder runs only in 64-bit Linux. You can however run a 64-bit Linux in PC or VM, e.g. VirtualBox, even from 32-bit Windows.   * The Image Builder runs only in 64-bit Linux. You can however run a 64-bit Linux in PC or VM, e.g. VirtualBox, even from 32-bit Windows.
-  * The Image Builder has similar prerequisites as [[docs:guide-developer:build-system:install-buildsystem|Build system setup]].+  * The Image Builder has similar prerequisites as the [[docs:guide-developer:toolchain:install-buildsystem|Build system]].
 </WRAP> </WRAP>
  
 Example dependencies in the most common distros: Example dependencies in the most common distros:
  
-==== Arch / Manjaro ====+==== Arch ====
 <code bash> <code bash>
 sudo pacman -S --needed base-devel ncurses zlib gawk git gettext \ sudo pacman -S --needed base-devel ncurses zlib gawk git gettext \
Line 40: Line 33:
 </code> </code>
  
-==== CentOS / Fedora ====+==== Fedora ====
 <code bash> <code bash>
 sudo dnf install git gawk gettext ncurses-devel zlib-devel \ sudo dnf install git gawk gettext ncurses-devel zlib-devel \
 openssl-devel libxslt wget which @c-development @development-tools \ openssl-devel libxslt wget which @c-development @development-tools \
-@development-libs zlib-static which python3+@development-libs zlib-static which python3 perl
 </code> </code>
  
-==== Debian / Ubuntu ====+==== Debian 12+ / Ubuntu / Mint ====
 <code bash> <code bash>
-sudo apt install build-essential libncurses5-dev libncursesw5-dev \ +sudo apt install build-essential libncurses-dev zlib1g-dev gawk git 
-zlib1g-dev gawk git gettext libssl-dev xsltproc rsync wget unzip python+gettext libssl-dev xsltproc rsync wget unzip python3 python3-distutils
 </code> </code>
  
 +==== WSL ====
 +This method is NOT OFFICIALLY supported.
 +But it works.
 +
 +[[docs:guide-developer:toolchain:wsl|Build system setup WSL]]
 ===== Obtaining the Image Builder ===== ===== Obtaining the Image Builder =====
 You can download an archive that contains the **Image Builder**, it is usually located in the same download page where you find the firmware image for your device. You can download an archive that contains the **Image Builder**, it is usually located in the same download page where you find the firmware image for your device.
Line 66: Line 64:
 All operations should be performed with a non-root user account. All operations should be performed with a non-root user account.
 </WRAP> </WRAP>
 +
 +Unpack the archive and change the working directory:
  
 <code bash> <code bash>
-# Unpack +tar -J -x -f openwrt-imagebuilder-*.tar.xz 
-tar xJf openwrt*.tar.xz+cd openwrt-imagebuilder-*/ 
 +</code>
  
-# Change directory +The image building can be customized with the following variables:
-cd openwrt*+
  
-# Build images +^ Variable ^ Description ^ 
-make ...+| ''PROFILE'' | Specifies the target image to build | 
 +| ''PACKAGES'' | A list of packages to embed into the image | 
 +| ''FILES'' | Directory with custom files to include | 
 +| ''BIN_DIR'' | Alternative output directory for the images | 
 +| ''EXTRA_IMAGE_NAME'' | Add this to the output image filename (sanitized) | 
 +| ''DISABLED_SERVICES'' | A list of services to disable | 
 + 
 +Run ''make help'' to get [[docs:guide-user:additional-software:imagebuilder#detailed_help|detailed help]]. 
 + 
 +==== Selecting profile ==== 
 +The ''PROFILE'' variable specifies the target image to build. 
 + 
 +<code bash> 
 +PROFILE="profile-name"
 </code> </code>
  
-==== make help ====+Run ''make info'' to obtain a list of [[docs:guide-user:additional-software:imagebuilder#available_profiles|available profiles]]. 
 + 
 +==== Selecting packages ==== 
 +The ''PACKAGES'' variable allows to include and/or exclude packages in the firmware image. 
 +By default (empty PACKAGES variable) the Image Builder will create a minimal image with device-specific kernel and drivers, uci, ssh, switch, firewall, ppp and ipv6 support. 
 + 
 +<code bash> 
 +PACKAGES="pkg1 pkg2 pkg3 -pkg4 -pkg5 -pkg6" 
 +</code> 
 + 
 +The example above will include pkg1, pkg2, pkg3, and exclude pkg4, pkg5, pkg6, note the "-" before each excluded package. 
 + 
 +You don't need to list all dependencies of the packages you need in this list, the Image Builder uses ''opkg'' to resolve automatically the package dependencies and install other required packages. 
 + 
 +The list of currently installed packages on your device can be obtained with the following command: 
 + 
 +<code bash> 
 +echo $(opkg list-installed | sed -e "s/\s.*$//"
 +</code> 
 + 
 +<WRAP important> 
 +Many devices are limited in storage capacity and there is no guarantee that the build system will detect when you have added too many packages to fit into the device storage space, which may render the device unbootable if installed. 
 +If in doubt, do not go overboard. 
 +Use what you had installed on the device last as a guide or create a minimal image first, install it to the device and test what you would like to add first. 
 +Consider removing unnecessary packages to [[docs:guide-user:additional-software:saving_space|save firmware space]]. 
 +</WRAP> 
 + 
 +In addition ABI versioned packages such as ''libubus20191227'' or similar may cause problems with image builder. 
 +You may get compile errors when these are provided as packages. 
 +To avoid issues you should omit them from image builder and let the correct versions be installed via package dependencies. 
 +The ''%%--strip-abi%%'' parameter can be used to export a normalized package list. 
 + 
 +==== Custom packages ==== 
 +If there is a custom package or ipk you would prefer to use create a ''packages'' directory if one does not exist and place your custom ipk within this directory. 
 + 
 +==== Custom files ==== 
 +The ''FILES'' variable allows custom configuration files to be included in images built with Image Builder. 
 +This is especially useful if you need to change the network configuration from default before flashing, or if you are preparing an image for mass-flashing many devices. 
 + 
 +<code bash> 
 +FILES="files" 
 +</code> 
 + 
 +The ''files'' directory should be placed in the Image Builder root directory where you issue the make command, otherwise specify an absolute/full path. 
 + 
 +It is strongly recommended to use [[docs:guide-developer:uci-defaults|uci-defaults]] to incrementally integrate only the required customization. 
 +This helps minimize conflicts with auto-generated settings which can change between versions. 
 + 
 +see: [[:docs:guide-user:additional-software:imagebuilder#restricting_root_access|uci-default_example]] 
 + 
 +==== Building image ==== 
 +After you select the appropriate profile, packages and custom files, pass it to the ''make image'' command. 
 + 
 +<code bash> 
 +make image \ 
 +PROFILE="profile-name"
 +PACKAGES="pkg1 pkg2 pkg3 -pkg4 -pkg5 -pkg6" \ 
 +FILES="files"
 +DISABLED_SERVICES="svc1 svc2 svc3" 
 +</code> 
 + 
 +After the make command is finished, the generated images are stored in the bin///device-architecture// directory, just like if you were compiling them. 
 + 
 +The built image will be found under the subdirectory ''./bin/targets/<target>/generic'' or look inside .''/build_dir/'' for a files ''*-squashfs-sysupgrade.bin'' and ''*-squashfs-factory.bin'' (e.g. ''/build_dir/target-mips_24kc_musl/linux-ar71xx_tiny/tmp/openwrt-18.06.2-ar71xx-tiny-tl-wr740n-v6-squashfs-factory.bin''
 + 
 +==== Cleaning up ==== 
 +To clean up temporary build files and generated images, use the ''make clean'' command. 
 + 
 +==== Examples ==== 
 +The following example shows: 
 +  * Creating the directory for the configuration files. 
 +  * Using ''scp'' to transfer ''uci'' configuration files from a WL500GP router to the ''files/etc/config'' directory. 
 +  * Generating an image for WL500GP with custom packages and ''uci'' configuration files. 
 + 
 +<code bash> 
 +mkdir -p files/etc/config 
 +scp root@192.168.1.1:/etc/config/network files/etc/config/ 
 +scp root@192.168.1.1:/etc/config/wireless files/etc/config/ 
 +scp root@192.168.1.1:/etc/config/firewall files/etc/config/ 
 +make image \ 
 +PROFILE="wl500gp"
 +PACKAGES="nano openvpn -ppp -ppp-mod-pppoe"
 +FILES="files"
 +DISABLED_SERVICES="dnsmasq firewall odhcpd" 
 +</code> 
 + 
 +===== Troubleshooting ===== 
 +  - Did you run everything as a non-root user? 
 +  - Check the logged output, are there package issues (conflicts, improper names)? 
 +  - Check the logged output, did you exceed maximum space? 
 +  - Check the logged output, are there other obvious errors? 
 +  - Wait a few hours/day(s) upstream packages may be in an inconsistent state especially on master/snapshot 
 +  - Verify you have a supported OS, prerequisites, file system and path naming 
 + 
 +===== Extras ===== 
 +The topics below go beyond simple usage and aimed at developers and advanced users. 
 + 
 +==== Detailed help ==== 
 +See also: [[https://github.com/openwrt/openwrt/blob/master/target/imagebuilder/files/Makefile|ImageBuilder makefile]] 
 + 
 +Getting detailed help: 
 <code> <code>
 # make help # make help
Line 110: Line 224:
 </code> </code>
  
-==== make image ==== +==== Available profiles ==== 
-**make image** without specifying the ''PROFILE'' for your device is almost certainly not what you want. +Listing available profiles:
- +
-To change this not-so-useful default behavior you can use some variables passed as arguments: +
- +
-  * //''PROFILE''// - specifies the target image to build +
-  * //''PACKAGES''// - a list of packages to embed into the image +
-  * //''FILES''// - directory with custom files to include +
-  * //''BIN_DIR''// - alternative output directory for the images +
-  * //''EXTRA_IMAGE_NAME''// - Add this to the output image filename (sanitized) +
-  * //''DISABLED_SERVICES''// - Which services in /etc/init.d/ should be disabled. Use the initscript name you find in  /etc/init.d, so for example "**dhcp**" for dnsmasq. +
- +
-(see also the makefile used, [[https://github.com/openwrt/openwrt/blob/master/target/imagebuilder/files/Makefile|here]] ) +
- +
-Example syntax: +
- +
-<code bash> +
-make image PROFILE=XXX PACKAGES="pkg1 pkg2 pkg3 -pkg4 -pkg5 -pkg6" FILES=files/ +
-</code> +
- +
-See the sections below for a more in-depth explanation. +
-After the make command is finished, the generated images are stored in the bin///device-architecture// directory, just like if you were compiling them. +
- +
-The built image will be found under the subdirectory ''./bin/targets/<target>/generic'' or look inside .''/build_dir/'' for a files ''*-squashfs-sysupgrade.bin'' and ''*-squashfs-factory.bin'' (e.g. ''/build_dir/target-mips_24kc_musl/linux-ar71xx_tiny/tmp/openwrt-18.06.2-ar71xx-tiny-tl-wr740n-v6-squashfs-factory.bin''+
- +
-==== PROFILE Variable ===== +
-Syntax: +
- +
-<code bash> +
-make image PROFILE=NAME_OF_PROFILE +
-</code> +
- +
-=== Pre-defined Profiles === +
-Run ''make info'' to obtain a list of defined profiles+
- +
-Example output is listed below:+
  
 <code> <code>
Line 173: Line 253:
 </code> </code>
  
-After you find the appropriate profile pass it to the ''make image'' command: +==== Building the Image Builder with all packages inside ==== 
- +It is possible to use a buildroot to create your own Image Builder and integrate in it all packages so it will be able to generate images without downloading packages.
-For example, if we wanted to generate a default image for for Asus RT-N14u (from above). +
- +
-<code bash> +
-make image PROFILE=rt-n14u +
-</code> +
- +
-==== PACKAGES Variable ==== +
-The ''PACKAGES'' variable allows to include and/or exclude packages in the firmware image. +
-By default (empty PACKAGES variable) the Image Generator will create a minimal image with device-specific kernel and drivers, uci, ssh, switch, firewall, ppp and ipv6 support. +
- +
-Syntax: +
- +
-<code bash> +
-make image PACKAGES="pkg1 pkg2 pkg3 -pkg4 -pkg5 -pkg6" +
-</code> +
- +
-The example above will include pkg1, pkg2, pkg3, and exclude pkg4, pkg5, pkg6, note the "-" before each excluded package. +
- +
-You don't need to list all dependencies of the packages you need in this list, the Image Generator uses ''opkg'' to resolve automatically the package dependencies and install other required packages. +
- +
-**Tip:** The list of currently installed packages on your device can be obtained with the command below: +
- +
-<code bash> +
-echo $(opkg list_installed | sed -e "s/\s.*$//"+
-</code> +
- +
-<WRAP center round important 60%> +
-Many devices are limited in storage capacity and there is no guarantee that the build system will detect when you have added too many packages to fit into the device storage space, which may render the device unbootable if installed. +
-If in doubt, do not go overboard. +
-Use what you had installed on the device last as a guide or create a minimal image first, install it to the device and test what you would like to add first. +
-</WRAP> +
- +
-=== Custom packages === +
-If there is a custom package or ipk you would prefer to use create a "packages" directory if one does not exist and place your custom ipk within this directory. +
- +
-==== Custom files ==== +
-The ''FILES'' variable allows custom configuration files to be included in images built with Image Generator. +
-This is especially useful if you need to change the network configuration from default before flashing, or if you are preparing an image for mass-flashing many devices. +
- +
-Syntax: +
- +
-<code bash> +
-make image FILES=files/ +
-</code> +
- +
-**Note:** The ''files/'' folder is best in the imagebuilder root folder (where you issue the make command) otherwise it is best to use an absolute (full) path. +
- +
-==== Examples ==== +
-The following example shows: +
-  -Creating the directory for the configuration files +
-  -Using ''scp'' to transfer ''uci'' configuration files from a WL500GP router to the ''files/etc/config'' directory +
-  -Generating an image for WL500GP with custom packages and ''uci'' configuration files +
- +
-<code bash> +
-mkdir -p files/etc/config +
-scp root@192.168.1.1:/etc/config/network files/etc/config/ +
-scp root@192.168.1.1:/etc/config/wireless files/etc/config/ +
-scp root@192.168.1.1:/etc/config/firewall files/etc/config/ +
-make image PROFILE=wl500gp PACKAGES="nano openvpn -ppp -ppp-mod-pppoe" FILES=files/ +
-</code> +
- +
-===== Cleanup ===== +
-To clean up temporary build files and generated images, use the **make clean** command. +
- +
-===== Troubleshooting ===== +
- +
-  - Did you run everything as a non-root user? +
-  - Check the log output are there package issues (conflicts, improper names) +
-  - Wait a few hours/day upstream packages may be in an inconsistent state +
- +
-===== Building the Image Generator with all packages inside ===== +
-It is possible to use a **buildroot*** to create your own Image Generator and integrate in it all packages so it will be able to generate images without downloading packages:+
  
 In the graphical configuration, select "**Build the OpenWrt Image Builder**" to build the image builder, then  select **Global Build Settings -> Select all packages by default**, save and exit. In the graphical configuration, select "**Build the OpenWrt Image Builder**" to build the image builder, then  select **Global Build Settings -> Select all packages by default**, save and exit.
-Then build the image, including ''IGNORE_ERRORS=1'' as there might be unmaintained packages that fail to compile.+You can [[docs:guide-developer:toolchain:use-buildsystem#ignore_build_errors|ignore build errors]] if you encounter unmaintained packages that fail to compile, assuming this doesn't affect kernel and core dependencies.
  
-Enabling ''IGNORE_ERRORS=1'' should only be done **once the kernel and required packages are known to compile successfully**.+Don't call ''make defconfig'' or leave an old ''.config'' file in the path as ''Select all packages by default'' will only set the package selection to ''[m]'' for packages that are not already configured otherwise! ''make defconfig'' will set most packages to ''[n]'', i.e. //do not build//.
  
-<code bash> +==== Adding package repositories ==== 
-make IGNORE_ERRORS=1 +The Image Builder you download from the OpenWrt pages is already configured to download any non-default packages from official repositories.
-</code> +
- +
-**Note:** Don't call ''make defconfig'' or leave an old ''.config'' file in the path as ''Select all packages by default'' will only set the package selection to ''[m]'' for packages that are not already configured otherwise! ''make defconfig'' will set most packages to ''[n]'', i.e. //do not build//. +
- +
-====== Extras ====== +
-The topics below go beyond simple usage and aimed at developers and advanced users. +
- +
-===== Adding package repositories ===== +
-The **Image Generator** you download from the OpenWrt pages is already configured to download any non-default packages from official repositories.+
 The package sources are configured in the ''repositories.conf'' file in the extracted directory. The package sources are configured in the ''repositories.conf'' file in the extracted directory.
 Sources are specified in //opkg// native config format. Sources are specified in //opkg// native config format.
Line 289: Line 288:
 The ''repositories.conf'' in an imagebuilder you compile from source will lack the "Remote package repositories" links. The ''repositories.conf'' in an imagebuilder you compile from source will lack the "Remote package repositories" links.
  
-If you want to add a custom local repository, copy the ''%%src custom file:///usr/src/openwrt/bin/ramips/packages%%'' line and modify it to point to the local folder you have your packages and package lists in.+If you want to add a custom local repository, copy the ''%%src custom file:///usr/src/openwrt/bin/ramips/packages%%'' line and modify it to point to the local folder where you have your packages and package lists ([[https://downloads.openwrt.org/releases/21.02.3/targets/ramips/mt7621/packages/Packages|example package list]]).
 If you have problems with using you local repository because the "Signature check failed" then remove the line ''option check_signature'' from ''repositories.conf'' If you have problems with using you local repository because the "Signature check failed" then remove the line ''option check_signature'' from ''repositories.conf''
  
Line 296: Line 295:
 NOTE: if you want to override packages coming from an existing feed, you must write your custom feed ABOVE the line of the package feed containing the packages you want to override, as shown in the examples above. NOTE: if you want to override packages coming from an existing feed, you must write your custom feed ABOVE the line of the package feed containing the packages you want to override, as shown in the examples above.
  
-===== Adding/modifying profiles ===== +==== Restricting root access ==== 
-The image generation is tied to the profile names.+Create a non-privileged admin user and lock root password. 
 +Configure privilege elevation with sudo. 
 +Set up key-based authentication and disable password authentication for Dropbear. 
 + 
 +<code bash> 
 +mkdir -p files/etc/uci-defaults 
 +cat << "EOF" > files/etc/uci-defaults/99-custom 
 +USER_NAME="admin" 
 +USER_SSHPUB="SSH_PUBLIC_KEY" 
 +USER_SHELL="/bin/ash" 
 +SUDO_USER="root" 
 +SUDO_GROUP="sudo" 
 +groupadd -r "${SUDO_GROUP}" 
 +useradd -m -G "${SUDO_GROUP}" -s "${USER_SHELL}" "${USER_NAME}" 
 +passwd -l "${SUDO_USER}" 
 +cat << EOI > /etc/sudoers.d/00-custom 
 +%${SUDO_GROUP} ALL=(ALL) ALL 
 +EOI 
 +USER_HOME="$(eval echo ~"${USER_NAME}")" 
 +mkdir -p "${USER_HOME}"/.ssh 
 +cat << EOI > "${USER_HOME}"/.ssh/authorized_keys 
 +${USER_SSHPUB} 
 +EOI 
 +uci set dropbear.@dropbear[0].PasswordAuth="0" 
 +uci set dropbear.@dropbear[0].RootPasswordAuth="0" 
 +uci commit dropbear 
 +/etc/init.d/dropbear restart 
 +EOF 
 +make image \ 
 +FILES="files"
 +PACKAGES="nano shadow sudo" 
 +</code> 
 + 
 +==== Adding/modifying profiles ==== 
 + 
 +<WRAP important> 
 +Examples below may contain version dependent / legacy information and are for informational purposes. They are very low level so expect to have a good level of skill and familiarity with the ImageBuilder / OpenWrt in general.  
 +</WRAP> 
 + 
 +The image building is tied to the profile names.
 If you add a new profile without also adding an appropriate macro to the image-generation Makefile, no suitable firmware file will get generated when using the custom profile. If you add a new profile without also adding an appropriate macro to the image-generation Makefile, no suitable firmware file will get generated when using the custom profile.
-:!: Make sure to remove the /tmp directory to get modified package selection from profiles to work.+Remove the ''/tmp'' directory to properly apply the modified package selection from profiles.
  
 The location of the profiles for the pre-compiled package for //brcm47xx-for-Linux-i686// was //target/linux/brcm47xx/profiles/// The location of the profiles for the pre-compiled package for //brcm47xx-for-Linux-i686// was //target/linux/brcm47xx/profiles///
Line 323: Line 361:
 An "ls -a" will reveal the files hidden in the various directories. An "ls -a" will reveal the files hidden in the various directories.
  
-===== Removing useless files from firmware =====+==== Removing useless files from firmware ====
 <WRAP important> <WRAP important>
 This is not a standard feature of the Image Builder. This is not a standard feature of the Image Builder.
Line 330: Line 368:
  
 Note that it requires patching of the ''Makefile'' Note that it requires patching of the ''Makefile''
 +
 +It is based on older Chaos Calmer era code... and not applicable to modern ImageBuilders but useful as a reference...
 </WRAP> </WRAP>
  
Line 365: Line 405:
 <code bash> <code bash>
 make image \ make image \
-    PROFILE=tlwr841 \ +PROFILE="tlwr841
-    PACKAGES="igmpproxy ip iptraf kmod-ipt-nathelper-extra openvpn-polarssl tcpdump-mini -firewall -ip6tables -kmod-ip6tables -kmod-ipv6 -odhcp6c -ppp -ppp-mod-pppoe"+PACKAGES="igmpproxy ip iptraf kmod-ipt-nathelper-extra openvpn-polarssl tcpdump-mini -firewall -ip6tables -kmod-ip6tables -kmod-ipv6 -odhcp6c -ppp -ppp-mod-pppoe"
-    FILES_REMOVE="files_remove"+FILES_REMOVE="files_remove"
 </code> </code>
- 
  • Last modified: 2024/09/20 19:32
  • by lessload