Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:additional-software:imagebuilder [2021/07/31 13:08] – reorganize content vgaeteradocs:guide-user:additional-software:imagebuilder [2024/04/01 16:18] – [Arch / Manjaro / EndeavourOS] sixx
Line 1: Line 1:
 ====== Using the Image Builder ====== ====== Using the Image Builder ======
 +See also:
 +[[docs:guide-developer:imagebuilder_frontends|Image Builder frontends]],
 +[[docs:guide-developer:start#using_the_toolchain|Using the toolchain]],
 +[[docs:guide-developer:toolchain:beginners-build-guide|Quick image building guide]]
 +
 The Image Builder (previously called the Image Generator) is a pre-compiled environment suitable for creating custom images without the need for compiling them from source. The Image Builder (previously called the Image Generator) is a pre-compiled environment suitable for creating custom images without the need for compiling them from source.
 It downloads pre-compiled packages and integrates them in a single flashable image. It downloads pre-compiled packages and integrates them in a single flashable image.
Line 8: Line 13:
   * your device has 32MB or less RAM and opkg does not work properly   * your device has 32MB or less RAM and opkg does not work properly
   * you want to mass-flash dozens of devices and you need a specific firmware setup   * you want to mass-flash dozens of devices and you need a specific firmware setup
- 
-Alternative guides to achieving the same goal: 
-[[docs:guide-developer:quickstart-build-images|Quick Image Building Guide]], 
-[[docs:guide-user:additional-software:beginners-build-guide|Beginners guide to building your own firmware]]. 
- 
-Consider also removing packages if you have a device with very little firmware space: 
-[[docs:guide-user:additional-software:saving_space|Saving Firmware Space]]. 
  
 <WRAP important> <WRAP important>
-Imagebuilder images are not identical to official images as they obtain pre-generated packages.+The Image Builder images are not identical to official images as they obtain pre-generated packages.
 When recent/important changes are made, there can be some delay for these packages to propagate and it is best to check that packages were uploaded after the date of the imagebuilder/change. When recent/important changes are made, there can be some delay for these packages to propagate and it is best to check that packages were uploaded after the date of the imagebuilder/change.
 </WRAP> </WRAP>
- 
-===== Frontends based on imagebuilder ===== 
-There are several tools that provide a frontend interface to the imagebuilder (either web-interface, or template-based). 
- 
-See [[docs:guide-developer:imagebuilder_frontends|ImageBuilder frontends]]. 
  
 ===== Prerequisites ===== ===== Prerequisites =====
 <WRAP important> <WRAP important>
   * The Image Builder runs only in 64-bit Linux. You can however run a 64-bit Linux in PC or VM, e.g. VirtualBox, even from 32-bit Windows.   * The Image Builder runs only in 64-bit Linux. You can however run a 64-bit Linux in PC or VM, e.g. VirtualBox, even from 32-bit Windows.
-  * The Image Builder has similar prerequisites as [[docs:guide-developer:build-system:install-buildsystem|Build system setup]].+  * The Image Builder has similar prerequisites as the [[docs:guide-developer:toolchain:install-buildsystem|Build system]].
 </WRAP> </WRAP>
  
 Example dependencies in the most common distros: Example dependencies in the most common distros:
  
-==== Arch / Manjaro ====+==== Arch ====
 <code bash> <code bash>
 sudo pacman -S --needed base-devel ncurses zlib gawk git gettext \ sudo pacman -S --needed base-devel ncurses zlib gawk git gettext \
Line 40: Line 33:
 </code> </code>
  
-==== CentOS / Fedora ====+==== Fedora ====
 <code bash> <code bash>
 sudo dnf install git gawk gettext ncurses-devel zlib-devel \ sudo dnf install git gawk gettext ncurses-devel zlib-devel \
 openssl-devel libxslt wget which @c-development @development-tools \ openssl-devel libxslt wget which @c-development @development-tools \
-@development-libs zlib-static which python3+@development-libs zlib-static which python3 perl
 </code> </code>
  
-==== Debian / Ubuntu ====+==== Debian 12+ / Ubuntu / Mint ====
 <code bash> <code bash>
-sudo apt install build-essential libncurses5-dev libncursesw5-dev \ +sudo apt install build-essential libncurses-dev zlib1g-dev gawk git 
-zlib1g-dev gawk git gettext libssl-dev xsltproc rsync wget unzip python+gettext libssl-dev xsltproc rsync wget unzip python3 python3-distutils
 </code> </code>
  
 +==== WSL ====
 +This method is NOT OFFICIALLY supported.
 +But it works.
 +
 +[[docs:guide-developer:toolchain:wsl|Build system setup WSL]]
 ===== Obtaining the Image Builder ===== ===== Obtaining the Image Builder =====
 You can download an archive that contains the **Image Builder**, it is usually located in the same download page where you find the firmware image for your device. You can download an archive that contains the **Image Builder**, it is usually located in the same download page where you find the firmware image for your device.
Line 70: Line 68:
  
 <code bash> <code bash>
-tar -J -x -f openwrt*.tar.xz +tar -J -x -f openwrt-imagebuilder-*.tar.xz 
-cd openwrt-*/+cd openwrt-imagebuilder-*/
 </code> </code>
  
-Available commands:+The image building can be customized with the following variables:
  
-<code> +^ Variable ^ Description ^ 
-# make help+| ''PROFILE'' | Specifies the target image to build | 
 +| ''PACKAGES'' | A list of packages to embed into the image | 
 +| ''FILES'' | Directory with custom files to include | 
 +| ''BIN_DIR'' | Alternative output directory for the images | 
 +| ''EXTRA_IMAGE_NAME'' | Add this to the output image filename (sanitized) | 
 +| ''DISABLED_SERVICES'' | A list of services to disable |
  
-Available Commands: +Run ''make help'' to get [[docs:guide-user:additional-software:imagebuilder#detailed_help|detailed help]].
- help: This help text +
- info: Show a list of available target profiles +
- clean: Remove images and temporary build files +
- image: Build an image (see below for more information). +
- +
-Building images: +
- By default 'make imagewill create an image with the default +
- target profile and package set. You can use the following parameters +
- to change that: +
- +
- make image PROFILE="<profilename>" # override the default target profile +
- make image PACKAGES="<pkg1> [<pkg2> [<pkg3> ...]]" # include extra packages +
- make image FILES="<path>" # include extra files from <path> +
- make image BIN_DIR="<path>" # alternative output directory for the images +
- make image EXTRA_IMAGE_NAME="<string>" # Add this to the output image filename (sanitized) +
- make image DISABLED_SERVICES="<svc1> [<svc2> [<svc3> ..]]" # Which services in /etc/init.d/ should be disabled +
- make image ADD_LOCAL_KEY=1 # store locally generated signing key in built images +
- +
-Print manifest: +
- List "all" packages which get installed into the image. +
- You can use the following parameters: +
- +
- make manifest PROFILE="<profilename>" # override the default target profile +
- make manifest PACKAGES="<pkg1> [<pkg2> [<pkg3> ...]]" # include extra packages +
- make manifest STRIP_ABI=1 # remove ABI version from printed package names +
-</code> +
- +
-The image buildding can be customized with the following variables: +
-  * ''PROFILE'' specifies the target image to build +
-  * ''PACKAGES'' a list of packages to embed into the image +
-  * ''FILES'' - directory with custom files to include +
-  * ''BIN_DIR'' - alternative output directory for the images +
-  * ''EXTRA_IMAGE_NAME'' - Add this to the output image filename (sanitized) +
-  * ''DISABLED_SERVICES'' - Which services in ''/etc/init.d'' should be disabled. Use the initscript name, e.g. ''dhcp'' for dnsmasq. +
- +
-See also[[https://github.com/openwrt/openwrt/blob/master/target/imagebuilder/files/Makefile|ImageBuilder makefile]]+
  
 ==== Selecting profile ==== ==== Selecting profile ====
Line 121: Line 88:
  
 <code bash> <code bash>
-PROFILE=profile-name+PROFILE="profile-name"
 </code> </code>
  
-Run ''make info'' to obtain a list of defined profiles: +Run ''make info'' to obtain a list of [[docs:guide-user:additional-software:imagebuilder#available_profiles|available profiles]].
- +
-<code> +
-# make info +
- +
-Available Profiles: +
- +
-Default: +
-    Default Profile +
-    Packages: kmod-usb-core kmod-usb2 kmod-usb-ohci kmod-usb-ledtrig-usbport +
-ai-br100: +
-    Aigale Ai-BR100 +
-    Packageskmod-usb2 kmod-usb-ohci +
-rp-n53: +
-    Asus RP-N53 +
-    Packages: +
-rt-n14u: +
-    Asus RT-N14u +
-    Packages: +
-whr-1166d: +
-    Buffalo WHR-1166D +
-    Packages: +
-whr-300hp2: +
-    Buffalo WHR-300HP2 +
-    Packages: +
-... +
-</code>+
  
 ==== Selecting packages ==== ==== Selecting packages ====
 The ''PACKAGES'' variable allows to include and/or exclude packages in the firmware image. The ''PACKAGES'' variable allows to include and/or exclude packages in the firmware image.
-By default (empty PACKAGES variable) the Image Generator will create a minimal image with device-specific kernel and drivers, uci, ssh, switch, firewall, ppp and ipv6 support.+By default (empty PACKAGES variable) the Image Builder will create a minimal image with device-specific kernel and drivers, uci, ssh, switch, firewall, ppp and ipv6 support.
  
 <code bash> <code bash>
Line 162: Line 103:
 The example above will include pkg1, pkg2, pkg3, and exclude pkg4, pkg5, pkg6, note the "-" before each excluded package. The example above will include pkg1, pkg2, pkg3, and exclude pkg4, pkg5, pkg6, note the "-" before each excluded package.
  
-You don't need to list all dependencies of the packages you need in this list, the Image Generator uses ''opkg'' to resolve automatically the package dependencies and install other required packages.+You don't need to list all dependencies of the packages you need in this list, the Image Builder uses ''opkg'' to resolve automatically the package dependencies and install other required packages.
  
 The list of currently installed packages on your device can be obtained with the following command: The list of currently installed packages on your device can be obtained with the following command:
  
 <code bash> <code bash>
-echo $(opkg list_installed | sed -e "s/\s.*$//")+echo $(opkg list-installed | sed -e "s/\s.*$//")
 </code> </code>
  
-<WRAP center round important 60%>+<WRAP important>
 Many devices are limited in storage capacity and there is no guarantee that the build system will detect when you have added too many packages to fit into the device storage space, which may render the device unbootable if installed. Many devices are limited in storage capacity and there is no guarantee that the build system will detect when you have added too many packages to fit into the device storage space, which may render the device unbootable if installed.
 If in doubt, do not go overboard. If in doubt, do not go overboard.
 Use what you had installed on the device last as a guide or create a minimal image first, install it to the device and test what you would like to add first. Use what you had installed on the device last as a guide or create a minimal image first, install it to the device and test what you would like to add first.
 +Consider removing unnecessary packages to [[docs:guide-user:additional-software:saving_space|save firmware space]].
 </WRAP> </WRAP>
 +
 +In addition ABI versioned packages such as ''libubus20191227'' or similar may cause problems with image builder.
 +You may get compile errors when these are provided as packages.
 +To avoid issues you should omit them from image builder and let the correct versions be installed via package dependencies.
 +The ''%%--strip-abi%%'' parameter can be used to export a normalized package list.
  
 ==== Custom packages ==== ==== Custom packages ====
Line 180: Line 127:
  
 ==== Custom files ==== ==== Custom files ====
-The ''FILES'' variable allows custom configuration files to be included in images built with Image Generator.+The ''FILES'' variable allows custom configuration files to be included in images built with Image Builder.
 This is especially useful if you need to change the network configuration from default before flashing, or if you are preparing an image for mass-flashing many devices. This is especially useful if you need to change the network configuration from default before flashing, or if you are preparing an image for mass-flashing many devices.
  
 <code bash> <code bash>
-FILES=files/+FILES="files"
 </code> </code>
  
-The ''files/'' directory is best in the imagebuilder root folder (where you issue the make commandotherwise it is best to use an absolute (fullpath.+The ''files'' directory should be placed in the Image Builder root directory where you issue the make commandotherwise specify an absolute/full path. 
 + 
 +It is strongly recommended to use [[docs:guide-developer:uci-defaults|uci-defaults]] to incrementally integrate only the required customization. 
 +This helps minimize conflicts with auto-generated settings which can change between versions. 
 + 
 +see: [[:docs:guide-user:additional-software:imagebuilder#restricting_root_access|uci-default_example]]
  
 ==== Building image ==== ==== Building image ====
Line 193: Line 145:
  
 <code bash> <code bash>
-make image PROFILE=profile-name PACKAGES="pkg1 pkg2 pkg3 -pkg4 -pkg5 -pkg6" FILES=files/+make image 
 +PROFILE="profile-name" \ 
 +PACKAGES="pkg1 pkg2 pkg3 -pkg4 -pkg5 -pkg6" 
 +FILES="files" \ 
 +DISABLED_SERVICES="svc1 svc2 svc3"
 </code> </code>
  
Line 214: Line 170:
 scp root@192.168.1.1:/etc/config/wireless files/etc/config/ scp root@192.168.1.1:/etc/config/wireless files/etc/config/
 scp root@192.168.1.1:/etc/config/firewall files/etc/config/ scp root@192.168.1.1:/etc/config/firewall files/etc/config/
-make image PROFILE=wl500gp PACKAGES="nano openvpn -ppp -ppp-mod-pppoe" FILES=files/+make image 
 +PROFILE="wl500gp" \ 
 +PACKAGES="nano openvpn -ppp -ppp-mod-pppoe" 
 +FILES="files" \ 
 +DISABLED_SERVICES="dnsmasq firewall odhcpd"
 </code> </code>
  
 ===== Troubleshooting ===== ===== Troubleshooting =====
   - Did you run everything as a non-root user?   - Did you run everything as a non-root user?
-  - Check the log output are there package issues (conflicts, improper names) +  - Check the logged outputare there package issues (conflicts, improper names)
-  - Wait a few hours/day upstream packages may be in an inconsistent state+  - Check the logged output, did you exceed maximum space? 
 +  - Check the logged output, are there other obvious errors? 
 +  - Wait a few hours/day(s) upstream packages may be in an inconsistent state especially on master/snapshot
   - Verify you have a supported OS, prerequisites, file system and path naming   - Verify you have a supported OS, prerequisites, file system and path naming
  
Line 226: Line 188:
 The topics below go beyond simple usage and aimed at developers and advanced users. The topics below go beyond simple usage and aimed at developers and advanced users.
  
-==== Building the Image Generator with all packages inside ==== +==== Detailed help ==== 
-It is possible to use a **buildroot*** to create your own Image Generator and integrate in it all packages so it will be able to generate images without downloading packages:+See also[[https://github.com/openwrt/openwrt/blob/master/target/imagebuilder/files/Makefile|ImageBuilder makefile]]
  
-In the graphical configuration, select "**Build the OpenWrt Image Builder**" to build the image builder, then  select **Global Build Settings -> Select all packages by default**, save and exit. +Getting detailed help:
-Then build the image, including ''IGNORE_ERRORS=1'' as there might be unmaintained packages that fail to compile.+
  
-Enabling ''IGNORE_ERRORS=1'' should only be done **once the kernel and required packages are known to compile successfully**.+<code> 
 +# make help
  
-<code bash+Available Commands: 
-make IGNORE_ERRORS=1+ help: This help text 
 + info: Show a list of available target profiles 
 + clean: Remove images and temporary build files 
 + image: Build an image (see below for more information). 
 + 
 +Building images: 
 + By default 'make image' will create an image with the default 
 + target profile and package set. You can use the following parameters 
 + to change that: 
 + 
 + make image PROFILE="<profilename>" # override the default target profile 
 + make image PACKAGES="<pkg1> [<pkg2> [<pkg3> ...]]" # include extra packages 
 + make image FILES="<path>" # include extra files from <path> 
 + make image BIN_DIR="<path>" # alternative output directory for the images 
 + make image EXTRA_IMAGE_NAME="<string>" # Add this to the output image filename (sanitized) 
 + make image DISABLED_SERVICES="<svc1> [<svc2> [<svc3> ..]]" # Which services in /etc/init.d/ should be disabled 
 + make image ADD_LOCAL_KEY=1 # store locally generated signing key in built images 
 + 
 +Print manifest: 
 + List "all" packages which get installed into the image. 
 + You can use the following parameters: 
 + 
 + make manifest PROFILE="<profilename>" # override the default target profile 
 + make manifest PACKAGES="<pkg1> [<pkg2> [<pkg3...]]" # include extra packages 
 + make manifest STRIP_ABI=1 # remove ABI version from printed package names
 </code> </code>
 +
 +==== Available profiles ====
 +Listing available profiles:
 +
 +<code>
 +# make info
 +
 +Available Profiles:
 +
 +Default:
 +    Default Profile
 +    Packages: kmod-usb-core kmod-usb2 kmod-usb-ohci kmod-usb-ledtrig-usbport
 +ai-br100:
 +    Aigale Ai-BR100
 +    Packages: kmod-usb2 kmod-usb-ohci
 +rp-n53:
 +    Asus RP-N53
 +    Packages:
 +rt-n14u:
 +    Asus RT-N14u
 +    Packages:
 +whr-1166d:
 +    Buffalo WHR-1166D
 +    Packages:
 +whr-300hp2:
 +    Buffalo WHR-300HP2
 +    Packages:
 +...
 +</code>
 +
 +==== Building the Image Builder with all packages inside ====
 +It is possible to use a buildroot to create your own Image Builder and integrate in it all packages so it will be able to generate images without downloading packages.
 +
 +In the graphical configuration, select "**Build the OpenWrt Image Builder**" to build the image builder, then  select **Global Build Settings -> Select all packages by default**, save and exit.
 +You can [[docs:guide-developer:toolchain:use-buildsystem#ignore_build_errors|ignore build errors]] if you encounter unmaintained packages that fail to compile, assuming this doesn't affect kernel and core dependencies.
  
 Don't call ''make defconfig'' or leave an old ''.config'' file in the path as ''Select all packages by default'' will only set the package selection to ''[m]'' for packages that are not already configured otherwise! ''make defconfig'' will set most packages to ''[n]'', i.e. //do not build//. Don't call ''make defconfig'' or leave an old ''.config'' file in the path as ''Select all packages by default'' will only set the package selection to ''[m]'' for packages that are not already configured otherwise! ''make defconfig'' will set most packages to ''[n]'', i.e. //do not build//.
  
 ==== Adding package repositories ==== ==== Adding package repositories ====
-The **Image Generator** you download from the OpenWrt pages is already configured to download any non-default packages from official repositories.+The Image Builder you download from the OpenWrt pages is already configured to download any non-default packages from official repositories.
 The package sources are configured in the ''repositories.conf'' file in the extracted directory. The package sources are configured in the ''repositories.conf'' file in the extracted directory.
 Sources are specified in //opkg// native config format. Sources are specified in //opkg// native config format.
Line 267: Line 288:
 The ''repositories.conf'' in an imagebuilder you compile from source will lack the "Remote package repositories" links. The ''repositories.conf'' in an imagebuilder you compile from source will lack the "Remote package repositories" links.
  
-If you want to add a custom local repository, copy the ''%%src custom file:///usr/src/openwrt/bin/ramips/packages%%'' line and modify it to point to the local folder you have your packages and package lists in.+If you want to add a custom local repository, copy the ''%%src custom file:///usr/src/openwrt/bin/ramips/packages%%'' line and modify it to point to the local folder where you have your packages and package lists ([[https://downloads.openwrt.org/releases/21.02.3/targets/ramips/mt7621/packages/Packages|example package list]]).
 If you have problems with using you local repository because the "Signature check failed" then remove the line ''option check_signature'' from ''repositories.conf'' If you have problems with using you local repository because the "Signature check failed" then remove the line ''option check_signature'' from ''repositories.conf''
  
Line 273: Line 294:
  
 NOTE: if you want to override packages coming from an existing feed, you must write your custom feed ABOVE the line of the package feed containing the packages you want to override, as shown in the examples above. NOTE: if you want to override packages coming from an existing feed, you must write your custom feed ABOVE the line of the package feed containing the packages you want to override, as shown in the examples above.
 +
 +==== Restricting root access ====
 +Create a non-privileged admin user and lock root password.
 +Configure privilege elevation with sudo.
 +Set up key-based authentication and disable password authentication for Dropbear.
 +
 +<code bash>
 +mkdir -p files/etc/uci-defaults
 +cat << "EOF" > files/etc/uci-defaults/99-custom
 +USER_NAME="admin"
 +USER_SSHPUB="SSH_PUBLIC_KEY"
 +USER_SHELL="/bin/ash"
 +SUDO_USER="root"
 +SUDO_GROUP="sudo"
 +groupadd -r "${SUDO_GROUP}"
 +useradd -m -G "${SUDO_GROUP}" -s "${USER_SHELL}" "${USER_NAME}"
 +passwd -l "${SUDO_USER}"
 +cat << EOI > /etc/sudoers.d/00-custom
 +%${SUDO_GROUP} ALL=(ALL) ALL
 +EOI
 +USER_HOME="$(eval echo ~"${USER_NAME}")"
 +mkdir -p "${USER_HOME}"/.ssh
 +cat << EOI > "${USER_HOME}"/.ssh/authorized_keys
 +${USER_SSHPUB}
 +EOI
 +uci set dropbear.@dropbear[0].PasswordAuth="0"
 +uci set dropbear.@dropbear[0].RootPasswordAuth="0"
 +uci commit dropbear
 +/etc/init.d/dropbear restart
 +EOF
 +make image \
 +FILES="files" \
 +PACKAGES="nano shadow sudo"
 +</code>
  
 ==== Adding/modifying profiles ==== ==== Adding/modifying profiles ====
-The image generation is tied to the profile names.+ 
 +<WRAP important> 
 +Examples below may contain version dependent / legacy information and are for informational purposes. They are very low level so expect to have a good level of skill and familiarity with the ImageBuilder / OpenWrt in general.  
 +</WRAP> 
 + 
 +The image building is tied to the profile names.
 If you add a new profile without also adding an appropriate macro to the image-generation Makefile, no suitable firmware file will get generated when using the custom profile. If you add a new profile without also adding an appropriate macro to the image-generation Makefile, no suitable firmware file will get generated when using the custom profile.
 Remove the ''/tmp'' directory to properly apply the modified package selection from profiles. Remove the ''/tmp'' directory to properly apply the modified package selection from profiles.
Line 308: Line 368:
  
 Note that it requires patching of the ''Makefile'' Note that it requires patching of the ''Makefile''
 +
 +It is based on older Chaos Calmer era code... and not applicable to modern ImageBuilders but useful as a reference...
 </WRAP> </WRAP>
  
Line 343: Line 405:
 <code bash> <code bash>
 make image \ make image \
-    PROFILE=tlwr841 \ +PROFILE="tlwr841
-    PACKAGES="igmpproxy ip iptraf kmod-ipt-nathelper-extra openvpn-polarssl tcpdump-mini -firewall -ip6tables -kmod-ip6tables -kmod-ipv6 -odhcp6c -ppp -ppp-mod-pppoe"+PACKAGES="igmpproxy ip iptraf kmod-ipt-nathelper-extra openvpn-polarssl tcpdump-mini -firewall -ip6tables -kmod-ip6tables -kmod-ipv6 -odhcp6c -ppp -ppp-mod-pppoe"
-    FILES_REMOVE="files_remove"+FILES_REMOVE="files_remove"
 </code> </code>
- 
  • Last modified: 2024/09/20 19:32
  • by lessload