添加openwrt_logs忽略文件夹

尝试支持photonicat
update wwan
2025-04-08 18:16:34 +08:00 · 2025-04-08 18:09:56 +08:00 · 2025-03-14 20:44:12 +08:00 · 2025-02-05 14:22:15 +08:00 · 2025-02-05 14:21:01 +08:00 · 2025-02-05 14:17:37 +08:00
18909 changed files with 3240014 additions and 1737296 deletions
--- a/.github/workflows/openwrt-ci.yml
+++ b/.github/workflows/openwrt-ci.yml
@@ -1,69 +1,88 @@
-#
-# This is free software, lisence use MIT.
-# 
-# Copyright (C) 2019 P3TERX <https://p3terx.com>
-# Copyright (C) 2019 KFERMercer <KFER.Mercer@gmail.com>
 # 
 # <https://github.com/KFERMercer/OpenWrt-CI>
-# 
-
+#
+# Copyright (C) 2019 P3TERX
+#
+# Copyright (C) 2020 KFERMercer
+#
 name: OpenWrt-CI

 on:
  schedule:
    - cron: 0 20 * * *
-  watch:
-    types: started
+
+permissions:
+  contents: read

 jobs:

-  build:
+  build_openwrt:

-    runs-on: ubuntu-latest
-    if: github.event.repository.owner.id == github.event.sender.id
+    name: Build OpenWrt Firmware
+
+    runs-on: ubuntu-22.04

    steps:
-      - name: Checkout
-        uses: actions/checkout@master
-        with:
-          ref: master
-          fetch-depth: 1000000
-
-      - name: Space cleanup
+      - name: Space cleanup and Initialization environment
        env:
          DEBIAN_FRONTEND: noninteractive
        run: |
          docker rmi `docker images -q`
-          sudo rm -rf /usr/share/dotnet /etc/mysql /etc/php /etc/apt/sources.list.d
-          sudo -E apt-get -y purge azure-cli ghc* zulu* hhvm llvm* firefox google* dotnet* powershell openjdk* mysql* php*
-          sudo -E apt-get update
-          sudo -E apt-get -y install build-essential asciidoc binutils bzip2 gawk gettext git libncurses5-dev libz-dev patch python3 unzip zlib1g-dev lib32gcc1 libc6-dev-i386 subversion flex uglifyjs gcc-multilib g++-multilib p7zip p7zip-full msmtp libssl-dev texinfo libglib2.0-dev xmlto qemu-utils upx libelf-dev autoconf automake libtool autopoint device-tree-compiler antlr3 gperf
-          sudo -E apt-get -y autoremove --purge
-          sudo -E apt-get clean
-
-          # 利用挂载在 /mnt/ 的 14G 额外空间:
-          # sudo mkdir -p -m 777 /mnt/openwrt/bin /mnt/openwrt/build_dir/host /mnt/openwrt/build_dir/hostpkg /mnt/openwrt/dl /mnt/openwrt/feeds /mnt/openwrt/staging_dir
-          # ln -s /mnt/openwrt/bin ./bin
-          # mkdir -p ./build_dir/host && ln -s /mnt/openwrt/build_dir/host ./build_dir/host
-          # mkdir -p ./build_dir/host && ln -s /mnt/openwrt/build_dir/hostpkg ./build_dir/hostpkg
-          # ln -s /mnt/openwrt/dl ./dl
-          # ln -s /mnt/openwrt/feeds ./feeds
-          # ln -s /mnt/openwrt/staging_dir ./staging_dir
-
-          df -h
+          sudo -E rm -rf /usr/share/dotnet /etc/mysql /etc/php /etc/apt/sources.list.d /usr/local/lib/android
+          sudo -E apt-mark hold grub-efi-amd64-signed
+          sudo -E apt update
+          sudo -E apt -y purge azure-cli* docker* ghc* zulu* llvm* firefox google* dotnet* powershell* openjdk* mysql* php* mongodb* dotnet* snap*
+          sudo -E apt -y full-upgrade
+          sudo -E apt -y install ack antlr3 asciidoc autoconf automake autopoint binutils bison build-essential bzip2 ccache clang cmake cpio curl device-tree-compiler flex gawk gcc-multilib g++-multilib gettext genisoimage git gperf haveged help2man intltool libc6-dev-i386 libelf-dev libfuse-dev libglib2.0-dev libgmp3-dev libltdl-dev libmpc-dev libmpfr-dev libncurses5-dev libncursesw5-dev libpython3-dev libreadline-dev libssl-dev libtool llvm lrzsz msmtp ninja-build p7zip p7zip-full patch pkgconf python3 python3-pyelftools python3-setuptools qemu-utils rsync scons squashfs-tools subversion swig texinfo uglifyjs upx-ucl unzip vim wget xmlto xxd zlib1g-dev
+          sudo -E systemctl daemon-reload
+          sudo -E apt -y autoremove --purge
+          sudo -E apt clean
+          sudo -E timedatectl set-timezone "Asia/Shanghai"

+      - name: Checkout OpenWrt
+        uses: actions/checkout@v4
+        
      - name: Update feeds
        run: |
          ./scripts/feeds update -a
-          ./scripts/feeds install -a
-
+          ./scripts/feeds install -a -f
+          echo '
+          CONFIG_TARGET_rockchip=y
+          CONFIG_TARGET_rockchip_armv8=y
+          CONFIG_TARGET_MULTI_PROFILE=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_embedfire_doornet1=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_embedfire_doornet2=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_embedfire_lubancat-1=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_embedfire_lubancat-1n=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_embedfire_lubancat-2=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_embedfire_lubancat-2n=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_embedfire_lubancat-4=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_embedfire_lubancat-5=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_friendlyarm_nanopc-t6=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_friendlyarm_nanopi-r2c=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_friendlyarm_nanopi-r2s=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_friendlyarm_nanopi-r4s=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_friendlyarm_nanopi-r4se=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_friendlyarm_nanopi-r5c=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_friendlyarm_nanopi-r5s=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_friendlyarm_nanopi-r6c=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_friendlyarm_nanopi-r6s=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_hinlink_h88k=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_hinlink_opc-h66k=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_hinlink_opc-h68k=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_hinlink_opc-h69k=y
+          CONFIG_TARGET_DEVICE_rockchip_armv8_DEVICE_radxa_zero-3e=y
+          CONFIG_TARGET_KERNEL_PARTSIZE=64
+          CONFIG_TARGET_ROOTFS_PARTSIZE=512
+          CONFIG_TARGET_ROOTFS_TARGZ=y
+          CONFIG_TARGET_ROOTFS_EXT4FS=y
+          CONFIG_TARGET_ROOTFS_SQUASHFS=y
+          ' >> .config
      - name: Generate configuration file
        run: make defconfig

-      - name: Make download
-        run: |
-          make download -j8
-          find dl -size -1024c -exec rm -f {} \;
+      - name: Download packages
+        run: make download -j16

      - name: Compile firmware
        run: |
@@ -78,10 +97,28 @@ jobs:
          du -h --max-depth=1 ./bin

      - name: Prepare artifact
-        run: find ./bin/targets/ -type d -name "packages" | xargs rm -rf {}
+        run: |
+          mkdir -p ./artifact/package
+          mkdir -p ./artifact/buildinfo
+          rm -rf $(find ./bin/targets/ -type d -name "packages")
+          cp -rf $(find ./bin/packages/ -type f -name "*.ipk") ./artifact/package/
+          cp -rf $(find ./bin/targets/ -type f -name "*.buildinfo" -o -name "*.manifest") ./artifact/buildinfo/

-      - name: Upload artifact
-        uses: actions/upload-artifact@master
+      - name: Upload buildinfo
+        uses: actions/upload-artifact@v4
+        with:
+          name: OpenWrt_buildinfo
+          path: ./artifact/buildinfo/
+
+      - name: Upload package
+        uses: actions/upload-artifact@v4
+        with:
+          name: OpenWrt_package
+          path: ./artifact/package/
+
+      - name: Upload firmware
+        uses: actions/upload-artifact@v4
        with:
          name: OpenWrt_firmware
          path: ./bin/targets/
+          
--- a/.gitignore
+++ b/.gitignore
@@ -1,28 +1,33 @@
-*.o
-.DS_Store
-.*.swp
-/env
-/dl
-/.config
-/.config.old
-/bin
-/build_dir
-/staging_dir
-/tmp
-/logs
-/feeds
-/feeds.conf
-/files
-/overlay
-/package/feeds
-/package/openwrt-packages
-key-build*
-*.orig
-*.rej
-*~
-.#*
-*#
-.emacs.desktop*
-TAGS*~
-git-src
-.git-credentials
+*.o
+.DS_Store
+.*.swp
+/env
+/dl
+/.config
+/.config.old
+/bin
+/build_dir
+/staging_dir
+/tmp
+/logs
+/feeds
+/feeds.conf
+/files
+/overlay
+/package/feeds
+/package/openwrt-packages
+/*.patch
+key-build*
+*.orig
+*.rej
+*~
+.#*
+*#
+.emacs.desktop*
+TAGS*~
+git-src
+.project
+.cproject
+.ccache
+.vscode*
+/openwrt_logs
--- a/7
+++ b/7
@@ -1,7 +1,6 @@
+# SPDX-License-Identifier: GPL-2.0-only
+#
 # Copyright (C) 2006 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+
 world ${.TARGETS}:
 	@gmake $@
--- a/12
+++ b/12
@@ -0,0 +1,12 @@
+OpenWrt is provided under:
+
+	SPDX-License-Identifier: GPL-2.0-only
+
+Being under the terms of the GNU General Public License version 2 only,
+according with:
+
+	LICENSES/GPL-2.0
+
+In addition, other licenses may also apply.
+
+All contributions to OpenWrt are subject to this COPYING file.
--- a/Config.in
+++ b/Config.in
@@ -1,13 +1,11 @@
+# SPDX-License-Identifier: GPL-2.0-only
+#
 # Copyright (C) 2006-2013 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#

 mainmenu "OpenWrt Configuration"

 config MODULES
-	option modules
+	modules
 	bool
 	default y

@@ -15,6 +13,14 @@ config HAVE_DOT_CONFIG
 	bool
 	default y

+HOST_OS := $(shell, uname)
+
+config HOST_OS_LINUX
+	def_bool $(shell, ./config/check-uname.sh Linux)
+
+config HOST_OS_MACOS
+	def_bool $(shell, ./config/check-uname.sh Darwin)
+
 source "target/Config.in"

 source "config/Config-images.in"
--- a/340
+++ b/340
@@ -1,340 +0,0 @@
-		    GNU GENERAL PUBLIC LICENSE
-		       Version 2, June 1991
-
- Copyright (C) 1989, 1991 Free Software Foundation, Inc.
-     59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-			    Preamble
-
-  The licenses for most software are designed to take away your
-freedom to share and change it.  By contrast, the GNU General Public
-License is intended to guarantee your freedom to share and change free
-software--to make sure the software is free for all its users.  This
-General Public License applies to most of the Free Software
-Foundation's software and to any other program whose authors commit to
-using it.  (Some other Free Software Foundation software is covered by
-the GNU Library General Public License instead.)  You can apply it to
-your programs, too.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-this service if you wish), that you receive source code or can get it
-if you want it, that you can change the software or use pieces of it
-in new free programs; and that you know you can do these things.
-
-  To protect your rights, we need to make restrictions that forbid
-anyone to deny you these rights or to ask you to surrender the rights.
-These restrictions translate to certain responsibilities for you if you
-distribute copies of the software, or if you modify it.
-
-  For example, if you distribute copies of such a program, whether
-gratis or for a fee, you must give the recipients all the rights that
-you have.  You must make sure that they, too, receive or can get the
-source code.  And you must show them these terms so they know their
-rights.
-
-  We protect your rights with two steps: (1) copyright the software, and
-(2) offer you this license which gives you legal permission to copy,
-distribute and/or modify the software.
-
-  Also, for each author's protection and ours, we want to make certain
-that everyone understands that there is no warranty for this free
-software.  If the software is modified by someone else and passed on, we
-want its recipients to know that what they have is not the original, so
-that any problems introduced by others will not reflect on the original
-authors' reputations.
-
-  Finally, any free program is threatened constantly by software
-patents.  We wish to avoid the danger that redistributors of a free
-program will individually obtain patent licenses, in effect making the
-program proprietary.  To prevent this, we have made it clear that any
-patent must be licensed for everyone's free use or not licensed at all.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-		    GNU GENERAL PUBLIC LICENSE
-   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
-
-  0. This License applies to any program or other work which contains
-a notice placed by the copyright holder saying it may be distributed
-under the terms of this General Public License.  The "Program", below,
-refers to any such program or work, and a "work based on the Program"
-means either the Program or any derivative work under copyright law:
-that is to say, a work containing the Program or a portion of it,
-either verbatim or with modifications and/or translated into another
-language.  (Hereinafter, translation is included without limitation in
-the term "modification".)  Each licensee is addressed as "you".
-
-Activities other than copying, distribution and modification are not
-covered by this License; they are outside its scope.  The act of
-running the Program is not restricted, and the output from the Program
-is covered only if its contents constitute a work based on the
-Program (independent of having been made by running the Program).
-Whether that is true depends on what the Program does.
-
-  1. You may copy and distribute verbatim copies of the Program's
-source code as you receive it, in any medium, provided that you
-conspicuously and appropriately publish on each copy an appropriate
-copyright notice and disclaimer of warranty; keep intact all the
-notices that refer to this License and to the absence of any warranty;
-and give any other recipients of the Program a copy of this License
-along with the Program.
-
-You may charge a fee for the physical act of transferring a copy, and
-you may at your option offer warranty protection in exchange for a fee.
-
-  2. You may modify your copy or copies of the Program or any portion
-of it, thus forming a work based on the Program, and copy and
-distribute such modifications or work under the terms of Section 1
-above, provided that you also meet all of these conditions:
-
-    a) You must cause the modified files to carry prominent notices
-    stating that you changed the files and the date of any change.
-
-    b) You must cause any work that you distribute or publish, that in
-    whole or in part contains or is derived from the Program or any
-    part thereof, to be licensed as a whole at no charge to all third
-    parties under the terms of this License.
-
-    c) If the modified program normally reads commands interactively
-    when run, you must cause it, when started running for such
-    interactive use in the most ordinary way, to print or display an
-    announcement including an appropriate copyright notice and a
-    notice that there is no warranty (or else, saying that you provide
-    a warranty) and that users may redistribute the program under
-    these conditions, and telling the user how to view a copy of this
-    License.  (Exception: if the Program itself is interactive but
-    does not normally print such an announcement, your work based on
-    the Program is not required to print an announcement.)
-
-These requirements apply to the modified work as a whole.  If
-identifiable sections of that work are not derived from the Program,
-and can be reasonably considered independent and separate works in
-themselves, then this License, and its terms, do not apply to those
-sections when you distribute them as separate works.  But when you
-distribute the same sections as part of a whole which is a work based
-on the Program, the distribution of the whole must be on the terms of
-this License, whose permissions for other licensees extend to the
-entire whole, and thus to each and every part regardless of who wrote it.
-
-Thus, it is not the intent of this section to claim rights or contest
-your rights to work written entirely by you; rather, the intent is to
-exercise the right to control the distribution of derivative or
-collective works based on the Program.
-
-In addition, mere aggregation of another work not based on the Program
-with the Program (or with a work based on the Program) on a volume of
-a storage or distribution medium does not bring the other work under
-the scope of this License.
-
-  3. You may copy and distribute the Program (or a work based on it,
-under Section 2) in object code or executable form under the terms of
-Sections 1 and 2 above provided that you also do one of the following:
-
-    a) Accompany it with the complete corresponding machine-readable
-    source code, which must be distributed under the terms of Sections
-    1 and 2 above on a medium customarily used for software interchange; or,
-
-    b) Accompany it with a written offer, valid for at least three
-    years, to give any third party, for a charge no more than your
-    cost of physically performing source distribution, a complete
-    machine-readable copy of the corresponding source code, to be
-    distributed under the terms of Sections 1 and 2 above on a medium
-    customarily used for software interchange; or,
-
-    c) Accompany it with the information you received as to the offer
-    to distribute corresponding source code.  (This alternative is
-    allowed only for noncommercial distribution and only if you
-    received the program in object code or executable form with such
-    an offer, in accord with Subsection b above.)
-
-The source code for a work means the preferred form of the work for
-making modifications to it.  For an executable work, complete source
-code means all the source code for all modules it contains, plus any
-associated interface definition files, plus the scripts used to
-control compilation and installation of the executable.  However, as a
-special exception, the source code distributed need not include
-anything that is normally distributed (in either source or binary
-form) with the major components (compiler, kernel, and so on) of the
-operating system on which the executable runs, unless that component
-itself accompanies the executable.
-
-If distribution of executable or object code is made by offering
-access to copy from a designated place, then offering equivalent
-access to copy the source code from the same place counts as
-distribution of the source code, even though third parties are not
-compelled to copy the source along with the object code.
-
-  4. You may not copy, modify, sublicense, or distribute the Program
-except as expressly provided under this License.  Any attempt
-otherwise to copy, modify, sublicense or distribute the Program is
-void, and will automatically terminate your rights under this License.
-However, parties who have received copies, or rights, from you under
-this License will not have their licenses terminated so long as such
-parties remain in full compliance.
-
-  5. You are not required to accept this License, since you have not
-signed it.  However, nothing else grants you permission to modify or
-distribute the Program or its derivative works.  These actions are
-prohibited by law if you do not accept this License.  Therefore, by
-modifying or distributing the Program (or any work based on the
-Program), you indicate your acceptance of this License to do so, and
-all its terms and conditions for copying, distributing or modifying
-the Program or works based on it.
-
-  6. Each time you redistribute the Program (or any work based on the
-Program), the recipient automatically receives a license from the
-original licensor to copy, distribute or modify the Program subject to
-these terms and conditions.  You may not impose any further
-restrictions on the recipients' exercise of the rights granted herein.
-You are not responsible for enforcing compliance by third parties to
-this License.
-
-  7. If, as a consequence of a court judgment or allegation of patent
-infringement or for any other reason (not limited to patent issues),
-conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot
-distribute so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you
-may not distribute the Program at all.  For example, if a patent
-license would not permit royalty-free redistribution of the Program by
-all those who receive copies directly or indirectly through you, then
-the only way you could satisfy both it and this License would be to
-refrain entirely from distribution of the Program.
-
-If any portion of this section is held invalid or unenforceable under
-any particular circumstance, the balance of the section is intended to
-apply and the section as a whole is intended to apply in other
-circumstances.
-
-It is not the purpose of this section to induce you to infringe any
-patents or other property right claims or to contest validity of any
-such claims; this section has the sole purpose of protecting the
-integrity of the free software distribution system, which is
-implemented by public license practices.  Many people have made
-generous contributions to the wide range of software distributed
-through that system in reliance on consistent application of that
-system; it is up to the author/donor to decide if he or she is willing
-to distribute software through any other system and a licensee cannot
-impose that choice.
-
-This section is intended to make thoroughly clear what is believed to
-be a consequence of the rest of this License.
-
-  8. If the distribution and/or use of the Program is restricted in
-certain countries either by patents or by copyrighted interfaces, the
-original copyright holder who places the Program under this License
-may add an explicit geographical distribution limitation excluding
-those countries, so that distribution is permitted only in or among
-countries not thus excluded.  In such case, this License incorporates
-the limitation as if written in the body of this License.
-
-  9. The Free Software Foundation may publish revised and/or new versions
-of the General Public License from time to time.  Such new versions will
-be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-Each version is given a distinguishing version number.  If the Program
-specifies a version number of this License which applies to it and "any
-later version", you have the option of following the terms and conditions
-either of that version or of any later version published by the Free
-Software Foundation.  If the Program does not specify a version number of
-this License, you may choose any version ever published by the Free Software
-Foundation.
-
-  10. If you wish to incorporate parts of the Program into other free
-programs whose distribution conditions are different, write to the author
-to ask for permission.  For software which is copyrighted by the Free
-Software Foundation, write to the Free Software Foundation; we sometimes
-make exceptions for this.  Our decision will be guided by the two goals
-of preserving the free status of all derivatives of our free software and
-of promoting the sharing and reuse of software generally.
-
-			    NO WARRANTY
-
-  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
-FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
-OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
-PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
-OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
-TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
-PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
-REPAIR OR CORRECTION.
-
-  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
-REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
-INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
-OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
-TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
-YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
-PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGES.
-
-		     END OF TERMS AND CONDITIONS
-
-	    How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-convey the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
-
-    This program is free software; you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation; either version 2 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with this program; if not, write to the Free Software
-    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
-
-
-Also add information on how to contact you by electronic and paper mail.
-
-If the program is interactive, make it output a short notice like this
-when it starts in an interactive mode:
-
-    Gnomovision version 69, Copyright (C) year  name of author
-    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
-    This is free software, and you are welcome to redistribute it
-    under certain conditions; type `show c' for details.
-
-The hypothetical commands `show w' and `show c' should show the appropriate
-parts of the General Public License.  Of course, the commands you use may
-be called something other than `show w' and `show c'; they could even be
-mouse-clicks or menu items--whatever suits your program.
-
-You should also get your employer (if you work as a programmer) or your
-school, if any, to sign a "copyright disclaimer" for the program, if
-necessary.  Here is a sample; alter the names:
-
-  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
-  `Gnomovision' (which makes passes at compilers) written by James Hacker.
-
-  <signature of Ty Coon>, 1 April 1989
-  Ty Coon, President of Vice
-
-This General Public License does not permit incorporating your program into
-proprietary programs.  If your program is a subroutine library, you may
-consider it more useful to permit linking proprietary applications with the
-library.  If this is what you want to do, use the GNU Library General
-Public License instead of this License.
--- a/LICENSES/BSD-2-Clause
+++ b/LICENSES/BSD-2-Clause
@@ -0,0 +1,32 @@
+Valid-License-Identifier: BSD-2-Clause
+SPDX-URL: https://spdx.org/licenses/BSD-2-Clause.html
+Usage-Guide:
+  To use the BSD 2-clause "Simplified" License put the following SPDX
+  tag/value pair into a comment according to the placement guidelines in
+  the licensing rules documentation:
+    SPDX-License-Identifier: BSD-2-Clause
+License-Text:
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice,
+   this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
--- a/LICENSES/BSD-3-Clause
+++ b/LICENSES/BSD-3-Clause
@@ -0,0 +1,36 @@
+Valid-License-Identifier: BSD-3-Clause
+SPDX-URL: https://spdx.org/licenses/BSD-3-Clause.html
+Usage-Guide:
+  To use the BSD 3-clause "New" or "Revised" License put the following SPDX
+  tag/value pair into a comment according to the placement guidelines in
+  the licensing rules documentation:
+    SPDX-License-Identifier: BSD-3-Clause
+License-Text:
+
+Copyright (c) <year> <owner> . All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions are met:
+
+1. Redistributions of source code must retain the above copyright notice,
+   this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+
+3. Neither the name of the copyright holder nor the names of its
+   contributors may be used to endorse or promote products derived from this
+   software without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
+AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
+LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGE.
--- a/LICENSES/GPL-1.0
+++ b/LICENSES/GPL-1.0
@@ -0,0 +1,261 @@
+Valid-License-Identifier: GPL-1.0-or-later
+Valid-License-Identifier: GPL-1.0+
+SPDX-URL: https://spdx.org/licenses/GPL-1.0.html
+Usage-Guide:
+  The GNU General Public License (GPL) version 1 should not be used in new
+  code. For existing kernel code the 'or any later version' option is
+  required to be compatible with the general license of the project: GPLv2.
+  To use the license in source code, put the following SPDX tag/value pair
+  into a comment according to the placement guidelines in the licensing
+  rules documentation:
+    SPDX-License-Identifier: GPL-1.0-or-later
+License-Text:
+
+	    GNU GENERAL PUBLIC LICENSE
+	     Version 1, February 1989
+
+ Copyright (C) 1989 Free Software Foundation, Inc.
+                    675 Mass Ave, Cambridge, MA 02139, USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The license agreements of most software companies try to keep users
+at the mercy of those companies.  By contrast, our General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  The
+General Public License applies to the Free Software Foundation's
+software and to any other program whose authors commit to using it.
+You can use it for your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Specifically, the General Public License is designed to make
+sure that you have the freedom to give away or sell copies of free
+software, that you receive source code or can get it if you want it,
+that you can change the software or use pieces of it in new free
+programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of a such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must tell them their rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License Agreement applies to any program or other work which
+contains a notice placed by the copyright holder saying it may be
+distributed under the terms of this General Public License.  The
+"Program", below, refers to any such program or work, and a "work based
+on the Program" means either the Program or any work containing the
+Program or a portion of it, either verbatim or with modifications.  Each
+licensee is addressed as "you".
+
+  1. You may copy and distribute verbatim copies of the Program's source
+code as you receive it, in any medium, provided that you conspicuously and
+appropriately publish on each copy an appropriate copyright notice and
+disclaimer of warranty; keep intact all the notices that refer to this
+General Public License and to the absence of any warranty; and give any
+other recipients of the Program a copy of this General Public License
+along with the Program.  You may charge a fee for the physical act of
+transferring a copy.
+
+  2. You may modify your copy or copies of the Program or any portion of
+it, and copy and distribute such modifications under the terms of Paragraph
+1 above, provided that you also do the following:
+
+    a) cause the modified files to carry prominent notices stating that
+    you changed the files and the date of any change; and
+
+    b) cause the whole of any work that you distribute or publish, that
+    in whole or in part contains the Program or any part thereof, either
+    with or without modifications, to be licensed at no charge to all
+    third parties under the terms of this General Public License (except
+    that you may choose to grant warranty protection to some or all
+    third parties, at your option).
+
+    c) If the modified program normally reads commands interactively when
+    run, you must cause it, when started running for such interactive use
+    in the simplest and most usual way, to print or display an
+    announcement including an appropriate copyright notice and a notice
+    that there is no warranty (or else, saying that you provide a
+    warranty) and that users may redistribute the program under these
+    conditions, and telling the user how to view a copy of this General
+    Public License.
+
+    d) You may charge a fee for the physical act of transferring a
+    copy, and you may at your option offer warranty protection in
+    exchange for a fee.
+
+Mere aggregation of another independent work with the Program (or its
+derivative) on a volume of a storage or distribution medium does not bring
+the other work under the scope of these terms.
+
+  3. You may copy and distribute the Program (or a portion or derivative of
+it, under Paragraph 2) in object code or executable form under the terms of
+Paragraphs 1 and 2 above provided that you also do one of the following:
+
+    a) accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of
+    Paragraphs 1 and 2 above; or,
+
+    b) accompany it with a written offer, valid for at least three
+    years, to give any third party free (except for a nominal charge
+    for the cost of distribution) a complete machine-readable copy of the
+    corresponding source code, to be distributed under the terms of
+    Paragraphs 1 and 2 above; or,
+
+    c) accompany it with the information you received as to where the
+    corresponding source code may be obtained.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form alone.)
+
+Source code for a work means the preferred form of the work for making
+modifications to it.  For an executable file, complete source code means
+all the source code for all modules it contains; but, as a special
+exception, it need not include source code for modules which are standard
+libraries that accompany the operating system on which the executable
+file runs, or for standard header files or definitions files that
+accompany that operating system.
+
+  4. You may not copy, modify, sublicense, distribute or transfer the
+Program except as expressly provided under this General Public License.
+Any attempt otherwise to copy, modify, sublicense, distribute or transfer
+the Program is void, and will automatically terminate your rights to use
+the Program under this License.  However, parties who have received
+copies, or rights to use copies, from you under this General Public
+License will not have their licenses terminated so long as such parties
+remain in full compliance.
+
+  5. By copying, distributing or modifying the Program (or any work based
+on the Program) you indicate your acceptance of this license to do so,
+and all its terms and conditions.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the original
+licensor to copy, distribute or modify the Program subject to these
+terms and conditions.  You may not impose any further restrictions on the
+recipients' exercise of the rights granted herein.
+
+  7. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of the license which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+the license, you may choose any version ever published by the Free Software
+Foundation.
+
+  8. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  9. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  10. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	Appendix: How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to humanity, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these
+terms.
+
+  To do so, attach the following notices to the program.  It is safest to
+attach them to the start of each source file to most effectively convey
+the exclusion of warranty; and each file should have at least the
+"copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) 19yy  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 1, or (at your option)
+    any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) 19xx name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the
+appropriate parts of the General Public License.  Of course, the
+commands you use may be called something other than `show w' and `show
+c'; they could even be mouse-clicks or menu items--whatever suits your
+program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the
+  program `Gnomovision' (a program to direct compilers to make passes
+  at assemblers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+That's all there is to it!
--- a/LICENSES/GPL-2.0
+++ b/LICENSES/GPL-2.0
@@ -0,0 +1,355 @@
+Valid-License-Identifier: GPL-2.0-only
+Valid-License-Identifier: GPL-2.0
+Valid-License-Identifier: GPL-2.0-or-later
+Valid-License-Identifier: GPL-2.0+
+SPDX-URL: https://spdx.org/licenses/GPL-2.0.html
+Usage-Guide:
+  To use this license in source code, put one of the following SPDX
+  tag/value pairs into a comment according to the placement
+  guidelines in the licensing rules documentation.
+  For 'GNU General Public License (GPL) version 2 only' use:
+    SPDX-License-Identifier: GPL-2.0-only
+  For 'GNU General Public License (GPL) version 2 or any later version' use:
+    SPDX-License-Identifier: GPL-2.0-or-later
+License-Text:
+
+		    GNU GENERAL PUBLIC LICENSE
+		       Version 2, June 1991
+
+ Copyright (C) 1989, 1991 Free Software Foundation, Inc.
+                       51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+ Everyone is permitted to copy and distribute verbatim copies
+ of this license document, but changing it is not allowed.
+
+			    Preamble
+
+  The licenses for most software are designed to take away your
+freedom to share and change it.  By contrast, the GNU General Public
+License is intended to guarantee your freedom to share and change free
+software--to make sure the software is free for all its users.  This
+General Public License applies to most of the Free Software
+Foundation's software and to any other program whose authors commit to
+using it.  (Some other Free Software Foundation software is covered by
+the GNU Library General Public License instead.)  You can apply it to
+your programs, too.
+
+  When we speak of free software, we are referring to freedom, not
+price.  Our General Public Licenses are designed to make sure that you
+have the freedom to distribute copies of free software (and charge for
+this service if you wish), that you receive source code or can get it
+if you want it, that you can change the software or use pieces of it
+in new free programs; and that you know you can do these things.
+
+  To protect your rights, we need to make restrictions that forbid
+anyone to deny you these rights or to ask you to surrender the rights.
+These restrictions translate to certain responsibilities for you if you
+distribute copies of the software, or if you modify it.
+
+  For example, if you distribute copies of such a program, whether
+gratis or for a fee, you must give the recipients all the rights that
+you have.  You must make sure that they, too, receive or can get the
+source code.  And you must show them these terms so they know their
+rights.
+
+  We protect your rights with two steps: (1) copyright the software, and
+(2) offer you this license which gives you legal permission to copy,
+distribute and/or modify the software.
+
+  Also, for each author's protection and ours, we want to make certain
+that everyone understands that there is no warranty for this free
+software.  If the software is modified by someone else and passed on, we
+want its recipients to know that what they have is not the original, so
+that any problems introduced by others will not reflect on the original
+authors' reputations.
+
+  Finally, any free program is threatened constantly by software
+patents.  We wish to avoid the danger that redistributors of a free
+program will individually obtain patent licenses, in effect making the
+program proprietary.  To prevent this, we have made it clear that any
+patent must be licensed for everyone's free use or not licensed at all.
+
+  The precise terms and conditions for copying, distribution and
+modification follow.
+
+		    GNU GENERAL PUBLIC LICENSE
+   TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
+
+  0. This License applies to any program or other work which contains
+a notice placed by the copyright holder saying it may be distributed
+under the terms of this General Public License.  The "Program", below,
+refers to any such program or work, and a "work based on the Program"
+means either the Program or any derivative work under copyright law:
+that is to say, a work containing the Program or a portion of it,
+either verbatim or with modifications and/or translated into another
+language.  (Hereinafter, translation is included without limitation in
+the term "modification".)  Each licensee is addressed as "you".
+
+Activities other than copying, distribution and modification are not
+covered by this License; they are outside its scope.  The act of
+running the Program is not restricted, and the output from the Program
+is covered only if its contents constitute a work based on the
+Program (independent of having been made by running the Program).
+Whether that is true depends on what the Program does.
+
+  1. You may copy and distribute verbatim copies of the Program's
+source code as you receive it, in any medium, provided that you
+conspicuously and appropriately publish on each copy an appropriate
+copyright notice and disclaimer of warranty; keep intact all the
+notices that refer to this License and to the absence of any warranty;
+and give any other recipients of the Program a copy of this License
+along with the Program.
+
+You may charge a fee for the physical act of transferring a copy, and
+you may at your option offer warranty protection in exchange for a fee.
+
+  2. You may modify your copy or copies of the Program or any portion
+of it, thus forming a work based on the Program, and copy and
+distribute such modifications or work under the terms of Section 1
+above, provided that you also meet all of these conditions:
+
+    a) You must cause the modified files to carry prominent notices
+    stating that you changed the files and the date of any change.
+
+    b) You must cause any work that you distribute or publish, that in
+    whole or in part contains or is derived from the Program or any
+    part thereof, to be licensed as a whole at no charge to all third
+    parties under the terms of this License.
+
+    c) If the modified program normally reads commands interactively
+    when run, you must cause it, when started running for such
+    interactive use in the most ordinary way, to print or display an
+    announcement including an appropriate copyright notice and a
+    notice that there is no warranty (or else, saying that you provide
+    a warranty) and that users may redistribute the program under
+    these conditions, and telling the user how to view a copy of this
+    License.  (Exception: if the Program itself is interactive but
+    does not normally print such an announcement, your work based on
+    the Program is not required to print an announcement.)
+
+These requirements apply to the modified work as a whole.  If
+identifiable sections of that work are not derived from the Program,
+and can be reasonably considered independent and separate works in
+themselves, then this License, and its terms, do not apply to those
+sections when you distribute them as separate works.  But when you
+distribute the same sections as part of a whole which is a work based
+on the Program, the distribution of the whole must be on the terms of
+this License, whose permissions for other licensees extend to the
+entire whole, and thus to each and every part regardless of who wrote it.
+
+Thus, it is not the intent of this section to claim rights or contest
+your rights to work written entirely by you; rather, the intent is to
+exercise the right to control the distribution of derivative or
+collective works based on the Program.
+
+In addition, mere aggregation of another work not based on the Program
+with the Program (or with a work based on the Program) on a volume of
+a storage or distribution medium does not bring the other work under
+the scope of this License.
+
+  3. You may copy and distribute the Program (or a work based on it,
+under Section 2) in object code or executable form under the terms of
+Sections 1 and 2 above provided that you also do one of the following:
+
+    a) Accompany it with the complete corresponding machine-readable
+    source code, which must be distributed under the terms of Sections
+    1 and 2 above on a medium customarily used for software interchange; or,
+
+    b) Accompany it with a written offer, valid for at least three
+    years, to give any third party, for a charge no more than your
+    cost of physically performing source distribution, a complete
+    machine-readable copy of the corresponding source code, to be
+    distributed under the terms of Sections 1 and 2 above on a medium
+    customarily used for software interchange; or,
+
+    c) Accompany it with the information you received as to the offer
+    to distribute corresponding source code.  (This alternative is
+    allowed only for noncommercial distribution and only if you
+    received the program in object code or executable form with such
+    an offer, in accord with Subsection b above.)
+
+The source code for a work means the preferred form of the work for
+making modifications to it.  For an executable work, complete source
+code means all the source code for all modules it contains, plus any
+associated interface definition files, plus the scripts used to
+control compilation and installation of the executable.  However, as a
+special exception, the source code distributed need not include
+anything that is normally distributed (in either source or binary
+form) with the major components (compiler, kernel, and so on) of the
+operating system on which the executable runs, unless that component
+itself accompanies the executable.
+
+If distribution of executable or object code is made by offering
+access to copy from a designated place, then offering equivalent
+access to copy the source code from the same place counts as
+distribution of the source code, even though third parties are not
+compelled to copy the source along with the object code.
+
+  4. You may not copy, modify, sublicense, or distribute the Program
+except as expressly provided under this License.  Any attempt
+otherwise to copy, modify, sublicense or distribute the Program is
+void, and will automatically terminate your rights under this License.
+However, parties who have received copies, or rights, from you under
+this License will not have their licenses terminated so long as such
+parties remain in full compliance.
+
+  5. You are not required to accept this License, since you have not
+signed it.  However, nothing else grants you permission to modify or
+distribute the Program or its derivative works.  These actions are
+prohibited by law if you do not accept this License.  Therefore, by
+modifying or distributing the Program (or any work based on the
+Program), you indicate your acceptance of this License to do so, and
+all its terms and conditions for copying, distributing or modifying
+the Program or works based on it.
+
+  6. Each time you redistribute the Program (or any work based on the
+Program), the recipient automatically receives a license from the
+original licensor to copy, distribute or modify the Program subject to
+these terms and conditions.  You may not impose any further
+restrictions on the recipients' exercise of the rights granted herein.
+You are not responsible for enforcing compliance by third parties to
+this License.
+
+  7. If, as a consequence of a court judgment or allegation of patent
+infringement or for any other reason (not limited to patent issues),
+conditions are imposed on you (whether by court order, agreement or
+otherwise) that contradict the conditions of this License, they do not
+excuse you from the conditions of this License.  If you cannot
+distribute so as to satisfy simultaneously your obligations under this
+License and any other pertinent obligations, then as a consequence you
+may not distribute the Program at all.  For example, if a patent
+license would not permit royalty-free redistribution of the Program by
+all those who receive copies directly or indirectly through you, then
+the only way you could satisfy both it and this License would be to
+refrain entirely from distribution of the Program.
+
+If any portion of this section is held invalid or unenforceable under
+any particular circumstance, the balance of the section is intended to
+apply and the section as a whole is intended to apply in other
+circumstances.
+
+It is not the purpose of this section to induce you to infringe any
+patents or other property right claims or to contest validity of any
+such claims; this section has the sole purpose of protecting the
+integrity of the free software distribution system, which is
+implemented by public license practices.  Many people have made
+generous contributions to the wide range of software distributed
+through that system in reliance on consistent application of that
+system; it is up to the author/donor to decide if he or she is willing
+to distribute software through any other system and a licensee cannot
+impose that choice.
+
+This section is intended to make thoroughly clear what is believed to
+be a consequence of the rest of this License.
+
+  8. If the distribution and/or use of the Program is restricted in
+certain countries either by patents or by copyrighted interfaces, the
+original copyright holder who places the Program under this License
+may add an explicit geographical distribution limitation excluding
+those countries, so that distribution is permitted only in or among
+countries not thus excluded.  In such case, this License incorporates
+the limitation as if written in the body of this License.
+
+  9. The Free Software Foundation may publish revised and/or new versions
+of the General Public License from time to time.  Such new versions will
+be similar in spirit to the present version, but may differ in detail to
+address new problems or concerns.
+
+Each version is given a distinguishing version number.  If the Program
+specifies a version number of this License which applies to it and "any
+later version", you have the option of following the terms and conditions
+either of that version or of any later version published by the Free
+Software Foundation.  If the Program does not specify a version number of
+this License, you may choose any version ever published by the Free Software
+Foundation.
+
+  10. If you wish to incorporate parts of the Program into other free
+programs whose distribution conditions are different, write to the author
+to ask for permission.  For software which is copyrighted by the Free
+Software Foundation, write to the Free Software Foundation; we sometimes
+make exceptions for this.  Our decision will be guided by the two goals
+of preserving the free status of all derivatives of our free software and
+of promoting the sharing and reuse of software generally.
+
+			    NO WARRANTY
+
+  11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
+FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW.  EXCEPT WHEN
+OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
+PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
+OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.  THE ENTIRE RISK AS
+TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU.  SHOULD THE
+PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
+REPAIR OR CORRECTION.
+
+  12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
+WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
+REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
+INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
+OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
+TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
+YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
+PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
+POSSIBILITY OF SUCH DAMAGES.
+
+		     END OF TERMS AND CONDITIONS
+
+	    How to Apply These Terms to Your New Programs
+
+  If you develop a new program, and you want it to be of the greatest
+possible use to the public, the best way to achieve this is to make it
+free software which everyone can redistribute and change under these terms.
+
+  To do so, attach the following notices to the program.  It is safest
+to attach them to the start of each source file to most effectively
+convey the exclusion of warranty; and each file should have at least
+the "copyright" line and a pointer to where the full notice is found.
+
+    <one line to give the program's name and a brief idea of what it does.>
+    Copyright (C) <year>  <name of author>
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 2 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program; if not, write to the Free Software
+    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+
+
+Also add information on how to contact you by electronic and paper mail.
+
+If the program is interactive, make it output a short notice like this
+when it starts in an interactive mode:
+
+    Gnomovision version 69, Copyright (C) year name of author
+    Gnomovision comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
+    This is free software, and you are welcome to redistribute it
+    under certain conditions; type `show c' for details.
+
+The hypothetical commands `show w' and `show c' should show the appropriate
+parts of the General Public License.  Of course, the commands you use may
+be called something other than `show w' and `show c'; they could even be
+mouse-clicks or menu items--whatever suits your program.
+
+You should also get your employer (if you work as a programmer) or your
+school, if any, to sign a "copyright disclaimer" for the program, if
+necessary.  Here is a sample; alter the names:
+
+  Yoyodyne, Inc., hereby disclaims all copyright interest in the program
+  `Gnomovision' (which makes passes at compilers) written by James Hacker.
+
+  <signature of Ty Coon>, 1 April 1989
+  Ty Coon, President of Vice
+
+This General Public License does not permit incorporating your program into
+proprietary programs.  If your program is a subroutine library, you may
+consider it more useful to permit linking proprietary applications with the
+library.  If this is what you want to do, use the GNU Library General
+Public License instead of this License.
--- a/LICENSES/ISC
+++ b/LICENSES/ISC
@@ -0,0 +1,24 @@
+Valid-License-Identifier: ISC
+SPDX-URL: https://spdx.org/licenses/ISC.html
+Usage-Guide:
+  To use the ISC License put the following SPDX tag/value pair into a
+  comment according to the placement guidelines in the licensing rules
+  documentation:
+    SPDX-License-Identifier: ISC
+License-Text:
+
+ISC License
+
+Copyright (c) <year> <copyright holders>
+
+Permission to use, copy, modify, and/or distribute this software for any
+purpose with or without fee is hereby granted, provided that the above
+copyright notice and this permission notice appear in all copies.
+
+THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
+SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
+OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
+CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
--- a/LICENSES/Linux-syscall-note
+++ b/LICENSES/Linux-syscall-note
@@ -0,0 +1,25 @@
+SPDX-Exception-Identifier: Linux-syscall-note
+SPDX-URL: https://spdx.org/licenses/Linux-syscall-note.html
+SPDX-Licenses: GPL-2.0-only, GPL-2.0, GPL-2.0-or-later, GPL-2.0+, GPL-1.0-or-later, GPL-1.0+, LGPL-2.0, LGPL-2.0+, LGPL-2.1, LGPL-2.1+
+Usage-Guide:
+  This exception is used together with one of the above SPDX-Licenses
+  to mark user space API (uapi) header files so they can be included
+  into non GPL compliant user space application code.
+  To use this exception add it with the keyword WITH to one of the
+  identifiers in the SPDX-Licenses tag:
+    SPDX-License-Identifier: <SPDX-License> WITH Linux-syscall-note
+License-Text:
+
+   NOTE! This copyright does *not* cover user programs that use kernel
+ services by normal system calls - this is merely considered normal use
+ of the kernel, and does *not* fall under the heading of "derived work".
+ Also note that the GPL below is copyrighted by the Free Software
+ Foundation, but the instance of code that it refers to (the Linux
+ kernel) is copyrighted by me and others who actually wrote it.
+
+ Also note that the only valid version of the GPL as far as the kernel
+ is concerned is _this_ particular version of the license (ie v2, not
+ v2.2 or v3.x or whatever), unless explicitly otherwise stated.
+
+			Linus Torvalds
+
--- a/LICENSES/MIT
+++ b/LICENSES/MIT
@@ -0,0 +1,30 @@
+Valid-License-Identifier: MIT
+SPDX-URL: https://spdx.org/licenses/MIT.html
+Usage-Guide:
+  To use the MIT License put the following SPDX tag/value pair into a
+  comment according to the placement guidelines in the licensing rules
+  documentation:
+    SPDX-License-Identifier: MIT
+License-Text:
+
+MIT License
+
+Copyright (c) <year> <copyright holders>
+
+Permission is hereby granted, free of charge, to any person obtaining a
+copy of this software and associated documentation files (the "Software"),
+to deal in the Software without restriction, including without limitation
+the rights to use, copy, modify, merge, publish, distribute, sublicense,
+and/or sell copies of the Software, and to permit persons to whom the
+Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
+FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER
+DEALINGS IN THE SOFTWARE.
--- a/59
+++ b/59
@@ -1,10 +1,6 @@
-# Makefile for OpenWrt
+# SPDX-License-Identifier: GPL-2.0-only
 #
 # Copyright (C) 2007 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#

 TOPDIR:=${CURDIR}
 LC_ALL:=C
@@ -18,7 +14,8 @@ $(if $(findstring $(space),$(TOPDIR)),$(error ERROR: The path to the OpenWrt dir

 world:

-export PATH:=$(TOPDIR)/staging_dir/host/bin:$(PATH)
+DISTRO_PKG_CONFIG:=$(shell $(TOPDIR)/scripts/command_all.sh pkg-config | grep '/usr' -m 1)
+export PATH:=$(if $(STAGING_DIR),$(abspath $(STAGING_DIR)/../host/bin),$(TOPDIR)/staging_dir/host/bin):$(PATH)

 ifneq ($(OPENWRT_BUILD),1)
  _SINGLE=export MAKEFLAGS=$(space);
@@ -41,7 +38,7 @@ else
  include tools/Makefile
  include toolchain/Makefile

-$(toolchain/stamp-compile): $(tools/stamp-compile)
+$(toolchain/stamp-compile): $(tools/stamp-compile) $(if $(CONFIG_BUILDBOT),toolchain_rebuild_check)
 $(target/stamp-compile): $(toolchain/stamp-compile) $(tools/stamp-compile) $(BUILD_DIR)/.prepared
 $(package/stamp-compile): $(target/stamp-compile) $(package/stamp-cleanup)
 $(package/stamp-install): $(package/stamp-compile)
@@ -53,12 +50,27 @@ printdb:

 prepare: $(target/stamp-compile)

-clean: FORCE
-	rm -rf $(BUILD_DIR) $(STAGING_DIR) $(BIN_DIR) $(OUTPUT_DIR)/packages/$(ARCH_PACKAGES) $(BUILD_LOG_DIR) $(TOPDIR)/staging_dir/packages
+_clean: FORCE
+	rm -rf $(BUILD_DIR) $(STAGING_DIR) $(BIN_DIR) $(OUTPUT_DIR)/packages/$(ARCH_PACKAGES) $(TOPDIR)/staging_dir/packages

-dirclean: clean
-	rm -rf $(STAGING_DIR_HOST) $(STAGING_DIR_HOSTPKG) $(TOOLCHAIN_DIR) $(BUILD_DIR_BASE)/host $(BUILD_DIR_BASE)/hostpkg $(BUILD_DIR_TOOLCHAIN)
+clean: _clean
+	rm -rf $(BUILD_LOG_DIR)
+
+targetclean: _clean
+	rm -rf $(TOOLCHAIN_DIR) $(BUILD_DIR_BASE)/hostpkg $(BUILD_DIR_TOOLCHAIN)
+
+dirclean: targetclean clean
+	rm -rf $(STAGING_DIR_HOST) $(STAGING_DIR_HOSTPKG) $(BUILD_DIR_BASE)/host
 	rm -rf $(TMP_DIR)
+	$(MAKE) -C $(TOPDIR)/scripts/config clean
+
+toolchain_rebuild_check:
+	$(SCRIPT_DIR)/check-toolchain-clean.sh
+
+cacheclean:
+ifneq ($(CONFIG_CCACHE),)
+	$(STAGING_DIR_HOST)/bin/ccache -C
+endif

 ifndef DUMP_TARGET_DB
 $(BUILD_DIR)/.prepared: Makefile
@@ -86,19 +98,40 @@ prereq: $(target/stamp-prereq) tmp/.prereq_packages
 		exit 1; \
 	fi

+$(BIN_DIR)/profiles.json: FORCE
+	$(if $(CONFIG_JSON_OVERVIEW_IMAGE_INFO), \
+		WORK_DIR=$(BUILD_DIR)/json_info_files \
+			$(SCRIPT_DIR)/json_overview_image_info.py $@ \
+	)
+
+json_overview_image_info: $(BIN_DIR)/profiles.json
+
 checksum: FORCE
 	$(call sha256sums,$(BIN_DIR),$(CONFIG_BUILDBOT))

+buildversion: FORCE
+	$(SCRIPT_DIR)/getver.sh > $(BIN_DIR)/version.buildinfo
+
+feedsversion: FORCE
+	$(SCRIPT_DIR)/feeds list -fs > $(BIN_DIR)/feeds.buildinfo
+
 diffconfig: FORCE
 	mkdir -p $(BIN_DIR)
-	$(SCRIPT_DIR)/diffconfig.sh > $(BIN_DIR)/config.seed
+	$(SCRIPT_DIR)/diffconfig.sh > $(BIN_DIR)/config.buildinfo
+
+buildinfo: FORCE
+	$(_SINGLE)$(SUBMAKE) -r diffconfig buildversion feedsversion

 prepare: .config $(tools/stamp-compile) $(toolchain/stamp-compile)
-	$(_SINGLE)$(SUBMAKE) -r diffconfig
+	$(_SINGLE)$(SUBMAKE) -r buildinfo

 world: prepare $(target/stamp-compile) $(package/stamp-compile) $(package/stamp-install) $(target/stamp-install) FORCE
 	$(_SINGLE)$(SUBMAKE) -r package/index
+	$(_SINGLE)$(SUBMAKE) -r json_overview_image_info
 	$(_SINGLE)$(SUBMAKE) -r checksum
+ifneq ($(CONFIG_CCACHE),)
+	$(STAGING_DIR_HOST)/bin/ccache -s
+endif

 .PHONY: clean dirclean prereq prepare world package/symlinks package/symlinks-install package/symlinks-clean

--- a/65
+++ b/65
@@ -1,65 +0,0 @@
-Welcome to Lean's  git source of OpenWrt and packages
-
-中文：如何编译自己需要的 OpenWrt 固件
-
-注意：
-1. 不要用 root 用户 git 和编译！！！
-2. 国内用户编译前最好准备好梯子
-3. 默认登陆IP 192.168.1.1, 密码 password
-
-编译命令如下:
-
-1. 首先装好 Ubuntu 64bit，推荐  Ubuntu  14 LTS x64
-
-2. 命令行输入 sudo apt-get update ，然后输入
-sudo apt-get -y install build-essential asciidoc binutils bzip2 gawk gettext git libncurses5-dev libz-dev patch python3.5 unzip zlib1g-dev lib32gcc1 libc6-dev-i386 subversion flex uglifyjs git-core gcc-multilib p7zip p7zip-full msmtp libssl-dev texinfo libglib2.0-dev xmlto qemu-utils upx libelf-dev autoconf automake libtool autopoint device-tree-compiler g++-multilib linux-libc-dev:i386
-
-3. git clone https://github.com/coolsnowwolf/lede 命令下载好源代码，然后 cd lede 进入目录
-
-4. ./scripts/feeds update -a 
-   ./scripts/feeds install -a
-   make menuconfig 
-
-5. 最后选好你要的路由，输入 make -j1 V=s （-j1 后面是线程数。第一次编译推荐用单线程，国内请尽量全局科学上网）即可开始编译你要的固件了。
-
-本套代码保证肯定可以编译成功。里面包括了 R9 所有源代码，包括 IPK 的。
-
-你可以自由使用，但源码编译二次发布请注明我的 GitHub 仓库链接。谢谢合作！
-
-特别提示：
-1.源代码中绝不含任何后门和可以监控或者劫持你的 HTTPS 的闭源软件，SSL 安全是互联网最后的壁垒。安全干净才是固件应该做到的；
-2.如有技术问题需要讨论，欢迎加入 QQ 讨论群：OP共享技术交流群 ,号码 297253733 ，加群链接: 点击链接加入群聊【OP共享技术交流群】：https://jq.qq.com/?_wv=1027&k=5yCRuXL
-3. 想学习OpenWrt开发，但是摸不着门道？自学没毅力？基础太差？怕太难学不会？跟着佐大学OpenWrt开发入门培训班助你能学有所成
-报名地址：http://forgotfun.org/2018/04/openwrt-training-2018.html
-
-去广告订阅地址默认内置来自以下源，如有去广告的误杀漏杀问题可以到这里报告：
-
-https://github.com/privacy-protection-tools/anti-AD
-
-
-Please use "make menuconfig" to choose your preferred
-configuration for the toolchain and firmware.
-
-You need gcc, binutils, bzip2, flex, python3.5+, perl, make, find, grep, diff, unzip, gawk, getopt, subversion, libz-dev and libc headers installed.
-
-Run "./scripts/feeds update -a" to get all the latest package definitions
-defined in feeds.conf / feeds.conf.default respectively
-and "./scripts/feeds install -a" to install symlinks of all of them into
-package/feeds/.
-
-Use "make menuconfig" to configure your image.
-
-Simply running "make" will build your firmware.
-It will download all sources, build the cross-compile toolchain, 
-the kernel and all choosen applications.
-
-To build your own firmware you need to have access to a Linux, BSD or MacOSX system
-(case-sensitive filesystem required). Cygwin will not be supported because of
-the lack of case sensitiveness in the file system.
-
-
-
-Note: Addition Lean's private package source code in ./package/lean directory. Use it under GPL v3.
-
-GPLv3 is compatible with more licenses than GPLv2: it allows you to make combinations with code that has specific kinds of additional requirements that are not in GPLv3 itself. Section 7 has more information about this, including the list of additional requirements that are permitted.
-
--- a/README.md
+++ b/README.md
@@ -1,43 +1,71 @@
-欢迎来到Lean的Openwrt源码仓库！
-=
-Welcome to Lean's  git source of OpenWrt and packages
-=
-中文：如何编译自己需要的 OpenWrt 固件
+## The source code is suitable for Rockchip OpenWrt SDK
+### Only supported devices:
+```
+embedfire_doornet1
+embedfire_doornet2
+embedfire_lubancat1
+embedfire_lubancat1n
+embedfire_lubancat2
+embedfire_lubancat2n
+friendlyarm_nanopi-r2c
+friendlyarm_nanopi-r2s
+friendlyarm_nanopi-r3s
+friendlyarm_nanopi-r4s
+friendlyarm_nanopi-r4se
+friendlyarm_nanopi-r5s
+friendlyarm_nanopi-r5c
+friendlyarm_nanopi-r6c
+friendlyarm_nanopi-r6s
+friendlyarm_nanopc-t6
+hinlink_opc-h66k
+hinlink_opc-h68k
+hinlink_opc-h69k
+hinlink_h88k
+```
+
+### Next plan to add equipment:
+```
+no
+```
+How to compile the OpenWrt firmware you need
 -
-注意：
+Notice:
 -
-1. **不**要用 **root** 用户 git 和编译！！！
-2. 国内用户编译前最好准备好梯子
-3. 默认登陆IP 192.168.1.1, 密码 password
+1. **NOT** compile with **root** user! ! !
+2. Domestic users had better prepare a ladder before compiling
+3. Default login IP 192.168.1.1 password password

-编译命令如下:
-
-1. 首先装好 Ubuntu 64bit，推荐  Ubuntu  18 LTS x64
+2. First install the Linux system, Debian 11 or Ubuntu LTS is recommended
+3. Install compilation dependencies

-2. 命令行输入 `sudo apt-get update` ，然后输入
-`
-sudo apt-get -y install build-essential asciidoc binutils bzip2 gawk gettext git libncurses5-dev libz-dev patch python3.5 unzip zlib1g-dev lib32gcc1 libc6-dev-i386 subversion flex uglifyjs git-core gcc-multilib p7zip p7zip-full msmtp libssl-dev texinfo libglib2.0-dev xmlto qemu-utils upx libelf-dev autoconf automake libtool autopoint device-tree-compiler g++-multilib antlr3 gperf
-`
+   ```bash
+   sudo apt update -y
+   sudo apt install -y ack antlr3 asciidoc autoconf automake autopoint binutils bison build-essential \
+   bzip2 ccache clang cmake cpio curl device-tree-compiler flex gawk gettext gcc-multilib g++-multilib \
+   git gperf haveged help2man intltool libc6-dev-i386 libelf-dev libfuse-dev libglib2.0-dev libgmp3-dev \
+   libltdl-dev libmpc-dev libmpfr-dev libncurses5-dev libncursesw5-dev libpython3-dev libreadline-dev \
+   libssl-dev libtool llvm lrzsz mkisofs msmtp ninja-build p7zip p7zip-full patch pkgconf python3 \
+   python3-pyelftools python3-setuptools qemu-utils rsync scons squashfs-tools subversion swig texinfo \
+   uglifyjs upx-ucl unzip vim wget xmlto xxd zlib1g-dev
+   ```

-3. 使用 `git clone https://github.com/coolsnowwolf/lede` 命令下载好源代码，然后 `cd lede` 进入目录
+3. Download source code, update feeds and choose configuration

-4. ```bash
+   ```bash
+   git clone https://github.com/DHDAXCW/lede-rockchip
+   cd lede-rockchip
   ./scripts/feeds update -a
   ./scripts/feeds install -a
   make menuconfig
   ```

-5. `make -j8 download v=s` 下载dl库（国内请尽量全局科学上网）
+5. `make -j8 download V=s` download dl library

+6. Enter `make -j10 V=s` (-j1 is followed by the number of threads. It is recommended to use single thread for the first compilation) to start compiling the firmware you want.

-6. 输入 `make -j1 V=s` （-j1 后面是线程数。第一次编译推荐用单线程）即可开始编译你要的固件了。
+This set of code is guaranteed to compile successfully. It includes all source codes of R24, including IPK.

-本套代码保证肯定可以编译成功。里面包括了 R20 所有源代码，包括 IPK 的。
-
-你可以自由使用，但源码编译二次发布请注明我的 GitHub 仓库链接。谢谢合作！
-=
-
-二次编译：
+Second compilation:
 ```bash
 cd lede
 git pull
@@ -47,80 +75,13 @@ make -j8 download
 make -j$(($(nproc) + 1)) V=s
 ```

-如果需要重新配置：
+If reconfiguration is required:
 ```bash
 rm -rf ./tmp && rm -rf .config
 make menuconfig
 make -j$(($(nproc) + 1)) V=s
 ```

-编译完成后输出路径：/lede/bin/targets
+- Output path after compilation is complete：bin/targets

-特别提示：
------
-1.源代码中绝不含任何后门和可以监控或者劫持你的 HTTPS 的闭源软件，SSL 安全是互联网最后的壁垒。安全干净才是固件应该做到的；
-
-2.如有技术问题需要讨论，欢迎加入 QQ 讨论群：OP共享技术交流群 ,号码 297253733 ，加群链接: 点击链接加入群聊【OP共享技术交流群】：[点击加入](https://jq.qq.com/?_wv=1027&k=5yCRuXL "OP共享技术交流群")
-
-3.想学习OpenWrt开发，但是摸不着门道？自学没毅力？基础太差？怕太难学不会？跟着佐大学OpenWrt开发入门培训班助你能学有所成
-报名地址：[点击报名](http://forgotfun.org/2018/04/openwrt-training-2018.html "报名")
-
-## Donate
-
-如果你觉得此项目对你有帮助，可以捐助我们，以鼓励项目能持续发展，更加完善
-
-### Alipay 支付宝
-
-![alipay](doc/alipay_donate.jpg)
-
-### Wechat 微信
-
-![wechat](doc/wechat_donate.jpg)
-
------
-
-English Version: How to make your Openwrt firmware.
-
-Note:
--
-1. DO **NOT** USE **ROOT** USER TO CONFIGURE!!!
-
-2. Login IP is 192.168.1.1 and login password is "password".
-
-Let's start!
---
-First, you need a computer with a linux system. It's better to use Ubuntu 18 LTS 64-bit.
-
-Next you need gcc, binutils, bzip2, flex, python3.5+, perl, make, find, grep, diff, unzip, gawk, getopt, subversion, libz-dev and libc headers installed.
-
-To install these program, please login root users and type
-`
-sudo apt-get -y install build-essential asciidoc binutils bzip2 gawk gettext git libncurses5-dev libz-dev patch python3.5 unzip zlib1g-dev lib32gcc1 libc6-dev-i386 subversion flex uglifyjs git-core gcc-multilib p7zip p7zip-full msmtp libssl-dev texinfo libglib2.0-dev xmlto qemu-utils upx libelf-dev autoconf automake libtool autopoint device-tree-compiler g++-multilib
-`
-in terminal
-
-Third, logout of root users. And type this `git clone https://github.com/coolsnowwolf/lede` in terminal to clone this source.
-
-After these please type `cd lede` to cd into the source.
-
-Please Run `./scripts/feeds update -a` to get all the latest package definitions
-defined in `feeds.conf` / `feeds.conf.default` respectively
-and `./scripts/feeds install -a` to install symlinks of all of them into
-`package/feeds/` .
-
-Please use `make menuconfig` to choose your preferred
-configuration for the toolchain and firmware.
-
-Use `make menuconfig` to configure your image.
-
-Simply running `make` will build your firmware.
-It will download all sources, build the cross-compile toolchain,
-the kernel and all choosen applications.
-
-To build your own firmware you need to have access to a Linux, BSD or MacOSX system
-(case-sensitive filesystem required). Cygwin will not be supported because of
-the lack of case sensitiveness in the file system.
-
-## Note: Addition Lean's private package source code in `./package/lean` directory. Use it under GPL v3.
-
-## GPLv3 is compatible with more licenses than GPLv2: it allows you to make combinations with code that has specific kinds of additional requirements that are not in GPLv3 itself. Section 7 has more information about this, including the list of additional requirements that are permitted.
+- from upstream source code https://github.com/coolsnowwolf/lede
--- a/1
+++ b/1
@@ -0,0 +1 @@
+ack antlr3 asciidoc autoconf automake autopoint binutils bison build-essential bzip2 ccache cmake cpio curl device-tree-compiler fastjar flex gawk gettext git gperf haveged help2man intltool libelf-dev libglib2.0-dev libgmp3-dev libltdl-dev vpnc libmpc-dev libmpfr-dev libncurses5-dev libncursesw5-dev libreadline-dev libssl-dev libtool lrzsz aria2 mkisofs msmtp nano ninja-build p7zip p7zip-full patch pkgconf python2.7 python3 python3-pip libpython3-dev qemu-utils rsync scons squashfs-tools subversion swig texinfo uglifyjs upx-ucl unzip vim wget xmlto xxd zlib1g-dev libfuse-dev
--- a/build_openwrt.sh
+++ b/build_openwrt.sh
@@ -0,0 +1,750 @@
+#!/usr/bin/env bash
+
+#====================================================
+# OpenWrt 构建管理脚本
+# 功能：提供交互式菜单，可选择执行特定操作
+# 更新：2025-04-05
+#====================================================
+
+#---------------基础配置---------------#
+# 日志目录设置
+LOGS_ROOT="openwrt_logs"
+SESSION_DIR="${LOGS_ROOT}/$(date +%Y%m%d_%H%M%S)"
+LOG_FILE="${SESSION_DIR}/main_build_script.log" # 主脚本日志文件名更改，更清晰
+
+#---------------清理配置---------------#
+# 需要移除的目录列表 (示例，根据你的需要添加)
+declare -a REMOVE_DIRS=(
+    # "feeds/packages/net/v2ray-geodata" # 示例
+)
+
+# 需要移除的包列表 (示例，根据你的需要添加)
+declare -a REMOVE_PACKAGES=(
+    # "package/feeds/luci/luci-app-example" # 示例
+)
+
+#---------------自定义包配置---------------#
+# 定义自定义包配置，格式：[包名]=[目标目录]=[仓库URL]=[分支]=[是否使用--depth 1]
+declare -A CUSTOM_PACKAGES=(
+    ["partexp"]="package/luci-app-partexp=https://github.com/sirpdboy/luci-app-partexp=main=false"
+    ["openclash"]="package/openclash=https://github.com/vernesong/OpenClash=dev=true"
+    ["zerotier"]="package/luci-app-zerotier=https://github.com/Firsgith/luci-app-zerotier.git=main=false"
+    ["5gsupport"]="package/5G-Modem-Support=https://nanako.site/gitea/Nanako/openwrt-app-actions.git=main=false"
+    ["pcat"]="package/pcat-manager=https://github.com/photonicat/rockchip_rk3568_pcat_manager.git=master=true"
+    ["adguardhome"]="package/adguardhome=https://github.com/xiaoxiao29/luci-app-adguardhome.git=master=false"
+)
+
+#---------------日志系统---------------#
+# 保存原始的标准输出和错误输出文件描述符
+exec {STDOUT_ORIG}>&1
+exec {STDERR_ORIG}>&2
+
+# 全局变量标记日志是否启用
+LOGGING_ENABLED=false # 初始为 false，由 init_logger 启用
+
+# 初始化日志系统
+init_logger() {
+    # 创建日志目录结构
+    mkdir -p "$SESSION_DIR" || {
+        echo "错误: 无法创建日志目录: $SESSION_DIR" >&2
+        exit 1
+    }
+
+    LOGGING_ENABLED=true
+    echo "日志将保存在: $SESSION_DIR"
+    echo "主脚本日志: $LOG_FILE"
+
+    # 重定向主脚本的 stdout 和 stderr 到 tee，同时输出到控制台和主日志文件
+    # 使用 process substitution 和 tee
+    exec > >(tee -a "$LOG_FILE")
+    exec 2> >(tee -a "$LOG_FILE" >&2)
+
+    # 记录初始信息到日志
+    echo "[$(date "+%Y-%m-%d %H:%M:%S")] [INFO]: 日志系统初始化完成。主日志文件: $LOG_FILE"
+}
+
+# 创建新的特定构建阶段的日志文件
+create_build_log() {
+    local build_type=$1
+    local timestamp=$(date +%Y%m%d_%H%M%S)
+    # 使用更明确的文件名
+    BUILD_LOG_FILE="${SESSION_DIR}/${build_type}_build_${timestamp}.log"
+    # 确保文件被创建，即使命令没有输出
+    touch "$BUILD_LOG_FILE" || {
+        log "ERROR" "无法创建构建日志文件: $BUILD_LOG_FILE"
+        return 1
+    }
+    # 返回创建的日志文件名
+    echo "$BUILD_LOG_FILE"
+    return 0
+}
+
+# 禁用日志重定向 (用于 menuconfig 等交互场景)
+disable_logging() {
+    if [ "$LOGGING_ENABLED" = true ]; then
+        log "DEBUG" "禁用日志重定向，恢复原始标准输出/错误。"
+        exec >&$STDOUT_ORIG
+        exec 2>&$STDERR_ORIG
+        LOGGING_ENABLED=false # 标记为禁用
+    fi
+}
+
+# 启用日志重定向 (恢复)
+enable_logging() {
+    # 仅在之前被禁用的情况下才重新启用
+    if [ "$LOGGING_ENABLED" = false ]; then
+        # 重新应用重定向到主日志
+        exec > >(tee -a "$LOG_FILE")
+        exec 2> >(tee -a "$LOG_FILE" >&2)
+        LOGGING_ENABLED=true # 标记为启用
+        log "DEBUG" "重新启用日志重定向到主日志。"
+    fi
+}
+
+# 设置终端颜色
+setup_colors() {
+    if [[ -t 1 ]]; then # 检查标准输出是否连接到终端
+        RED='\033[0;31m'
+        GREEN='\033[0;32m'
+        YELLOW='\033[1;33m'
+        BLUE='\033[0;34m'
+        NC='\033[0m' # No Color
+    else
+        RED='' GREEN='' YELLOW='' BLUE='' NC=''
+    fi
+}
+
+# 记录日志函数 - 使用此函数来明确日志级别
+# 注意：此函数输出会经过 init_logger 设置的全局重定向
+log() {
+    local level=$1
+    local message=$2
+    local timestamp
+    timestamp=$(date "+%Y-%m-%d %H:%M:%S")
+    local color="" level_str=""
+
+    case $level in
+        "INFO")  color="$GREEN";  level_str="INFO " ;; # 加空格对齐
+        "WARN")  color="$YELLOW"; level_str="WARN " ;;
+        "ERROR") color="$RED";    level_str="ERROR" ;;
+        "DEBUG") color="$BLUE";   level_str="DEBUG" ;;
+        *)       color="";        level_str="LOG  " ;; # 默认级别
+    esac
+
+    # 使用 printf 保证原子写入，减少并发问题
+    printf "[%s] %b[%s]%b: %s\n" "$timestamp" "$color" "$level_str" "$NC" "$message"
+}
+
+# 同时记录消息到主日志和特定的构建日志
+log_to_both() {
+    local level=$1
+    local message=$2
+    local build_log_file=$3 # 明确参数名
+
+    # 1. 输出到主日志（通过全局重定向和 log 函数）
+    log "$level" "$message"
+
+    # 2. 追加到指定的构建日志文件
+    local timestamp
+    timestamp=$(date "+%Y-%m-%d %H:%M:%S")
+    # 直接追加，不需要颜色代码
+    printf "[%s] [%s]: %s\n" "$timestamp" "$level" "$message" >> "$build_log_file"
+}
+
+
+#---------------自定义包管理函数---------------#
+# 更新单个自定义包
+update_single_package() {
+    local pkg_name=$1
+    local config=$2
+
+    # 解析配置 (保持 cut 的方式，假设路径/URL/分支名不含 '=')
+    # 如果遇到问题，可以切换到 IFS/read
+    local target_dir repo_url branch use_depth
+    target_dir=$(echo "$config" | cut -d= -f1)
+    repo_url=$(echo "$config" | cut -d= -f2)
+    branch=$(echo "$config" | cut -d= -f3)
+    use_depth=$(echo "$config" | cut -d= -f4)
+
+    # 基础验证
+    if [ -z "$target_dir" ] || [ -z "$repo_url" ]; then
+        log "ERROR" "包 '$pkg_name' 的配置无效: $config"
+        return 1
+    fi
+
+    log "INFO" "更新自定义包: $pkg_name..."
+
+    # 检查目标目录的父目录是否存在
+    local parent_dir
+    parent_dir=$(dirname "$target_dir")
+    if [ ! -d "$parent_dir" ]; then
+        log "INFO" "创建父目录: $parent_dir"
+        mkdir -p "$parent_dir" || {
+            log "ERROR" "无法创建父目录: $parent_dir"
+            return 1
+        }
+    fi
+
+    # 移除现有目录
+    if [ -d "$target_dir" ]; then
+        log "INFO" "移除现有目录: $target_dir"
+        rm -rf "$target_dir" || {
+            log "ERROR" "无法删除目录: $target_dir"
+            return 1
+        }
+    fi
+
+    # 准备 git clone 命令参数数组 (移除 eval)
+    local git_options=("--progress") # 总是显示进度
+    # 处理分支
+    if [ -n "$branch" ] && [ "$branch" != "master" ]; then
+        git_options+=("-b" "$branch")
+    fi
+    # 处理 depth
+    if [ "$use_depth" = "true" ]; then
+        git_options+=("--depth" "1")
+    fi
+
+    # 执行克隆
+    log "INFO" "执行: git clone ${git_options[*]} $repo_url $target_dir"
+    if git clone "${git_options[@]}" "$repo_url" "$target_dir"; then
+        log "INFO" "包 '$pkg_name' 更新成功"
+        return 0
+    else
+        log "ERROR" "克隆包 '$pkg_name' 失败 (仓库: $repo_url)"
+        # 尝试给出更具体的错误提示
+        log "ERROR" "请检查网络连接、仓库 URL、分支名称以及目标目录权限。"
+        # 保留可能存在的空目录或部分克隆，让用户检查
+        # rm -rf "$target_dir" # 不再自动删除失败的克隆
+        return 1
+    fi
+}
+
+# 更新所有自定义包的主函数
+update_custom_package() {
+    local failed_packages=()
+    local success_count=0
+    local total_packages=${#CUSTOM_PACKAGES[@]}
+
+    if [ "$total_packages" -eq 0 ]; then
+        log "INFO" "没有配置自定义包，跳过更新。"
+        return 0
+    fi
+
+    log "INFO" "开始更新 $total_packages 个自定义包..."
+
+    for pkg_name in "${!CUSTOM_PACKAGES[@]}"; do
+        # 使用 subshell 执行，避免污染当前环境的变量，但这里影响不大
+        if update_single_package "$pkg_name" "${CUSTOM_PACKAGES[$pkg_name]}"; then
+             ((success_count++))
+        else
+            failed_packages+=("$pkg_name")
+        fi
+    done
+
+    # 显示更新结果
+    if [ ${#failed_packages[@]} -eq 0 ]; then
+        log "INFO" "所有自定义包更新成功 ($success_count/$total_packages)"
+        return 0
+    else
+        log "WARN" "部分自定义包更新失败 (成功: $success_count/$total_packages)"
+        log "ERROR" "更新失败的包: ${failed_packages[*]}"
+        return 1 # 返回失败状态码
+    fi
+}
+
+# 更新特定自定义包
+update_specific_package() {
+    local pkg_name=$1
+
+    if [ -z "$pkg_name" ]; then
+        log "ERROR" "未指定包名"
+        return 1
+    fi
+
+    if [ -z "${CUSTOM_PACKAGES[$pkg_name]}" ]; then
+        log "ERROR" "未找到包配置：'$pkg_name'"
+        log "INFO" "可用的包名: ${!CUSTOM_PACKAGES[*]}"
+        return 1
+    fi
+
+    update_single_package "$pkg_name" "${CUSTOM_PACKAGES[$pkg_name]}"
+}
+
+#---------------基础功能函数---------------#
+# 清理工作区 (make clean 的替代方案，更彻底)
+clean_workspace() {
+    log "INFO" "开始彻底清理工作区..."
+
+    # 清理 feeds (可选，如果 feeds 内容经常变动或出问题可以启用)
+    # log "INFO" "执行 ./scripts/feeds clean ..."
+    # ./scripts/feeds clean || log "WARN" "./scripts/feeds clean 执行时遇到问题。"
+
+    # 清理编译产物和临时文件
+    log "INFO" "执行 rm -rf ./tmp ./logs ./staging_dir ./build_dir ./bin ./dl ..."
+    # 注意：这里移除了 logs 目录，但我们的脚本日志在 openwrt_logs 下，不会被删
+    # 如果 OpenWrt 自身有 logs 目录且需要保留，则从下面移除 ./logs
+    rm -rf ./tmp ./logs ./staging_dir ./build_dir ./bin ./dl || {
+        log "ERROR" "删除部分工作区目录失败，请检查权限或文件占用。"
+        return 1
+    }
+
+    log "INFO" "工作区清理完成。"
+    return 0
+}
+
+# 清理编译临时文件 (make clean 的快速版)
+clean_build_temp() {
+    log "INFO" "开始清理编译临时文件..."
+
+    log "INFO" "执行 rm -rf ./tmp ./staging_dir ./build_dir ..."
+    rm -rf ./tmp ./staging_dir ./build_dir || {
+         log "ERROR" "删除部分编译临时目录失败。"
+         return 1
+    }
+
+    log "INFO" "编译临时文件清理完成。"
+    return 0
+}
+
+# 更新源码
+update_source() {
+    log "INFO" "开始更新 OpenWrt 源码 (git pull)..."
+    if git pull --rebase; then # 使用 rebase 避免不必要的 merge commit
+        log "INFO" "源码更新完成"
+        return 0
+    else
+        log "ERROR" "源码更新失败 (git pull --rebase)"
+        log "WARN" "请检查本地是否有未提交的修改，或尝试手动解决 Git 冲突。"
+        return 1
+    fi
+}
+
+# 更新并安装 feeds
+update_feeds() {
+    log "INFO" "开始更新 Feeds (update -a)..."
+    if ./scripts/feeds update -a; then
+        log "INFO" "Feeds 更新成功，开始安装 (install -a)..."
+        if ./scripts/feeds install -a; then
+            log "INFO" "Feeds 安装成功"
+            return 0
+        else
+            log "ERROR" "Feeds 安装失败 (install -a)"
+            return 1
+        fi
+    else
+        log "ERROR" "Feeds 更新失败 (update -a)"
+        return 1
+    fi
+}
+
+# 执行构建相关命令，并将 stdout 重定向到日志，stderr 同时输出到控制台和日志
+run_build_command() {
+    local cmd=$1              # 要执行的命令字符串
+    local log_file=$2         # 目标日志文件
+    local description=$3      # 操作描述
+
+    log_to_both "INFO" "开始执行: $description" "$log_file"
+    log "DEBUG" "命令详情: $cmd" # 只记录到主日志
+
+    # 执行命令
+    # stdout (>>) 追加到日志文件
+    # stderr (2>) 通过管道给 tee
+    #   tee -a "$log_file" 将 stderr 追加到日志文件
+    #   tee 默认将其标准输入复制到标准输出，这里即脚本的 stderr，因此会显示在控制台
+    local start_time end_time duration
+    start_time=$(date +%s)
+    if eval "$cmd" >> "$log_file" 2> >(tee -a "$log_file" >&2); then
+        end_time=$(date +%s)
+        duration=$((end_time - start_time))
+        log_to_both "INFO" "$description 完成 (耗时: ${duration}s)" "$log_file"
+        return 0 # 成功返回 0
+    else
+        end_time=$(date +%s)
+        duration=$((end_time - start_time))
+        local exit_code=$? # 获取命令的退出码
+        # 错误信息已经通过 stderr 的 tee 输出到控制台了
+        log_to_both "ERROR" "$description 失败 (退出码: $exit_code, 耗时: ${duration}s)" "$log_file"
+        log "ERROR" "详细错误请查看控制台输出以及日志文件: $log_file"
+        return $exit_code # 失败返回命令的退出码
+    fi
+}
+
+# 编译固件
+build_firmware() {
+    # 创建新的固件编译日志文件
+    local current_log
+    current_log=$(create_build_log "firmware") || return 1 # 创建失败则退出
+
+    log "INFO" "开始编译固件..."
+    log "INFO" "详细编译日志将保存在: $current_log"
+
+    # 1. 下载依赖包
+    local download_cmd="make download -j$(nproc) V=s"
+    run_build_command "$download_cmd" "$current_log" "下载依赖包" || {
+        log "ERROR" "依赖包下载失败，编译中止。"
+        # 即使下载失败，日志文件也已包含错误信息
+        return 1
+    }
+
+    # 2. 多线程编译
+    local cpu_cores
+    cpu_cores=$(nproc)
+    log "INFO" "检测到 $cpu_cores 个 CPU 核心，开始多线程编译..."
+    local build_cmd="make -j${cpu_cores} V=s"
+
+    if run_build_command "$build_cmd" "$current_log" "固件编译 (多线程)"; then
+        log "INFO" "${GREEN}固件编译成功完成！${NC}"
+        log "INFO" "固件输出目录: ./bin/targets/"
+        return 0 # 编译成功
+    else
+        # 多线程编译失败，询问用户是否重试
+        log "WARN" "多线程编译失败。"
+        local retry_choice
+        # -r: raw input, -p: prompt, -n 1: read only one char (optional but nice), -t 15: timeout (optional)
+        # Default to No
+        read -rp "$(echo -e ${YELLOW}"是否尝试使用单线程重新编译? (y/N): "${NC})" -n 1 -t 30 retry_choice
+        echo # Add a newline after read -n
+
+        if [[ "$retry_choice" =~ ^[Yy]$ ]]; then
+            log "INFO" "用户选择使用单线程重试编译..."
+
+            # 3. 单线程编译重试
+            local build_cmd_single="make -j1 V=s"
+            if run_build_command "$build_cmd_single" "$current_log" "固件编译 (单线程重试)"; then
+                log "INFO" "${GREEN}单线程编译成功完成！${NC}"
+                log "INFO" "固件输出目录: ./bin/targets/"
+                return 0 # 单线程编译成功
+            else
+                log "ERROR" "${RED}单线程编译也失败了。${NC}"
+                log "ERROR" "请仔细检查控制台错误输出以及日志文件: $current_log"
+                return 1 # 最终编译失败
+            fi
+        else
+            log "INFO" "用户选择不进行单线程重试编译。"
+            log "ERROR" "${RED}编译失败，未进行单线程重试。${NC}"
+            log "ERROR" "请仔细检查控制台错误输出以及日志文件: $current_log"
+            return 1 # 用户取消重试，编译失败
+        fi
+    fi
+}
+
+# 清理配置文件中指定的旧包/目录
+clean_packages() {
+    log "INFO" "开始清理配置文件中指定的旧包和目录..."
+    local removed_count=0
+    local failed_count=0
+    local total_to_remove=$((${#REMOVE_DIRS[@]} + ${#REMOVE_PACKAGES[@]}))
+
+    if [ "$total_to_remove" -eq 0 ]; then
+        log "INFO" "配置文件中未指定需要移除的包或目录。"
+        return 0
+    fi
+
+    # 清理目录
+    for dir in "${REMOVE_DIRS[@]}"; do
+        if [ -e "$dir" ]; then # 使用 -e 检查文件或目录是否存在
+            log "INFO" "正在删除目录: $dir"
+            if rm -rf "$dir"; then
+                log "INFO" "已删除: $dir"
+                ((removed_count++))
+            else
+                log "ERROR" "删除失败: $dir (请检查权限或是否被占用)"
+                ((failed_count++))
+            fi
+        else
+             log "WARN" "指定的目录不存在，跳过: $dir"
+        fi
+    done
+
+    # 清理包 (通常包也是目录)
+    for pkg in "${REMOVE_PACKAGES[@]}"; do
+         if [ -e "$pkg" ]; then
+            log "INFO" "正在删除包/目录: $pkg"
+            if rm -rf "$pkg"; then
+                log "INFO" "已删除: $pkg"
+                ((removed_count++))
+            else
+                log "ERROR" "删除失败: $pkg (请检查权限或是否被占用)"
+                ((failed_count++))
+            fi
+        else
+             log "WARN" "指定的包/目录不存在，跳过: $pkg"
+        fi
+    done
+
+    if [ $failed_count -eq 0 ]; then
+        log "INFO" "旧包/目录清理完成，共处理 $removed_count 个项目。"
+        return 0
+    else
+        log "WARN" "旧包/目录清理部分完成 (成功: $removed_count, 失败: $failed_count)"
+        return 1 # 返回失败状态码
+    fi
+}
+
+# 更新所有组件 (源码 -> 清理旧包 -> 自定义包 -> feeds)
+update_all_components() {
+    log "INFO" "开始更新所有组件..."
+    local success=true # 假设成功
+
+    # 1. 更新源码
+    log "INFO" "[1/4] 更新 OpenWrt 源码..."
+    update_source || success=false
+
+    # 2. 清理旧包 (即使上一步失败也尝试清理)
+    log "INFO" "[2/4] 清理配置文件指定的旧包/目录..."
+    clean_packages || log "WARN" "清理旧包/目录时遇到问题，继续执行..." # 清理失败通常不阻止后续
+
+    # 3. 更新自定义包 (只有在源码更新成功时才执行较好)
+    if [ "$success" = true ]; then
+        log "INFO" "[3/4] 更新自定义包..."
+        update_custom_package || success=false
+    else
+        log "WARN" "[3/4] 跳过更新自定义包，因为源码更新失败。"
+    fi
+
+    # 4. 更新 Feeds (只有在源码和自定义包都成功时执行较好)
+    if [ "$success" = true ]; then
+        log "INFO" "[4/4] 更新 Feeds..."
+        update_feeds || success=false
+    else
+        log "WARN" "[4/4] 跳过更新 Feeds，因为之前的步骤失败。"
+    fi
+
+    # 总结
+    if [ "$success" = true ]; then
+        log "INFO" "所有组件更新完成！"
+        return 0
+    else
+        log "ERROR" "部分或全部组件更新失败，请检查上面的日志。"
+        return 1
+    fi
+}
+
+# 菜单配置 (make menuconfig)
+menuconfig() {
+    log "INFO" "准备进入菜单配置 (make menuconfig)..."
+    log "INFO" "注意：日志重定向将暂时禁用以进行交互。"
+
+    # 禁用日志重定向，否则 menuconfig 界面可能显示不正常
+    disable_logging
+
+    # 执行 menuconfig
+    if make menuconfig; then
+        # 配置成功后重新启用日志
+        enable_logging
+        log "INFO" "菜单配置完成。新配置已保存到 .config"
+        # 询问是否保存 defconfig (可选)
+        # read -p "是否将当前配置保存为 defconfig? (y/N): " save_defconfig
+        # if [[ "$save_defconfig" =~ ^[Yy]$ ]]; then
+        #     ./scripts/diffconfig.sh > my_defconfig
+        #     log "INFO" "当前配置已保存到 my_defconfig"
+        # fi
+        return 0
+    else
+        # 配置失败或被取消，也要恢复日志
+        enable_logging
+        log "WARN" "菜单配置未完成或被取消。"
+        return 1 # 返回失败状态码
+    fi
+}
+
+#---------------组合功能函数---------------#
+# 完整构建流程
+full_build() {
+    log "INFO" "启动完整构建流程..."
+    local step=1
+    local total_steps=6 # 预估步骤数
+
+    # 1. 清理工作区
+    log "INFO" "[${step}/${total_steps}] 清理工作区..."
+    clean_workspace || { log "WARN" "工作区清理可能不完整，尝试继续..."; } # 清理失败通常不致命
+    ((step++))
+
+    # 2. 更新源码
+    log "INFO" "[${step}/${total_steps}] 更新源码..."
+    update_source || { log "ERROR" "源码更新失败，终止构建流程。"; return 1; }
+    ((step++))
+
+    # 3. 清理旧包
+    log "INFO" "[${step}/${total_steps}] 清理配置文件指定的旧包..."
+    clean_packages || log "WARN" "清理旧包时遇到问题，继续执行..."
+    ((step++))
+
+    # 4. 更新自定义包
+    log "INFO" "[${step}/${total_steps}] 更新自定义包..."
+    update_custom_package || { log "ERROR" "自定义包更新失败，终止构建流程。"; return 1; }
+    ((step++))
+
+    # 5. 更新 Feeds
+    log "INFO" "[${step}/${total_steps}] 更新 Feeds..."
+    update_feeds || { log "ERROR" "Feeds 更新失败，终止构建流程。"; return 1; }
+    ((step++))
+
+    # 6. 菜单配置
+    log "INFO" "[${step}/${total_steps}] 进入菜单配置 (make menuconfig)..."
+    menuconfig || { log "WARN" "菜单配置未完成或取消，但继续尝试编译..."; } # 允许使用现有配置编译
+    ((step++)) # 无论成功与否，都算一步
+
+    # 7. 编译固件 (独立步骤，不计入前面的 total_steps)
+    log "INFO" "所有准备工作完成，开始编译固件..."
+    if build_firmware; then
+        log "INFO" "${GREEN}完整构建流程成功完成！${NC}"
+        return 0
+    else
+        log "ERROR" "${RED}完整构建流程失败于编译阶段。${NC}"
+        return 1
+    fi
+}
+
+#---------------菜单函数---------------#
+# 打印主菜单
+print_menu() {
+    echo -e "\n${BLUE}======= OpenWrt 构建管理菜单 =======${NC}"
+    echo -e " ${YELLOW}会话日志目录: ${SESSION_DIR}${NC}"
+    echo -e "${GREEN} 1.${NC} ${BOLD}完整构建流程${NC} (清理 > 更新源码/包/feeds > 配置 > 编译)"
+    echo -e "${GREEN} 2.${NC} 清理工作区 (删除 tmp, bin, build_dir 等)"
+    echo -e "${GREEN} 3.${NC} 更新所有组件 (源码 + 旧包清理 + 自定义包 + feeds)"
+    echo -e "${GREEN} 4.${NC} 清理配置文件指定的旧包/目录"
+    echo -e "${GREEN} 5.${NC} ${BOLD}编译固件${NC} (make V=s)"
+    echo -e "${GREEN} 6.${NC} 调整配置 (make menuconfig)"
+    echo -e "${GREEN} 7.${NC} 更新所有自定义包"
+    echo -e "${GREEN} 8.${NC} 更新特定的自定义包"
+    echo -e "${GREEN} 9.${NC} 更新 OpenWrt 源码 (git pull)"
+    echo -e "${GREEN}10.${NC} 更新并安装 Feeds"
+    echo -e "-------------------------------------"
+    echo -e "${GREEN} 0.${NC} 退出脚本"
+    echo -e "${BLUE}====================================${NC}"
+    # 使用 read -p 提供提示
+    read -rp "请输入选项 [0-10]: " choice
+}
+
+# 打印并选择特定自定义包进行更新
+select_specific_package() {
+    local pkg_names=("${!CUSTOM_PACKAGES[@]}") # 获取所有包名
+    local num_packages=${#pkg_names[@]}
+
+    if [ "$num_packages" -eq 0 ]; then
+        log "WARN" "没有配置任何自定义包。"
+        return 1
+    fi
+
+    echo -e "\n${BLUE}--- 选择要更新的自定义包 ---${NC}"
+    local i=1
+    # 使用 sort 命令让包名按字母排序显示
+    local sorted_pkg_names=($(printf "%s\n" "${pkg_names[@]}" | sort))
+
+    for pkg_name in "${sorted_pkg_names[@]}"; do
+        echo -e " ${GREEN}$i.${NC} $pkg_name"
+        ((i++))
+    done
+    echo -e " ${GREEN}0.${NC} 返回主菜单"
+    echo -e "${BLUE}----------------------------${NC}"
+
+    local choice_pkg
+    read -rp "请输入包的序号 [0-$num_packages]: " choice_pkg
+
+    # 验证选择
+    if [[ ! "$choice_pkg" =~ ^[0-9]+$ ]]; then
+        log "ERROR" "无效输入，请输入数字。"
+        return 1
+    fi
+
+    if [ "$choice_pkg" -eq 0 ]; then
+        log "INFO" "返回主菜单。"
+        return 0 # 返回成功，表示正常退出选择
+    elif [ "$choice_pkg" -ge 1 ] && [ "$choice_pkg" -le "$num_packages" ]; then
+        local selected_pkg=${sorted_pkg_names[$((choice_pkg-1))]}
+        log "INFO" "选择更新包: $selected_pkg"
+        update_specific_package "$selected_pkg" # 调用更新函数
+        return $? # 返回更新函数的执行结果
+    else
+        log "ERROR" "无效的选择序号: $choice_pkg"
+        return 1
+    fi
+}
+
+#---------------主函数---------------#
+main() {
+    # 0. 设置颜色变量
+    setup_colors
+
+    # 1. 初始化日志系统 (会进行第一次输出重定向)
+    init_logger || exit 1 # 初始化失败则退出
+
+    # 2. 检查运行环境和依赖
+    log "INFO" "检查运行环境..."
+    local dep_missing=false
+    if [ ! -f "Makefile" ] || [ ! -d "scripts" ] || [ ! -d ".git" ]; then
+        log "ERROR" "脚本必须在 OpenWrt 源码的根目录下运行 (需要存在 Makefile, scripts, .git)。"
+        dep_missing=true
+    fi
+    for cmd in git make nproc tee cut dirname mkdir rm git date printf sort read; do
+        if ! command -v "$cmd" &> /dev/null; then
+            log "ERROR" "缺少必要的系统命令: $cmd"
+            dep_missing=true
+        fi
+    done
+     if [ "$dep_missing" = true ]; then
+        log "ERROR" "环境或依赖检查失败，请修正后重试。"
+        # 恢复原始输出，避免后续可能的错误信息无法显示
+        exec >&$STDOUT_ORIG
+        exec 2>&$STDERR_ORIG
+        exit 1
+    fi
+    log "INFO" "环境检查通过。"
+
+    # 记录脚本启动信息
+    log "INFO" "${BOLD}OpenWrt 构建管理脚本已启动${NC}"
+    log "INFO" "PID: $$"
+    log "INFO" "会话日志目录: $SESSION_DIR"
+
+    # 3. 主菜单循环
+    local choice # 提前声明 choice
+    while true; do
+        print_menu # 显示菜单并获取输入到 choice 变量
+        log "DEBUG" "用户选择了: $choice" # 记录用户选择
+
+        # 根据选择执行操作
+        case $choice in
+            1) full_build ;;
+            2) clean_workspace ;;
+            3) update_all_components ;;
+            4) clean_packages ;;
+            5) build_firmware ;;
+            6) menuconfig ;;
+            7) update_custom_package ;;
+            8) select_specific_package ;;
+            9) update_source ;;
+            10) update_feeds ;;
+            0)
+                log "INFO" "收到退出命令，正在退出脚本..."
+                # 恢复原始输出流 (好习惯)
+                exec >&$STDOUT_ORIG
+                exec 2>&$STDERR_ORIG
+                echo -e "${GREEN}脚本已退出。${NC}"
+                exit 0
+                ;;
+            *)
+                log "WARN" "无效的选项: '$choice'，请输入 0 到 10 之间的数字。"
+                ;;
+        esac
+
+        local last_exit_code=$? # 获取上一个命令的退出状态码
+        # 操作完成后暂停，给用户查看结果的时间
+        if [[ $choice != 0 ]]; then
+            if [ $last_exit_code -eq 0 ]; then
+                echo -e "\n${GREEN}操作 '$choice' 执行完成。${NC}"
+            else
+                 echo -e "\n${RED}操作 '$choice' 执行时遇到错误 (退出码: $last_exit_code)。${NC}"
+            fi
+             echo -e "${YELLOW}按 Enter 键返回主菜单...${NC}"
+             read -r # 等待用户按回车
+        fi
+    done
+}
+
+#---------------脚本入口---------------#
+# 将所有主逻辑放入 main 函数，并在最后调用它
+# "$@" 将所有命令行参数传递给 main 函数 (虽然本脚本目前未使用)
+main "$@"
--- a/config/Config-build.in
+++ b/config/Config-build.in
@@ -1,18 +1,31 @@
+# SPDX-License-Identifier: GPL-2.0-only
+#
 # Copyright (C) 2006-2013 OpenWrt.org
 # Copyright (C) 2016 LEDE Project
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+
+config EXPERIMENTAL
+	bool "Enable experimental features by default"
+	default n
+	help
+	  Set this option to build with latest bleeding edge features
+	  which may or may not work as expected.
+	  If you would like to help the development of OpenWrt, you are
+	  encouraged to set this option and provide feedback (both
+	  positive and negative). But do so only if you know how to
+	  recover your device in case of flashing potentially non-working
+	  firmware.
+
+	  If you plan to use this build in production, say NO!

 menu "Global build settings"

-	config JSON_ADD_IMAGE_INFO
-		bool "Create JSON info files per build image"
-		default BUILDBOT
+	config JSON_OVERVIEW_IMAGE_INFO
+		bool "Create JSON info file overview per target"
+		default y
 		help
-		  The JSON info files contain information about the device and
-		  build images, stored next to the firmware images.
+		  Create a JSON info file called profiles.json in the target
+		  directory containing machine readable list of built profiles
+		  and resulting images.

 	config ALL_NONSHARED
 		bool "Select all target specific packages by default"
@@ -39,20 +52,33 @@ menu "Global build settings"

 	config SIGNED_PACKAGES
 		bool "Cryptographically signed package lists"
-		default n
+		default y

 	config SIGNATURE_CHECK
 		bool "Enable signature checking in opkg"
 		default SIGNED_PACKAGES

+	config DOWNLOAD_CHECK_CERTIFICATE
+		bool "Enable TLS certificate verification during package download"
+		default y
+
 	comment "General build options"

+	config TESTING_KERNEL
+		bool "Use the testing kernel version"
+		depends on HAS_TESTING_KERNEL
+		default EXPERIMENTAL
+		help
+		  If the target supports a newer kernel version than the default,
+		  you can use this config option to enable it
+
+
 	config DISPLAY_SUPPORT
 		bool "Show packages that require graphics support (local or remote)"
 		default n

 	config BUILD_PATENTED
-		default y
+		default n
 		bool "Compile with support for patented functionality"
 		help
 		  When this option is disabled, software which provides patented functionality
@@ -79,11 +105,28 @@ menu "Global build settings"
 		  This removes all ipkg/opkg status data files from the target directory
 		  before building the root filesystem.

+	config IPK_FILES_CHECKSUMS
+		bool
+		prompt "Record files checksums in package metadata"
+		default n
+		help
+		  This makes file checksums part of package metadata. It increases size
+		  but provides you with pkg_check command to check for flash corruptions.
+
 	config INCLUDE_CONFIG
 		bool "Include build configuration in firmware" if DEVEL
 		default n
 		help
-		  If enabled, config.seed will be stored in /etc/build.config of firmware.
+		  If enabled, buildinfo files will be stored in /etc/build.* of firmware.
+
+	config REPRODUCIBLE_DEBUG_INFO
+		bool "Make debug information reproducible"
+		default BUILDBOT
+		help
+		  This strips the local build path out of debug information. This has the
+		  advantage of making it reproducible, but the disadvantage of making local
+		  debugging using ./scripts/remote-gdb harder, since the debug data will
+		  no longer point to the full path on the build host.

 	config COLLECT_KERNEL_DEBUG
 		bool
@@ -109,19 +152,29 @@ menu "Global build settings"
 		default n
 		help
 		  Adds -g3 to the CFLAGS.
+		  
+	config USE_GC_SECTIONS
+		bool
+		prompt "Dead code and data elimination for all packages (EXPERIMENTAL)"
+		help
+		  Places functions and data items into its own sections to use the linker's
+		  garbage collection capabilites.
+		  Packages can choose to opt-out via setting PKG_BUILD_FLAGS:=no-gc-sections
+
+	config USE_LTO
+		bool
+		prompt "Use the link-time optimizer for all packages (EXPERIMENTAL)"
+		help
+		  Adds LTO flags to the CFLAGS and LDFLAGS.
+		  Packages can choose to opt-out via setting PKG_BUILD_FLAGS:=no-lto

 	config IPV6
-		bool
-		prompt "Enable IPv6 support in packages"
-		default y
-		help
-		  Enables IPv6 support in kernel (builtin) and packages.
+		def_bool y

 	comment "Stripping options"

 	choice
 		prompt "Binary stripping method"
-		default USE_STRIP   if EXTERNAL_TOOLCHAIN
 		default USE_STRIP   if USE_GLIBC
 		default USE_SSTRIP
 		help
@@ -155,6 +208,14 @@ menu "Global build settings"
 		help
 		  Specifies arguments passed to the strip command when stripping binaries.

+	config SSTRIP_ARGS
+		string
+		prompt "Sstrip arguments"
+		depends on USE_SSTRIP
+		default "-z"
+		help
+		  Specifies arguments passed to the sstrip command when stripping binaries.
+
 	config STRIP_KERNEL_EXPORTS
 		bool "Strip unnecessary exports from the kernel image"
 		help
@@ -170,23 +231,6 @@ menu "Global build settings"
 		  make the system libraries incompatible with most of the packages that are
 		  not selected during the build process.

-	choice
-		prompt "Preferred standard C++ library"
-		default USE_LIBSTDCXX if USE_GLIBC
-		default USE_UCLIBCXX
-		help
-		  Select the preferred standard C++ library for all packages that support this.
-
-		config USE_UCLIBCXX
-			bool "uClibc++"
-
-		config USE_LIBCXX
-			bool "libc++"
-
-		config USE_LIBSTDCXX
-			bool "libstdc++"
-	endchoice
-
 	comment "Hardening build options"

 	config PKG_CHECK_FORMAT_SECURITY
@@ -230,7 +274,6 @@ menu "Global build settings"

 	choice
 		prompt "User space Stack-Smashing Protection"
-		depends on USE_MUSL
 		default PKG_CC_STACKPROTECTOR_REGULAR
 		help
 		  Enable GCC Stack Smashing Protection (SSP) for userspace applications
@@ -238,19 +281,13 @@ menu "Global build settings"
 			bool "None"
 		config PKG_CC_STACKPROTECTOR_REGULAR
 			bool "Regular"
-			select GCC_LIBSSP if !USE_MUSL
-			depends on KERNEL_CC_STACKPROTECTOR_REGULAR
 		config PKG_CC_STACKPROTECTOR_STRONG
 			bool "Strong"
-			select GCC_LIBSSP if !USE_MUSL
-			depends on !GCC_VERSION_4_8
-			depends on KERNEL_CC_STACKPROTECTOR_STRONG
 	endchoice

 	choice
 		prompt "Kernel space Stack-Smashing Protection"
 		default KERNEL_CC_STACKPROTECTOR_REGULAR
-		depends on USE_MUSL || !(x86_64 || i386)
 		help
 		  Enable GCC Stack-Smashing Protection (SSP) for the kernel
 		config KERNEL_CC_STACKPROTECTOR_NONE
@@ -258,15 +295,14 @@ menu "Global build settings"
 		config KERNEL_CC_STACKPROTECTOR_REGULAR
 			bool "Regular"
 		config KERNEL_CC_STACKPROTECTOR_STRONG
-			depends on !GCC_VERSION_4_8
 			bool "Strong"
 	endchoice

-	config  KERNEL_STACKPROTECTOR
+	config KERNEL_STACKPROTECTOR
 		bool
 		default KERNEL_CC_STACKPROTECTOR_REGULAR || KERNEL_CC_STACKPROTECTOR_STRONG

-	config  KERNEL_STACKPROTECTOR_STRONG
+	config KERNEL_STACKPROTECTOR_STRONG
 		bool
 		default KERNEL_CC_STACKPROTECTOR_STRONG

@@ -308,4 +344,58 @@ menu "Global build settings"
 			bool "Full"
 	endchoice

+	config TARGET_ROOTFS_SECURITY_LABELS
+		bool
+		select KERNEL_SQUASHFS_XATTR
+		select KERNEL_EXT4_FS_SECURITY
+		select KERNEL_F2FS_FS_SECURITY
+		select KERNEL_UBIFS_FS_SECURITY
+		select KERNEL_JFFS2_FS_SECURITY
+
+	config SELINUX
+		bool "Enable SELinux"
+		select KERNEL_SECURITY_SELINUX
+		select TARGET_ROOTFS_SECURITY_LABELS
+		select PACKAGE_procd-selinux
+		select PACKAGE_busybox-selinux
+		help
+		  This option enables SELinux kernel features, applies security labels
+		  in squashfs rootfs and selects the selinux-variants of busybox and procd.
+
+		  Selecting this option results in about 0.5MiB of additional flash space
+		  usage accounting for increased kernel and rootfs size.
+
+	choice
+		prompt "default SELinux type"
+		depends on TARGET_ROOTFS_SECURITY_LABELS
+		default SELINUXTYPE_dssp
+		help
+		  Select SELinux policy to be installed and used for applying rootfs labels.
+
+		config SELINUXTYPE_targeted
+			bool "targeted"
+			select PACKAGE_refpolicy
+			help
+			  SELinux Reference Policy (refpolicy)
+
+		config SELINUXTYPE_dssp
+			bool "dssp"
+			select PACKAGE_selinux-policy
+			help
+			  Defensec SELinux Security Policy -- OpenWrt edition
+
+	endchoice
+
+	config SECCOMP
+		bool "Enable SECCOMP"
+		select KERNEL_SECCOMP
+		select PACKAGE_procd-seccomp
+		depends on (aarch64 || arm || armeb || mips || mipsel || mips64 || mips64el || i386 || powerpc || x86_64)
+		depends on !TARGET_uml
+		default y
+		help
+		  This option enables seccomp kernel features to safely
+		  execute untrusted bytecode and selects the seccomp-variants
+		  of procd
+
 endmenu
--- a/config/Config-devel.in
+++ b/config/Config-devel.in
@@ -1,15 +1,13 @@
+# SPDX-License-Identifier: GPL-2.0-only
+#
 # Copyright (C) 2006-2013 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#

 menuconfig DEVEL
 	bool "Advanced configuration options (for developers)"
 	default n

 	config BROKEN
-		bool "Show broken platforms / packages" if DEVEL
+		bool "Show broken platforms / packages / devices" if DEVEL
 		default n

 	config BINARY_FOLDER
@@ -19,6 +17,20 @@ menuconfig DEVEL
 		  Store built firmware images and filesystem images in this directory.
 		  If not set, uses './bin/$(BOARD)'

+	config DOWNLOAD_TOOL_CUSTOM
+		string "Use custom download tool" if DEVEL
+		default ""
+		help
+		  Use and force custom download tool instead of relying on autoselection
+		  between curl if available and wget as a fallback.
+
+		  download.pl supports 3 tools officially aria2c, curl and wget.
+		  If one of the tool is used in this config, download.pl will use the
+		  default args to make use of them.
+
+		  If the provided string is different than aria2c, curl or wget, the command
+		  is used as is and the download url will be appended at the end of such command.
+
 	config DOWNLOAD_FOLDER
 		string "Download folder" if DEVEL
 		default ""
@@ -47,6 +59,13 @@ menuconfig DEVEL
 		  This allows you to symlink build_dir into a scratch location, e.g. a ramdisk,
 		  which does not have enough space to keep a complete build_dir.

+	config BUILD_ALL_HOST_TOOLS
+		bool "Compile all host tools" if DEVEL
+		default n
+		help
+		  Compile all host host tools even if not needed. This is needed to prepare a
+		  universal precompiled host tools archive to use in another buildroot.
+
 	config BUILD_SUFFIX
 		string "Build suffix to append to the target BUILD_DIR variable" if DEVEL
 		default ""
@@ -69,6 +88,18 @@ menuconfig DEVEL
 		help
 		  Compiler cache; see https://ccache.samba.org/

+	config CCACHE_DIR
+		string "Set ccache directory" if CCACHE
+		default ""
+		help
+		  Store ccache in this directory.
+		  If not set, uses './.ccache'
+
+	config KERNEL_CFLAGS
+		string "Kernel extra CFLAGS" if DEVEL
+		default "-falign-functions=32" if TARGET_bcm53xx
+		default ""
+
 	config EXTERNAL_KERNEL_TREE
 		string "Use external kernel tree" if DEVEL
 		default ""
@@ -100,11 +131,23 @@ menuconfig DEVEL
 		  It can be a git hash or a branch name.
 		  If unused, the clone's repository HEAD will be checked-out.

+	config KERNEL_GIT_MIRROR_HASH
+		string "Enter hash of Git kernel tree source checkout tarball" if DEVEL
+		depends on (KERNEL_GIT_CLONE_URI != "")
+		default ""
+
 	config BUILD_LOG
 		bool "Enable log files during build process" if DEVEL
 		help
 		  If enabled, log files will be written to the ./log directory.

+	config BUILD_LOG_DIR
+		string "Log folder" if DEVEL
+		default ""
+		help
+		  Store build logs in this directory.
+		  If not set, uses './logs'
+
 	config SRC_TREE_OVERRIDE
 		bool "Enable package source tree override" if DEVEL
 		help
--- a/config/Config-images.in
+++ b/config/Config-images.in
@@ -1,8 +1,6 @@
+# SPDX-License-Identifier: GPL-2.0-only
+#
 # Copyright (C) 2006-2013 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#

 menu "Target Images"

@@ -15,11 +13,12 @@ menu "Target Images"
 		choice
 			prompt "Compression"
 			default TARGET_INITRAMFS_COMPRESSION_LZMA if TARGET_apm821xx
-			default TARGET_INITRAMFS_COMPRESSION_LZMA if TARGET_ar71xx
-			default TARGET_INITRAMFS_COMPRESSION_LZMA if TARGET_ipq40xx
+			default TARGET_INITRAMFS_COMPRESSION_LZMA if TARGET_ath79_mikrotik
 			default TARGET_INITRAMFS_COMPRESSION_LZMA if TARGET_lantiq
 			default TARGET_INITRAMFS_COMPRESSION_LZMA if TARGET_mpc85xx
 			default TARGET_INITRAMFS_COMPRESSION_LZMA if TARGET_ramips
+			default TARGET_INITRAMFS_COMPRESSION_ZSTD if TARGET_qualcommax
+			default TARGET_INITRAMFS_COMPRESSION_XZ if USES_SEPARATE_INITRAMFS
 			default TARGET_INITRAMFS_COMPRESSION_NONE
 			depends on TARGET_ROOTFS_INITRAMFS
 			help
@@ -45,6 +44,10 @@ menu "Target Images"

 			config TARGET_INITRAMFS_COMPRESSION_XZ
 				bool "xz"
+
+			config TARGET_INITRAMFS_COMPRESSION_ZSTD
+				depends on !LINUX_5_4
+				bool "zstd"
 		endchoice

 		config EXTERNAL_CPIO
@@ -55,11 +58,20 @@ menu "Target Images"
 			  Kernel uses specified external cpio as INITRAMFS_SOURCE.

 		config TARGET_INITRAMFS_FORCE
-                        bool "Force"
-                        depends on TARGET_ROOTFS_INITRAMFS
-                        default n
-                        help
-                          Ignore the initramfs passed by the bootloader.
+			bool "Force"
+			depends on TARGET_ROOTFS_INITRAMFS
+			default n
+			help
+			  Ignore the initramfs passed by the bootloader.
+
+		config TARGET_ROOTFS_INITRAMFS_SEPARATE
+			bool "separate ramdisk"
+			depends on USES_SEPARATE_INITRAMFS && TARGET_ROOTFS_INITRAMFS && !TARGET_INITRAMFS_FORCE
+			default y if USES_SEPARATE_INITRAMFS
+			help
+			  Generate separate initrd.cpio instead of embedding it.
+			  This is useful for generating images with a dedicated
+			  ramdisk e.g. in U-Boot's uImage and uImage.FIT formats.

 	comment "Root filesystem archives"

@@ -79,7 +91,7 @@ menu "Target Images"

 	menuconfig TARGET_ROOTFS_EXT4FS
 		bool "ext4"
-		default n
+		default y if USES_EXT4
 		help
 		  Build an ext4 root filesystem.

@@ -121,13 +133,6 @@ menu "Target Images"
 			help
 			  Create an ext4 filesystem with a journal.

-	config TARGET_ROOTFS_ISO
-		bool "iso"
-		default n
-		depends on TARGET_x86_generic
-		help
-		  Create a bootable ISO image.
-
 	config TARGET_ROOTFS_JFFS2
 		bool "jffs2"
 		depends on USES_JFFS2
@@ -145,14 +150,17 @@ menu "Target Images"
 		bool "squashfs"
 		default y if USES_SQUASHFS
 		help
-		  Build a squashfs-lzma root filesystem.
+		  Build a squashfs root filesystem.

 		config TARGET_SQUASHFS_BLOCK_SIZE
 			int "Block size (in KiB)"
 			depends on TARGET_ROOTFS_SQUASHFS
 			default 64 if LOW_MEMORY_FOOTPRINT
 			default 1024 if (SMALL_FLASH && !LOW_MEMORY_FOOTPRINT)
-			default 256
+			default 1024
+			help
+			  Select squashfs block size, must be one of:
+			    4, 8, 16, 32, 64, 128, 256, 512, 1024

 	menuconfig TARGET_ROOTFS_UBIFS
 		bool "ubifs"
@@ -190,35 +198,37 @@ menu "Target Images"
 			default ""

 	config GRUB_IMAGES
-		bool "Build GRUB images (Linux x86 or x86_64 host only)"
+		bool "Build GRUB images"
 		depends on TARGET_x86
-		depends on TARGET_ROOTFS_EXT4FS || TARGET_ROOTFS_ISO || TARGET_ROOTFS_JFFS2 || TARGET_ROOTFS_SQUASHFS
+		depends on TARGET_ROOTFS_EXT4FS || TARGET_ROOTFS_JFFS2 || TARGET_ROOTFS_SQUASHFS
 		select PACKAGE_grub2
-		default y
-
-	config EFI_IMAGES
-		bool "Build EFI GRUB images (Linux x86 or x86_64 host only)"
-		depends on TARGET_x86
-		depends on TARGET_ROOTFS_EXT4FS || TARGET_ROOTFS_ISO || TARGET_ROOTFS_JFFS2 || TARGET_ROOTFS_SQUASHFS
-		select PACKAGE_grub2
-		select PACKAGE_grub2-efi
 		default n

+	config GRUB_EFI_IMAGES
+		bool "Build GRUB EFI images"
+		depends on TARGET_x86 || TARGET_armvirt || TARGET_loongarch64 || TARGET_phytium_armv8
+		depends on TARGET_ROOTFS_EXT4FS || TARGET_ROOTFS_JFFS2 || TARGET_ROOTFS_SQUASHFS
+		select PACKAGE_grub2 if TARGET_x86
+		select PACKAGE_grub2-efi if TARGET_x86
+		select PACKAGE_grub2-bios-setup if TARGET_x86
+		select PACKAGE_grub2-efi-arm if TARGET_armvirt
+		select PACKAGE_grub2-efi-arm if TARGET_phytium_armv8
+		select PACKAGE_kmod-fs-vfat
+		default y
+
 	config GRUB_CONSOLE
 		bool "Use Console Terminal (in addition to Serial)"
-		depends on GRUB_IMAGES || EFI_IMAGES
-		default n if (TARGET_x86_generic_Soekris45xx || TARGET_x86_generic_Soekris48xx || TARGET_x86_net5501 || TARGET_x86_geos || TARGET_x86_alix2)
+		depends on GRUB_IMAGES || GRUB_EFI_IMAGES
 		default y

 	config GRUB_SERIAL
 		string "Serial port device"
-		depends on GRUB_IMAGES || EFI_IMAGES
-		default "hvc0" if TARGET_x86_xen_domu
-		default "ttyS0" if ! TARGET_x86_xen_domu
+		depends on GRUB_IMAGES || GRUB_EFI_IMAGES
+		default "ttyS0"

 	config GRUB_BAUDRATE
 		int "Serial port baud rate"
-		depends on GRUB_IMAGES || EFI_IMAGES
+		depends on GRUB_IMAGES || GRUB_EFI_IMAGES
 		default 38400 if TARGET_x86_generic
 		default 115200

@@ -229,91 +239,96 @@ menu "Target Images"

 	config GRUB_BOOTOPTS
 		string "Extra kernel boot options"
-		depends on GRUB_IMAGES || EFI_IMAGES
-		default "xencons=hvc" if TARGET_x86_xen_domu
+		depends on GRUB_IMAGES || GRUB_EFI_IMAGES
 		help
 		  If you don't know, just leave it blank.

 	config GRUB_TIMEOUT
 		string "Seconds to wait before booting the default entry"
-		depends on GRUB_IMAGES || EFI_IMAGES
+		depends on GRUB_IMAGES || GRUB_EFI_IMAGES
 		default "0"
 		help
 		  If you don't know, 5 seconds is a reasonable default.

 	config GRUB_TITLE
 		string "Title for the menu entry in GRUB"
-		depends on GRUB_IMAGES || EFI_IMAGES
+		depends on GRUB_IMAGES || GRUB_EFI_IMAGES
 		default "OpenWrt"
 		help
 		  This is the title of the GRUB menu entry.
 		  If unspecified, it defaults to OpenWrt.

+	config ISO_IMAGES
+		bool "Build LiveCD image (ISO)"
+		depends on TARGET_x86
+		depends on GRUB_IMAGES || GRUB_EFI_IMAGES
+
+	config QCOW2_IMAGES
+		bool "Build PVE/KVM image files (QCOW2)"
+		depends on TARGET_x86
+		depends on GRUB_IMAGES || GRUB_EFI_IMAGES
+		select PACKAGE_kmod-e1000
+
 	config VDI_IMAGES
 		bool "Build VirtualBox image files (VDI)"
-		depends on TARGET_x86 || TARGET_x86_64
-		select GRUB_IMAGES
-		select TARGET_IMAGES_PAD
+		depends on TARGET_x86
+		depends on GRUB_IMAGES || GRUB_EFI_IMAGES
 		select PACKAGE_kmod-e1000

 	config VMDK_IMAGES
 		bool "Build VMware image files (VMDK)"
-		depends on TARGET_x86 || TARGET_x86_64
-		select GRUB_IMAGES
-		select TARGET_IMAGES_PAD
-		select PACKAGE_kmod-e1000
+		depends on TARGET_x86 || TARGET_armvirt || TARGET_loongarch64
+		depends on GRUB_IMAGES || GRUB_EFI_IMAGES
 		default y
-
-	config VHD_IMAGES
-		bool "Build Hyper-V image files (VHD)"
-		depends on TARGET_x86 || TARGET_x86_64
-		depends on GRUB_IMAGES || EFI_IMAGES
-		select TARGET_IMAGES_PAD
-		select PACKAGE_kmod-tulip
-		default n
-
- 	config QCOW2_IMAGES
-		bool "Build PVE/KVM image files (QCOW2)"
-		depends on TARGET_x86 || TARGET_x86_64
-		depends on GRUB_IMAGES || EFI_IMAGES
-		select TARGET_IMAGES_PAD
 		select PACKAGE_kmod-e1000
-		default n

-	config TARGET_IMAGES_PAD
-		bool "Pad images to filesystem size (for JFFS2)"
-		depends on GRUB_IMAGES || EFI_IMAGES
-		default y
+	config VHDX_IMAGES
+		bool "Build Hyper-V image files (VHDX)"
+		depends on TARGET_x86
+		depends on GRUB_IMAGES || GRUB_EFI_IMAGES
+		select PACKAGE_kmod-e1000

 	config TARGET_IMAGES_GZIP
 		bool "GZip images"
-		depends on TARGET_IMAGES_PAD || TARGET_ROOTFS_EXT4FS || TARGET_x86
-		default n
+		depends on TARGET_ROOTFS_EXT4FS || TARGET_x86 || TARGET_armvirt || TARGET_loongarch64 || TARGET_malta
+		default y

 	comment "Image Options"

 	source "target/linux/*/image/Config.in"

 	config TARGET_KERNEL_PARTSIZE
-		int "Kernel partition size (in MB)"
-		depends on GRUB_IMAGES || EFI_IMAGES || USES_BOOT_PART
+		int "Kernel partition size (in MiB)"
+		depends on USES_BOOT_PART
 		default 8 if TARGET_apm821xx_sata
 		default 64 if TARGET_bcm27xx
-		default 16
+		default 32 if TARGET_rockchip
+		default 128 if TARGET_armvirt
+		default 32

 	config TARGET_ROOTFS_PARTSIZE
-		int "Root filesystem partition size (in MB)"
-		depends on GRUB_IMAGES || EFI_IMAGES || USES_ROOTFS_PART || TARGET_ROOTFS_EXT4FS || TARGET_mvebu || TARGET_rb532 || TARGET_sunxi || TARGET_uml
+		int "Root filesystem partition size (in MiB)"
+		depends on USES_ROOTFS_PART || TARGET_ROOTFS_EXT4FS
+		default 232 if TARGET_loongarch64
+		default 400 if TARGET_x86
 		default 160
 		help
 		  Select the root filesystem partition size.

 	config TARGET_ROOTFS_PARTNAME
 		string "Root partition on target device"
-		depends on GRUB_IMAGES || EFI_IMAGES
+		depends on GRUB_IMAGES || GRUB_EFI_IMAGES
 		help
 		  Override the root partition on the final device. If left empty,
 		  it will be mounted by PARTUUID which makes the kernel find the
 		  appropriate disk automatically.

+	config TARGET_ROOTFS_PERSIST_VAR
+		bool "Make /var persistent"
+		default n
+		help
+		  Do not symlink /var to /tmp, so that its content will persist
+		  across reboots. When enabled, /var/run will still be linked
+		  to /tmp/run.
+
 endmenu
--- a/config/Config-kernel.in
+++ b/config/Config-kernel.in
@@ -1,8 +1,6 @@
+# SPDX-License-Identifier: GPL-2.0-only
+#
 # Copyright (C) 2006-2014 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#

 config KERNEL_BUILD_USER
 	string "Custom Kernel Build User Name"
@@ -26,15 +24,14 @@ config KERNEL_PRINTK
 	bool "Enable support for printk"
 	default y

-config KERNEL_CRASHLOG
-	bool "Crash logging"
-	depends on !(arm || powerpc || sparc || TARGET_uml || i386 || x86_64)
-	default y
-
 config KERNEL_SWAP
 	bool "Support for paging of anonymous memory (swap)"
 	default y if !SMALL_FLASH

+config KERNEL_PROC_STRIPPED
+	bool "Strip non-essential /proc functionality to reduce code size"
+	default y if SMALL_FLASH
+
 config KERNEL_DEBUG_FS
 	bool "Compile the kernel with debug filesystem enabled"
 	default y
@@ -44,16 +41,29 @@ config KERNEL_DEBUG_FS
 	  write to these files. Many common debugging facilities, such as
 	  ftrace, require the existence of debugfs.

-config KERNEL_MIPS_FPU_EMULATOR
-	bool "Compile the kernel with MIPS FPU Emulator"
-	default y
-	depends on (mips || mipsel || mips64 || mips64el)
+config KERNEL_MIPS_FP_SUPPORT
+	bool
+	default y if TARGET_pistachio

 config KERNEL_ARM_PMU
 	bool
 	default n
 	depends on (arm || aarch64)

+config KERNEL_ARM_PMUV3
+	bool
+	default y if TARGET_armsr_armv8
+	depends on (arm_v7 || aarch64) && LINUX_6_6
+
+config KERNEL_RISCV_PMU
+	bool
+	select KERNEL_RISCV_PMU_SBI
+	depends on riscv64
+
+config KERNEL_RISCV_PMU_SBI
+	bool
+	depends on riscv64
+
 config KERNEL_X86_VSYSCALL_EMULATION
 	bool "Enable vsyscall emulation"
 	default n
@@ -76,6 +86,8 @@ config KERNEL_PERF_EVENTS
 	bool "Compile the kernel with performance events and counters"
 	default n
 	select KERNEL_ARM_PMU if (arm || aarch64)
+	select KERNEL_ARM_PMUV3 if (arm_v7 || aarch64) && LINUX_6_6
+	select KERNEL_RISCV_PMU if riscv64

 config KERNEL_PROFILING
 	bool "Compile the kernel with profiling enabled"
@@ -85,6 +97,178 @@ config KERNEL_PROFILING
 	  Enable the extended profiling support mechanisms used by profilers such
 	  as OProfile.

+config KERNEL_RPI_AXIPERF
+	bool "Compile the kernel with RaspberryPi AXI Performance monitors"
+	default y
+	depends on KERNEL_PERF_EVENTS && TARGET_bcm27xx
+
+config KERNEL_UBSAN
+	bool "Compile the kernel with undefined behaviour sanity checker"
+	help
+	  This option enables undefined behaviour sanity checker
+	  Compile-time instrumentation is used to detect various undefined
+	  behaviours in runtime. Various types of checks may be enabled
+	  via boot parameter ubsan_handle
+	  (see: Documentation/dev-tools/ubsan.rst).
+
+config KERNEL_UBSAN_SANITIZE_ALL
+	bool "Enable instrumentation for the entire kernel"
+	depends on KERNEL_UBSAN
+	default y
+	help
+	  This option activates instrumentation for the entire kernel.
+	  If you don't enable this option, you have to explicitly specify
+	  UBSAN_SANITIZE := y for the files/directories you want to check for UB.
+	  Enabling this option will get kernel image size increased
+	  significantly.
+
+config KERNEL_UBSAN_ALIGNMENT
+	bool "Enable checking of pointers alignment"
+	depends on KERNEL_UBSAN
+	help
+	  This option enables detection of unaligned memory accesses.
+	  Enabling this option on architectures that support unaligned
+	  accesses may produce a lot of false positives.
+
+config KERNEL_UBSAN_BOUNDS
+	bool "Perform array index bounds checking"
+	depends on KERNEL_UBSAN
+	help
+	  This option enables detection of directly indexed out of bounds array
+	  accesses, where the array size is known at compile time. Note that
+	  this does not protect array overflows via bad calls to the
+	  {str,mem}*cpy() family of functions (that is addressed by
+	  FORTIFY_SOURCE).
+
+config KERNEL_UBSAN_NULL
+	bool "Enable checking of null pointers"
+	depends on KERNEL_UBSAN
+	help
+	  This option enables detection of memory accesses via a
+	  null pointer.
+
+config KERNEL_UBSAN_TRAP
+	bool "On Sanitizer warnings, abort the running kernel code"
+	depends on KERNEL_UBSAN
+	help
+	  Building kernels with Sanitizer features enabled tends to grow the
+	  kernel size by around 5%, due to adding all the debugging text on
+	  failure paths. To avoid this, Sanitizer instrumentation can just
+	  issue a trap. This reduces the kernel size overhead but turns all
+	  warnings (including potentially harmless conditions) into full
+	  exceptions that abort the running kernel code (regardless of context,
+	  locks held, etc), which may destabilize the system. For some system
+	  builders this is an acceptable trade-off.
+
+config KERNEL_KASAN
+	bool "Compile the kernel with KASan: runtime memory debugger"
+	select KERNEL_SLUB_DEBUG
+	depends on (x86_64 || aarch64)
+	help
+	  Enables kernel address sanitizer - runtime memory debugger,
+	  designed to find out-of-bounds accesses and use-after-free bugs.
+	  This is strictly a debugging feature and it requires a gcc version
+	  of 4.9.2 or later. Detection of out of bounds accesses to stack or
+	  global variables requires gcc 5.0 or later.
+	  This feature consumes about 1/8 of available memory and brings about
+	  ~x3 performance slowdown.
+	  For better error detection enable CONFIG_STACKTRACE.
+	  Currently CONFIG_KASAN doesn't work with CONFIG_DEBUG_SLAB
+	  (the resulting kernel does not boot).
+
+config KERNEL_KASAN_EXTRA
+	bool "KAsan: extra checks"
+	depends on KERNEL_KASAN && KERNEL_DEBUG_KERNEL
+	help
+	  This enables further checks in the kernel address sanitizer, for now
+	  it only includes the address-use-after-scope check that can lead
+	  to excessive kernel stack usage, frame size warnings and longer
+	  compile time.
+	  https://gcc.gnu.org/bugzilla/show_bug.cgi?id=81715 has more
+
+config KERNEL_KASAN_VMALLOC
+	bool "Back mappings in vmalloc space with real shadow memory"
+	depends on KERNEL_KASAN
+	help
+	  By default, the shadow region for vmalloc space is the read-only
+	  zero page. This means that KASAN cannot detect errors involving
+	  vmalloc space.
+
+	  Enabling this option will hook in to vmap/vmalloc and back those
+	  mappings with real shadow memory allocated on demand. This allows
+	  for KASAN to detect more sorts of errors (and to support vmapped
+	  stacks), but at the cost of higher memory usage.
+
+	  This option depends on HAVE_ARCH_KASAN_VMALLOC, but we can't
+	  depend on that in here, so it is possible that enabling this
+	  will have no effect.
+
+if KERNEL_KASAN
+	config KERNEL_KASAN_GENERIC
+	def_bool y
+
+	config KERNEL_KASAN_SW_TAGS
+	def_bool n
+endif
+
+choice
+	prompt "Instrumentation type"
+	depends on KERNEL_KASAN
+	default KERNEL_KASAN_OUTLINE
+
+config KERNEL_KASAN_OUTLINE
+	bool "Outline instrumentation"
+	help
+	  Before every memory access compiler insert function call
+	  __asan_load*/__asan_store*. These functions performs check
+	  of shadow memory. This is slower than inline instrumentation,
+	  however it doesn't bloat size of kernel's .text section so
+	  much as inline does.
+
+config KERNEL_KASAN_INLINE
+	bool "Inline instrumentation"
+	help
+	  Compiler directly inserts code checking shadow memory before
+	  memory accesses. This is faster than outline (in some workloads
+	  it gives about x2 boost over outline instrumentation), but
+	  make kernel's .text size much bigger.
+	  This requires a gcc version of 5.0 or later.
+
+endchoice
+
+config KERNEL_KCOV
+	bool "Compile the kernel with code coverage for fuzzing"
+	select KERNEL_DEBUG_FS
+	help
+	  KCOV exposes kernel code coverage information in a form suitable
+	  for coverage-guided fuzzing (randomized testing).
+
+	  If RANDOMIZE_BASE is enabled, PC values will not be stable across
+	  different machines and across reboots. If you need stable PC values,
+	  disable RANDOMIZE_BASE.
+
+	  For more details, see Documentation/kcov.txt.
+
+config KERNEL_KCOV_ENABLE_COMPARISONS
+	bool "Enable comparison operands collection by KCOV"
+	depends on KERNEL_KCOV
+	help
+	  KCOV also exposes operands of every comparison in the instrumented
+	  code along with operand sizes and PCs of the comparison instructions.
+	  These operands can be used by fuzzing engines to improve the quality
+	  of fuzzing coverage.
+
+config KERNEL_KCOV_INSTRUMENT_ALL
+	bool "Instrument all code by default"
+	depends on KERNEL_KCOV
+	default y if KERNEL_KCOV
+	help
+	  If you are doing generic system call fuzzing (like e.g. syzkaller),
+	  then you will want to instrument the whole kernel and you should
+	  say y here. If you are doing more targeted fuzzing (like e.g.
+	  filesystem fuzzing with AFL) then you will want to enable coverage
+	  for more specific subsets of files, and should say n here.
+
 config KERNEL_TASKSTATS
 	bool "Compile the kernel with task resource/io statistics and accounting"
 	default n
@@ -147,6 +331,53 @@ config KERNEL_FUNCTION_PROFILER
 	depends on KERNEL_FUNCTION_TRACER
 	default n

+config KERNEL_IRQSOFF_TRACER
+	bool "Interrupts-off Latency Tracer"
+	depends on KERNEL_FTRACE
+	help
+	  This option measures the time spent in irqs-off critical
+	  sections, with microsecond accuracy.
+
+	  The default measurement method is a maximum search, which is
+	  disabled by default and can be runtime (re-)started
+	  via:
+
+	      echo 0 > /sys/kernel/debug/tracing/tracing_max_latency
+
+	  (Note that kernel size and overhead increase with this option
+	  enabled. This option and the preempt-off timing option can be
+	  used together or separately.)
+
+config KERNEL_PREEMPT_TRACER
+	bool "Preemption-off Latency Tracer"
+	depends on KERNEL_FTRACE
+	help
+	  This option measures the time spent in preemption-off critical
+	  sections, with microsecond accuracy.
+
+	  The default measurement method is a maximum search, which is
+	  disabled by default and can be runtime (re-)started
+	  via:
+
+	      echo 0 > /sys/kernel/debug/tracing/tracing_max_latency
+
+	  (Note that kernel size and overhead increase with this option
+	  enabled. This option and the irqs-off timing option can be
+	  used together or separately.)
+
+config KERNEL_HIST_TRIGGERS
+	bool "Histogram triggers"
+	depends on KERNEL_FTRACE
+	help
+	  Hist triggers allow one or more arbitrary trace event fields to be
+	  aggregated into hash tables and dumped to stdout by reading a
+	  debugfs/tracefs file. They're useful for gathering quick and dirty
+	  (though precise) summaries of event activity as an initial guide for
+	  further investigation using more advanced tools.
+
+	  Inter-event tracing of quantities such as latencies is also
+	  supported using hist triggers under this option.
+
 config KERNEL_DEBUG_KERNEL
 	bool
 	default n
@@ -158,6 +389,45 @@ config KERNEL_DEBUG_INFO
 	help
 	  This will compile your kernel and modules with debug information.

+config KERNEL_DEBUG_INFO_BTF
+
+	bool "Enable additional BTF type information"
+	default n
+	depends on !HOST_OS_MACOS
+	depends on KERNEL_DEBUG_INFO && !KERNEL_DEBUG_INFO_REDUCED
+	select DWARVES
+	help
+	  Generate BPF Type Format (BTF) information from DWARF debug info.
+	  Turning this on expects presence of pahole tool, which will convert
+	  DWARF type info into equivalent deduplicated BTF type info.
+
+	  Required to run BPF CO-RE applications.
+
+config KERNEL_DEBUG_INFO_REDUCED
+	bool "Reduce debugging information"
+	default y
+	depends on KERNEL_DEBUG_INFO
+	help
+	  If you say Y here gcc is instructed to generate less debugging
+	  information for structure types. This means that tools that
+	  need full debugging information (like kgdb or systemtap) won't
+	  be happy. But if you merely need debugging information to
+	  resolve line numbers there is no loss. Advantage is that
+	  build directory object sizes shrink dramatically over a full
+	  DEBUG_INFO build and compile times are reduced too.
+	  Only works with newer gcc versions.
+
+config KERNEL_FRAME_WARN
+	int
+	range 0 8192
+	default 1280 if KERNEL_KASAN && !ARCH_64BIT
+	default 1024 if !ARCH_64BIT
+	default 2048 if ARCH_64BIT
+	help
+	  Tell the compiler to warn at build time for stack frames larger than this.
+	  Setting this too low will cause a lot of warnings.
+	  Setting it to 0 disables the warning.
+
 config KERNEL_DEBUG_LL_UART_NONE
 	bool
 	default n
@@ -171,6 +441,14 @@ config KERNEL_DEBUG_LL
 	help
 	  ARM low level debugging.

+config KERNEL_DEBUG_VIRTUAL
+	bool "Compile the kernel with VM translations debugging"
+	select KERNEL_DEBUG_KERNEL
+	default n
+	help
+	  Enable checks sanity checks to catch invalid uses of
+	  virt_to_phys()/phys_to_virt() against the non-linear address space.
+
 config KERNEL_DYNAMIC_DEBUG
 	bool "Compile the kernel with dynamic printk"
 	select KERNEL_DEBUG_FS
@@ -208,18 +486,33 @@ config KERNEL_KPROBES
 	  instrumentation and testing.
 	  If in doubt, say "N".

-config KERNEL_KPROBE_EVENT
-	bool
-	default y if KERNEL_KPROBES
-
 config KERNEL_KPROBE_EVENTS
 	bool
 	default y if KERNEL_KPROBES

+config KERNEL_BPF_EVENTS
+	bool "Compile the kernel with BPF event support"
+	default n
+	select KERNEL_KPROBES
+	help
+	  Allows to attach BPF programs to kprobe, uprobe and tracepoint events.
+	  This is required to use BPF maps of type BPF_MAP_TYPE_PERF_EVENT_ARRAY
+	  for sending data from BPF programs to user-space for post-processing
+	  or logging.
+
+config KERNEL_BPF_KPROBE_OVERRIDE
+	bool
+	default n
+	depends on KERNEL_KPROBES
+
 config KERNEL_AIO
 	bool "Compile the kernel with asynchronous IO support"
 	default y if !SMALL_FLASH

+config KERNEL_IO_URING
+	bool "Compile the kernel with io_uring support"
+	default y if !SMALL_FLASH
+
 config KERNEL_FHANDLE
 	bool "Compile the kernel with support for fhandle syscalls"
 	default y if !SMALL_FLASH
@@ -232,6 +525,30 @@ config KERNEL_BLK_DEV_BSG
 	bool "Compile the kernel with SCSI generic v4 support for any block device"
 	default n

+config KERNEL_TRANSPARENT_HUGEPAGE
+	bool
+
+choice
+	prompt "Transparent Hugepage Support sysfs defaults"
+	depends on KERNEL_TRANSPARENT_HUGEPAGE
+	default KERNEL_TRANSPARENT_HUGEPAGE_ALWAYS
+
+	config KERNEL_TRANSPARENT_HUGEPAGE_ALWAYS
+		bool "always"
+
+	config KERNEL_TRANSPARENT_HUGEPAGE_MADVISE
+		bool "madvise"
+endchoice
+
+config KERNEL_HUGETLBFS
+	bool
+
+config KERNEL_HUGETLB_PAGE
+	bool "Compile the kernel with HugeTLB support"
+	select KERNEL_TRANSPARENT_HUGEPAGE
+	select KERNEL_HUGETLBFS
+	default n
+
 config KERNEL_MAGIC_SYSRQ
 	bool "Compile the kernel with SysRq support"
 	default y
@@ -244,21 +561,6 @@ config KERNEL_DEBUG_GPIO
 	bool "Compile the kernel with gpio debugging"
 	select KERNEL_DEBUG_KERNEL

-choice
-	prompt "Algorithms enabled for QCE acceleration"
-	default KERNEL_CRYPTO_DEV_QCE_ENABLE_ALL
-	depends on TARGET_ipq40xx
-
-	config KERNEL_CRYPTO_DEV_QCE_ENABLE_ALL
-		bool "All supported algorithms"
-
-	config KERNEL_CRYPTO_DEV_QCE_ENABLE_BLKCIPHER
-		bool "Block ciphers only"
-
-	config KERNEL_CRYPTO_DEV_QCE_ENABLE_SHA
-		bool "Hash/HMAC only"
-endchoice
-
 config KERNEL_COREDUMP
 	bool

@@ -272,6 +574,62 @@ config KERNEL_PROVE_LOCKING
 	select KERNEL_DEBUG_KERNEL
 	default n

+config KERNEL_SOFTLOCKUP_DETECTOR
+	bool "Compile the kernel with detect Soft Lockups"
+	depends on KERNEL_DEBUG_KERNEL
+	help
+	  Say Y here to enable the kernel to act as a watchdog to detect
+	  soft lockups.
+
+	  Softlockups are bugs that cause the kernel to loop in kernel
+	  mode for more than 20 seconds, without giving other tasks a
+	  chance to run.  The current stack trace is displayed upon
+	  detection and the system will stay locked up.
+
+config KERNEL_DETECT_HUNG_TASK
+	bool "Compile the kernel with detect Hung Tasks"
+	depends on KERNEL_DEBUG_KERNEL
+	default KERNEL_SOFTLOCKUP_DETECTOR
+	help
+	  Say Y here to enable the kernel to detect "hung tasks",
+	  which are bugs that cause the task to be stuck in
+	  uninterruptible "D" state indefinitely.
+
+	  When a hung task is detected, the kernel will print the
+	  current stack trace (which you should report), but the
+	  task will stay in uninterruptible state. If lockdep is
+	  enabled then all held locks will also be reported. This
+	  feature has negligible overhead.
+
+config KERNEL_WQ_WATCHDOG
+	bool "Compile the kernel with detect Workqueue Stalls"
+	depends on KERNEL_DEBUG_KERNEL
+	help
+	  Say Y here to enable stall detection on workqueues.  If a
+	  worker pool doesn't make forward progress on a pending work
+	  item for over a given amount of time, 30s by default, a
+	  warning message is printed along with dump of workqueue
+	  state.  This can be configured through kernel parameter
+	  "workqueue.watchdog_thresh" and its sysfs counterpart.
+
+config KERNEL_DEBUG_ATOMIC_SLEEP
+	bool "Compile the kernel with sleep inside atomic section checking"
+	depends on KERNEL_DEBUG_KERNEL
+	help
+	  If you say Y here, various routines which may sleep will become very
+	  noisy if they are called inside atomic sections: when a spinlock is
+	  held, inside an rcu read side critical section, inside preempt disabled
+	  sections, inside an interrupt, etc...
+
+config KERNEL_DEBUG_VM
+	bool "Compile the kernel with debug VM"
+	depends on KERNEL_DEBUG_KERNEL
+	help
+	  Enable this to turn on extended checks in the virtual-memory system
+          that may impact performance.
+
+	  If unsure, say N.
+
 config KERNEL_PRINTK_TIME
 	bool "Enable printk timestamps"
 	default y
@@ -299,15 +657,20 @@ config KERNEL_KEXEC
 config KERNEL_PROC_VMCORE
 	bool

+config KERNEL_PROC_KCORE
+	bool
+
 config KERNEL_CRASH_DUMP
 	depends on i386 || x86_64 || arm || armeb
 	select KERNEL_KEXEC
 	select KERNEL_PROC_VMCORE
+	select KERNEL_PROC_KCORE
 	bool "Enable support for kexec crashdump"
 	default y

 config USE_RFKILL
 	bool "Enable rfkill support"
+	default y if TARGET_rockchip
 	default RFKILL_SUPPORT

 config USE_SPARSE
@@ -331,23 +694,23 @@ if KERNEL_DEVTMPFS
 endif

 config KERNEL_KEYS
-    bool "Enable kernel access key retention support"
-    default n
+	bool "Enable kernel access key retention support"
+	default !SMALL_FLASH

 config KERNEL_PERSISTENT_KEYRINGS
-    bool "Enable kernel persistent keyrings"
-    depends on KERNEL_KEYS
-    default n
+	bool "Enable kernel persistent keyrings"
+	depends on KERNEL_KEYS
+	default n
+
+config KERNEL_KEYS_REQUEST_CACHE
+	bool "Enable temporary caching of the last request_key() result"
+	depends on KERNEL_KEYS
+	default n

 config KERNEL_BIG_KEYS
-    bool "Enable large payload keys on kernel keyrings"
-    depends on KERNEL_KEYS
-    default n
-
-config KERNEL_ENCRYPTED_KEYS
-    tristate "Enable keys with encrypted payloads on kernel keyrings"
-    depends on KERNEL_KEYS
-    default n
+	bool "Enable large payload keys on kernel keyrings"
+	depends on KERNEL_KEYS
+	default n

 #
 # CGROUP support symbols
@@ -369,21 +732,29 @@ if KERNEL_CGROUPS

 	config KERNEL_FREEZER
 		bool
-		default y if KERNEL_CGROUP_FREEZER

 	config KERNEL_CGROUP_FREEZER
-		bool "Freezer cgroup subsystem"
-		default y
+		bool "legacy Freezer cgroup subsystem"
+		default n
+		select KERNEL_FREEZER
 		help
 		  Provides a way to freeze and unfreeze all tasks in a
 		  cgroup.
+		  (legacy cgroup1-only controller, in cgroup2 freezer
+		  is integrated in the Memory controller)

 	config KERNEL_CGROUP_DEVICE
-		bool "Device controller for cgroups"
-		default y
+		bool "legacy Device controller for cgroups"
+		default n
 		help
 		  Provides a cgroup implementing whitelists for devices which
 		  a process in the cgroup can mknod or open.
+		  (legacy cgroup1-only controller)
+
+	config KERNEL_CGROUP_HUGETLB
+		bool "HugeTLB controller"
+		default n
+		select KERNEL_HUGETLB_PAGE

 	config KERNEL_CGROUP_PIDS
 		bool "PIDs cgroup subsystem"
@@ -392,9 +763,17 @@ if KERNEL_CGROUPS
 		  Provides enforcement of process number limits in the scope of a
 		  cgroup.

+	config KERNEL_CGROUP_RDMA
+		bool "RDMA controller for cgroups"
+		default y
+
+	config KERNEL_CGROUP_BPF
+		bool "Support for eBPF programs attached to cgroups"
+		default y
+
 	config KERNEL_CPUSETS
 		bool "Cpuset support"
-		default y if !SMALL_FLASH
+		default y
 		help
 		  This option will let you create and manage CPUSETs which
 		  allow dynamically partitioning a system into sets of CPUs and
@@ -408,14 +787,14 @@ if KERNEL_CGROUPS

 	config KERNEL_CGROUP_CPUACCT
 		bool "Simple CPU accounting cgroup subsystem"
-		default y if !SMALL_FLASH
+		default y
 		help
 		  Provides a simple Resource Controller for monitoring the
 		  total CPU consumed by the tasks in a cgroup.

 	config KERNEL_RESOURCE_COUNTERS
 		bool "Resource counters"
-		default y if !SMALL_FLASH
+		default y
 		help
 		  This option enables controller independent resource accounting
 		  infrastructure that works with cgroups.
@@ -426,8 +805,9 @@ if KERNEL_CGROUPS

 	config KERNEL_MEMCG
 		bool "Memory Resource Controller for Control Groups"
-		default y if !SMALL_FLASH
-		depends on KERNEL_RESOURCE_COUNTERS || !LINUX_3_18
+		default y
+		select KERNEL_FREEZER
+		depends on KERNEL_RESOURCE_COUNTERS
 		help
 		  Provides a memory resource controller that manages both anonymous
 		  memory and page cache. (See Documentation/cgroups/memory.txt)
@@ -449,7 +829,7 @@ if KERNEL_CGROUPS

 	config KERNEL_MEMCG_SWAP
 		bool "Memory Resource Controller Swap Extension"
-		default n
+		default y
 		depends on KERNEL_MEMCG
 		help
 		  Add swap management feature to memory resource controller. When you
@@ -484,7 +864,7 @@ if KERNEL_CGROUPS

 	config KERNEL_MEMCG_KMEM
 		bool "Memory Resource Controller Kernel Memory accounting (EXPERIMENTAL)"
-		default y if !SMALL_FLASH
+		default y
 		depends on KERNEL_MEMCG
 		help
 		  The Kernel Memory extension for Memory Resource Controller can limit
@@ -505,7 +885,7 @@ if KERNEL_CGROUPS

 	menuconfig KERNEL_CGROUP_SCHED
 		bool "Group CPU scheduler"
-		default y if !SMALL_FLASH
+		default y
 		help
 		  This feature lets CPU scheduler recognize task groups and control CPU
 		  bandwidth allocation to such task groups. It uses cgroups to group
@@ -515,11 +895,11 @@ if KERNEL_CGROUPS

 		config KERNEL_FAIR_GROUP_SCHED
 			bool "Group scheduling for SCHED_OTHER"
-			default y if !SMALL_FLASH
+			default y

 		config KERNEL_CFS_BANDWIDTH
 			bool "CPU bandwidth provisioning for FAIR_GROUP_SCHED"
-			default n
+			default y
 			depends on KERNEL_FAIR_GROUP_SCHED
 			help
 			  This option allows users to define CPU bandwidth rates (limits) for
@@ -530,7 +910,7 @@ if KERNEL_CGROUPS

 		config KERNEL_RT_GROUP_SCHED
 			bool "Group scheduling for SCHED_RR/FIFO"
-			default y if !SMALL_FLASH
+			default y
 			help
 			  This feature lets you explicitly allocate real CPU bandwidth
 			  to task groups. If enabled, it will also make it impossible to
@@ -565,7 +945,7 @@ if KERNEL_CGROUPS

 		config KERNEL_BLK_DEV_THROTTLING
 			bool "Enable throttling policy"
-			default y if TARGET_bcm27xx
+			default y

 		config KERNEL_BLK_DEV_THROTTLING_LOW
 			bool "Block throttling .low limit interface support (EXPERIMENTAL)"
@@ -581,12 +961,16 @@ if KERNEL_CGROUPS
 		  files in a cgroup which can be useful for debugging.

 	config KERNEL_NET_CLS_CGROUP
-		bool "Control Group Classifier"
-		default y
+		bool "legacy Control Group Classifier"
+		default n

-	config KERNEL_NETPRIO_CGROUP
-		bool "Network priority cgroup"
-		default y
+	config KERNEL_CGROUP_NET_CLASSID
+		bool "legacy Network classid cgroup"
+		default n
+
+	config KERNEL_CGROUP_NET_PRIO
+		bool "legacy Network priority cgroup"
+		default n

 endif

@@ -596,7 +980,7 @@ endif

 config KERNEL_NAMESPACES
 	bool "Enable kernel namespaces"
-	default n
+	default y if !SMALL_FLASH

 if KERNEL_NAMESPACES

@@ -665,13 +1049,13 @@ config KERNEL_POSIX_MQUEUE

 config KERNEL_SECCOMP_FILTER
 	bool
-	default n
+	default y if !SMALL_FLASH

 config KERNEL_SECCOMP
 	bool "Enable seccomp support"
 		depends on !(TARGET_uml)
 		select KERNEL_SECCOMP_FILTER
-		default n
+		default y if !SMALL_FLASH
 		help
 		  Build kernel with support for seccomp.

@@ -686,6 +1070,26 @@ config KERNEL_IP_MROUTE
 	  Multicast routing requires a multicast routing daemon in
 	  addition to kernel support.

+if KERNEL_IP_MROUTE
+
+	config KERNEL_IP_MROUTE_MULTIPLE_TABLES
+		def_bool y
+
+	config KERNEL_IP_PIMSM_V1
+		def_bool y
+
+	config KERNEL_IP_PIMSM_V2
+		def_bool y
+
+endif
+
+config KERNEL_MPTCP
+	bool "Enable IPv4 MultiPath TCP support"
+	default y
+	depends on !(LINUX_4_4||LINUX_5_4)
+	help
+	  IPv4 MultiPath TCP to kernel support.
+
 #
 # IPv6 configuration
 #
@@ -708,11 +1112,60 @@ if KERNEL_IPV6
 		  Multicast routing requires a multicast routing daemon in
 		  addition to kernel support.

-	config KERNEL_IPV6_PIMSM_V2
+	if KERNEL_IPV6_MROUTE
+
+		config KERNEL_IPV6_MROUTE_MULTIPLE_TABLES
+			def_bool y
+
+		config KERNEL_IPV6_PIMSM_V2
+			def_bool y
+
+	endif
+
+	config KERNEL_IPV6_SEG6_LWTUNNEL
+		bool "Enable support for lightweight tunnels"
+		default y if !SMALL_FLASH
+		help
+		  Using lwtunnel (needed for IPv6 segment routing) requires ip-full package.
+
+	config KERNEL_LWTUNNEL_BPF
 		def_bool n

+	config KERNEL_MPTCP_IPV6
+		bool "Enable IPv6 MultiPath TCP support"
+		default y
+		depends on KERNEL_MPTCP
+		depends on !(LINUX_4_4||LINUX_5_4)
+		help
+		  IPv6 MultiPath TCP to kernel support.
+
 endif

+#
+# Miscellaneous network configuration
+#
+
+config KERNEL_NET_L3_MASTER_DEV
+	bool "L3 Master device support"
+	help
+	  This module provides glue between core networking code and device
+	  drivers to support L3 master devices like VRF.
+
+config KERNEL_XDP_SOCKETS
+	bool "XDP sockets support"
+	default y if KERNEL_DEBUG_INFO_BTF
+	help
+	  XDP sockets allows a channel between XDP programs and
+	  userspace applications.
+
+config KERNEL_PAGE_POOL
+	def_bool n
+
+config KERNEL_PAGE_POOL_STATS
+	bool "Page pool stats support"
+	depends on KERNEL_PAGE_POOL
+	depends on !(LINUX_5_4||LINUX_5_10)
+
 #
 # NFS related symbols
 #
@@ -797,7 +1250,7 @@ menu "Filesystem ACL and attr support options"
 		select KERNEL_FS_POSIX_ACL
 		default y if USE_FS_ACL_ATTR

-	config KERNEL_HFSPLUG_FS_POSIX_ACL
+	config KERNEL_HFSPLUS_FS_POSIX_ACL
 		bool "Enable POSIX ACL for HFS+ Filesystems"
 		select KERNEL_FS_POSIX_ACL
 		default y if USE_FS_ACL_ATTR
@@ -854,8 +1307,11 @@ config KERNEL_SQUASHFS_FRAGMENT_CACHE_SIZE
 	default 2 if (SMALL_FLASH && !LOW_MEMORY_FOOTPRINT)
 	default 3

+config KERNEL_SQUASHFS_XATTR
+	bool "Squashfs XATTR support"
+
 #
-# compile optimiziation setting
+# compile optimization setting
 #
 choice
 	prompt "Compiler optimization level"
@@ -875,3 +1331,59 @@ config KERNEL_CC_OPTIMIZE_FOR_SIZE
 	  your compiler resulting in a smaller kernel.

 endchoice
+
+config KERNEL_AUDIT
+	bool "Auditing support"
+
+config KERNEL_SECURITY
+	bool "Enable different security models"
+
+config KERNEL_SECURITY_NETWORK
+	bool "Socket and Networking Security Hooks"
+	select KERNEL_SECURITY
+
+config KERNEL_SECURITY_SELINUX
+	bool "NSA SELinux Support"
+	select KERNEL_SECURITY_NETWORK
+	select KERNEL_AUDIT
+
+config KERNEL_SECURITY_SELINUX_BOOTPARAM
+	bool "NSA SELinux boot parameter"
+	depends on KERNEL_SECURITY_SELINUX
+	default y
+
+config KERNEL_SECURITY_SELINUX_DISABLE
+	bool "NSA SELinux runtime disable"
+	depends on KERNEL_SECURITY_SELINUX
+
+config KERNEL_SECURITY_SELINUX_DEVELOP
+	bool "NSA SELinux Development Support"
+	depends on KERNEL_SECURITY_SELINUX
+	default y
+
+config KERNEL_SECURITY_SELINUX_SIDTAB_HASH_BITS
+	int
+	depends on KERNEL_SECURITY_SELINUX
+	default 9
+
+config KERNEL_SECURITY_SELINUX_SID2STR_CACHE_SIZE
+	int
+	depends on KERNEL_SECURITY_SELINUX
+	default 256
+
+config KERNEL_LSM
+	string
+	default "lockdown,yama,loadpin,safesetid,integrity,selinux"
+	depends on KERNEL_SECURITY_SELINUX
+
+config KERNEL_EXT4_FS_SECURITY
+	bool "Ext4 Security Labels"
+
+config KERNEL_F2FS_FS_SECURITY
+	bool "F2FS Security Labels"
+
+config KERNEL_UBIFS_FS_SECURITY
+	bool "UBIFS Security Labels"
+
+config KERNEL_JFFS2_FS_SECURITY
+	bool "JFFS2 Security Labels"
--- a/config/check-uname.sh
+++ b/config/check-uname.sh
@@ -0,0 +1 @@
+[ "$(uname)" = "$1" ] && echo y || echo n
--- a/doc/alipay_donate.jpg
+++ b/doc/alipay_donate.jpg
--- a/doc/wechat_donate.jpg
+++ b/doc/wechat_donate.jpg
--- a/feeds.conf.default
+++ b/feeds.conf.default
@@ -1,4 +1,5 @@
-src-git packages https://github.com/coolsnowwolf/packages
-src-git luci https://github.com/coolsnowwolf/luci
-src-git routing https://git.openwrt.org/feed/routing.git;openwrt-19.07
-#src-git telephony https://git.openwrt.org/feed/telephony.git;openwrt-19.07
+src-git packages https://github.com/DHDAXCW/packages
+src-git luci https://github.com/DHDAXCW/luci
+src-git routing https://github.com/coolsnowwolf/routing
+src-git telephony https://github.com/coolsnowwolf/telephony.git
+src-git istore https://github.com/linkease/istore;main
--- a/include/autotools.mk
+++ b/include/autotools.mk
@@ -1,9 +1,9 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
-# Copyright (C) 2007-2012 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+# Copyright (C) 2007-2020 OpenWrt.org
+
+ifneq ($(__autotools_inc),1)
+__autotools_inc=1

 autoconf_bool = $(patsubst %,$(if $($(1)),--enable,--disable)-%,$(2))

@@ -35,7 +35,7 @@ define autoreconf
 		$(patsubst %,rm -f %;,$(2)) \
 		$(foreach p,$(3), \
 			if [ -f $(p)/configure.ac ] || [ -f $(p)/configure.in ]; then \
-				[ -d $(p)/autom4te.cache ] && rm -rf autom4te.cache; \
+				[ -d $(p)/autom4te.cache ] && rm -rf $(p)/autom4te.cache; \
 				[ -e $(p)/config.rpath ] || \
 						ln -s $(SCRIPT_DIR)/config.rpath $(p)/config.rpath; \
 				touch NEWS AUTHORS COPYING ABOUT-NLS ChangeLog; \
@@ -65,6 +65,12 @@ define patch_libtool
 	);
 endef

+define set_libtool_abiver
+	sed -i \
+		-e 's,^soname_spec=.*,soname_spec="\\$$$${libname}\\$$$${shared_ext}.$(PKG_ABI_VERSION)",' \
+		-e 's,^library_names_spec=.*,library_names_spec="\\$$$${libname}\\$$$${shared_ext}.$(PKG_ABI_VERSION) \\$$$${libname}\\$$$${shared_ext}",' \
+		$(PKG_BUILD_DIR)/libtool
+endef

 PKG_LIBTOOL_PATHS?=$(CONFIGURE_PATH)
 PKG_AUTOMAKE_PATHS?=$(CONFIGURE_PATH)
@@ -87,7 +93,7 @@ endef

 define gettext_version_target
 	(cd $(PKG_BUILD_DIR) && \
-		GETTEXT_VERSION=$(shell $(STAGING_DIR_HOSTPKG)/bin/gettext -V | $(STAGING_DIR_HOST)/bin/sed -ne '1s/.*\([0-9]\.[0-9]\{2\}\.[0-9]\).*/\1/p' ) && \
+		GETTEXT_VERSION=$(shell $(STAGING_DIR_HOSTPKG)/bin/gettext -V | $(STAGING_DIR_HOST)/bin/sed -rne '1s/.*\b([0-9]\.[0-9]+(\.[0-9]+)?)\b.*/\1/p' ) && \
 		$(STAGING_DIR_HOST)/bin/sed \
 			-i $(PKG_BUILD_DIR)/configure.ac \
 			-e "s/AM_GNU_GETTEXT_VERSION(.*)/AM_GNU_GETTEXT_VERSION(\[$$$$GETTEXT_VERSION\])/g" && \
@@ -107,14 +113,18 @@ ifneq ($(filter patch-libtool,$(PKG_FIXUP)),)
 endif

 ifneq ($(filter libtool,$(PKG_FIXUP)),)
-  PKG_BUILD_DEPENDS += libtool gettext libiconv
+  PKG_BUILD_DEPENDS += libtool
 ifeq ($(filter no-autoreconf,$(PKG_FIXUP)),)
  Hooks/Configure/Pre += autoreconf_target
 endif
 endif

+ifneq ($(filter libtool-abiver,$(PKG_FIXUP)),)
+  Hooks/Configure/Post += set_libtool_abiver
+endif
+
 ifneq ($(filter libtool-ucxx,$(PKG_FIXUP)),)
-  PKG_BUILD_DEPENDS += libtool gettext libiconv
+  PKG_BUILD_DEPENDS += libtool
 ifeq ($(filter no-autoreconf,$(PKG_FIXUP)),)
  Hooks/Configure/Pre += autoreconf_target
 endif
@@ -145,12 +155,8 @@ define patch_libtool_host
    $(HOST_BUILD_DIR)))
 endef

-ifneq ($(filter patch-libtool,$(PKG_FIXUP)),)
-  Hooks/HostConfigure/Pre += patch_libtool_host
-endif
-
 ifneq ($(filter patch-libtool,$(HOST_FIXUP)),)
-  Hooks/HostConfigure/Pre += $(strip $(call patch_libtool,$(HOST_BUILD_DIR)))
+  Hooks/HostConfigure/Pre += patch_libtool_host
 endif

 ifneq ($(filter libtool,$(HOST_FIXUP)),)
@@ -170,3 +176,5 @@ ifneq ($(filter autoreconf,$(HOST_FIXUP)),)
    Hooks/HostConfigure/Pre += autoreconf_host
  endif
 endif
+
+endif #__autotools_inc
--- a/include/bpf.mk
+++ b/include/bpf.mk
@@ -0,0 +1,85 @@
+BPF_DEPENDS := @HAS_BPF_TOOLCHAIN
+LLVM_VER:=
+
+CLANG_MIN_VER:=12
+
+ifneq ($(CONFIG_USE_LLVM_HOST),)
+  BPF_TOOLCHAIN_HOST_PATH:=$(call qstrip,$(CONFIG_BPF_TOOLCHAIN_HOST_PATH))
+  ifneq ($(BPF_TOOLCHAIN_HOST_PATH),)
+    BPF_PATH:=$(BPF_TOOLCHAIN_HOST_PATH)/bin:$(PATH)
+  else
+    BPF_PATH:=$(PATH)
+  endif
+  CLANG:=$(firstword $(shell PATH='$(BPF_PATH)' command -v clang clang-13 clang-12 clang-11))
+  LLVM_VER:=$(subst clang,,$(notdir $(CLANG)))
+endif
+ifneq ($(CONFIG_USE_LLVM_PREBUILT),)
+  CLANG:=$(TOPDIR)/llvm-bpf/bin/clang
+endif
+ifneq ($(CONFIG_USE_LLVM_BUILD),)
+  CLANG:=$(STAGING_DIR_HOST)/llvm-bpf/bin/clang
+endif
+
+LLVM_PATH:=$(dir $(CLANG))
+LLVM_LLC:=$(LLVM_PATH)/llc$(LLVM_VER)
+LLVM_DIS:=$(LLVM_PATH)/llvm-dis$(LLVM_VER)
+LLVM_OPT:=$(LLVM_PATH)/opt$(LLVM_VER)
+LLVM_STRIP:=$(LLVM_PATH)/llvm-strip$(LLVM_VER)
+
+BPF_KARCH:=mips
+BPF_ARCH:=mips$(if $(CONFIG_ARCH_64BIT),64)$(if $(CONFIG_BIG_ENDIAN),,el)
+BPF_TARGET:=bpf$(if $(CONFIG_BIG_ENDIAN),eb,el)
+
+BPF_HEADERS_DIR:=$(STAGING_DIR)/bpf-headers
+
+BPF_KERNEL_INCLUDE := \
+	-nostdinc -isystem $(TOOLCHAIN_DIR)/include \
+	-I$(BPF_HEADERS_DIR)/arch/$(BPF_KARCH)/include \
+	-I$(BPF_HEADERS_DIR)/arch/$(BPF_KARCH)/include/asm/mach-generic \
+	-I$(BPF_HEADERS_DIR)/arch/$(BPF_KARCH)/include/generated \
+	-I$(BPF_HEADERS_DIR)/include \
+	-I$(BPF_HEADERS_DIR)/arch/$(BPF_KARCH)/include/uapi \
+	-I$(BPF_HEADERS_DIR)/arch/$(BPF_KARCH)/include/generated/uapi \
+	-I$(BPF_HEADERS_DIR)/include/uapi \
+	-I$(BPF_HEADERS_DIR)/include/generated/uapi \
+	-I$(BPF_HEADERS_DIR)/tools/lib \
+	-I$(BPF_HEADERS_DIR)/tools/testing/selftests \
+	-I$(BPF_HEADERS_DIR)/samples/bpf \
+	-include linux/kconfig.h -include asm_goto_workaround.h
+
+BPF_CFLAGS := \
+	$(BPF_KERNEL_INCLUDE) -I$(PKG_BUILD_DIR) \
+	-D__KERNEL__ -D__BPF_TRACING__ -DCONFIG_GENERIC_CSUM \
+	-D__TARGET_ARCH_${BPF_KARCH} \
+	-m$(if $(CONFIG_BIG_ENDIAN),big,little)-endian \
+	-fno-stack-protector -Wall \
+	-Wno-unused-value -Wno-pointer-sign \
+	-Wno-compare-distinct-pointer-types \
+	-Wno-gnu-variable-sized-type-not-at-end \
+	-Wno-address-of-packed-member -Wno-tautological-compare \
+	-Wno-unknown-warning-option \
+	-fno-asynchronous-unwind-tables \
+	-Wno-uninitialized -Wno-unused-variable \
+	-Wno-unused-label \
+	-O2 -emit-llvm -Xclang -disable-llvm-passes
+
+ifneq ($(CONFIG_HAS_BPF_TOOLCHAIN),)
+ifeq ($(DUMP)$(filter download refresh,$(MAKECMDGOALS)),)
+  CLANG_VER:=$(shell $(CLANG) -dM -E - < /dev/null | grep __clang_major__ | cut -d' ' -f3)
+  CLANG_VER_VALID:=$(shell [ "$(CLANG_VER)" -ge "$(CLANG_MIN_VER)" ] && echo 1 )
+  ifeq ($(CLANG_VER_VALID),)
+    $(error ERROR: LLVM/clang version too old. Minimum required: $(CLANG_MIN_VER), found: $(CLANG_VER))
+  endif
+endif
+endif
+
+define CompileBPF
+	$(CLANG) -g -target $(BPF_ARCH)-linux-gnu $(BPF_CFLAGS) $(2) \
+		-c $(1) -o $(patsubst %.c,%.bc,$(1))
+	$(LLVM_OPT) -O2 -mtriple=$(BPF_TARGET) < $(patsubst %.c,%.bc,$(1)) > $(patsubst %.c,%.opt,$(1))
+	$(LLVM_DIS) < $(patsubst %.c,%.opt,$(1)) > $(patsubst %.c,%.S,$(1))
+	$(LLVM_LLC) -march=$(BPF_TARGET) -mcpu=v3 -filetype=obj -o $(patsubst %.c,%.o,$(1)) < $(patsubst %.c,%.S,$(1))
+	$(CP) $(patsubst %.c,%.o,$(1)) $(patsubst %.c,%.debug.o,$(1))
+	$(LLVM_STRIP) --strip-debug $(patsubst %.c,%.o,$(1))
+endef
+
--- a/include/cmake.mk
+++ b/include/cmake.mk
@@ -1,33 +1,49 @@
 cmake_bool = $(patsubst %,-D%:BOOL=$(if $($(1)),ON,OFF),$(2))

+PKG_USE_NINJA ?= 1
+HOST_USE_NINJA ?= 1
+ifeq ($(PKG_USE_NINJA),1)
+  PKG_BUILD_PARALLEL ?= 1
+endif
+ifeq ($(HOST_USE_NINJA),1)
+  HOST_BUILD_PARALLEL ?= 1
+endif
 PKG_INSTALL:=1

 ifneq ($(findstring c,$(OPENWRT_VERBOSE)),)
  MAKE_FLAGS+=VERBOSE=1
+  HOST_MAKE_FLAGS+=VERBOSE=1
 endif

 CMAKE_BINARY_DIR = $(PKG_BUILD_DIR)$(if $(CMAKE_BINARY_SUBDIR),/$(CMAKE_BINARY_SUBDIR))
 CMAKE_SOURCE_DIR = $(PKG_BUILD_DIR)$(if $(CMAKE_SOURCE_SUBDIR),/$(CMAKE_SOURCE_SUBDIR))
 HOST_CMAKE_SOURCE_DIR = $(HOST_BUILD_DIR)$(if $(CMAKE_SOURCE_SUBDIR),/$(CMAKE_SOURCE_SUBDIR))
+HOST_CMAKE_BINARY_DIR = $(HOST_BUILD_DIR)$(if $(CMAKE_BINARY_SUBDIR),/$(CMAKE_BINARY_SUBDIR))
 MAKE_PATH = $(firstword $(CMAKE_BINARY_SUBDIR) .)

 ifeq ($(CONFIG_EXTERNAL_TOOLCHAIN),)
  cmake_tool=$(TOOLCHAIN_DIR)/bin/$(1)
 else
-  cmake_tool=$(shell which $(1))
+  cmake_tool=$(shell command -v $(1))
 endif

 ifeq ($(CONFIG_CCACHE),)
+ CMAKE_C_COMPILER_LAUNCHER:=
+ CMAKE_CXX_COMPILER_LAUNCHER:=
 CMAKE_C_COMPILER:=$(call cmake_tool,$(TARGET_CC))
 CMAKE_CXX_COMPILER:=$(call cmake_tool,$(TARGET_CXX))
- CMAKE_C_COMPILER_ARG1:=
- CMAKE_CXX_COMPILER_ARG1:=
+
+ CMAKE_HOST_C_COMPILER:=$(HOSTCC)
+ CMAKE_HOST_CXX_COMPILER:=$(HOSTCXX)
 else
  CCACHE:=$(STAGING_DIR_HOST)/bin/ccache
-  CMAKE_C_COMPILER:=$(CCACHE)
-  CMAKE_C_COMPILER_ARG1:=$(TARGET_CC_NOCACHE)
-  CMAKE_CXX_COMPILER:=$(CCACHE)
-  CMAKE_CXX_COMPILER_ARG1:=$(TARGET_CXX_NOCACHE)
+  CMAKE_C_COMPILER_LAUNCHER:=$(CCACHE)
+  CMAKE_CXX_COMPILER_LAUNCHER:=$(CCACHE)
+  CMAKE_C_COMPILER:=$(TARGET_CC_NOCACHE)
+  CMAKE_CXX_COMPILER:=$(TARGET_CXX_NOCACHE)
+
+  CMAKE_HOST_C_COMPILER:=$(HOSTCC_NOCACHE)
+  CMAKE_HOST_CXX_COMPILER:=$(HOSTCXX_NOCACHE)
 endif
 CMAKE_AR:=$(call cmake_tool,$(TARGET_AR))
 CMAKE_NM:=$(call cmake_tool,$(TARGET_NM))
@@ -36,6 +52,35 @@ CMAKE_RANLIB:=$(call cmake_tool,$(TARGET_RANLIB))
 CMAKE_FIND_ROOT_PATH:=$(STAGING_DIR)/usr;$(TOOLCHAIN_DIR)$(if $(CONFIG_EXTERNAL_TOOLCHAIN),;$(CONFIG_TOOLCHAIN_ROOT))
 CMAKE_HOST_FIND_ROOT_PATH:=$(STAGING_DIR)/host;$(STAGING_DIR_HOSTPKG);$(STAGING_DIR_HOST)
 CMAKE_SHARED_LDFLAGS:=-Wl,-Bsymbolic-functions
+CMAKE_HOST_INSTALL_PREFIX = $(HOST_BUILD_PREFIX)
+
+ifeq ($(HOST_USE_NINJA),1)
+  CMAKE_HOST_OPTIONS += -DCMAKE_GENERATOR="Ninja"
+
+  define Host/Compile/Default
+	+$(NINJA) -C $(HOST_CMAKE_BINARY_DIR) $(1)
+  endef
+
+  define Host/Install/Default
+	+$(NINJA) -C $(HOST_CMAKE_BINARY_DIR) install
+  endef
+
+  define Host/Uninstall/Default
+	+$(NINJA) -C $(HOST_CMAKE_BINARY_DIR) uninstall
+  endef
+endif
+
+ifeq ($(PKG_USE_NINJA),1)
+  CMAKE_OPTIONS += -DCMAKE_GENERATOR="Ninja"
+
+  define Build/Compile/Default
+	+$(NINJA) -C $(CMAKE_BINARY_DIR) $(1)
+  endef
+
+  define Build/Install/Default
+	+DESTDIR="$(PKG_INSTALL_DIR)" $(NINJA) -C $(CMAKE_BINARY_DIR) install
+  endef
+endif

 define Build/Configure/Default
 	mkdir -p $(CMAKE_BINARY_DIR)
@@ -50,12 +95,12 @@ define Build/Configure/Default
 			-DCMAKE_BUILD_TYPE=Release \
 			-DCMAKE_C_FLAGS_RELEASE="-DNDEBUG" \
 			-DCMAKE_CXX_FLAGS_RELEASE="-DNDEBUG" \
+			-DCMAKE_C_COMPILER_LAUNCHER="$(CMAKE_C_COMPILER_LAUNCHER)" \
 			-DCMAKE_C_COMPILER="$(CMAKE_C_COMPILER)" \
-			-DCMAKE_C_COMPILER_ARG1="$(CMAKE_C_COMPILER_ARG1)" \
+			-DCMAKE_CXX_COMPILER_LAUNCHER="$(CMAKE_CXX_COMPILER_LAUNCHER)" \
 			-DCMAKE_CXX_COMPILER="$(CMAKE_CXX_COMPILER)" \
-			-DCMAKE_CXX_COMPILER_ARG1="$(CMAKE_CXX_COMPILER_ARG1)" \
+			-DCMAKE_ASM_COMPILER_LAUNCHER="$(CMAKE_C_COMPILER_LAUNCHER)" \
 			-DCMAKE_ASM_COMPILER="$(CMAKE_C_COMPILER)" \
-			-DCMAKE_ASM_COMPILER_ARG1="$(CMAKE_C_COMPILER_ARG1)" \
 			-DCMAKE_EXE_LINKER_FLAGS:STRING="$(TARGET_LDFLAGS)" \
 			-DCMAKE_MODULE_LINKER_FLAGS:STRING="$(TARGET_LDFLAGS) $(CMAKE_SHARED_LDFLAGS)" \
 			-DCMAKE_SHARED_LINKER_FLAGS:STRING="$(TARGET_LDFLAGS) $(CMAKE_SHARED_LDFLAGS)" \
@@ -71,6 +116,12 @@ define Build/Configure/Default
 			-DDL_LIBRARY=$(STAGING_DIR) \
 			-DCMAKE_PREFIX_PATH=$(STAGING_DIR) \
 			-DCMAKE_SKIP_RPATH=TRUE  \
+			-DCMAKE_EXPORT_PACKAGE_REGISTRY=FALSE \
+			-DCMAKE_EXPORT_NO_PACKAGE_REGISTRY=TRUE \
+			-DCMAKE_FIND_USE_PACKAGE_REGISTRY=FALSE \
+			-DCMAKE_FIND_PACKAGE_NO_PACKAGE_REGISTRY=TRUE \
+			-DCMAKE_FIND_USE_SYSTEM_PACKAGE_REGISTRY=FALSE \
+			-DCMAKE_FIND_PACKAGE_NO_SYSTEM_PACKAGE_REGISTRY=TRUE \
 			$(CMAKE_OPTIONS) \
 		$(CMAKE_SOURCE_DIR) \
 	)
@@ -84,12 +135,19 @@ endef
 Build/InstallDev = $(if $(CMAKE_INSTALL),$(Build/InstallDev/cmake))

 define Host/Configure/Default
-	(cd $(HOST_BUILD_DIR); \
+	mkdir -p "$(HOST_CMAKE_BINARY_DIR)"
+	(cd $(HOST_CMAKE_BINARY_DIR); \
 		CFLAGS="$(HOST_CFLAGS)" \
 		CXXFLAGS="$(HOST_CFLAGS)" \
 		LDFLAGS="$(HOST_LDFLAGS)" \
 		cmake \
 			-DCMAKE_BUILD_TYPE=Release \
+			-DCMAKE_C_COMPILER_LAUNCHER="$(CMAKE_C_COMPILER_LAUNCHER)" \
+			-DCMAKE_C_COMPILER="$(CMAKE_HOST_C_COMPILER)" \
+			-DCMAKE_CXX_COMPILER_LAUNCHER="$(CMAKE_CXX_COMPILER_LAUNCHER)" \
+			-DCMAKE_CXX_COMPILER="$(CMAKE_HOST_CXX_COMPILER)" \
+			-DCMAKE_ASM_COMPILER_LAUNCHER="$(CMAKE_C_COMPILER_LAUNCHER)" \
+			-DCMAKE_ASM_COMPILER="$(CMAKE_HOST_C_COMPILER)" \
 			-DCMAKE_C_FLAGS_RELEASE="-DNDEBUG" \
 			-DCMAKE_CXX_FLAGS_RELEASE="-DNDEBUG" \
 			-DCMAKE_EXE_LINKER_FLAGS:STRING="$(HOST_LDFLAGS)" \
@@ -100,10 +158,16 @@ define Host/Configure/Default
 			-DCMAKE_FIND_ROOT_PATH_MODE_LIBRARY=ONLY \
 			-DCMAKE_FIND_ROOT_PATH_MODE_INCLUDE=ONLY \
 			-DCMAKE_STRIP=: \
-			-DCMAKE_INSTALL_PREFIX=$(HOST_BUILD_PREFIX) \
+			-DCMAKE_INSTALL_PREFIX=$(CMAKE_HOST_INSTALL_PREFIX) \
 			-DCMAKE_PREFIX_PATH=$(HOST_BUILD_PREFIX) \
 			-DCMAKE_SKIP_RPATH=TRUE  \
 			-DCMAKE_INSTALL_LIBDIR=lib \
+			-DCMAKE_EXPORT_PACKAGE_REGISTRY=FALSE \
+			-DCMAKE_EXPORT_NO_PACKAGE_REGISTRY=TRUE \
+			-DCMAKE_FIND_USE_PACKAGE_REGISTRY=FALSE \
+			-DCMAKE_FIND_PACKAGE_NO_PACKAGE_REGISTRY=TRUE \
+			-DCMAKE_FIND_USE_SYSTEM_PACKAGE_REGISTRY=FALSE \
+			-DCMAKE_FIND_PACKAGE_NO_SYSTEM_PACKAGE_REGISTRY=TRUE \
 			$(CMAKE_HOST_OPTIONS) \
 		$(HOST_CMAKE_SOURCE_DIR) \
 	)
--- a/include/debug.mk
+++ b/include/debug.mk
@@ -1,9 +1,6 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
-# Copyright (C) 2007 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+# Copyright (C) 2007-2020 OpenWrt.org

 # debug flags:
 #
--- a/include/depends.mk
+++ b/include/depends.mk
@@ -1,9 +1,7 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
-# Copyright (C) 2007 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+# Copyright (C) 2007-2020 OpenWrt.org
+
 # define a dependency on a subtree
 # parameters:
 #	1: directories/files
@@ -13,7 +11,8 @@

 DEP_FINDPARAMS := -x "*/.svn*" -x ".*" -x "*:*" -x "*\!*" -x "* *" -x "*\\\#*" -x "*/.*_check" -x "*/.*.swp" -x "*/.pkgdir*"

-find_md5=find $(wildcard $(1)) -type f $(patsubst -x,-and -not -path,$(DEP_FINDPARAMS) $(2)) | mkhash md5
+find_md5=find $(wildcard $(1)) -type f $(patsubst -x,-and -not -path,$(DEP_FINDPARAMS) $(2)) -printf "%p%T@\n" | sort | $(MKHASH) md5
+find_md5_reproducible=find $(wildcard $(1)) -type f $(patsubst -x,-and -not -path,$(DEP_FINDPARAMS) $(2)) -print0 | xargs -0 $(MKHASH) md5 | sort | $(MKHASH) md5

 define rdep
  .PRECIOUS: $(2)
@@ -29,7 +28,7 @@ ifneq ($(wildcard $(2)),)
 		{ [ \! -f "$(3)" ] || diff $(3) $(3).1 >/dev/null; } && \
 	) \
 	{ \
-		[ -f "$(2)_check.1" ] && mv "$(2)_check.1"; \
+		[ -f "$(2)_check.1" ] && mv "$(2)_check.1" "$(2)_check"; \
 	    $(TOPDIR)/scripts/timestamp.pl $(DEP_FINDPARAMS) $(4) -n $(2) $(1) && { \
 			$(call debug_eval,$(SUBDIR),r,echo "No need to rebuild $(2)";) \
 			touch -r "$(2)" "$(2)_check"; \
--- a/include/download.mk
+++ b/include/download.mk
@@ -1,10 +1,7 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
 # Copyright (C) 2006-2012 OpenWrt.org
 # Copyright (C) 2016 LEDE project
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#

 PROJECT_GIT = https://git.openwrt.org

@@ -12,13 +9,19 @@ OPENWRT_GIT = $(PROJECT_GIT)
 LEDE_GIT = $(PROJECT_GIT)

 ifdef PKG_SOURCE_VERSION
-PKG_VERSION ?= $(if $(PKG_SOURCE_DATE),$(PKG_SOURCE_DATE)-)$(call version_abbrev,$(PKG_SOURCE_VERSION))
-PKG_SOURCE_SUBDIR ?= $(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE ?= $(PKG_SOURCE_SUBDIR).tar.xz
+  ifndef PKG_VERSION
+    PKG_VERSION := $(if $(PKG_SOURCE_DATE),$(PKG_SOURCE_DATE)-)$(call version_abbrev,$(PKG_SOURCE_VERSION))
+  endif
+  PKG_SOURCE_SUBDIR ?= $(PKG_NAME)-$(PKG_VERSION)
+  PKG_SOURCE ?= $(PKG_SOURCE_SUBDIR).tar.xz
 endif

 DOWNLOAD_RDEP=$(STAMP_PREPARED) $(HOST_STAMP_PREPARED)

+# Export options for download.pl
+export DOWNLOAD_CHECK_CERTIFICATE:=$(CONFIG_DOWNLOAD_CHECK_CERTIFICATE)
+export DOWNLOAD_TOOL_CUSTOM:=$(CONFIG_DOWNLOAD_TOOL_CUSTOM)
+
 define dl_method_git
 $(if $(filter https://github.com/% git://github.com/%,$(1)),github_archive,git)
 endef
@@ -28,7 +31,7 @@ define dl_method
 $(strip \
  $(if $(filter git,$(2)),$(call dl_method_git,$(1),$(2)),
    $(if $(2),$(2), \
-      $(if $(filter @APACHE/% @GITHUB/% @GNOME/% @GNU/% @KERNEL/% @SF/% @SAVANNAH/% ftp://% http://% https://% file://%,$(1)),default, \
+      $(if $(filter @OPENWRT @APACHE/% @DEBIAN/% @GITHUB/% @GNOME/% @GNU/% @KERNEL/% @SF/% @SAVANNAH/% ftp://% http://% https://% file://%,$(1)),default, \
        $(if $(filter git://%,$(1)),$(call dl_method_git,$(1),$(2)), \
          $(if $(filter svn://%,$(1)),svn, \
            $(if $(filter cvs://%,$(1)),cvs, \
@@ -50,6 +53,7 @@ endef
 dl_pack/bz2=bzip2 -c > $(1)
 dl_pack/gz=gzip -nc > $(1)
 dl_pack/xz=xz -zc -7e > $(1)
+dl_pack/zst=zstd -T0 --ultra -20 -c > $(1)
 dl_pack/unknown=$(error ERROR: Unknown pack format for file $(1))
 define dl_pack
 	$(if $(dl_pack/$(call ext,$(1))),$(dl_pack/$(call ext,$(1))),$(dl_pack/unknown))
@@ -59,6 +63,21 @@ define dl_tar_pack
 		$$$${TAR_TIMESTAMP:+--mtime="$$$$TAR_TIMESTAMP"} -c $(2) | $(call dl_pack,$(1))
 endef

+gen_sha256sum = $(shell $(MKHASH) sha256 $(DL_DIR)/$(1))
+
+# Used in Build/CoreTargets and HostBuild/Core as an integrity check for
+# downloaded files.  It will add a FORCE rule if the sha256 hash does not
+# match, so that the download can be more thoroughly handled by download.pl.
+define check_download_integrity
+  expected_hash:=$(strip $(if $(filter-out x,$(HASH)),$(HASH),$(MIRROR_HASH)))
+  $$(if $$(and $(FILE),$$(wildcard $(DL_DIR)/$(FILE)), \
+	       $$(filter undefined,$$(flavor DownloadChecked/$(FILE)))), \
+    $$(eval DownloadChecked/$(FILE):=1) \
+    $$(if $$(filter-out $$(call gen_sha256sum,$(FILE)),$$(expected_hash)), \
+      $(DL_DIR)/$(FILE): FORCE) \
+  )
+endef
+
 ifdef CHECK
 check_escape=$(subst ','\'',$(1))
 #')
@@ -74,8 +93,6 @@ else
  check_warn = $(if $(filter-out undefined,$(origin F_$(1))),$(filter ,$(shell $(call F_$(1),$(2),$(3),$(4)) >&2)),$(check_warn_nofix))
 endif

-gen_sha256sum = $(shell mkhash sha256 $(DL_DIR)/$(1))
-
 ifdef FIXUP
 F_hash_deprecated = $(SCRIPT_DIR)/fixup-makefile.pl $(CURDIR)/Makefile fix-hash $(3) $(call gen_sha256sum,$(1)) $(2)
 F_hash_mismatch = $(F_hash_deprecated)
--- a/include/feeds.mk
+++ b/include/feeds.mk
@@ -1,10 +1,7 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
 # Copyright (C) 2014 OpenWrt.org
 # Copyright (C) 2016 LEDE Project
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#

 -include $(TMP_DIR)/.packageauxvars

@@ -36,6 +33,8 @@ define FeedSourcesAppend
  echo 'src/gz %d_core %U/targets/%S/packages'; \
  $(strip $(if $(CONFIG_PER_FEED_REPO), \
 	echo 'src/gz %d_base %U/packages/%A/base'; \
+	$(if $(filter %SNAPSHOT-y,$(VERSION_NUMBER)-$(CONFIG_BUILDBOT)), \
+		echo 'src/gz %d_kmods %U/targets/%S/kmods/$(LINUX_VERSION)-$(LINUX_RELEASE)-$(LINUX_VERMAGIC)';) \
 	$(foreach feed,$(FEEDS_AVAILABLE), \
 		$(if $(CONFIG_FEED_$(feed)), \
 			echo '$(if $(filter m,$(CONFIG_FEED_$(feed))),# )src/gz %d_$(feed) %U/packages/%A/$(feed)';)))) \
@@ -44,5 +43,11 @@ endef

 # 1: package name
 define GetABISuffix
-$(if $(filter-out kmod-%,$(1)),$(if $(Package/$(1)/abiversion),$(if $(filter %0 %1 %2 %3 %4 %5 %6 %7 %8 %9,$(1)),-)$(Package/$(1)/abiversion)))
+$(if $(ABIV_$(1)),$(ABIV_$(1)),$(call FormatABISuffix,$(1),$(foreach v,$(wildcard $(STAGING_DIR)/pkginfo/$(1).version),$(shell cat $(v)))))
+endef
+
+# 1: package name
+# 2: abi version
+define FormatABISuffix
+$(if $(filter-out kmod-%,$(1)),$(if $(2),$(if $(filter %0 %1 %2 %3 %4 %5 %6 %7 %8 %9,$(1)),-)$(2)))
 endef
--- a/include/hardening.mk
+++ b/include/hardening.mk
@@ -1,9 +1,6 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
-# Copyright (C) 2015 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+# Copyright (C) 2015-2020 OpenWrt.org

 PKG_CHECK_FORMAT_SECURITY ?= 1
 PKG_ASLR_PIE ?= 1
--- a/include/host-build.mk
+++ b/include/host-build.mk
@@ -1,9 +1,6 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
-# Copyright (C) 2006-2010 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+# Copyright (C) 2006-2020 OpenWrt.org

 include $(INCLUDE_DIR)/download.mk

@@ -24,7 +21,7 @@ include $(INCLUDE_DIR)/depends.mk
 include $(INCLUDE_DIR)/quilt.mk

 BUILD_TYPES += host
-HOST_STAMP_PREPARED=$(HOST_BUILD_DIR)/.prepared$(if $(HOST_QUILT)$(DUMP),,$(shell $(call find_md5,${CURDIR} $(PKG_FILE_DEPENDS),))_$(call confvar,CONFIG_AUTOREMOVE $(HOST_PREPARED_DEPENDS)))
+HOST_STAMP_PREPARED=$(HOST_BUILD_DIR)/.prepared$(if $(HOST_QUILT)$(DUMP),,$(shell $(call $(if $(CONFIG_AUTOREMOVE),find_md5_reproducible,find_md5),${CURDIR} $(PKG_FILE_DEPENDS),))_$(call confvar,CONFIG_AUTOREMOVE $(HOST_PREPARED_DEPENDS)))
 HOST_STAMP_CONFIGURED:=$(HOST_BUILD_DIR)/.configured
 HOST_STAMP_BUILT:=$(HOST_BUILD_DIR)/.built
 HOST_BUILD_PREFIX?=$(if $(IS_PACKAGE_BUILD),$(STAGING_DIR_HOSTPKG),$(STAGING_DIR_HOST))
@@ -54,6 +51,7 @@ HOST_CONFIGURE_VARS = \
 	CFLAGS="$(HOST_CFLAGS)" \
 	CXX="$(HOSTCXX)" \
 	CPPFLAGS="$(HOST_CPPFLAGS)" \
+	CXXFLAGS="$(HOST_CXXFLAGS)" \
 	LDFLAGS="$(HOST_LDFLAGS)" \
 	CONFIG_SHELL="$(SHELL)"

@@ -132,7 +130,6 @@ define Host/Exports/Default
  $(1) : export STAGING_PREFIX=$$(HOST_BUILD_PREFIX)
  $(1) : export PKG_CONFIG_PATH=$$(STAGING_DIR_HOST)/lib/pkgconfig:$$(HOST_BUILD_PREFIX)/lib/pkgconfig
  $(1) : export PKG_CONFIG_LIBDIR=$$(HOST_BUILD_PREFIX)/lib/pkgconfig
-  $(if $(CONFIG_CCACHE),$(1) : export CCACHE_DIR:=$(STAGING_DIR_HOST)/ccache)
  $(if $(HOST_CONFIG_SITE),$(1) : export CONFIG_SITE:=$(HOST_CONFIG_SITE))
  $(if $(IS_PACKAGE_BUILD),$(1) : export PATH=$$(TARGET_PATH_PKG))
 endef
@@ -184,6 +181,8 @@ ifndef DUMP
    clean-build: host-clean-build
  endif

+  $(call check_download_integrity)
+
  $(_host_target)host-prepare: $(HOST_STAMP_PREPARED)
  $(_host_target)host-configure: $(HOST_STAMP_CONFIGURED)
  $(_host_target)host-compile: $(HOST_STAMP_BUILT) $(HOST_STAMP_INSTALLED)
@@ -199,13 +198,17 @@ ifndef DUMP

    ifneq ($(CONFIG_AUTOREMOVE),)
      host-compile:
-		$(FIND) $(HOST_BUILD_DIR) -mindepth 1 -maxdepth 1 -not '(' -type f -and -name '.*' -and -size 0 ')' | \
-			$(XARGS) rm -rf
+		$(FIND) $(HOST_BUILD_DIR) -mindepth 1 -maxdepth 1 -not '(' -type f -and -name '.*' -and -size 0 ')' -print0 | \
+			$(XARGS) -0 rm -rf
    endif
  endef
 endif

 define HostBuild
  $(HostBuild/Core)
-  $(if $(if $(PKG_HOST_ONLY),,$(STAMP_PREPARED)),,$(if $(strip $(PKG_SOURCE_URL)),$(call Download,default)))
+  $(if $(if $(PKG_HOST_ONLY),,$(if $(and $(filter host-%,$(MAKECMDGOALS)),$(PKG_SKIP_DOWNLOAD)),,$(STAMP_PREPARED))),,
+	$(if $(and $(CONFIG_AUTOREMOVE), $(wildcard $(HOST_STAMP_INSTALLED), $(wildcard $(HOST_STAMP_BUILT)))),,
+		$(if $(strip $(PKG_SOURCE_URL)),$(call Download,default))
+	)
+  )
 endef
--- a/include/image-commands.mk
+++ b/include/image-commands.mk
@@ -3,15 +3,178 @@
 IMAGE_KERNEL = $(word 1,$^)
 IMAGE_ROOTFS = $(word 2,$^)

+define ModelNameLimit16
+$(shell printf %.16s "$(word 2, $(subst _, ,$(1)))")
+endef
+
 define rootfs_align
 $(patsubst %-256k,0x40000,$(patsubst %-128k,0x20000,$(patsubst %-64k,0x10000,$(patsubst squashfs%,0x4,$(patsubst root.%,%,$(1))))))
 endef

-define Build/uImage
-	mkimage -A $(LINUX_KARCH) \
-		-O linux -T kernel \
-		-C $(1) -a $(KERNEL_LOADADDR) -e $(if $(KERNEL_ENTRY),$(KERNEL_ENTRY),$(KERNEL_LOADADDR)) \
-		-n '$(if $(UIMAGE_NAME),$(UIMAGE_NAME),$(call toupper,$(LINUX_KARCH)) $(VERSION_DIST) Linux-$(LINUX_VERSION))' -d $@ $@.new
+
+define Build/append-dtb
+	cat $(KDIR)/image-$(firstword $(DEVICE_DTS)).dtb >> $@
+endef
+
+define Build/append-dtb-elf
+	$(TARGET_CROSS)objcopy \
+		--set-section-flags=.appended_dtb=alloc,contents \
+		--update-section \
+		.appended_dtb=$(KDIR)/image-$(firstword $(DEVICE_DTS)).dtb $@
+endef
+
+define Build/append-kernel
+	dd if=$(IMAGE_KERNEL) >> $@
+endef
+
+define Build/package-kernel-ubifs
+	mkdir $@.kernelubifs
+	cp $@ $@.kernelubifs/kernel
+	$(STAGING_DIR_HOST)/bin/mkfs.ubifs \
+		$(KERNEL_UBIFS_OPTS) \
+		-r $@.kernelubifs $@
+	rm -r $@.kernelubifs
+endef
+
+define Build/append-image
+	cp "$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1)" "$@.stripmeta"
+	fwtool -s /dev/null -t "$@.stripmeta" || :
+	fwtool -i /dev/null -t "$@.stripmeta" || :
+	dd if="$@.stripmeta" >> "$@"
+	rm "$@.stripmeta"
+endef
+
+ifdef IB
+define Build/append-image-stage
+	dd if=$(STAGING_DIR_IMAGE)/$(BOARD)$(if $(SUBTARGET),-$(SUBTARGET))-$(DEVICE_NAME)-$(1) >> $@
+endef
+else
+define Build/append-image-stage
+	cp "$(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1)" "$@.stripmeta"
+	fwtool -s /dev/null -t "$@.stripmeta" || :
+	fwtool -i /dev/null -t "$@.stripmeta" || :
+	mkdir -p "$(STAGING_DIR_IMAGE)"
+	dd if="$@.stripmeta" of="$(STAGING_DIR_IMAGE)/$(BOARD)$(if $(SUBTARGET),-$(SUBTARGET))-$(DEVICE_NAME)-$(1)"
+	dd if="$@.stripmeta" >> "$@"
+	rm "$@.stripmeta"
+endef
+endif
+
+
+compat_version=$(if $(DEVICE_COMPAT_VERSION),$(DEVICE_COMPAT_VERSION),1.0)
+json_quote=$(subst ','\'',$(subst ",\",$(1)))
+#")')
+
+legacy_supported_message=$(SUPPORTED_DEVICES) - Image version mismatch: image $(compat_version), \
+	device 1.0. Please wipe config during upgrade (force required) or reinstall. \
+	$(if $(DEVICE_COMPAT_MESSAGE),Reason: $(DEVICE_COMPAT_MESSAGE),Please check documentation ...)
+
+metadata_devices=$(if $(1),$(subst "$(space)","$(comma)",$(strip $(foreach v,$(1),"$(call json_quote,$(v))"))))
+metadata_json = \
+	'{ $(if $(IMAGE_METADATA),$(IMAGE_METADATA)$(comma)) \
+		"metadata_version": "1.1", \
+		"compat_version": "$(call json_quote,$(compat_version))", \
+		$(if $(DEVICE_COMPAT_MESSAGE),"compat_message": "$(call json_quote,$(DEVICE_COMPAT_MESSAGE))"$(comma)) \
+		$(if $(filter-out 1.0,$(compat_version)),"new_supported_devices": \
+			[$(call metadata_devices,$(SUPPORTED_DEVICES))]$(comma) \
+			"supported_devices": ["$(call json_quote,$(legacy_supported_message))"]$(comma)) \
+		$(if $(filter 1.0,$(compat_version)),"supported_devices":[$(call metadata_devices,$(SUPPORTED_DEVICES))]$(comma)) \
+		"version": { \
+			"dist": "$(call json_quote,$(VERSION_DIST))", \
+			"version": "$(call json_quote,$(VERSION_NUMBER))", \
+			"revision": "$(call json_quote,$(REVISION))", \
+			"target": "$(call json_quote,$(TARGETID))", \
+			"board": "$(call json_quote,$(if $(BOARD_NAME),$(BOARD_NAME),$(DEVICE_NAME)))" \
+		} \
+	}'
+
+define Build/append-metadata
+	$(if $(SUPPORTED_DEVICES),-echo $(call metadata_json) | fwtool -I - $@)
+	sha256sum "$@" | cut -d" " -f1 > "$@.sha256sum"
+	[ ! -s "$(BUILD_KEY)" -o ! -s "$(BUILD_KEY).ucert" -o ! -s "$@" ] || { \
+		cp "$(BUILD_KEY).ucert" "$@.ucert" ;\
+		usign -S -m "$@" -s "$(BUILD_KEY)" -x "$@.sig" ;\
+		ucert -A -c "$@.ucert" -x "$@.sig" ;\
+		fwtool -S "$@.ucert" "$@" ;\
+	}
+endef
+
+define Build/append-rootfs
+	dd if=$(IMAGE_ROOTFS) >> $@
+endef
+
+define Build/append-squashfs-fakeroot-be
+	rm -rf $@.fakefs $@.fakesquashfs
+	mkdir $@.fakefs
+	$(STAGING_DIR_HOST)/bin/mksquashfs-lzma \
+		$@.fakefs $@.fakesquashfs \
+		-noappend -root-owned -be -nopad -b 65536 \
+		$(if $(SOURCE_DATE_EPOCH),-fixed-time $(SOURCE_DATE_EPOCH))
+	cat $@.fakesquashfs >> $@
+endef
+
+define Build/append-squashfs4-fakeroot
+	rm -rf $@.fakefs $@.fakesquashfs
+	mkdir $@.fakefs
+	$(STAGING_DIR_HOST)/bin/mksquashfs4 \
+		$@.fakefs $@.fakesquashfs \
+		-nopad -noappend -root-owned
+	cat $@.fakesquashfs >> $@
+endef
+
+define Build/append-string
+	echo -n $(1) >> $@
+endef
+
+define Build/append-ubi
+	sh $(TOPDIR)/scripts/ubinize-image.sh \
+		$(if $(UBOOTENV_IN_UBI),--uboot-env) \
+		$(if $(KERNEL_IN_UBI),--kernel $(IMAGE_KERNEL)) \
+		$(foreach part,$(UBINIZE_PARTS),--part $(part)) \
+		--rootfs $(IMAGE_ROOTFS) \
+		$@.tmp \
+		-p $(BLOCKSIZE:%k=%KiB) -m $(PAGESIZE) \
+		$(if $(SUBPAGESIZE),-s $(SUBPAGESIZE)) \
+		$(if $(VID_HDR_OFFSET),-O $(VID_HDR_OFFSET)) \
+		$(UBINIZE_OPTS)
+	cat $@.tmp >> $@
+	rm $@.tmp
+endef
+
+define Build/ubinize-kernel
+	cp $@ $@.tmp
+	sh $(TOPDIR)/scripts/ubinize-image.sh \
+		--kernel $@.tmp \
+		$@ \
+		-p $(BLOCKSIZE:%k=%KiB) -m $(PAGESIZE) \
+		$(if $(SUBPAGESIZE),-s $(SUBPAGESIZE)) \
+		$(if $(VID_HDR_OFFSET),-O $(VID_HDR_OFFSET)) \
+		$(UBINIZE_OPTS)
+	rm $@.tmp
+endef
+
+define Build/append-uboot
+	dd if=$(UBOOT_PATH) >> $@
+endef
+
+# append a fake/empty uImage header, to fool bootloaders rootfs integrity check
+# for example
+define Build/append-uImage-fakehdr
+	$(eval type=$(word 1,$(1)))
+	$(eval magic=$(word 2,$(1)))
+	touch $@.fakehdr
+	$(STAGING_DIR_HOST)/bin/mkimage \
+		-A $(LINUX_KARCH) -O linux -T $(type) -C none \
+		-n '$(VERSION_DIST) fake $(type)' \
+		$(if $(magic),-M $(magic)) \
+		-d $@.fakehdr \
+		-s \
+		$@.fakehdr
+	cat $@.fakehdr >> $@
+endef
+
+define Build/buffalo-dhp-image
+	$(STAGING_DIR_HOST)/bin/mkdhpimg $@ $@.new
 	mv $@.new $@
 endef

@@ -43,39 +206,190 @@ define Build/buffalo-tag-dhp
 	mv $@.new $@
 endef

-define Build/buffalo-dhp-image
-	$(STAGING_DIR_HOST)/bin/mkdhpimg $@ $@.new
+define Build/check-size
+	@imagesize="$$(stat -c%s $@)"; \
+	limitsize="$$(($(subst k,* 1024,$(subst m, * 1024k,$(if $(1),$(1),$(IMAGE_SIZE))))))"; \
+	[ $$limitsize -ge $$imagesize ] || { \
+		$(call ERROR_MESSAGE,    WARNING: Image file $@ is too big: $$imagesize > $$limitsize); \
+		rm -f $@; \
+	}
+endef
+
+define Build/copy-file
+	cat "$(1)" > "$@"
+endef
+
+define Build/edimax-header
+	$(STAGING_DIR_HOST)/bin/mkedimaximg -i $@ -o $@.new $(1)
+	@mv $@.new $@
+endef
+
+define Build/elecom-product-header
+	$(eval product=$(word 1,$(1)))
+	$(eval fw=$(if $(word 2,$(1)),$(word 2,$(1)),$@))
+
+	( \
+		echo -n -e "ELECOM\x00\x00$(product)" | dd bs=40 count=1 conv=sync; \
+		echo -n "0.00" | dd bs=16 count=1 conv=sync; \
+		dd if=$(fw); \
+	) > $(fw).new
+	mv $(fw).new $(fw)
+endef
+
+define Build/elecom-wrc-gs-factory
+	$(eval product=$(word 1,$(1)))
+	$(eval version=$(word 2,$(1)))
+	$(eval hash_opt=$(word 3,$(1)))
+	$(MKHASH) md5 $(hash_opt) $@ >> $@
+	( \
+		echo -n "ELECOM $(product) v$(version)" | \
+			dd bs=32 count=1 conv=sync; \
+		dd if=$@; \
+	) > $@.new
 	mv $@.new $@
 endef

+define Build/elx-header
+	$(eval hw_id=$(word 1,$(1)))
+	$(eval xor_pattern=$(word 2,$(1)))
+	( \
+		echo -ne "\x00\x00\x00\x00\x00\x00\x00\x03" | \
+			dd bs=42 count=1 conv=sync; \
+		hw_id="$(hw_id)"; \
+		echo -ne "\x$${hw_id:0:2}\x$${hw_id:2:2}\x$${hw_id:4:2}\x$${hw_id:6:2}" | \
+			dd bs=20 count=1 conv=sync; \
+		echo -ne "$$(printf '%08x' $$(stat -c%s $@) | fold -s2 | xargs -I {} echo \\x{} | tr -d '\n')" | \
+			dd bs=8 count=1 conv=sync; \
+		echo -ne "$$($(MKHASH) md5 $@ | fold -s2 | xargs -I {} echo \\x{} | tr -d '\n')" | \
+			dd bs=58 count=1 conv=sync; \
+	) > $(KDIR)/tmp/$(DEVICE_NAME).header
+	$(call Build/xor-image,-p $(xor_pattern) -x)
+	cat $(KDIR)/tmp/$(DEVICE_NAME).header $@ > $@.new
+	mv $@.new $@
+	rm -rf $(KDIR)/tmp/$(DEVICE_NAME).header
+endef
+
 define Build/eva-image
 	$(STAGING_DIR_HOST)/bin/lzma2eva $(KERNEL_LOADADDR) $(KERNEL_LOADADDR) $@ $@.new
 	mv $@.new $@
 endef

-define Build/seama
-	$(STAGING_DIR_HOST)/bin/seama -i $@ \
-		-m "dev=/dev/mtdblock/$(SEAMA_MTDBLOCK)" -m "type=firmware"
-	mv $@.seama $@
+define Build/initrd_compression
+	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_BZIP2),.bzip2) \
+	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_GZIP),.gzip) \
+	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_LZ4),.lz4) \
+	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_LZMA),.lzma) \
+	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_LZO),.lzo) \
+	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_XZ),.xz) \
+	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_ZSTD),.zstd)
 endef

-define Build/seama-seal
-	$(STAGING_DIR_HOST)/bin/seama -i $@ -s $@.seama \
-		-m "signature=$(SEAMA_SIGNATURE)"
-	mv $@.seama $@
+define Build/fit
+	$(TOPDIR)/scripts/mkits.sh \
+		-D $(DEVICE_NAME) -o $@.its -k $@ \
+		-C $(word 1,$(1)) \
+		$(if $(word 2,$(1)),\
+			$(if $(findstring 11,$(if $(DEVICE_DTS_OVERLAY),1)$(if $(findstring $(KERNEL_BUILD_DIR)/image-,$(word 2,$(1))),,1)), \
+				-d $(KERNEL_BUILD_DIR)/image-$$(basename $(word 2,$(1))), \
+				-d $(word 2,$(1)))) \
+		$(if $(findstring with-rootfs,$(word 3,$(1))),-r $(IMAGE_ROOTFS)) \
+		$(if $(findstring with-initrd,$(word 3,$(1))), \
+			$(if $(CONFIG_TARGET_ROOTFS_INITRAMFS_SEPARATE), \
+				-i $(KERNEL_BUILD_DIR)/initrd.cpio$(strip $(call Build/initrd_compression)))) \
+		-a $(KERNEL_LOADADDR) -e $(if $(KERNEL_ENTRY),$(KERNEL_ENTRY),$(KERNEL_LOADADDR)) \
+		$(if $(DEVICE_FDT_NUM),-n $(DEVICE_FDT_NUM)) \
+		$(if $(DEVICE_DTS_DELIMITER),-l $(DEVICE_DTS_DELIMITER)) \
+		$(if $(DEVICE_DTS_LOADADDR),-s $(DEVICE_DTS_LOADADDR)) \
+		$(if $(DEVICE_DTS_OVERLAY),$(foreach dtso,$(DEVICE_DTS_OVERLAY), -O $(dtso):$(KERNEL_BUILD_DIR)/image-$(dtso).dtbo)) \
+		-c $(if $(DEVICE_DTS_CONFIG),$(DEVICE_DTS_CONFIG),"config-1") \
+		-A $(LINUX_KARCH) -v $(LINUX_VERSION)
+	PATH=$(LINUX_DIR)/scripts/dtc:$(PATH) mkimage $(if $(findstring external,$(word 3,$(1))),\
+		-E -B 0x1000 $(if $(findstring static,$(word 3,$(1))),-p 0x1000)) -f $@.its $@.new
+	@mv $@.new $@
 endef

-define Build/zyxel-ras-image
-	let \
-		newsize="$(subst k,* 1024,$(RAS_ROOTFS_SIZE))"; \
-		$(STAGING_DIR_HOST)/bin/mkrasimage \
-			-b $(RAS_BOARD) \
-			-v $(RAS_VERSION) \
-			-r $@ \
-			-s $$newsize \
+define Build/libdeflate-gzip
+	$(STAGING_DIR_HOST)/bin/libdeflate-gzip -f -12 -c $@ $(1) > $@.new
+	@mv $@.new $@
+endef
+
+define Build/gzip
+	$(STAGING_DIR_HOST)/bin/gzip -f -9n -c $@ $(1) > $@.new
+	@mv $@.new $@
+endef
+
+define Build/gzip-filename
+	@mkdir -p $@.tmp
+	@cp $@ $@.tmp/$(word 1,$(1))
+	$(if $(SOURCE_DATE_EPOCH),touch -hcd "@$(SOURCE_DATE_EPOCH)" $@.tmp/$(word 1,$(1)) $(word 2,$(1)))
+	$(STAGING_DIR_HOST)/bin/gzip -f -9 -N -c $@.tmp/$(word 1,$(1)) $(word 2,$(1)) > $@.new
+	@mv $@.new $@
+	@rm -rf $@.tmp
+endef
+
+define Build/install-dtb
+	$(call locked, \
+		$(foreach dts,$(DEVICE_DTS), \
+			$(CP) \
+				$(DTS_DIR)/$(dts).dtb \
+				$(BIN_DIR)/$(IMG_PREFIX)-$(dts).dtb; \
+		), \
+		install-dtb-$(IMG_PREFIX) \
+	)
+endef
+
+define Build/iptime-crc32
+	$(STAGING_DIR_HOST)/bin/iptime-crc32 $(1) $@ $@.new
+	mv $@.new $@
+endef
+
+define Build/iptime-naspkg
+	$(STAGING_DIR_HOST)/bin/iptime-naspkg $(1) $@ $@.new
+	mv $@.new $@
+endef
+
+define Build/jffs2
+	rm -rf $(KDIR_TMP)/$(DEVICE_NAME)/jffs2 && \
+		mkdir -p $(KDIR_TMP)/$(DEVICE_NAME)/jffs2/$$(dirname $(1)) && \
+		cp $@ $(KDIR_TMP)/$(DEVICE_NAME)/jffs2/$(1) && \
+		$(STAGING_DIR_HOST)/bin/mkfs.jffs2 --pad \
+			$(if $(CONFIG_BIG_ENDIAN),--big-endian,--little-endian) \
+			--squash-uids -v -e $(patsubst %k,%KiB,$(BLOCKSIZE)) \
 			-o $@.new \
-			$(if $(findstring separate-kernel,$(word 1,$(1))),-k $(IMAGE_KERNEL)) \
-		&& mv $@.new $@
+			-d $(KDIR_TMP)/$(DEVICE_NAME)/jffs2 \
+			2>&1 1>/dev/null | awk '/^.+$$$$/' && \
+		$(STAGING_DIR_HOST)/bin/padjffs2 $@.new -J $(patsubst %k,,$(BLOCKSIZE))
+	-rm -rf $(KDIR_TMP)/$(DEVICE_NAME)/jffs2/
+	@mv $@.new $@
+endef
+
+define Build/kernel2minor
+	$(eval temp_file := $(shell mktemp))
+	cp $@ $(temp_file)
+	kernel2minor -k $(temp_file) -r $(temp_file).new $(1)
+	mv $(temp_file).new $@
+	rm -f $(temp_file)
+endef
+
+define Build/kernel-bin
+	rm -f $@
+	cp $< $@
+endef
+
+define Build/linksys-image
+	$(TOPDIR)/scripts/linksys-image.sh \
+		"$(call param_get_default,type,$(1),$(DEVICE_NAME))" \
+		$@ $@.new
+		mv $@.new $@
+endef
+
+define Build/lzma
+	$(call Build/lzma-no-dict,-lc1 -lp2 -pb2 $(1))
+endef
+
+define Build/lzma-no-dict
+	$(STAGING_DIR_HOST)/bin/lzma e $@ $(1) $@.new
+	@mv $@.new $@
 endef

 define Build/netgear-chk
@@ -96,205 +410,17 @@ define Build/netgear-dni
 	mv $@.new $@
 endef

-define Build/append-squashfs-fakeroot-be
-	rm -rf $@.fakefs $@.fakesquashfs
-	mkdir $@.fakefs
-	$(STAGING_DIR_HOST)/bin/mksquashfs-lzma \
-		$@.fakefs $@.fakesquashfs \
-		-noappend -root-owned -be -nopad -b 65536 \
-		$(if $(SOURCE_DATE_EPOCH),-fixed-time $(SOURCE_DATE_EPOCH))
-	cat $@.fakesquashfs >> $@
-endef
-
-define Build/append-string
-	echo -n $(1) >> $@
-endef
-
-# append a fake/empty uImage header, to fool bootloaders rootfs integrity check
-# for example
-define Build/append-uImage-fakehdr
-	$(eval type=$(word 1,$(1)))
-	$(eval magic=$(word 2,$(1)))
-	touch $@.fakehdr
-	$(STAGING_DIR_HOST)/bin/mkimage \
-		-A $(LINUX_KARCH) -O linux -T $(type) -C none \
-		-n '$(VERSION_DIST) fake $(type)' \
-		$(if $(magic),-M $(magic)) \
-		-d $@.fakehdr \
-		-s \
-		$@.fakehdr
-	cat $@.fakehdr >> $@
-endef
-
-define Build/tplink-safeloader
-	-$(STAGING_DIR_HOST)/bin/tplink-safeloader \
-		-B $(TPLINK_BOARD_ID) \
-		-V $(REVISION) \
-		-k $(IMAGE_KERNEL) \
-		-r $@ \
-		-o $@.new \
-		-j \
-		$(wordlist 2,$(words $(1)),$(1)) \
-		$(if $(findstring sysupgrade,$(word 1,$(1))),-S) && mv $@.new $@ || rm -f $@
-endef
-
-define Build/append-dtb
-	cat $(KDIR)/image-$(firstword $(DEVICE_DTS)).dtb >> $@
-endef
-
-define Build/install-dtb
-	$(call locked, \
-		$(foreach dts,$(DEVICE_DTS), \
-			$(CP) \
-				$(DTS_DIR)/$(dts).dtb \
-				$(BIN_DIR)/$(IMG_PREFIX)-$(dts).dtb; \
-		), \
-		install-dtb-$(IMG_PREFIX) \
-	)
-endef
-
-define Build/fit
-	$(TOPDIR)/scripts/mkits.sh \
-		-D $(DEVICE_NAME) -o $@.its -k $@ \
-		$(if $(word 2,$(1)),-d $(word 2,$(1))) -C $(word 1,$(1)) \
-		-a $(KERNEL_LOADADDR) -e $(if $(KERNEL_ENTRY),$(KERNEL_ENTRY),$(KERNEL_LOADADDR)) \
-		-c $(if $(DEVICE_DTS_CONFIG),$(DEVICE_DTS_CONFIG),"config@1") \
-		-A $(LINUX_KARCH) -v $(LINUX_VERSION)
-	PATH=$(LINUX_DIR)/scripts/dtc:$(PATH) mkimage -f $@.its $@.new
-	@mv $@.new $@
-endef
-
-define Build/lzma
-	$(call Build/lzma-no-dict,-lc1 -lp2 -pb2 $(1))
-endef
-
-define Build/lzma-no-dict
-	$(STAGING_DIR_HOST)/bin/lzma e $@ $(1) $@.new
-	@mv $@.new $@
-endef
-
-define Build/gzip
-	gzip -f -9n -c $@ $(1) > $@.new
-	@mv $@.new $@
-endef
-
-define Build/zip
-	mkdir $@.tmp
-	mv $@ $@.tmp/$(1)
-
-	zip -j -X \
-		$(if $(SOURCE_DATE_EPOCH),--mtime="$(SOURCE_DATE_EPOCH)") \
-		$@ $@.tmp/$(if $(1),$(1),$@)
-	rm -rf $@.tmp
-endef
-
-define Build/jffs2
-	rm -rf $(KDIR_TMP)/$(DEVICE_NAME)/jffs2 && \
-		mkdir -p $(KDIR_TMP)/$(DEVICE_NAME)/jffs2/$$(dirname $(1)) && \
-		cp $@ $(KDIR_TMP)/$(DEVICE_NAME)/jffs2/$(1) && \
-		$(STAGING_DIR_HOST)/bin/mkfs.jffs2 --pad \
-			$(if $(CONFIG_BIG_ENDIAN),--big-endian,--little-endian) \
-			--squash-uids -v -e $(patsubst %k,%KiB,$(BLOCKSIZE)) \
-			-o $@.new \
-			-d $(KDIR_TMP)/$(DEVICE_NAME)/jffs2 \
-			2>&1 1>/dev/null | awk '/^.+$$$$/' && \
-		$(STAGING_DIR_HOST)/bin/padjffs2 $@.new -J $(patsubst %k,,$(BLOCKSIZE))
-	-rm -rf $(KDIR_TMP)/$(DEVICE_NAME)/jffs2/
-	@mv $@.new $@
-endef
-
-define Build/kernel-bin
-	rm -f $@
-	cp $< $@
-endef
-
-define Build/patch-cmdline
-	$(STAGING_DIR_HOST)/bin/patch-cmdline $@ '$(CMDLINE)'
-endef
-
-define Build/append-kernel
-	dd if=$(IMAGE_KERNEL) >> $@
-endef
-
-define Build/append-rootfs
-	dd if=$(IMAGE_ROOTFS) >> $@
-endef
-
-define Build/append-ubi
-	sh $(TOPDIR)/scripts/ubinize-image.sh \
-		$(if $(UBOOTENV_IN_UBI),--uboot-env) \
-		$(if $(KERNEL_IN_UBI),--kernel $(IMAGE_KERNEL)) \
-		$(foreach part,$(UBINIZE_PARTS),--part $(part)) \
-		$(IMAGE_ROOTFS) \
-		$@.tmp \
-		-p $(BLOCKSIZE:%k=%KiB) -m $(PAGESIZE) \
-		$(if $(SUBPAGESIZE),-s $(SUBPAGESIZE)) \
-		$(if $(VID_HDR_OFFSET),-O $(VID_HDR_OFFSET)) \
-		$(UBINIZE_OPTS)
-	cat $@.tmp >> $@
-	rm $@.tmp
-endef
-
-define Build/append-uboot
-	dd if=$(UBOOT_PATH) >> $@
-endef
-
-define Build/pad-to
-	$(call Image/pad-to,$@,$(1))
-endef
-
-define Build/pad-extra
-	dd if=/dev/zero bs=$(1) count=1 >> $@
-endef
-
-define Build/pad-rootfs
-	$(STAGING_DIR_HOST)/bin/padjffs2 $@ $(1) \
-		$(if $(BLOCKSIZE),$(BLOCKSIZE:%k=%),4 8 16 64 128 256)
-endef
-
-define Build/pad-offset
-	let \
-		size="$$(stat -c%s $@)" \
-		pad="$(subst k,* 1024,$(word 1, $(1)))" \
-		offset="$(subst k,* 1024,$(word 2, $(1)))" \
-		pad="(pad - ((size + offset) % pad)) % pad" \
-		newsize='size + pad'; \
-		dd if=$@ of=$@.new bs=$$newsize count=1 conv=sync
-	mv $@.new $@
-endef
-
-define Build/xor-image
-	$(STAGING_DIR_HOST)/bin/xorimage -i $@ -o $@.xor $(1)
-	mv $@.xor $@
-endef
-
-define Build/check-size
-	@[ $$(($(subst k,* 1024,$(subst m, * 1024k,$(1))))) -ge "$$(stat -c%s $@)" ] || { \
-		echo "WARNING: Image file $@ is too big" >&2; \
-		rm -f $@; \
-	}
-endef
-
-define Build/check-kernel-size
-	@[ $$(($(subst k,* 1024,$(subst m, * 1024k,$(1))))) -ge "$$(stat -c%s $(IMAGE_KERNEL))" ] || { \
-		echo "WARNING: Kernel for $@ is too big > $(1)" >&2; \
-		rm -f $@; \
-	}
-endef
-
-define Build/combined-image
-	-sh $(TOPDIR)/scripts/combined-image.sh \
-		"$(IMAGE_KERNEL)" \
-		"$@" \
-		"$@.new"
-	@mv $@.new $@
-endef
-
-define Build/linksys-image
-	$(TOPDIR)/scripts/linksys-image.sh \
-		"$(call param_get_default,type,$(1),$(DEVICE_NAME))" \
-		$@ $@.new
-		mv $@.new $@
+define Build/netgear-encrypted-factory
+	$(TOPDIR)/scripts/netgear-encrypted-factory.py \
+		--input-file $@ \
+		--output-file $@ \
+		--model $(NETGEAR_ENC_MODEL) \
+		--region $(NETGEAR_ENC_REGION) \
+		--version V1.0.0.0.$(VERSION_DIST).$(firstword $(subst -, ,$(REVISION))) \
+		--encryption-block-size 0x20000 \
+		--openssl-bin "$(STAGING_DIR_HOST)/bin/openssl" \
+		--key 6865392d342b4d212964363d6d7e7765312c7132613364316e26322a5a5e2538 \
+		--iv 4a253169516c38243d6c6d2d3b384145
 endef

 define Build/openmesh-image
@@ -310,6 +436,45 @@ define Build/openmesh-image
 		"$(call param_get_default,rootfs,$(1),$@)" "rootfs"
 endef

+define Build/pad-extra
+	dd if=/dev/zero bs=$(1) count=1 >> $@
+endef
+
+define Build/pad-offset
+	let \
+		size="$$(stat -c%s $@)" \
+		pad="$(subst k,* 1024,$(word 1, $(1)))" \
+		offset="$(subst k,* 1024,$(word 2, $(1)))" \
+		pad="(pad - ((size + offset) % pad)) % pad" \
+		newsize='size + pad'; \
+		dd if=$@ of=$@.new bs=$$newsize count=1 conv=sync
+	mv $@.new $@
+endef
+
+define Build/pad-rootfs
+	$(STAGING_DIR_HOST)/bin/padjffs2 $@ $(1) \
+		$(if $(BLOCKSIZE),$(BLOCKSIZE:%k=%),4 8 16 64 128 256)
+endef
+
+define Build/pad-to
+	$(call Image/pad-to,$@,$(1))
+endef
+
+define Build/patch-cmdline
+	$(STAGING_DIR_HOST)/bin/patch-cmdline $@ '$(CMDLINE)'
+endef
+
+# Convert a raw image into a $1 type image.
+# E.g. | qemu-image vdi <optional extra arguments to qemu-img binary>
+define Build/qemu-image
+	if command -v qemu-img; then \
+		qemu-img convert -f raw -O $1 $@ $@.new; \
+		mv $@.new $@; \
+	else \
+		echo "WARNING: Install qemu-img to create VDI/VMDK images" >&2; exit 1; \
+	fi
+endef
+
 define Build/qsdk-ipq-factory-nand
 	$(TOPDIR)/scripts/mkits-qsdk-ipq-image.sh \
 		$@.its ubi $@
@@ -317,13 +482,32 @@ define Build/qsdk-ipq-factory-nand
 	@mv $@.new $@
 endef

-define Build/qsdk-ipq-factory-nor
+define Build/qsdk-ipq-factory-mmc
 	$(TOPDIR)/scripts/mkits-qsdk-ipq-image.sh \
 		$@.its kernel $(IMAGE_KERNEL) rootfs $(IMAGE_ROOTFS)
 	PATH=$(LINUX_DIR)/scripts/dtc:$(PATH) mkimage -f $@.its $@.new
 	@mv $@.new $@
 endef

+define Build/qsdk-ipq-factory-nor
+	$(TOPDIR)/scripts/mkits-qsdk-ipq-image.sh \
+		$@.its hlos $(IMAGE_KERNEL) rootfs $(IMAGE_ROOTFS)
+	PATH=$(LINUX_DIR)/scripts/dtc:$(PATH) mkimage -f $@.its $@.new
+	@mv $@.new $@
+endef
+
+define Build/seama
+	$(STAGING_DIR_HOST)/bin/seama -i $@ \
+		-m "dev=/dev/mtdblock/$(SEAMA_MTDBLOCK)" -m "type=firmware"
+	mv $@.seama $@
+endef
+
+define Build/seama-seal
+	$(STAGING_DIR_HOST)/bin/seama -i $@ -s $@.seama \
+		-m "signature=$(SEAMA_SIGNATURE)"
+	mv $@.seama $@
+endef
+
 define Build/senao-header
 	$(STAGING_DIR_HOST)/bin/mksenaofw $(1) -e $@ -o $@.new
 	mv $@.new $@
@@ -337,6 +521,18 @@ define Build/sysupgrade-tar
 		$@
 endef

+define Build/tplink-safeloader
+	-$(STAGING_DIR_HOST)/bin/tplink-safeloader \
+		-B $(TPLINK_BOARD_ID) \
+		-V $(REVISION) \
+		-k $(IMAGE_KERNEL) \
+		-r $@ \
+		-o $@.new \
+		-j \
+		$(wordlist 2,$(words $(1)),$(1)) \
+		$(if $(findstring sysupgrade,$(word 1,$(1))),-S) && mv $@.new $@ || rm -f $@
+endef
+
 define Build/tplink-v1-header
 	$(STAGING_DIR_HOST)/bin/mktplinkfw \
 		-c -H $(TPLINK_HWID) -W $(TPLINK_HWREV) -L $(KERNEL_LOADADDR) \
@@ -384,33 +580,46 @@ define Build/tplink-v2-image
 	rm -rf $@.new
 endef

-json_quote=$(subst ','\'',$(subst ",\",$(1)))
-#")')
-metadata_devices=$(if $(1),$(subst "$(space)","$(comma)",$(strip $(foreach v,$(1),"$(call json_quote,$(v))"))))
-metadata_json = \
-	'{ $(if $(IMAGE_METADATA),$(IMAGE_METADATA)$(comma)) \
-		"metadata_version": "1.0", \
-		"supported_devices":[$(call metadata_devices,$(1))], \
-		"version": { \
-			"dist": "$(call json_quote,$(VERSION_DIST))", \
-			"version": "$(call json_quote,$(VERSION_NUMBER))", \
-			"revision": "$(call json_quote,$(REVISION))", \
-			"target": "$(call json_quote,$(TARGETID))", \
-			"board": "$(call json_quote,$(if $(BOARD_NAME),$(BOARD_NAME),$(DEVICE_NAME)))" \
-		} \
-	}'
-
-define Build/append-metadata
-	$(if $(SUPPORTED_DEVICES),-echo $(call metadata_json,$(SUPPORTED_DEVICES)) | fwtool -I - $@)
-	[ ! -s "$(BUILD_KEY)" -o ! -s "$(BUILD_KEY).ucert" -o ! -s "$@" ] || { \
-		cp "$(BUILD_KEY).ucert" "$@.ucert" ;\
-		usign -S -m "$@" -s "$(BUILD_KEY)" -x "$@.sig" ;\
-		ucert -A -c "$@.ucert" -x "$@.sig" ;\
-		fwtool -S "$@.ucert" "$@" ;\
-	}
-endef
-
-define Build/kernel2minor
-	kernel2minor -k $@ -r $@.new $(1)
+define Build/uImage
+	$(if $(UIMAGE_TIME),SOURCE_DATE_EPOCH="$(UIMAGE_TIME)") \
+	mkimage \
+		-A $(LINUX_KARCH) \
+		-O linux \
+		-T kernel \
+		-C $(word 1,$(1)) \
+		-a $(KERNEL_LOADADDR) \
+		-e $(if $(KERNEL_ENTRY),$(KERNEL_ENTRY),$(KERNEL_LOADADDR)) \
+		-n '$(if $(UIMAGE_NAME),$(UIMAGE_NAME),$(call toupper,$(LINUX_KARCH)) $(VERSION_DIST) Linux-$(LINUX_VERSION))' \
+		$(if $(UIMAGE_MAGIC),-M $(UIMAGE_MAGIC)) \
+		$(wordlist 2,$(words $(1)),$(1)) \
+		-d $@ $@.new
 	mv $@.new $@
 endef
+
+define Build/xor-image
+	$(STAGING_DIR_HOST)/bin/xorimage -i $@ -o $@.xor $(1)
+	mv $@.xor $@
+endef
+
+define Build/zip
+	rm -rf $@.tmp
+	mkdir $@.tmp
+	mv $@ $@.tmp/$(word 1,$(1))
+	TZ=UTC $(STAGING_DIR_HOST)/bin/zip -j -X \
+		$(wordlist 2,$(words $(1)),$(1)) \
+		$@ $@.tmp/$(if $(word 1,$(1)),$(word 1,$(1)),$$(basename $@))
+	rm -rf $@.tmp
+endef
+
+define Build/zyxel-ras-image
+	let \
+		newsize="$(subst k,* 1024,$(RAS_ROOTFS_SIZE))"; \
+		$(STAGING_DIR_HOST)/bin/mkrasimage \
+			-b $(RAS_BOARD) \
+			-v $(RAS_VERSION) \
+			-r $@ \
+			-s $$newsize \
+			-o $@.new \
+			$(if $(findstring separate-kernel,$(word 1,$(1))),-k $(IMAGE_KERNEL)) \
+		&& mv $@.new $@
+endef
--- a/include/image-legacy.mk
+++ b/include/image-legacy.mk
@@ -1,93 +0,0 @@
-ifneq ($(CONFIG_TARGET_ROOTFS_UBIFS),)
-    define Image/mkfs/ubifs/generate
-	$(CP) ./ubinize$(1).cfg $(KDIR)
-	( cd $(KDIR); \
-		$(STAGING_DIR_HOST)/bin/ubinize \
-		$(if $($(PROFILE)_UBI_OPTS),$($(PROFILE)_UBI_OPTS),$(shell echo $(UBI_OPTS))) \
-		-o $(KDIR)/root$(1).ubi \
-		ubinize$(1).cfg \
-	)
-    endef
-
-    define Image/mkfs/ubifs/legacy
-
-        $(if $($(PROFILE)_UBIFS_OPTS)$(UBIFS_OPTS),
-		$(STAGING_DIR_HOST)/bin/mkfs.ubifs \
-			$(if $($(PROFILE)_UBIFS_OPTS),$($(PROFILE)_UBIFS_OPTS),$(UBIFS_OPTS)) \
-			$(if $(CONFIG_TARGET_UBIFS_FREE_SPACE_FIXUP),--space-fixup) \
-			$(if $(CONFIG_TARGET_UBIFS_COMPRESSION_NONE),--compr=none) \
-			$(if $(CONFIG_TARGET_UBIFS_COMPRESSION_LZO),--compr=lzo) \
-			$(if $(CONFIG_TARGET_UBIFS_COMPRESSION_ZLIB),--compr=zlib) \
-			$(if $(shell echo $(CONFIG_TARGET_UBIFS_JOURNAL_SIZE)),--jrn-size=$(CONFIG_TARGET_UBIFS_JOURNAL_SIZE)) \
-			--squash-uids \
-			-o $(KDIR)/root.ubifs \
-			-d $(TARGET_DIR)
-	)
-	$(call Image/Build,ubifs)
-
-        $(if $($(PROFILE)_UBI_OPTS)$(UBI_OPTS),
-		$(if $(wildcard ./ubinize.cfg),$(call Image/mkfs/ubifs/generate,))
-		$(if $(wildcard ./ubinize-overlay.cfg),$(call Image/mkfs/ubifs/generate,-overlay))
-	)
-	$(if $(wildcard ./ubinize.cfg),$(call Image/Build,ubi))
-    endef
-endif
-
-LegacyDevice/Dump = $(Device/Dump)
-
-define LegacyDevice/Check
-  $(Device/Check/Common)
-  _TARGET_PREPARE := $$(if $$(_PROFILE_SET),legacy-images-prepare,prepare-disabled)
-  _TARGET := $$(if $$(_PROFILE_SET),legacy-images,install-disabled)
-  $$(if $$(_PROFILE_SET),install: legacy-images-make)
-  ifndef IB
-    $$(if $$(_PROFILE_SET),kernel_prepare: legacy-images-prepare-make)
-  endif
-endef
-
-ifdef TARGET_PER_DEVICE_ROOTFS
-  define Image/Build/Profile/Filesystem
-	cp $(KDIR)/root.$(2)+pkg=$(3) $(KDIR)/root.$(2)
-	$(call Image/Build/$(2),$(2))
-	$(call Image/Build/Profile,$(1),$(2))
-  endef
-else
-  Image/Build/Profile/Filesystem = $(Image/Build/Profile)
-endif
-
-define LegacyDevice/Build
-  $$(_TARGET): legacy-image-$(1)
-  $$(_TARGET_PREPARE): legacy-image-prepare-$(1)
-  .PHONY: legacy-image-prepare-$(1) legacy-image-$(1)
-
-  legacy-image-prepare-$(1):
-	$$(call Image/Prepare/Profile,$(1))
-
-  ifndef IB
-    ifdef CONFIG_TARGET_PER_DEVICE_ROOTFS
-      ROOTFS/$(1) := $(foreach fs,$(TARGET_FILESYSTEMS), \
-        $(KDIR)/root.$(fs)$$(strip $(if $(CONFIG_TARGET_PER_DEVICE_ROOTFS),+pkg=$$(ROOTFS_ID/$(1)))) \
-      )
-
-      $$(ROOTFS/$(1)): target-dir-$$(ROOTFS_ID/$(1))
-      legacy-images-make: $$(if $$(_PROFILE_SET),$$(ROOTFS/$(1)))
-    endif
-  endif
-
-  legacy-image-$(1):
-	$$(call Image/BuildKernel/Profile,$(1))
-	$(foreach fs,$(TARGET_FILESYSTEMS),
-		$$(call Image/Build/Profile/Filesystem,$(1),$(fs),$$(ROOTFS_ID/$(1)))
-	)
-
-endef
-
-define LegacyDevice
-  $(call Device/InitProfile,$(1))
-  $(call Device/Default,$(1))
-  $(call LegacyDevice/Default,$(1))
-  $(call LegacyDevice/$(1),$(1))
-  $(call LegacyDevice/Check,$(1))
-  $(call LegacyDevice/$(if $(DUMP),Dump,Build),$(1))
-
-endef
--- a/include/image.mk
+++ b/include/image.mk
@@ -1,9 +1,6 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
-# Copyright (C) 2006-2010 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+# Copyright (C) 2006-2020 OpenWrt.org

 override TARGET_BUILD=
 include $(INCLUDE_DIR)/prereq.mk
@@ -17,7 +14,6 @@ ifndef IB
  endif
 endif

-include $(INCLUDE_DIR)/image-legacy.mk
 include $(INCLUDE_DIR)/feeds.mk
 include $(INCLUDE_DIR)/rootfs.mk

@@ -30,7 +26,7 @@ param_get_default = $(firstword $(call param_get,$(1),$(2)) $(3))
 param_mangle = $(subst $(space),_,$(strip $(1)))
 param_unmangle = $(subst _,$(space),$(1))

-mkfs_packages_id = $(shell echo $(sort $(1)) | mkhash md5 | cut -b1-8)
+mkfs_packages_id = $(shell echo $(sort $(1)) | $(MKHASH) md5 | cut -b1-8)
 mkfs_target_dir = $(if $(call param_get,pkg,$(1)),$(KDIR)/target-dir-$(call param_get,pkg,$(1)),$(TARGET_DIR))

 KDIR=$(KERNEL_BUILD_DIR)
@@ -44,7 +40,8 @@ IMG_PREFIX_VERCODE:=$(if $(CONFIG_VERSION_CODE_FILENAMES),$(call sanitize,$(VERS
 IMG_PREFIX:=$(VERSION_DIST_SANITIZED)-$(IMG_PREFIX_VERNUM)$(IMG_PREFIX_VERCODE)$(IMG_PREFIX_EXTRA)$(BOARD)$(if $(SUBTARGET),-$(SUBTARGET))
 IMG_ROOTFS:=$(IMG_PREFIX)-rootfs
 IMG_COMBINED:=$(IMG_PREFIX)-combined
-IMG_PART_SIGNATURE:=$(shell echo $(SOURCE_DATE_EPOCH)$(LINUX_VERMAGIC) | mkhash md5 | cut -b1-8)
+IMG_PART_SIGNATURE:=$(shell echo $(SOURCE_DATE_EPOCH)$(LINUX_VERMAGIC) | $(MKHASH) md5 | cut -b1-8)
+IMG_PART_DISKGUID:=$(shell echo $(SOURCE_DATE_EPOCH)$(LINUX_VERMAGIC) | $(MKHASH) md5 | sed -E 's/(.{8})(.{4})(.{4})(.{4})(.{10})../\1-\2-\3-\4-\500/')

 MKFS_DEVTABLE_OPT := -D $(INCLUDE_DIR)/device_table.txt

@@ -78,6 +75,7 @@ JFFS2OPTS += $(MKFS_DEVTABLE_OPT)
 SQUASHFS_BLOCKSIZE := $(CONFIG_TARGET_SQUASHFS_BLOCK_SIZE)k
 SQUASHFSOPT := -b $(SQUASHFS_BLOCKSIZE)
 SQUASHFSOPT += -p '/dev d 755 0 0' -p '/dev/console c 600 0 0 5 1'
+SQUASHFSOPT += $(if $(CONFIG_SELINUX),-xattrs,-no-xattrs)
 SQUASHFSCOMP := gzip
 LZMA_XZ_OPTIONS := -Xpreset 9 -Xe -Xlc 0 -Xlp 2 -Xpb 2
 ifeq ($(CONFIG_SQUASHFS_XZ),y)
@@ -93,7 +91,6 @@ fs-types-$(CONFIG_TARGET_ROOTFS_SQUASHFS) += squashfs
 fs-types-$(CONFIG_TARGET_ROOTFS_JFFS2) += $(addprefix jffs2-,$(JFFS2_BLOCKSIZE))
 fs-types-$(CONFIG_TARGET_ROOTFS_JFFS2_NAND) += $(addprefix jffs2-nand-,$(NAND_BLOCKSIZE))
 fs-types-$(CONFIG_TARGET_ROOTFS_EXT4FS) += ext4
-fs-types-$(CONFIG_TARGET_ROOTFS_ISO) += iso
 fs-types-$(CONFIG_TARGET_ROOTFS_UBIFS) += ubifs
 fs-subtypes-$(CONFIG_TARGET_ROOTFS_JFFS2) += $(addsuffix -raw,$(addprefix jffs2-,$(JFFS2_BLOCKSIZE)))

@@ -140,14 +137,6 @@ define Image/BuildKernel/MkuImage
 		-n '$(call toupper,$(ARCH)) $(VERSION_DIST) Linux-$(LINUX_VERSION)' -d $(4) $(5)
 endef

-define Image/BuildKernel/MkFIT
-	$(TOPDIR)/scripts/mkits.sh \
-		-D $(1) -o $(KDIR)/fit-$(1).its -k $(2) $(if $(3),-d $(3)) -C $(4) -a $(5) -e $(6) \
-		-c $(if $(DEVICE_DTS_CONFIG),$(DEVICE_DTS_CONFIG),"config@1") \
-		-A $(LINUX_KARCH) -v $(LINUX_VERSION)
-	PATH=$(LINUX_DIR)/scripts/dtc:$(PATH) mkimage -f $(KDIR)/fit-$(1).its $(KDIR)/fit-$(1)$(7).itb
-endef
-
 ifdef CONFIG_TARGET_IMAGES_GZIP
  define Image/Gzip
 	rm -f $(1).gz
@@ -157,24 +146,21 @@ endif


 # Disable noisy checks by default as in upstream
-DTC_FLAGS += \
+DTC_WARN_FLAGS := \
  -Wno-unit_address_vs_reg \
  -Wno-simple_bus_reg \
  -Wno-unit_address_format \
  -Wno-pci_bridge \
  -Wno-pci_device_bus_num \
-  -Wno-pci_device_reg
-ifeq ($(strip $(call kernel_patchver_ge,4.17.0)),1)
-  DTC_FLAGS += \
-	-Wno-avoid_unnecessary_addr_size \
-	-Wno-alias_paths
-endif
-ifeq ($(strip $(call kernel_patchver_ge,4.18.0)),1)
-  DTC_FLAGS += \
-	-Wno-graph_child_address \
-	-Wno-graph_port \
-	-Wno-unique_unit_address
-endif
+  -Wno-pci_device_reg \
+  -Wno-avoid_unnecessary_addr_size \
+  -Wno-alias_paths \
+  -Wno-graph_child_address \
+  -Wno-graph_port \
+  -Wno-unique_unit_address
+
+DTC_FLAGS += $(DTC_WARN_FLAGS)
+DTCO_FLAGS += $(DTC_WARN_FLAGS)

 define Image/pad-to
 	dd if=$(1) of=$(1).new bs=$(2) conv=sync
@@ -191,19 +177,30 @@ endef
 # $(2) target dtb file
 # $(3) extra CPP flags
 # $(4) extra DTC flags
-define Image/BuildDTB
+define Image/BuildDTB/sub
 	$(TARGET_CROSS)cpp -nostdinc -x assembler-with-cpp \
+		$(DTS_CPPFLAGS) \
 		-I$(DTS_DIR) \
 		-I$(DTS_DIR)/include \
 		-I$(LINUX_DIR)/include/ \
+		-I$(LINUX_DIR)/scripts/dtc/include-prefixes \
 		-undef -D__DTS__ $(3) \
 		-o $(2).tmp $(1)
 	$(LINUX_DIR)/scripts/dtc/dtc -O dtb \
-		-i$(dir $(1)) $(DTC_FLAGS) $(4) \
+		-i$(dir $(1)) $(4) \
+	$(if $(CONFIG_HAS_DT_OVERLAY_SUPPORT),-@) \
 		-o $(2) $(2).tmp
 	$(RM) $(2).tmp
 endef

+define Image/BuildDTB
+	$(call Image/BuildDTB/sub,$(1),$(2),$(3),$(DTC_FLAGS) $(DEVICE_DTC_FLAGS) $(4))
+endef
+
+define Image/BuildDTBO
+	$(call Image/BuildDTB/sub,$(1),$(2),$(3),$(DTCO_FLAGS) $(DEVICE_DTCO_FLAGS) $(4))
+endef
+
 define Image/mkfs/jffs2/sub-raw
 	$(STAGING_DIR_HOST)/bin/mkfs.jffs2 \
 		$(2) \
@@ -234,40 +231,27 @@ endef
 $(eval $(foreach S,$(JFFS2_BLOCKSIZE),$(call Image/mkfs/jffs2/template,$(S))))
 $(eval $(foreach S,$(NAND_BLOCKSIZE),$(call Image/mkfs/jffs2-nand/template,$(S))))

-define Image/mkfs/squashfs
+define Image/mkfs/squashfs-common
 	$(STAGING_DIR_HOST)/bin/mksquashfs4 $(call mkfs_target_dir,$(1)) $@ \
 		-nopad -noappend -root-owned \
-		-comp $(SQUASHFSCOMP) $(SQUASHFSOPT) \
-		-processors 1
+		-comp $(SQUASHFSCOMP) $(SQUASHFSOPT)
 endef

-# $(1): board name
-# $(2): rootfs type
-# $(3): kernel image
-# $(4): compat string
-ifneq ($(CONFIG_NAND_SUPPORT),)
-   define Image/Build/SysupgradeNAND
-	mkdir -p "$(KDIR_TMP)/sysupgrade-$(if $(4),$(4),$(1))/"
-	echo "BOARD=$(if $(4),$(4),$(1))" > "$(KDIR_TMP)/sysupgrade-$(if $(4),$(4),$(1))/CONTROL"
-	[ -z "$(2)" ] || $(CP) "$(KDIR)/root.$(2)" "$(KDIR_TMP)/sysupgrade-$(if $(4),$(4),$(1))/root"
-	[ -z "$(3)" ] || $(CP) "$(3)" "$(KDIR_TMP)/sysupgrade-$(if $(4),$(4),$(1))/kernel"
-	(cd "$(KDIR_TMP)"; $(TAR) cvf \
-		"$(BIN_DIR)/$(IMG_PREFIX)-$(1)-$(2)-sysupgrade.tar" sysupgrade-$(if $(4),$(4),$(1)) \
-			$(if $(SOURCE_DATE_EPOCH),--mtime="@$(SOURCE_DATE_EPOCH)") \
-	)
-   endef
-
-# $(1) board name
-# $(2) ubinize-image options (e.g. --uboot-env and/or --kernel kernelimage)
-# $(3) rootfstype (e.g. squashfs or ubifs)
-# $(4) options to pass-through to ubinize (i.e. $($(PROFILE)_UBI_OPTS)))
-   define Image/Build/UbinizeImage
-	sh $(TOPDIR)/scripts/ubinize-image.sh $(2) \
-		"$(KDIR)/root.$(3)" \
-		"$(KDIR)/$(IMG_PREFIX)-$(1)-$(3)-ubinized.bin" \
-		$(4)
-   endef
-
+ifeq ($(CONFIG_TARGET_ROOTFS_SECURITY_LABELS),y)
+define Image/mkfs/squashfs
+	echo ". $(call mkfs_target_dir,$(1))/etc/selinux/config" > $@.fakeroot-script
+	echo "$(STAGING_DIR_HOST)/bin/setfiles -r" \
+	     "$(call mkfs_target_dir,$(1))" \
+	     "$(call mkfs_target_dir,$(1))/etc/selinux/\$${SELINUXTYPE}/contexts/files/file_contexts " \
+	     "$(call mkfs_target_dir,$(1))" >> $@.fakeroot-script
+	echo "$(Image/mkfs/squashfs-common)" >> $@.fakeroot-script
+	chmod +x $@.fakeroot-script
+	$(FAKEROOT) "$@.fakeroot-script"
+endef
+else
+define Image/mkfs/squashfs
+	$(call Image/mkfs/squashfs-common,$(1))
+endef
 endif

 define Image/mkfs/ubifs
@@ -323,7 +307,7 @@ endif

 ifdef CONFIG_TARGET_ROOTFS_CPIOGZ
  define Image/Build/cpiogz
-	( cd $(TARGET_DIR); find . | cpio -o -H newc -R root:root | gzip -9n >$(BIN_DIR)/$(IMG_ROOTFS).cpio.gz )
+	( cd $(TARGET_DIR); find . | $(STAGING_DIR_HOST)/bin/cpio -o -H newc -R 0:0 | gzip -9n >$(BIN_DIR)/$(IMG_ROOTFS).cpio.gz )
  endef
 endif

@@ -361,6 +345,8 @@ define Device/InitProfile
  DEVICE_ALT0_TITLE = $$(DEVICE_ALT0_VENDOR) $$(DEVICE_ALT0_MODEL)$$(if $$(DEVICE_ALT0_VARIANT), $$(DEVICE_ALT0_VARIANT))
  DEVICE_ALT1_TITLE = $$(DEVICE_ALT1_VENDOR) $$(DEVICE_ALT1_MODEL)$$(if $$(DEVICE_ALT1_VARIANT), $$(DEVICE_ALT1_VARIANT))
  DEVICE_ALT2_TITLE = $$(DEVICE_ALT2_VENDOR) $$(DEVICE_ALT2_MODEL)$$(if $$(DEVICE_ALT2_VARIANT), $$(DEVICE_ALT2_VARIANT))
+  DEVICE_ALT3_TITLE = $$(DEVICE_ALT3_VENDOR) $$(DEVICE_ALT3_MODEL)$$(if $$(DEVICE_ALT3_VARIANT), $$(DEVICE_ALT3_VARIANT))
+  DEVICE_ALT4_TITLE = $$(DEVICE_ALT4_VENDOR) $$(DEVICE_ALT4_MODEL)$$(if $$(DEVICE_ALT4_VARIANT), $$(DEVICE_ALT4_VARIANT))
  DEVICE_VENDOR :=
  DEVICE_MODEL :=
  DEVICE_VARIANT :=
@@ -373,6 +359,12 @@ define Device/InitProfile
  DEVICE_ALT2_VENDOR :=
  DEVICE_ALT2_MODEL :=
  DEVICE_ALT2_VARIANT :=
+  DEVICE_ALT3_VENDOR :=
+  DEVICE_ALT3_MODEL :=
+  DEVICE_ALT3_VARIANT :=
+  DEVICE_ALT4_VENDOR :=
+  DEVICE_ALT4_MODEL :=
+  DEVICE_ALT4_VARIANT :=
  DEVICE_PACKAGES :=
  DEVICE_DESCRIPTION = Build firmware images for $$(DEVICE_TITLE)
 endef
@@ -381,18 +373,19 @@ define Device/Init
  DEVICE_NAME := $(1)
  KERNEL:=
  KERNEL_INITRAMFS = $$(KERNEL)
-  KERNEL_SIZE:=
  CMDLINE:=

  IMAGES :=
  ARTIFACTS :=
-  IMAGE_PREFIX := $(IMG_PREFIX)-$(1)
-  IMAGE_NAME = $$(IMAGE_PREFIX)-$$(1)-$$(2)
-  KERNEL_PREFIX = $$(IMAGE_PREFIX)
+  DEVICE_IMG_PREFIX := $(IMG_PREFIX)-$(1)
+  DEVICE_IMG_NAME = $$(DEVICE_IMG_PREFIX)-$$(1)-$$(2)
+  FACTORY_IMG_NAME :=
+  IMAGE_SIZE :=
+  KERNEL_PREFIX = $$(DEVICE_IMG_PREFIX)
  KERNEL_SUFFIX := -kernel.bin
  KERNEL_INITRAMFS_SUFFIX = $$(KERNEL_SUFFIX)
  KERNEL_IMAGE = $$(KERNEL_PREFIX)$$(KERNEL_SUFFIX)
-  KERNEL_INITRAMFS_PREFIX = $$(IMAGE_PREFIX)-initramfs
+  KERNEL_INITRAMFS_PREFIX = $$(DEVICE_IMG_PREFIX)-initramfs
  KERNEL_INITRAMFS_IMAGE = $$(KERNEL_INITRAMFS_PREFIX)$$(KERNEL_INITRAMFS_SUFFIX)
  KERNEL_INITRAMFS_NAME = $$(KERNEL_NAME)-initramfs
  KERNEL_INSTALL :=
@@ -414,31 +407,49 @@ define Device/Init

  DEVICE_DTS :=
  DEVICE_DTS_CONFIG :=
+  DEVICE_DTS_DELIMITER :=
  DEVICE_DTS_DIR :=
+  DEVICE_DTS_LOADADDR :=
+  DEVICE_DTS_OVERLAY :=
+  DEVICE_FDT_NUM :=
+  DEVICE_DTC_FLAGS :=
+  DEVICE_DTCO_FLAGS :=
  SOC :=

  BOARD_NAME :=
+  UIMAGE_MAGIC :=
  UIMAGE_NAME :=
-  SUPPORTED_DEVICES :=
+  UIMAGE_TIME :=
+  DEVICE_COMPAT_VERSION := 1.0
+  DEVICE_COMPAT_MESSAGE :=
+  SUPPORTED_DEVICES := $(subst _,$(comma),$(1))
  IMAGE_METADATA :=

  FILESYSTEMS := $(TARGET_FILESYSTEMS)

  UBOOT_PATH :=  $(STAGING_DIR_IMAGE)/uboot-$(1)

+  BROKEN :=
  DEFAULT :=
 endef

 DEFAULT_DEVICE_VARS := \
  DEVICE_NAME KERNEL KERNEL_INITRAMFS KERNEL_INITRAMFS_IMAGE KERNEL_SIZE \
  CMDLINE UBOOTENV_IN_UBI KERNEL_IN_UBI BLOCKSIZE PAGESIZE SUBPAGESIZE \
-  VID_HDR_OFFSET UBINIZE_OPTS UBINIZE_PARTS MKUBIFS_OPTS DEVICE_DTS \
-  DEVICE_DTS_CONFIG DEVICE_DTS_DIR SOC BOARD_NAME UIMAGE_NAME SUPPORTED_DEVICES \
-  IMAGE_METADATA KERNEL_ENTRY KERNEL_LOADADDR UBOOT_PATH DEVICE_VENDOR \
-  DEVICE_MODEL DEVICE_VARIANT \
+  VID_HDR_OFFSET UBINIZE_OPTS UBINIZE_PARTS MKUBIFS_OPTS DEVICE_DTC_FLAGS \
+  DEVICE_DTCO_FLAGS DEVICE_DTS DEVICE_DTS_CONFIG DEVICE_DTS_DELIMITER \
+  DEVICE_DTS_DIR DEVICE_DTS_OVERLAY DEVICE_DTS_LOADADDR \
+  DEVICE_FDT_NUM DEVICE_IMG_PREFIX SOC BOARD_NAME UIMAGE_MAGIC UIMAGE_NAME \
+  UIMAGE_TIME SUPPORTED_DEVICES IMAGE_METADATA KERNEL_ENTRY KERNEL_LOADADDR \
+  UBOOT_PATH IMAGE_SIZE \
+  FACTORY_IMG_NAME FACTORY_SIZE \
+  DEVICE_PACKAGES DEVICE_COMPAT_VERSION DEVICE_COMPAT_MESSAGE \
+  DEVICE_VENDOR DEVICE_MODEL DEVICE_VARIANT \
  DEVICE_ALT0_VENDOR DEVICE_ALT0_MODEL DEVICE_ALT0_VARIANT \
  DEVICE_ALT1_VENDOR DEVICE_ALT1_MODEL DEVICE_ALT1_VARIANT \
-  DEVICE_ALT2_VENDOR DEVICE_ALT2_MODEL DEVICE_ALT2_VARIANT
+  DEVICE_ALT2_VENDOR DEVICE_ALT2_MODEL DEVICE_ALT2_VARIANT \
+  DEVICE_ALT3_VENDOR DEVICE_ALT3_MODEL DEVICE_ALT3_VARIANT \
+  DEVICE_ALT4_VENDOR DEVICE_ALT4_MODEL DEVICE_ALT4_VARIANT

 define Device/ExportVar
  $(1) : $(2):=$$($(2))
@@ -486,22 +497,63 @@ endef
 ifndef IB
 define Device/Build/initramfs
  $(call Device/Export,$(KDIR)/tmp/$$(KERNEL_INITRAMFS_IMAGE),$(1))
-  $$(_TARGET): $$(if $$(KERNEL_INITRAMFS),$(BIN_DIR)/$$(KERNEL_INITRAMFS_IMAGE))
+  $$(_TARGET): $$(if $$(KERNEL_INITRAMFS),$(BIN_DIR)/$$(KERNEL_INITRAMFS_IMAGE) \
+	  $$(if $$(CONFIG_JSON_OVERVIEW_IMAGE_INFO), $(BUILD_DIR)/json_info_files/$$(KERNEL_INITRAMFS_IMAGE).json,))

  $(KDIR)/$$(KERNEL_INITRAMFS_NAME):: image_prepare
+  $(1)-images: $$(if $$(KERNEL_INITRAMFS),$(BIN_DIR)/$$(KERNEL_INITRAMFS_IMAGE))
  $(BIN_DIR)/$$(KERNEL_INITRAMFS_IMAGE): $(KDIR)/tmp/$$(KERNEL_INITRAMFS_IMAGE)
 	cp $$^ $$@

  $(KDIR)/tmp/$$(KERNEL_INITRAMFS_IMAGE): $(KDIR)/$$(KERNEL_INITRAMFS_NAME) $(CURDIR)/Makefile $$(KERNEL_DEPENDS) image_prepare
 	@rm -f $$@
 	$$(call concat_cmd,$$(KERNEL_INITRAMFS))
+
+  $(call Device/Export,$(BUILD_DIR)/json_info_files/$$(KERNEL_INITRAMFS_IMAGE).json,$(1))
+
+  $(BUILD_DIR)/json_info_files/$$(KERNEL_INITRAMFS_IMAGE).json: $(BIN_DIR)/$$(KERNEL_INITRAMFS_IMAGE)
+	@mkdir -p $$(shell dirname $$@)
+	DEVICE_ID="$(1)" \
+	SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
+	FILE_NAME="$$(notdir $$^)" \
+	FILE_DIR="$(KDIR)/tmp" \
+	FILE_TYPE="kernel" \
+	FILE_FILESYSTEM="initramfs" \
+	DEVICE_IMG_PREFIX="$$(DEVICE_IMG_PREFIX)" \
+	DEVICE_VENDOR="$$(DEVICE_VENDOR)" \
+	DEVICE_MODEL="$$(DEVICE_MODEL)" \
+	DEVICE_VARIANT="$$(DEVICE_VARIANT)" \
+	DEVICE_ALT0_VENDOR="$$(DEVICE_ALT0_VENDOR)" \
+	DEVICE_ALT0_MODEL="$$(DEVICE_ALT0_MODEL)" \
+	DEVICE_ALT0_VARIANT="$$(DEVICE_ALT0_VARIANT)" \
+	DEVICE_ALT1_VENDOR="$$(DEVICE_ALT1_VENDOR)" \
+	DEVICE_ALT1_MODEL="$$(DEVICE_ALT1_MODEL)" \
+	DEVICE_ALT1_VARIANT="$$(DEVICE_ALT1_VARIANT)" \
+	DEVICE_ALT2_VENDOR="$$(DEVICE_ALT2_VENDOR)" \
+	DEVICE_ALT2_MODEL="$$(DEVICE_ALT2_MODEL)" \
+	DEVICE_ALT2_VARIANT="$$(DEVICE_ALT2_VARIANT)" \
+	DEVICE_ALT3_VENDOR="$$(DEVICE_ALT3_VENDOR)" \
+	DEVICE_ALT3_MODEL="$$(DEVICE_ALT3_MODEL)" \
+	DEVICE_ALT3_VARIANT="$$(DEVICE_ALT3_VARIANT)" \
+	DEVICE_ALT4_VENDOR="$$(DEVICE_ALT4_VENDOR)" \
+	DEVICE_ALT4_MODEL="$$(DEVICE_ALT4_MODEL)" \
+	DEVICE_ALT4_VARIANT="$$(DEVICE_ALT4_VARIANT)" \
+	DEVICE_TITLE="$$(DEVICE_TITLE)" \
+	DEVICE_PACKAGES="$$(DEVICE_PACKAGES)" \
+	TARGET="$(BOARD)" \
+	SUBTARGET="$(if $(SUBTARGET),$(SUBTARGET),generic)" \
+	VERSION_NUMBER="$(VERSION_NUMBER)" \
+	VERSION_CODE="$(VERSION_CODE)" \
+	SUPPORTED_DEVICES="$$(SUPPORTED_DEVICES)" \
+	$(TOPDIR)/scripts/json_add_image_info.py $$@
 endef
 endif

 define Device/Build/compile
  $$(_COMPILE_TARGET): $(KDIR)/$(1)
  $(eval $(call Device/Export,$(KDIR)/$(1)))
-  $(KDIR)/$(1):
+  $(KDIR)/$(1): FORCE
+	rm -f $(KDIR)/$(1)
 	$$(call concat_cmd,$(COMPILE/$(1)))

 endef
@@ -513,7 +565,18 @@ define Device/Build/dtb
  $(KDIR)/image-$(1).dtb: FORCE
 	$(call Image/BuildDTB,$(strip $(2))/$(strip $(3)).dts,$$@)

-  image_prepare: $(KDIR)/image-$(1).dtb
+  compile-dtb: $(KDIR)/image-$(1).dtb
+  endif
+
+endef
+
+define Device/Build/dtbo
+  ifndef BUILD_DTSO_$(1)
+  BUILD_DTSO_$(1) := 1
+  $(KDIR)/image-$(1).dtbo: FORCE
+	$(call Image/BuildDTBO,$(strip $(2))/$(strip $(3)).dtso,$$@)
+
+  compile-dtb: $(KDIR)/image-$(1).dtbo
  endif

 endef
@@ -526,6 +589,12 @@ define Device/Build/kernel
 		$$(dts) \
 	) \
  ))
+  $$(eval $$(foreach dtso,$$(DEVICE_DTS_OVERLAY), \
+	$$(call Device/Build/dtbo,$$(notdir $$(dtso)), \
+		$$(if $$(DEVICE_DTS_DIR),$$(DEVICE_DTS_DIR),$$(DTS_DIR)), \
+		$$(dtso) \
+	) \
+  ))

  $(KDIR)/$$(KERNEL_NAME):: image_prepare
  $$(_TARGET): $$(if $$(KERNEL_INSTALL),$(BIN_DIR)/$$(KERNEL_IMAGE))
@@ -545,8 +614,12 @@ endef

 define Device/Build/image
  GZ_SUFFIX := $(if $(filter %dtb %gz,$(2)),,$(if $(and $(findstring ext4,$(1)),$(CONFIG_TARGET_IMAGES_GZIP)),.gz))
-  $$(_TARGET): $(BIN_DIR)/$(call IMAGE_NAME,$(1),$(2))$$(GZ_SUFFIX)
-  $(eval $(call Device/Export,$(KDIR)/tmp/$(call IMAGE_NAME,$(1),$(2)),$(1)))
+  $$(_TARGET): $(if $(CONFIG_JSON_OVERVIEW_IMAGE_INFO), \
+	  $(BUILD_DIR)/json_info_files/$(call DEVICE_IMG_NAME,$(1),$(2)).json, \
+	  $(BIN_DIR)/$(call DEVICE_IMG_NAME,$(1),$(2))$$(GZ_SUFFIX))
+  $(eval $(call Device/Export,$(KDIR)/tmp/$(call DEVICE_IMG_NAME,$(1),$(2)),$(1)))
+  $(3)-images: $(BIN_DIR)/$(call DEVICE_IMG_NAME,$(1),$(2))$$(GZ_SUFFIX)
+
  ROOTFS/$(1)/$(3) := \
 	$(KDIR)/root.$(1)$$(strip \
 		$$(if $$(FS_OPTIONS/$(1)),+fs=$$(call param_mangle,$$(FS_OPTIONS/$(1)))) \
@@ -556,64 +629,109 @@ define Device/Build/image
  ifndef IB
    $$(ROOTFS/$(1)/$(3)): $(if $(TARGET_PER_DEVICE_ROOTFS),target-dir-$$(ROOTFS_ID/$(3)))
  endif
-  $(KDIR)/tmp/$(call IMAGE_NAME,$(1),$(2)): $$(KDIR_KERNEL_IMAGE) $$(ROOTFS/$(1)/$(3))
+  $(KDIR)/tmp/$(call DEVICE_IMG_NAME,$(1),$(2)): $$(KDIR_KERNEL_IMAGE) $$(ROOTFS/$(1)/$(3))
 	@rm -f $$@
 	[ -f $$(word 1,$$^) -a -f $$(word 2,$$^) ]
 	$$(call concat_cmd,$(if $(IMAGE/$(2)/$(1)),$(IMAGE/$(2)/$(1)),$(IMAGE/$(2))))

-  .IGNORE: $(BIN_DIR)/$(call IMAGE_NAME,$(1),$(2))
+  .IGNORE: $(BIN_DIR)/$(call DEVICE_IMG_NAME,$(1),$(2))

-  $(BIN_DIR)/$(call IMAGE_NAME,$(1),$(2)).gz: $(KDIR)/tmp/$(call IMAGE_NAME,$(1),$(2))
+  $(BIN_DIR)/$(call DEVICE_IMG_NAME,$(1),$(2)).gz: $(KDIR)/tmp/$(call DEVICE_IMG_NAME,$(1),$(2))
 	gzip -c -9n $$^ > $$@

-  $(BIN_DIR)/$(call IMAGE_NAME,$(1),$(2)): $(KDIR)/tmp/$(call IMAGE_NAME,$(1),$(2))
+  $(BIN_DIR)/$(call DEVICE_IMG_NAME,$(1),$(2)): $(KDIR)/tmp/$(call DEVICE_IMG_NAME,$(1),$(2))
 	cp $$^ $$@
-	$(if $(CONFIG_JSON_ADD_IMAGE_INFO), \
-		DEVICE_ID="$(DEVICE_NAME)" \
-		BIN_DIR="$(BIN_DIR)" \
-		IMAGE_NAME="$(IMAGE_NAME)" \
-		IMAGE_TYPE=$(word 1,$(subst ., ,$(2))) \
-		IMAGE_PREFIX="$(IMAGE_PREFIX)" \
-		DEVICE_VENDOR="$(DEVICE_VENDOR)" \
-		DEVICE_MODEL="$(DEVICE_MODEL)" \
-		DEVICE_VARIANT="$(DEVICE_VARIANT)" \
-		DEVICE_ALT0_VENDOR="$(DEVICE_ALT0_VENDOR)" \
-		DEVICE_ALT0_MODEL="$(DEVICE_ALT0_MODEL)" \
-		DEVICE_ALT0_VARIANT="$(DEVICE_ALT0_VARIANT)" \
-		DEVICE_ALT1_VENDOR="$(DEVICE_ALT1_VENDOR)" \
-		DEVICE_ALT1_MODEL="$(DEVICE_ALT1_MODEL)" \
-		DEVICE_ALT1_VARIANT="$(DEVICE_ALT1_VARIANT)" \
-		DEVICE_ALT2_VENDOR="$(DEVICE_ALT2_VENDOR)" \
-		DEVICE_ALT2_MODEL="$(DEVICE_ALT2_MODEL)" \
-		DEVICE_ALT2_VARIANT="$(DEVICE_ALT2_VARIANT)" \
-		DEVICE_TITLE="$(DEVICE_TITLE)" \
-		TARGET="$(BOARD)" \
-		SUBTARGET="$(if $(SUBTARGET),$(SUBTARGET),generic)" \
-		VERSION_NUMBER="$(VERSION_NUMBER)" \
-		VERSION_CODE="$(VERSION_CODE)" \
-		SUPPORTED_DEVICES="$(SUPPORTED_DEVICES)" \
-		$(TOPDIR)/scripts/json_add_image_info.py \
-	)
+
+  $(BUILD_DIR)/json_info_files/$(call DEVICE_IMG_NAME,$(1),$(2)).json: $(BIN_DIR)/$(call DEVICE_IMG_NAME,$(1),$(2))$$(GZ_SUFFIX)
+	@mkdir -p $$(shell dirname $$@)
+	DEVICE_ID="$(DEVICE_NAME)" \
+	SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
+	FILE_NAME="$(DEVICE_IMG_NAME)" \
+	FILE_DIR="$(KDIR)/tmp" \
+	FILE_TYPE=$(word 1,$(subst ., ,$(2))) \
+	FILE_FILESYSTEM="$(1)" \
+	DEVICE_IMG_PREFIX="$(DEVICE_IMG_PREFIX)" \
+	DEVICE_VENDOR="$(DEVICE_VENDOR)" \
+	DEVICE_MODEL="$(DEVICE_MODEL)" \
+	DEVICE_VARIANT="$(DEVICE_VARIANT)" \
+	DEVICE_ALT0_VENDOR="$(DEVICE_ALT0_VENDOR)" \
+	DEVICE_ALT0_MODEL="$(DEVICE_ALT0_MODEL)" \
+	DEVICE_ALT0_VARIANT="$(DEVICE_ALT0_VARIANT)" \
+	DEVICE_ALT1_VENDOR="$(DEVICE_ALT1_VENDOR)" \
+	DEVICE_ALT1_MODEL="$(DEVICE_ALT1_MODEL)" \
+	DEVICE_ALT1_VARIANT="$(DEVICE_ALT1_VARIANT)" \
+	DEVICE_ALT2_VENDOR="$(DEVICE_ALT2_VENDOR)" \
+	DEVICE_ALT2_MODEL="$(DEVICE_ALT2_MODEL)" \
+	DEVICE_ALT2_VARIANT="$(DEVICE_ALT2_VARIANT)" \
+	DEVICE_ALT3_VENDOR="$(DEVICE_ALT3_VENDOR)" \
+	DEVICE_ALT3_MODEL="$(DEVICE_ALT3_MODEL)" \
+	DEVICE_ALT3_VARIANT="$(DEVICE_ALT3_VARIANT)" \
+	DEVICE_ALT4_VENDOR="$(DEVICE_ALT4_VENDOR)" \
+	DEVICE_ALT4_MODEL="$(DEVICE_ALT4_MODEL)" \
+	DEVICE_ALT4_VARIANT="$(DEVICE_ALT4_VARIANT)" \
+	DEVICE_TITLE="$(DEVICE_TITLE)" \
+	DEVICE_PACKAGES="$(DEVICE_PACKAGES)" \
+	TARGET="$(BOARD)" \
+	SUBTARGET="$(if $(SUBTARGET),$(SUBTARGET),generic)" \
+	VERSION_NUMBER="$(VERSION_NUMBER)" \
+	VERSION_CODE="$(VERSION_CODE)" \
+	SUPPORTED_DEVICES="$(SUPPORTED_DEVICES)" \
+	$(TOPDIR)/scripts/json_add_image_info.py $$@

 endef

 define Device/Build/artifact
-  $$(_TARGET): $(BIN_DIR)/$(IMAGE_PREFIX)-$(1)
-  $(eval $(call Device/Export,$(KDIR)/tmp/$(IMAGE_PREFIX)-$(1)))
-  $(KDIR)/tmp/$(IMAGE_PREFIX)-$(1): $$(KDIR_KERNEL_IMAGE)
+  $$(_TARGET): $(if $(CONFIG_JSON_OVERVIEW_IMAGE_INFO), \
+	  $(BUILD_DIR)/json_info_files/$(DEVICE_IMG_PREFIX)-$(1).json, \
+	  $(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1))
+  $(eval $(call Device/Export,$(KDIR)/tmp/$(DEVICE_IMG_PREFIX)-$(1)))
+  $(KDIR)/tmp/$(DEVICE_IMG_PREFIX)-$(1): $$(KDIR_KERNEL_IMAGE) $(2)-images
 	@rm -f $$@
 	$$(call concat_cmd,$(ARTIFACT/$(1)))

-  .IGNORE: $(BIN_DIR)/$(IMAGE_PREFIX)-$(1)
+  .IGNORE: $(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1)

-  $(BIN_DIR)/$(IMAGE_PREFIX)-$(1): $(KDIR)/tmp/$(IMAGE_PREFIX)-$(1)
+  $(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1): $(KDIR)/tmp/$(DEVICE_IMG_PREFIX)-$(1)
 	cp $$^ $$@

+  $(BUILD_DIR)/json_info_files/$(DEVICE_IMG_PREFIX)-$(1).json: $(BIN_DIR)/$(DEVICE_IMG_PREFIX)-$(1)
+	@mkdir -p $$(shell dirname $$@)
+	DEVICE_ID="$(DEVICE_NAME)" \
+	SOURCE_DATE_EPOCH=$(SOURCE_DATE_EPOCH) \
+	FILE_NAME="$(DEVICE_IMG_PREFIX)-$(1)" \
+	FILE_DIR="$(KDIR)/tmp" \
+	FILE_TYPE="$(1)" \
+	DEVICE_IMG_PREFIX="$(DEVICE_IMG_PREFIX)" \
+	DEVICE_VENDOR="$(DEVICE_VENDOR)" \
+	DEVICE_MODEL="$(DEVICE_MODEL)" \
+	DEVICE_VARIANT="$(DEVICE_VARIANT)" \
+	DEVICE_ALT0_VENDOR="$(DEVICE_ALT0_VENDOR)" \
+	DEVICE_ALT0_MODEL="$(DEVICE_ALT0_MODEL)" \
+	DEVICE_ALT0_VARIANT="$(DEVICE_ALT0_VARIANT)" \
+	DEVICE_ALT1_VENDOR="$(DEVICE_ALT1_VENDOR)" \
+	DEVICE_ALT1_MODEL="$(DEVICE_ALT1_MODEL)" \
+	DEVICE_ALT1_VARIANT="$(DEVICE_ALT1_VARIANT)" \
+	DEVICE_ALT2_VENDOR="$(DEVICE_ALT2_VENDOR)" \
+	DEVICE_ALT2_MODEL="$(DEVICE_ALT2_MODEL)" \
+	DEVICE_ALT2_VARIANT="$(DEVICE_ALT2_VARIANT)" \
+	DEVICE_ALT3_VENDOR="$(DEVICE_ALT3_VENDOR)" \
+	DEVICE_ALT3_MODEL="$(DEVICE_ALT3_MODEL)" \
+	DEVICE_ALT3_VARIANT="$(DEVICE_ALT3_VARIANT)" \
+	DEVICE_ALT4_VENDOR="$(DEVICE_ALT4_VENDOR)" \
+	DEVICE_ALT4_MODEL="$(DEVICE_ALT4_MODEL)" \
+	DEVICE_ALT4_VARIANT="$(DEVICE_ALT4_VARIANT)" \
+	DEVICE_TITLE="$(DEVICE_TITLE)" \
+	DEVICE_PACKAGES="$(DEVICE_PACKAGES)" \
+	TARGET="$(BOARD)" \
+	SUBTARGET="$(if $(SUBTARGET),$(SUBTARGET),generic)" \
+	VERSION_NUMBER="$(VERSION_NUMBER)" \
+	VERSION_CODE="$(VERSION_CODE)" \
+	SUPPORTED_DEVICES="$(SUPPORTED_DEVICES)" \
+	$(TOPDIR)/scripts/json_add_image_info.py $$@
+
 endef

 define Device/Build
-  $(shell rm -f $(BIN_DIR)/$(IMG_PREFIX)-$(1).json)
-
  $(if $(CONFIG_TARGET_ROOTFS_INITRAMFS),$(call Device/Build/initramfs,$(1)))
  $(call Device/Build/kernel,$(1))

@@ -625,7 +743,7 @@ define Device/Build
      $$(call Device/Build/image,$$(fs),$$(image),$(1)))))

  $$(eval $$(foreach artifact,$$(ARTIFACTS), \
-    $$(call Device/Build/artifact,$$(artifact))))
+    $$(call Device/Build/artifact,$$(artifact),$(1))))

 endef

@@ -635,6 +753,7 @@ Target-Profile-Name: $(DEVICE_DISPLAY)
 Target-Profile-Packages: $(DEVICE_PACKAGES)
 Target-Profile-hasImageMetadata: $(if $(foreach image,$(IMAGES),$(findstring append-metadata,$(IMAGE/$(image)))),1,0)
 Target-Profile-SupportedDevices: $(SUPPORTED_DEVICES)
+$(if $(BROKEN),Target-Profile-Broken: $(BROKEN))
 $(if $(DEFAULT),Target-Profile-Default: $(DEFAULT))
 Target-Profile-Description:
 $(DEVICE_DESCRIPTION)
@@ -642,6 +761,8 @@ $(if $(strip $(DEVICE_ALT0_TITLE)),Alternative device titles:
 - $(DEVICE_ALT0_TITLE))
 $(if $(strip $(DEVICE_ALT1_TITLE)),- $(DEVICE_ALT1_TITLE))
 $(if $(strip $(DEVICE_ALT2_TITLE)),- $(DEVICE_ALT2_TITLE))
+$(if $(strip $(DEVICE_ALT3_TITLE)),- $(DEVICE_ALT3_TITLE))
+$(if $(strip $(DEVICE_ALT4_TITLE)),- $(DEVICE_ALT4_TITLE))
@@

 endef
@@ -659,6 +780,14 @@ ifneq ($$(strip $$(DEVICE_ALT2_TITLE)),)
 DEVICE_DISPLAY = $$(DEVICE_ALT2_TITLE) ($$(DEVICE_TITLE))
 $$(info $$(call Device/DumpInfo,$(1)))
 endif
+ifneq ($$(strip $$(DEVICE_ALT3_TITLE)),)
+DEVICE_DISPLAY = $$(DEVICE_ALT3_TITLE) ($$(DEVICE_TITLE))
+$$(info $$(call Device/DumpInfo,$(1)))
+endif
+ifneq ($$(strip $$(DEVICE_ALT4_TITLE)),)
+DEVICE_DISPLAY = $$(DEVICE_ALT4_TITLE) ($$(DEVICE_TITLE))
+$$(info $$(call Device/DumpInfo,$(1)))
+endif
 DEVICE_DISPLAY = $$(DEVICE_TITLE)
 $$(eval $$(if $$(DEVICE_TITLE),$$(info $$(call Device/DumpInfo,$(1)))))
 endef
@@ -684,28 +813,27 @@ define BuildImage
  download:
  prepare:
  compile:
+  compile-dtb:
  clean:
-  legacy-images-prepare:
-  legacy-images:
  image_prepare:

  ifeq ($(IB),)
-    .PHONY: download prepare compile clean image_prepare kernel_prepare install install-images
+    .PHONY: download prepare compile compile-dtb clean image_prepare kernel_prepare install install-images
    compile:
 		$(call Build/Compile)

    clean:
 		$(call Build/Clean)

-    image_prepare: compile
+    compile-dtb:
+    image_prepare: compile compile-dtb
 		mkdir -p $(BIN_DIR) $(KDIR)/tmp
+		rm -rf $(BUILD_DIR)/json_info_files
 		$(call Image/Prepare)

-    legacy-images-prepare-make: image_prepare
-		$(MAKE) legacy-images-prepare BIN_DIR="$(BIN_DIR)"
-
  else
    image_prepare:
+		rm -rf $(KDIR)/tmp
 		mkdir -p $(BIN_DIR) $(KDIR)/tmp
  endif

@@ -717,17 +845,12 @@ define BuildImage
 	$(call Image/InstallKernel)

  $(foreach device,$(TARGET_DEVICES),$(call Device,$(device)))
-  $(foreach device,$(LEGACY_DEVICES),$(call LegacyDevice,$(device)))

  install-images: kernel_prepare $(foreach fs,$(filter-out $(if $(UBIFS_OPTS),,ubifs),$(TARGET_FILESYSTEMS) $(fs-subtypes-y)),$(KDIR)/root.$(fs))
 	$(foreach fs,$(TARGET_FILESYSTEMS),
 		$(call Image/Build,$(fs))
 	)

-  legacy-images-make: install-images
-	$(call Image/mkfs/ubifs/legacy)
-	$(MAKE) legacy-images BIN_DIR="$(BIN_DIR)"
-
  install: install-images
 	$(call Image/Manifest)

--- a/include/kernel-5.10
+++ b/include/kernel-5.10
@@ -0,0 +1,2 @@
+LINUX_VERSION-5.10 = .220
+LINUX_KERNEL_HASH-5.10.220 = 7cc3aff924e9707a5dbf1200c79a7f01617e097b9b175d02bda8ca762aeee19b
--- a/include/kernel-5.15
+++ b/include/kernel-5.15
@@ -0,0 +1,2 @@
+LINUX_VERSION-5.15 = .162
+LINUX_KERNEL_HASH-5.15.162 = 91bfc0ea152ce7b102a0b79d35a7c92843874ebf085c99d2ba8b4d85e62b1a7c
--- a/include/kernel-5.4
+++ b/include/kernel-5.4
@@ -0,0 +1,2 @@
+LINUX_VERSION-5.4 = .278
+LINUX_KERNEL_HASH-5.4.278 = e5a00606115545f444ef2766af5652f5539e3c96f46a9778bede89b98ffb8588
--- a/include/kernel-6.1
+++ b/include/kernel-6.1
@@ -0,0 +1,2 @@
+LINUX_VERSION-6.1 = .98
+LINUX_KERNEL_HASH-6.1.98 = 97cdc9127c7700556ea0891267a0c24cf372f4b81636fb8203a914f3a69f3406
--- a/include/kernel-6.6
+++ b/include/kernel-6.6
@@ -0,0 +1,2 @@
+LINUX_VERSION-6.6 = .66
+LINUX_KERNEL_HASH-6.6.66 = 9d757937c4661c2f512c62641b74ef74eff9bb13dc5dbcbaaa108c21152f1e52
--- a/include/kernel-build.mk
+++ b/include/kernel-build.mk
@@ -1,9 +1,7 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
-# Copyright (C) 2006-2007 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+# Copyright (C) 2006-2020 OpenWrt.org
+
 include $(INCLUDE_DIR)/prereq.mk
 include $(INCLUDE_DIR)/depends.mk

@@ -12,7 +10,7 @@ ifneq ($(DUMP),1)
 endif

 KERNEL_FILE_DEPENDS=$(GENERIC_BACKPORT_DIR) $(GENERIC_PATCH_DIR) $(GENERIC_HACK_DIR) $(PATCH_DIR) $(GENERIC_FILES_DIR) $(FILES_DIR)
-STAMP_PREPARED=$(LINUX_DIR)/.prepared$(if $(QUILT)$(DUMP),,_$(shell $(call find_md5,$(KERNEL_FILE_DEPENDS),)))
+STAMP_PREPARED=$(LINUX_DIR)/.prepared$(if $(QUILT)$(DUMP),,_$(shell $(call $(if $(CONFIG_AUTOREMOVE),find_md5_reproducible,find_md5),$(KERNEL_FILE_DEPENDS),)))
 STAMP_CONFIGURED:=$(LINUX_DIR)/.configured
 include $(INCLUDE_DIR)/download.mk
 include $(INCLUDE_DIR)/quilt.mk
@@ -70,7 +68,7 @@ ifdef CONFIG_COLLECT_KERNEL_DEBUG
 	$(FIND) $(KERNEL_BUILD_DIR)/debug -type f | $(XARGS) $(KERNEL_CROSS)strip --only-keep-debug
 	$(TAR) c -C $(KERNEL_BUILD_DIR) debug \
 		$(if $(SOURCE_DATE_EPOCH),--mtime="@$(SOURCE_DATE_EPOCH)") \
-		| bzip2 -c -9 > $(BIN_DIR)/kernel-debug.tar.bz2
+		| zstd -T0 -f -o $(BIN_DIR)/kernel-debug.tar.zst
  endef
 endif

@@ -105,7 +103,7 @@ define BuildKernel
 		xargs $(TARGET_CROSS)nm | \
 		awk '$$$$1 == "U" { print $$$$2 } ' | \
 		sort -u > $(KERNEL_BUILD_DIR)/mod_symtab.txt
-	$(TARGET_CROSS)nm -n $(LINUX_DIR)/vmlinux.o | grep ' [rR] __ksymtab' | sed -e 's,........ [rR] __ksymtab_,,' > $(KERNEL_BUILD_DIR)/kernel_symtab.txt
+	$(TARGET_CROSS)nm -n $(LINUX_DIR)/vmlinux.o | awk '/^[0-9a-f]+ [rR] __ksymtab_/ {print substr($$$$3,11)}' > $(KERNEL_BUILD_DIR)/kernel_symtab.txt
 	grep -Ff $(KERNEL_BUILD_DIR)/mod_symtab.txt $(KERNEL_BUILD_DIR)/kernel_symtab.txt > $(KERNEL_BUILD_DIR)/sym_include.txt
 	grep -Fvf $(KERNEL_BUILD_DIR)/mod_symtab.txt $(KERNEL_BUILD_DIR)/kernel_symtab.txt > $(KERNEL_BUILD_DIR)/sym_exclude.txt
 	( \
@@ -134,6 +132,7 @@ define BuildKernel
  $(LINUX_DIR)/.modules: export STAGING_PREFIX=$$(STAGING_DIR_HOST)
  $(LINUX_DIR)/.modules: export PKG_CONFIG_PATH=$$(STAGING_DIR_HOST)/lib/pkgconfig
  $(LINUX_DIR)/.modules: export PKG_CONFIG_LIBDIR=$$(STAGING_DIR_HOST)/lib/pkgconfig
+  $(LINUX_DIR)/.modules: export FAIL_ON_UNCONFIGURED=1
  $(LINUX_DIR)/.modules: $(STAMP_CONFIGURED) $(LINUX_DIR)/.config FORCE
 	$(Kernel/CompileModules)
 	touch $$@
@@ -157,17 +156,22 @@ define BuildKernel
  compile: $(LINUX_DIR)/.modules
 	$(MAKE) -C image compile TARGET_BUILD=

-  oldconfig menuconfig nconfig: $(STAMP_PREPARED) $(STAMP_CHECKED) FORCE
+  dtb: $(STAMP_CONFIGURED)
+	$(_SINGLE)$(KERNEL_MAKE) scripts_dtc
+	$(MAKE) -C image compile-dtb TARGET_BUILD=
+
+  oldconfig menuconfig nconfig xconfig: $(STAMP_PREPARED) $(STAMP_CHECKED) FORCE
 	rm -f $(LINUX_DIR)/.config.prev
 	rm -f $(STAMP_CONFIGURED)
 	$(LINUX_RECONF_CMD) > $(LINUX_DIR)/.config
 	$(_SINGLE)$(KERNEL_MAKE) \
-		$(if $(findstring Darwin,$(HOST_OS)),HOST_LOADLIBES="-L$(STAGING_DIR_HOST)/lib -lncurses") \
+		$(if $(findstring Darwin,$(HOST_OS)), \
+			HOSTLDLIBS_mconf="-L$(STAGING_DIR_HOST)/lib -lncurses" \
+			filechk_conf_cfg="	:" \
+		) \
 		YACC=$(STAGING_DIR_HOST)/bin/bison \
 		$$@
-	$(LINUX_RECONF_DIFF) $(LINUX_DIR)/.config | \
-		grep -vE '(CONFIG_CC_(HAS_ASM_GOTO|IS_GCC|IS_CLANG)|GCC_VERSION)=' \
-		> $(LINUX_RECONFIG_TARGET)
+	$(call LINUX_RECONF_DIFF,$(LINUX_DIR)/.config) > $(LINUX_RECONFIG_TARGET)

  install: $(LINUX_DIR)/.image
 	+$(MAKE) -C image compile install TARGET_BUILD=
--- a/include/kernel-defaults.mk
+++ b/include/kernel-defaults.mk
@@ -1,12 +1,9 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
-# Copyright (C) 2006-2015 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+# Copyright (C) 2006-2020 OpenWrt.org

 ifdef CONFIG_STRIP_KERNEL_EXPORTS
-  KERNEL_MAKEOPTS += \
+  KERNEL_MAKEOPTS_IMAGE += \
 	EXTRA_LDSFLAGS="-I$(KERNEL_BUILD_DIR) -include symtab.h"
 endif

@@ -24,7 +21,7 @@ Kernel/Patch:=$(Kernel/Patch/Default)
 ifneq (,$(findstring .xz,$(LINUX_SOURCE)))
  LINUX_CAT:=xzcat
 else
-  LINUX_CAT:=zcat
+  LINUX_CAT:=$(STAGING_DIR_HOST)/bin/libdeflate-gzip -dc
 endif

 ifeq ($(strip $(CONFIG_EXTERNAL_KERNEL_TREE)),"")
@@ -46,10 +43,20 @@ else
 		rmdir $(LINUX_DIR); \
 	fi
 	ln -s $(CONFIG_EXTERNAL_KERNEL_TREE) $(LINUX_DIR)
+	if [ -d $(LINUX_DIR)/user_headers ]; then \
+		rm -rf $(LINUX_DIR)/user_headers; \
+	fi
  endef
 endif

 ifeq ($(CONFIG_TARGET_ROOTFS_INITRAMFS),y)
+  ifeq ($(CONFIG_TARGET_ROOTFS_INITRAMFS_SEPARATE),y)
+    define Kernel/SetInitramfs/PreConfigure
+	grep -v -e CONFIG_BLK_DEV_INITRD $(LINUX_DIR)/.config.old > $(LINUX_DIR)/.config
+	echo 'CONFIG_BLK_DEV_INITRD=y' >> $(LINUX_DIR)/.config
+	echo 'CONFIG_INITRAMFS_SOURCE=""' >> $(LINUX_DIR)/.config
+    endef
+  else
  ifeq ($(strip $(CONFIG_EXTERNAL_CPIO)),"")
    define Kernel/SetInitramfs/PreConfigure
 	grep -v -e INITRAMFS -e CONFIG_RD_ -e CONFIG_BLK_DEV_INITRD $(LINUX_DIR)/.config.old > $(LINUX_DIR)/.config
@@ -62,14 +69,20 @@ ifeq ($(CONFIG_TARGET_ROOTFS_INITRAMFS),y)
 	echo 'CONFIG_INITRAMFS_SOURCE="$(call qstrip,$(CONFIG_EXTERNAL_CPIO))"' >> $(LINUX_DIR)/.config
    endef
  endif
+endif

  define Kernel/SetInitramfs
 	rm -f $(LINUX_DIR)/.config.prev
 	mv $(LINUX_DIR)/.config $(LINUX_DIR)/.config.old
 	$(call Kernel/SetInitramfs/PreConfigure)
+	echo "# CONFIG_INITRAMFS_PRESERVE_MTIME is not set" >> $(LINUX_DIR)/.config
+  ifneq ($(CONFIG_TARGET_ROOTFS_INITRAMFS_SEPARATE),y)
 	echo 'CONFIG_INITRAMFS_ROOT_UID=$(shell id -u)' >> $(LINUX_DIR)/.config
 	echo 'CONFIG_INITRAMFS_ROOT_GID=$(shell id -g)' >> $(LINUX_DIR)/.config
 	echo "$(if $(CONFIG_TARGET_INITRAMFS_FORCE),CONFIG_INITRAMFS_FORCE=y,# CONFIG_INITRAMFS_FORCE is not set)" >> $(LINUX_DIR)/.config
+  else
+	echo "# CONFIG_INITRAMFS_FORCE is not set" >> $(LINUX_DIR)/.config
+  endif
 	echo "$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_NONE),CONFIG_INITRAMFS_COMPRESSION_NONE=y,# CONFIG_INITRAMFS_COMPRESSION_NONE is not set)" >> $(LINUX_DIR)/.config
 	echo -e "$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_GZIP),CONFIG_INITRAMFS_COMPRESSION_GZIP=y\nCONFIG_RD_GZIP=y,# CONFIG_INITRAMFS_COMPRESSION_GZIP is not set\n# CONFIG_RD_GZIP is not set)" >> $(LINUX_DIR)/.config
 	echo -e "$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_BZIP2),CONFIG_INITRAMFS_COMPRESSION_BZIP2=y\nCONFIG_RD_BZIP2=y,# CONFIG_INITRAMFS_COMPRESSION_BZIP2 is not set\n# CONFIG_RD_BZIP2 is not set)" >> $(LINUX_DIR)/.config
@@ -77,6 +90,7 @@ ifeq ($(CONFIG_TARGET_ROOTFS_INITRAMFS),y)
 	echo -e "$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_LZO),CONFIG_INITRAMFS_COMPRESSION_LZO=y\nCONFIG_RD_LZO=y,# CONFIG_INITRAMFS_COMPRESSION_LZO is not set\n# CONFIG_RD_LZO is not set)" >> $(LINUX_DIR)/.config
 	echo -e "$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_XZ),CONFIG_INITRAMFS_COMPRESSION_XZ=y\nCONFIG_RD_XZ=y,# CONFIG_INITRAMFS_COMPRESSION_XZ is not set\n# CONFIG_RD_XZ is not set)" >> $(LINUX_DIR)/.config
 	echo -e "$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_LZ4),CONFIG_INITRAMFS_COMPRESSION_LZ4=y\nCONFIG_RD_LZ4=y,# CONFIG_INITRAMFS_COMPRESSION_LZ4 is not set\n# CONFIG_RD_LZ4 is not set)" >> $(LINUX_DIR)/.config
+	echo -e "$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_ZSTD),CONFIG_INITRAMFS_COMPRESSION_ZSTD=y\nCONFIG_RD_ZSTD=y,# CONFIG_INITRAMFS_COMPRESSION_ZSTD is not set\n# CONFIG_RD_ZSTD is not set)" >> $(LINUX_DIR)/.config
  endef
 else
 endif
@@ -86,6 +100,7 @@ define Kernel/SetNoInitramfs
 	grep -v INITRAMFS $(LINUX_DIR)/.config.old > $(LINUX_DIR)/.config.set
 	echo 'CONFIG_INITRAMFS_SOURCE=""' >> $(LINUX_DIR)/.config.set
 	echo '# CONFIG_INITRAMFS_FORCE is not set' >> $(LINUX_DIR)/.config.set
+	echo "# CONFIG_INITRAMFS_PRESERVE_MTIME is not set" >> $(LINUX_DIR)/.config.set
 endef

 define Kernel/Configure/Default
@@ -104,8 +119,8 @@ define Kernel/Configure/Default
 		cp $(LINUX_DIR)/.config.set $(LINUX_DIR)/.config; \
 		cp $(LINUX_DIR)/.config.set $(LINUX_DIR)/.config.prev; \
 	}
-	$(_SINGLE) [ -d $(LINUX_DIR)/user_headers ] || $(KERNEL_MAKE) INSTALL_HDR_PATH=$(LINUX_DIR)/user_headers headers_install
-	grep '=[ym]' $(LINUX_DIR)/.config.set | LC_ALL=C sort | mkhash md5 > $(LINUX_DIR)/.vermagic
+	$(_SINGLE) [ -d $(LINUX_DIR)/user_headers ] || $(KERNEL_MAKE) $(if $(findstring uml,$(BOARD)),ARCH=$(ARCH)) INSTALL_HDR_PATH=$(LINUX_DIR)/user_headers headers_install
+	grep '=[ym]' $(LINUX_DIR)/.config.set | LC_ALL=C sort | $(MKHASH) md5 > $(LINUX_DIR)/.vermagic
 endef

 define Kernel/Configure/Initramfs
@@ -114,7 +129,12 @@ endef

 define Kernel/CompileModules/Default
 	rm -f $(LINUX_DIR)/vmlinux $(LINUX_DIR)/System.map
-	+$(KERNEL_MAKE) modules
+	+$(KERNEL_MAKE) olddefconfig
+	+$(KERNEL_MAKE) $(if $(KERNELNAME),$(KERNELNAME),all) modules
+	# If .config did not change, use the previous timestamp to avoid package rebuilds
+	cmp -s $(LINUX_DIR)/.config $(LINUX_DIR)/.config.modules.save && \
+		mv $(LINUX_DIR)/.config.modules.save $(LINUX_DIR)/.config; \
+	$(CP) $(LINUX_DIR)/.config $(LINUX_DIR)/.config.modules.save
 endef

 OBJCOPY_STRIP = -R .reginfo -R .notes -R .note -R .comment -R .mdebug -R .note.gnu.build-id
@@ -136,19 +156,39 @@ define Kernel/CopyImage
 	}
 endef

+# Always add "modules" so a proper Module.symvers file is written that
+# also contains symbols from the kernel modules. Without these symbols
+# external packages that depend on exported symbols from kernel modules
+# will fail to build.
 define Kernel/CompileImage/Default
 	rm -f $(TARGET_DIR)/init
-	+$(KERNEL_MAKE) $(if $(KERNELNAME),$(KERNELNAME),all) modules
+	+$(KERNEL_MAKE) $(KERNEL_MAKEOPTS_IMAGE) $(if $(KERNELNAME),$(KERNELNAME),all) modules
 	$(call Kernel/CopyImage)
 endef

+# Here as well, always add "modules", see comment above.
 ifneq ($(CONFIG_TARGET_ROOTFS_INITRAMFS),)
 define Kernel/CompileImage/Initramfs
 	$(call Kernel/Configure/Initramfs)
 	$(CP) $(GENERIC_PLATFORM_DIR)/other-files/init $(TARGET_DIR)/init
-	$(if $(SOURCE_DATE_EPOCH),touch -hcd "@$(SOURCE_DATE_EPOCH)" $(TARGET_DIR)/init)
+	$(if $(SOURCE_DATE_EPOCH),touch -hcd "@$(SOURCE_DATE_EPOCH)" $(TARGET_DIR) $(TARGET_DIR)/init)
 	rm -rf $(KERNEL_BUILD_DIR)/linux-$(LINUX_VERSION)/usr/initramfs_data.cpio*
-	+$(KERNEL_MAKE) $(if $(KERNELNAME),$(KERNELNAME),all) modules
+ifeq ($(CONFIG_TARGET_ROOTFS_INITRAMFS_SEPARATE),y)
+ifneq ($(qstrip $(CONFIG_EXTERNAL_CPIO)),)
+	$(CP) $(CONFIG_EXTERNAL_CPIO) $(KERNEL_BUILD_DIR)/initrd.cpio
+else
+	( cd $(TARGET_DIR); find . | LC_ALL=C sort | $(STAGING_DIR_HOST)/bin/cpio --reproducible -o -H newc -R 0:0 > $(KERNEL_BUILD_DIR)/initrd.cpio )
+endif
+	$(if $(SOURCE_DATE_EPOCH),touch -hcd "@$(SOURCE_DATE_EPOCH)" $(KERNEL_BUILD_DIR)/initrd.cpio)
+	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_BZIP2),bzip2 -9 -c < $(KERNEL_BUILD_DIR)/initrd.cpio > $(KERNEL_BUILD_DIR)/initrd.cpio.bzip2)
+	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_GZIP),gzip -n -f -S .gzip -9n $(KERNEL_BUILD_DIR)/initrd.cpio)
+	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_LZ4),$(STAGING_DIR_HOST)/bin/lz4c -l -c1 -fz --favor-decSpeed $(KERNEL_BUILD_DIR)/initrd.cpio)
+	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_LZMA),$(STAGING_DIR_HOST)/bin/lzma e -lc1 -lp2 -pb2 $(KERNEL_BUILD_DIR)/initrd.cpio $(KERNEL_BUILD_DIR)/initrd.cpio.lzma)
+	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_LZO),$(STAGING_DIR_HOST)/bin/lzop -9 -f $(KERNEL_BUILD_DIR)/initrd.cpio)
+	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_XZ),$(STAGING_DIR_HOST)/bin/xz -T$(if $(filter 1,$(NPROC)),2,0) -9 -fz --check=crc32 $(KERNEL_BUILD_DIR)/initrd.cpio)
+	$(if $(CONFIG_TARGET_INITRAMFS_COMPRESSION_ZSTD),$(STAGING_DIR_HOST)/bin/zstd -T0 -f -o $(KERNEL_BUILD_DIR)/initrd.cpio.zstd $(KERNEL_BUILD_DIR)/initrd.cpio)
+endif
+	+$(KERNEL_MAKE) $(KERNEL_MAKEOPTS_IMAGE) $(if $(KERNELNAME),$(KERNELNAME),all) modules
 	$(call Kernel/CopyImage,-initramfs)
 endef
 else
@@ -161,5 +201,3 @@ define Kernel/Clean/Default
 	rm -f $(LINUX_KERNEL)
 	$(_SINGLE)$(MAKE) -C $(KERNEL_BUILD_DIR)/linux-$(LINUX_VERSION) clean
 endef
-
-
--- a/include/kernel-version.mk
+++ b/include/kernel-version.mk
@@ -1,18 +1,26 @@
-# Use the default kernel version if the Makefile doesn't override it

+# Use the default kernel version if the Makefile doesn't override it
 LINUX_RELEASE?=1

 ifdef CONFIG_TESTING_KERNEL
  KERNEL_PATCHVER:=$(KERNEL_TESTING_PATCHVER)
 endif

-LINUX_VERSION-4.9 = .215
-LINUX_VERSION-4.14 = .172
-LINUX_VERSION-4.19 = .108
+KERNEL_DETAILS_FILE=$(INCLUDE_DIR)/kernel-$(KERNEL_PATCHVER)
+ifeq ($(wildcard $(KERNEL_DETAILS_FILE)),)
+  $(error Missing kernel version/hash file for $(KERNEL_PATCHVER). Please create $(KERNEL_DETAILS_FILE))
+endif

-LINUX_KERNEL_HASH-4.9.215 = 236f2f47853700f22b9925cb17917d97ff7120fcc8110ec827c5a030a8129f48
-LINUX_KERNEL_HASH-4.14.172 = 2318a1ab937580a079351ed20557c336a3d95b664f667b14e3ba49e3271b217a
-LINUX_KERNEL_HASH-4.19.108 = 09aeeca5b08efea2f54b977b2999afb60d42f93b9f65b2b0111969f183f750a3
+include $(KERNEL_DETAILS_FILE)
+
+ifdef KERNEL_TESTING_PATCHVER
+  KERNEL_TESTING_DETAILS_FILE=$(INCLUDE_DIR)/kernel-$(KERNEL_TESTING_PATCHVER)
+  ifeq ($(wildcard $(KERNEL_TESTING_DETAILS_FILE)),)
+    $(error Missing kernel version/hash file for $(KERNEL_TESTING_PATCHVER). Please create $(KERNEL_TESTING_DETAILS_FILE))
+  endif
+
+  include $(KERNEL_TESTING_DETAILS_FILE)
+endif

 remove_uri_prefix=$(subst git://,,$(subst http://,,$(subst https://,,$(1))))
 sanitize_uri=$(call qstrip,$(subst @,_,$(subst :,_,$(subst .,_,$(subst -,_,$(subst /,_,$(1)))))))
@@ -40,4 +48,4 @@ KERNEL_PATCHVER ?= $(KERNEL)

 # disable the md5sum check for unknown kernel versions
 LINUX_KERNEL_HASH:=$(LINUX_KERNEL_HASH-$(strip $(LINUX_VERSION)))
-LINUX_KERNEL_HASH?=x
+LINUX_KERNEL_HASH?=x
--- a/include/kernel.mk
+++ b/include/kernel.mk
@@ -1,9 +1,6 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
-# Copyright (C) 2006-2015 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+# Copyright (C) 2006-2020 OpenWrt.org

 ifneq ($(filter check,$(MAKECMDGOALS)),)
 CHECK:=1
@@ -89,10 +86,14 @@ else ifneq (,$(findstring $(ARCH) , arceb ))
  LINUX_KARCH := arc
 else ifneq (,$(findstring $(ARCH) , armeb ))
  LINUX_KARCH := arm
+else ifneq (,$(findstring $(ARCH) , loongarch64 ))
+  LINUX_KARCH := loongarch
 else ifneq (,$(findstring $(ARCH) , mipsel mips64 mips64el ))
  LINUX_KARCH := mips
 else ifneq (,$(findstring $(ARCH) , powerpc64 ))
  LINUX_KARCH := powerpc
+else ifneq (,$(findstring $(ARCH) , riscv64 ))
+  LINUX_KARCH := riscv
 else ifneq (,$(findstring $(ARCH) , sh2 sh3 sh4 ))
  LINUX_KARCH := sh
 else ifneq (,$(findstring $(ARCH) , i386 x86_64 ))
@@ -104,7 +105,7 @@ endif
 KERNEL_MAKE = $(MAKE) $(KERNEL_MAKEOPTS)

 KERNEL_MAKE_FLAGS = \
-	KCFLAGS="$(call iremap,$(BUILD_DIR),$(notdir $(BUILD_DIR)))" \
+	KCFLAGS="$(call iremap,$(BUILD_DIR),$(notdir $(BUILD_DIR))) $(filter-out -fno-plt,$(call qstrip,$(CONFIG_EXTRA_OPTIMIZATION))) $(call qstrip,$(CONFIG_KERNEL_CFLAGS))" \
 	HOSTCFLAGS="$(HOST_CFLAGS) -Wall -Wmissing-prototypes -Wstrict-prototypes" \
 	CROSS_COMPILE="$(KERNEL_CROSS)" \
 	ARCH="$(LINUX_KARCH)" \
@@ -113,38 +114,35 @@ KERNEL_MAKE_FLAGS = \
 	KBUILD_BUILD_HOST="$(call qstrip,$(CONFIG_KERNEL_BUILD_DOMAIN))" \
 	KBUILD_BUILD_TIMESTAMP="$(KBUILD_BUILD_TIMESTAMP)" \
 	KBUILD_BUILD_VERSION="0" \
-	HOST_LOADLIBES="-L$(STAGING_DIR_HOST)/lib" \
-	KBUILD_HOSTLDLIBS="-L$(STAGING_DIR_HOST)/lib" \
+	KBUILD_HOSTLDFLAGS="-L$(STAGING_DIR_HOST)/lib" \
 	CONFIG_SHELL="$(BASH)" \
 	$(if $(findstring c,$(OPENWRT_VERBOSE)),V=1,V='') \
 	$(if $(PKG_BUILD_ID),LDFLAGS_MODULE=--build-id=0x$(PKG_BUILD_ID)) \
-	cmd_syscalls=
+	cmd_syscalls= \
+	$(if $(__package_mk),KBUILD_EXTRA_SYMBOLS="$(wildcard $(PKG_SYMVERS_DIR)/*.symvers)")
+
+KERNEL_NOSTDINC_FLAGS = \
+	-nostdinc $(if $(DUMP),, -isystem $(shell $(TARGET_CC) -print-file-name=include))

 ifeq ($(call qstrip,$(CONFIG_EXTERNAL_KERNEL_TREE))$(call qstrip,$(CONFIG_KERNEL_GIT_CLONE_URI)),)
  KERNEL_MAKE_FLAGS += \
 	KERNELRELEASE=$(LINUX_VERSION)
 endif

-KERNEL_MAKEOPTS := -C $(LINUX_DIR) $(KERNEL_MAKE_FLAGS)
+ifneq ($(HOST_OS),Linux)
+  KERNEL_MAKE_FLAGS += CONFIG_STACK_VALIDATION=
+  export SKIP_STACK_VALIDATION:=1
+endif
+
+KERNEL_MAKEOPTS = -C $(LINUX_DIR) $(KERNEL_MAKE_FLAGS)

 ifdef CONFIG_USE_SPARSE
  KERNEL_MAKEOPTS += C=1 CHECK=$(STAGING_DIR_HOST)/bin/sparse
 endif

-ifneq ($(HOST_OS),Linux)
-  KERNEL_MAKEOPTS += CONFIG_STACK_VALIDATION=
-  export SKIP_STACK_VALIDATION:=1
-endif
-
 PKG_EXTMOD_SUBDIRS ?= .

-define populate_module_symvers
-	@mkdir -p $(PKG_INFO_DIR)
-	cat /dev/null > $(PKG_INFO_DIR)/$(PKG_NAME).symvers; \
-	for subdir in $(PKG_EXTMOD_SUBDIRS); do \
-		cat $(PKG_INFO_DIR)/*.symvers 2>/dev/null > $(PKG_BUILD_DIR)/$$$$subdir/Module.symvers; \
-	done
-endef
+PKG_SYMVERS_DIR = $(KERNEL_BUILD_DIR)/symvers

 define collect_module_symvers
 	for subdir in $(PKG_EXTMOD_SUBDIRS); do \
@@ -154,12 +152,12 @@ define collect_module_symvers
 			grep -F $$$$realdir $(PKG_BUILD_DIR)/$$$$subdir/Module.symvers >> $(PKG_BUILD_DIR)/Module.symvers.tmp; \
 	done; \
 	sort -u $(PKG_BUILD_DIR)/Module.symvers.tmp > $(PKG_BUILD_DIR)/Module.symvers; \
-	mv $(PKG_BUILD_DIR)/Module.symvers $(PKG_INFO_DIR)/$(PKG_NAME).symvers
+	mkdir -p $(PKG_SYMVERS_DIR); \
+	mv $(PKG_BUILD_DIR)/Module.symvers $(PKG_SYMVERS_DIR)/$(PKG_NAME).symvers
 endef

 define KernelPackage/hooks
  ifneq ($(PKG_NAME),kernel)
-    Hooks/Compile/Pre += populate_module_symvers
    Hooks/Compile/Post += collect_module_symvers
  endif
  define KernelPackage/hooks
@@ -240,7 +238,7 @@ $(call KernelPackage/$(1)/config)
  $(call KernelPackage/depends)
  $(call KernelPackage/hooks)

-  ifneq ($(if $(filter-out %=y %=n %=m,$(KCONFIG)),$(filter m y,$(foreach c,$(filter-out %=y %=n %=m,$(KCONFIG)),$($(c)))),.),)
+  ifneq ($(if $(filter-out %=y %=n %=m,$(KCONFIG)),$(filter m y,$(foreach c,$(call version_filter,$(filter-out %=y %=n %=m,$(KCONFIG))),$($(c)))),.),)
    define Package/kmod-$(1)/install
 		  @for mod in $$(call version_filter,$$(FILES)); do \
 			if grep -q "$$$$$$$${mod##$(LINUX_DIR)/}" "$(LINUX_DIR)/modules.builtin"; then \
--- a/include/logo.png
+++ b/include/logo.png
--- a/include/logo.svg
+++ b/include/logo.svg
@@ -0,0 +1,398 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="2000mm"
+   height="595.20099mm"
+   viewBox="0 0 2000.0002 595.20098"
+   version="1.1"
+   id="svg971"
+   inkscape:version="1.0.1 (3bc2e813f5, 2020-09-07)"
+   sodipodi:docname="logo.svg">
+  <defs
+     id="defs965">
+    <clipPath
+       clipPathUnits="userSpaceOnUse"
+       id="clipPath78">
+      <path
+         d="M 0,0 H 792 V 612 H 0 Z"
+         id="path76" />
+    </clipPath>
+    <clipPath
+       clipPathUnits="userSpaceOnUse"
+       id="clipPath106">
+      <path
+         d="M 0,0 H 792 V 612 H 0 Z"
+         id="path104" />
+    </clipPath>
+    <clipPath
+       clipPathUnits="userSpaceOnUse"
+       id="clipPath130">
+      <path
+         d="M 0,0 H 792 V 612 H 0 Z"
+         id="path128" />
+    </clipPath>
+    <clipPath
+       clipPathUnits="userSpaceOnUse"
+       id="clipPath154">
+      <path
+         d="M 0,0 H 792 V 612 H 0 Z"
+         id="path152" />
+    </clipPath>
+    <clipPath
+       clipPathUnits="userSpaceOnUse"
+       id="clipPath174">
+      <path
+         d="M 0,0 H 792 V 612 H 0 Z"
+         id="path172" />
+    </clipPath>
+    <clipPath
+       clipPathUnits="userSpaceOnUse"
+       id="clipPath194">
+      <path
+         d="M 0,0 H 792 V 612 H 0 Z"
+         id="path192" />
+    </clipPath>
+    <clipPath
+       clipPathUnits="userSpaceOnUse"
+       id="clipPath214">
+      <path
+         d="M 0,0 H 792 V 612 H 0 Z"
+         id="path212" />
+    </clipPath>
+  </defs>
+  <sodipodi:namedview
+     id="base"
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1.0"
+     inkscape:pageopacity="0.0"
+     inkscape:pageshadow="2"
+     inkscape:zoom="0.35"
+     inkscape:cx="1579.8791"
+     inkscape:cy="728.41283"
+     inkscape:document-units="mm"
+     inkscape:current-layer="layer1"
+     inkscape:document-rotation="0"
+     showgrid="false"
+     fit-margin-top="0"
+     fit-margin-left="0"
+     fit-margin-right="0"
+     fit-margin-bottom="0"
+     inkscape:window-width="1920"
+     inkscape:window-height="1016"
+     inkscape:window-x="0"
+     inkscape:window-y="0"
+     inkscape:window-maximized="1" />
+  <metadata
+     id="metadata968">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+        <dc:title></dc:title>
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <g
+     inkscape:label="Layer 1"
+     inkscape:groupmode="layer"
+     id="layer1"
+     transform="translate(312.17635,44.559227)">
+    <g
+       id="g72"
+       transform="matrix(12.354182,0,0,-12.354182,-1687.2697,4281.0797)">
+      <g
+         id="g74"
+         clip-path="url(#clipPath78)">
+        <g
+           id="g80"
+           transform="translate(173.1753,319.1396)">
+          <path
+             d="m 0,0 c 0,-5.745 -4.627,-10.263 -10.545,-10.263 -5.918,0 -10.544,4.518 -10.544,10.263 0,5.771 4.626,10.367 10.544,10.367 C -4.627,10.367 0,5.771 0,0 m -3.685,0 c 0,3.995 -3.013,7.024 -6.86,7.024 -3.846,0 -6.859,-3.029 -6.859,-7.024 0,-3.995 3.013,-6.946 6.859,-6.946 3.847,0 6.86,2.95 6.86,6.946"
+             style="fill:#00ace2;fill-opacity:1;fill-rule:nonzero;stroke:none"
+             id="path82" />
+        </g>
+        <g
+           id="g84"
+           transform="translate(189.0894,315.771)">
+          <path
+             d="m 0,0 c 0,-4.099 -3.174,-6.894 -6.591,-6.894 -1.829,0 -3.308,0.523 -4.438,1.41 v -8.329 H -14.58 V 6.528 h 3.552 V 5.484 C -9.898,6.397 -8.419,6.92 -6.59,6.92 -3.174,6.92 0,4.1 0,0 m -3.443,0 c 0,2.402 -1.614,3.917 -3.766,3.917 -1.91,0 -3.82,-1.515 -3.82,-3.917 0,-2.402 1.91,-3.889 3.82,-3.889 2.152,-0.002 3.766,1.486 3.766,3.889"
+             style="fill:#00ace2;fill-opacity:1;fill-rule:nonzero;stroke:none"
+             id="path86" />
+        </g>
+        <g
+           id="g88"
+           transform="translate(203.958,314.8574)">
+          <path
+             d="m 0,0 h -10.222 c 0.349,-1.88 1.721,-3.029 3.362,-3.029 1.049,0 2.367,0.131 3.336,1.723 l 3.174,-0.652 c -1.183,-2.716 -3.577,-4.022 -6.51,-4.022 -3.793,0 -6.887,2.794 -6.887,6.894 0,4.099 3.094,6.918 6.94,6.918 3.578,0 6.671,-2.689 6.806,-6.659 z m -10.115,2.429 h 6.485 c -0.457,1.671 -1.749,2.402 -3.174,2.402 -1.347,0 -2.88,-0.784 -3.311,-2.402"
+             style="fill:#00ace2;fill-opacity:1;fill-rule:nonzero;stroke:none"
+             id="path90" />
+        </g>
+        <g
+           id="g92"
+           transform="translate(218.446,317.2075)">
+          <path
+             d="m 0,0 v -7.938 h -3.551 v 7.207 c 0,1.827 -1.076,3.055 -2.717,3.055 -2.017,0 -3.335,-1.306 -3.335,-4.492 v -5.77 h -3.551 v 13.03 h 3.55 V 3.917 c 1.049,1.018 2.447,1.566 4.223,1.566 C -2.152,5.483 0,3.238 0,0"
+             style="fill:#00ace2;fill-opacity:1;fill-rule:nonzero;stroke:none"
+             id="path94" />
+        </g>
+      </g>
+    </g>
+    <g
+       id="g96"
+       transform="matrix(12.354182,0,0,-12.354182,1281.2351,460.31368)">
+      <path
+         d="M 0,0 H -2.851 L -7.854,12.874 -12.885,0 h -2.824 l -6.699,19.846 h 3.82 l 4.492,-13.109 5.138,13.109 h 2.179 L -1.641,6.737 2.851,19.846 h 3.846 z"
+         style="fill:#00ace2;fill-opacity:1;fill-rule:nonzero;stroke:none"
+         id="path98" />
+    </g>
+    <g
+       id="g100"
+       transform="matrix(12.354182,0,0,-12.354182,-1687.2697,4281.0797)">
+      <g
+         id="g102"
+         clip-path="url(#clipPath106)">
+        <g
+           id="g108"
+           transform="translate(255.7183,322.3774)">
+          <path
+             d="m 0,0 -0.188,-3.316 h -0.78 c -3.282,0 -4.789,-1.959 -4.789,-5.588 v -4.204 h -3.551 v 13.03 h 3.551 V -2.35 c 0.996,1.515 2.556,2.454 4.816,2.454 0.349,0 0.618,0 0.941,-0.104"
+             style="fill:#00ace2;fill-opacity:1;fill-rule:nonzero;stroke:none"
+             id="path110" />
+        </g>
+        <g
+           id="g112"
+           transform="translate(263.2698,314.0737)">
+          <path
+             d="m 0,0 c 0,-1.279 0.619,-1.985 1.695,-1.985 0.618,0 1.533,0.262 2.234,0.627 L 4.952,-4.23 C 3.553,-4.961 2.584,-5.197 1.455,-5.197 c -3.201,0 -5.004,1.776 -5.004,4.937 v 5.665 h -2.879 v 2.821 h 2.879 v 4.726 l 3.55,1.045 V 8.226 H 5.193 V 5.405 H 0 Z"
+             style="fill:#00ace2;fill-opacity:1;fill-rule:nonzero;stroke:none"
+             id="path114" />
+        </g>
+      </g>
+    </g>
+    <g
+       id="g116"
+       transform="matrix(12.354182,0,0,-12.354182,612.14009,549.73584)">
+      <path
+         d="M 0,0 H -0.799 L -1.549,2 -2.304,0 H -3.1 l -1.224,3.689 h 1.02 l 0.635,-1.99 0.795,1.99 h 0.65 l 0.79,-1.99 0.64,1.99 h 1.02 z"
+         style="fill:#002843;fill-opacity:1;fill-rule:nonzero;stroke:none"
+         id="path118" />
+    </g>
+    <g
+       id="g120"
+       transform="matrix(12.354182,0,0,-12.354182,674.30011,539.84385)">
+      <path
+         d="m 0,0 h 0.785 v -0.801 h -2.53 V 0 h 0.785 v 2.083 h -0.785 v 0.805 h 2.53 V 2.083 H 0 Z"
+         style="fill:#002843;fill-opacity:1;fill-rule:nonzero;stroke:none"
+         id="path122" />
+    </g>
+    <g
+       id="g124"
+       transform="matrix(12.354182,0,0,-12.354182,-1687.2697,4281.0797)">
+      <g
+         id="g126"
+         clip-path="url(#clipPath130)">
+        <g
+           id="g132"
+           transform="translate(196.9004,302.0308)">
+          <path
+             d="M 0,0 -0.7,0.801 H -1.449 V 0 H -2.41 v 3.689 h 1.771 c 1,0 1.605,-0.573 1.605,-1.427 0,-0.549 -0.255,-0.991 -0.695,-1.238 L 1.206,0 Z m -0.675,1.602 c 0.4,0 0.73,0.262 0.73,0.66 0,0.388 -0.33,0.628 -0.73,0.628 H -1.449 V 1.604 Z"
+             style="fill:#002843;fill-opacity:1;fill-rule:nonzero;stroke:none"
+             id="path134" />
+        </g>
+      </g>
+    </g>
+    <g
+       id="g136"
+       transform="matrix(12.354182,0,0,-12.354182,820.47493,549.73584)">
+      <path
+         d="m 0,0 h -2.9 v 3.689 h 2.87 V 2.888 H -1.94 V 2.257 h 1.88 V 1.456 H -1.94 V 0.801 h 1.941 z"
+         style="fill:#002843;fill-opacity:1;fill-rule:nonzero;stroke:none"
+         id="path138" />
+    </g>
+    <g
+       id="g140"
+       transform="matrix(12.354182,0,0,-12.354182,886.62894,549.73584)">
+      <path
+         d="m 0,0 h -2.805 v 3.689 h 0.96 V 0.801 H 0 Z"
+         style="fill:#002843;fill-opacity:1;fill-rule:nonzero;stroke:none"
+         id="path142" />
+    </g>
+    <g
+       id="g144"
+       transform="matrix(12.354182,0,0,-12.354182,953.79261,549.73584)">
+      <path
+         d="m 0,0 h -2.9 v 3.689 h 2.87 V 2.888 H -1.94 V 2.257 h 1.88 V 1.456 H -1.94 V 0.801 H 0 Z"
+         style="fill:#002843;fill-opacity:1;fill-rule:nonzero;stroke:none"
+         id="path146" />
+    </g>
+    <g
+       id="g148"
+       transform="matrix(12.354182,0,0,-12.354182,-1687.2697,4281.0797)">
+      <g
+         id="g150"
+         clip-path="url(#clipPath154)">
+        <g
+           id="g156"
+           transform="translate(219.3787,304.7295)">
+          <path
+             d="m 0,0 -0.94,-0.185 c -0.08,0.374 -0.34,0.481 -0.565,0.481 -0.225,0 -0.41,-0.111 -0.41,-0.316 0,-0.146 0.08,-0.238 0.245,-0.286 l 0.74,-0.228 c 0.625,-0.199 0.965,-0.481 0.965,-1.058 0,-0.83 -0.75,-1.18 -1.495,-1.18 -0.825,0 -1.495,0.422 -1.59,1.126 l 0.985,0.194 c 0.08,-0.364 0.304,-0.519 0.635,-0.519 0.28,0 0.45,0.126 0.45,0.321 0,0.145 -0.08,0.247 -0.29,0.3 l -0.705,0.199 c -0.575,0.16 -0.965,0.447 -0.965,1.044 0,0.752 0.609,1.165 1.44,1.165 0.79,0 1.375,-0.369 1.5,-1.058"
+             style="fill:#002843;fill-opacity:1;fill-rule:nonzero;stroke:none"
+             id="path158" />
+        </g>
+        <g
+           id="g160"
+           transform="translate(224.4026,304.7295)">
+          <path
+             d="m 0,0 -0.94,-0.185 c -0.08,0.374 -0.34,0.481 -0.565,0.481 -0.225,0 -0.41,-0.111 -0.41,-0.316 0,-0.146 0.08,-0.238 0.245,-0.286 l 0.74,-0.228 c 0.625,-0.199 0.965,-0.481 0.965,-1.058 0,-0.83 -0.75,-1.18 -1.495,-1.18 -0.825,0 -1.495,0.422 -1.591,1.126 l 0.986,0.194 c 0.08,-0.364 0.304,-0.519 0.635,-0.519 0.28,0 0.45,0.126 0.45,0.321 0,0.145 -0.08,0.247 -0.29,0.3 l -0.705,0.2 c -0.575,0.16 -0.965,0.446 -0.965,1.044 0,0.752 0.608,1.165 1.44,1.165 C -0.71,1.058 -0.125,0.689 0,0"
+             style="fill:#002843;fill-opacity:1;fill-rule:nonzero;stroke:none"
+             id="path162" />
+        </g>
+      </g>
+    </g>
+    <g
+       id="g164"
+       transform="matrix(12.354182,0,0,-12.354182,1170.9286,521.84896)">
+      <path
+         d="M 0,0 H 1.785 V -0.801 H 0 V -2.257 H -0.96 V 1.432 H 1.915 V 0.631 H 0 Z"
+         style="fill:#002843;fill-opacity:1;fill-rule:nonzero;stroke:none"
+         id="path166" />
+    </g>
+    <g
+       id="g168"
+       transform="matrix(12.354182,0,0,-12.354182,-1687.2697,4281.0797)">
+      <g
+         id="g170"
+         clip-path="url(#clipPath174)">
+        <g
+           id="g176"
+           transform="translate(238.2297,302.0308)">
+          <path
+             d="M 0,0 -0.7,0.801 H -1.45 V 0 h -0.96 v 3.689 h 1.77 c 1,0 1.605,-0.573 1.605,-1.427 C 0.965,1.713 0.71,1.271 0.27,1.024 L 1.205,0 Z m -0.675,1.602 c 0.4,0 0.73,0.262 0.73,0.66 0,0.388 -0.33,0.628 -0.73,0.628 H -1.45 V 1.604 Z"
+             style="fill:#002843;fill-opacity:1;fill-rule:nonzero;stroke:none"
+             id="path178" />
+        </g>
+      </g>
+    </g>
+    <g
+       id="g180"
+       transform="matrix(12.354182,0,0,-12.354182,1331.0682,549.73584)">
+      <path
+         d="m 0,0 h -2.9 v 3.689 h 2.87 V 2.888 H -1.94 V 2.257 h 1.88 V 1.456 H -1.94 V 0.801 H 0 Z"
+         style="fill:#002843;fill-opacity:1;fill-rule:nonzero;stroke:none"
+         id="path182" />
+    </g>
+    <g
+       id="g184"
+       transform="matrix(12.354182,0,0,-12.354182,1398.3947,549.73584)">
+      <path
+         d="m 0,0 h -2.9 v 3.689 h 2.87 V 2.888 H -1.94 V 2.257 h 1.88 V 1.456 H -1.94 V 0.801 h 1.941 z"
+         style="fill:#002843;fill-opacity:1;fill-rule:nonzero;stroke:none"
+         id="path186" />
+    </g>
+    <g
+       id="g188"
+       transform="matrix(12.354182,0,0,-12.354182,-1687.2697,4281.0797)">
+      <g
+         id="g190"
+         clip-path="url(#clipPath194)">
+        <g
+           id="g196"
+           transform="translate(254.0122,305.7197)">
+          <path
+             d="M 0,0 C 1.21,0 2.01,-0.739 2.01,-1.844 2.01,-2.95 1.211,-3.689 0,-3.689 H -1.695 V 0 Z m -0.01,-2.888 c 0.655,0 1.055,0.417 1.055,1.044 0,0.626 -0.4,1.043 -1.055,1.043 h -0.723 v -2.087 z"
+             style="fill:#002843;fill-opacity:1;fill-rule:nonzero;stroke:none"
+             id="path198" />
+        </g>
+        <g
+           id="g200"
+           transform="translate(262.0693,303.8706)">
+          <path
+             d="m 0,0 c 0,-1.078 -0.91,-1.913 -2.03,-1.913 -1.12,0 -2.035,0.835 -2.035,1.913 0,1.077 0.91,1.917 2.035,1.917 C -0.905,1.917 0,1.073 0,0 m -0.965,0 c 0,0.606 -0.47,1.077 -1.066,1.077 -0.595,0 -1.065,-0.471 -1.065,-1.077 0,-0.607 0.47,-1.078 1.065,-1.078 0.596,0 1.066,0.466 1.066,1.078"
+             style="fill:#002843;fill-opacity:1;fill-rule:nonzero;stroke:none"
+             id="path202" />
+        </g>
+      </g>
+    </g>
+    <g
+       id="g204"
+       transform="matrix(12.354182,0,0,-12.354182,1629.3552,549.73584)">
+      <path
+         d="M 0,0 H -0.94 V 1.752 L -2.06,0.256 H -2.35 L -3.47,1.75 v -1.751 h -0.94 v 3.689 h 0.615 l 1.59,-2.17 1.59,2.17 H 0 Z"
+         style="fill:#002843;fill-opacity:1;fill-rule:nonzero;stroke:none"
+         id="path206" />
+    </g>
+    <g
+       id="g208"
+       transform="matrix(12.354182,0,0,-12.354182,-1687.2697,4281.0797)">
+      <g
+         id="g210"
+         clip-path="url(#clipPath214)">
+        <g
+           id="g216"
+           transform="translate(271.6895,328.4058)">
+          <path
+             d="M 0,0 -0.99,1.042 H -1.398 V 0 h -0.455 v 2.468 h 0.95 c 0.533,0 0.856,-0.296 0.856,-0.712 0.008,-0.283 -0.169,-0.54 -0.441,-0.642 L 0.569,0 Z m -0.903,1.441 c 0.267,0 0.405,0.137 0.405,0.315 0,0.179 -0.141,0.311 -0.405,0.311 H -1.398 V 1.44 Z"
+             style="fill:#00ace2;fill-opacity:1;fill-rule:nonzero;stroke:none"
+             id="path218" />
+        </g>
+        <g
+           id="g220"
+           transform="translate(270.8284,327.209)">
+          <path
+             d="m 0,0 c -1.307,0 -2.366,1.028 -2.367,2.296 0,1.269 1.059,2.298 2.366,2.298 1.307,0 2.366,-1.028 2.367,-2.296 V 2.297 C 2.365,1.029 1.306,0.002 0,0 m 0,4.269 c -1.122,0 -2.031,-0.883 -2.031,-1.972 0,-1.089 0.909,-1.971 2.031,-1.971 1.122,0 2.031,0.882 2.031,1.971 C 2.03,3.386 1.121,4.268 0,4.269 Z"
+             style="fill:#00ace2;fill-opacity:1;fill-rule:nonzero;stroke:none"
+             id="path222" />
+        </g>
+        <g
+           id="g224"
+           transform="translate(130.3613,326.9673)">
+          <path
+             d="m 0,0 c -1.713,0 -3.102,-1.348 -3.102,-3.011 0,-1.663 1.389,-3.011 3.102,-3.011 1.713,0 3.102,1.348 3.102,3.011 C 3.099,-1.35 1.712,-0.003 0,0"
+             style="fill:#00ace2;fill-opacity:1;fill-rule:nonzero;stroke:none"
+             id="path226" />
+        </g>
+        <g
+           id="g228"
+           transform="translate(111.3059,342.4536)">
+          <path
+             d="m 0,0 3.229,-3.134 c 4.051,3.933 9.653,6.36 15.826,6.36 6.174,0 11.776,-2.428 15.827,-6.36 L 38.111,0 C 33.236,4.732 26.494,7.682 19.055,7.682 11.617,7.682 4.875,4.732 0,0"
+             style="fill:#00ace2;fill-opacity:1;fill-rule:nonzero;stroke:none"
+             id="path230" />
+        </g>
+        <g
+           id="g232"
+           transform="translate(117.1301,336.7998)">
+          <path
+             d="m 0,0 3.229,-3.134 c 2.564,2.488 6.109,4.025 10.001,4.025 3.892,0 7.44,-1.537 10.004,-4.025 L 26.463,0 C 23.076,3.288 18.391,5.348 13.232,5.348 8.072,5.348 3.388,3.289 0,0"
+             style="fill:#00ace2;fill-opacity:1;fill-rule:nonzero;stroke:none"
+             id="path234" />
+        </g>
+        <g
+           id="g236"
+           transform="translate(122.9229,331.1763)">
+          <path
+             d="m 0,0 3.229,-3.134 c 2.326,2.253 6.093,2.253 8.419,0 L 14.877,0 C 12.905,1.915 10.228,2.988 7.438,2.98 4.558,2.98 1.93,1.844 0,0"
+             style="fill:#00ace2;fill-opacity:1;fill-rule:nonzero;stroke:none"
+             id="path238" />
+        </g>
+        <g
+           id="g240"
+           transform="translate(141.8201,332.0371)">
+          <path
+             d="m 0,0 c 1.709,-2.274 2.722,-5.07 2.722,-8.081 0,-7.589 -6.362,-13.766 -14.181,-13.766 -7.818,0 -14.18,6.177 -14.18,13.766 0,3.011 1.013,5.807 2.722,8.081 l -3.26,3.165 c -2.533,-3.103 -4.021,-7.006 -4.021,-11.246 0,-10.017 8.42,-18.19 18.739,-18.19 10.32,0 18.739,8.173 18.739,18.19 0,4.24 -1.519,8.143 -4.02,11.246 z"
+             style="fill:#002843;fill-opacity:1;fill-rule:nonzero;stroke:none"
+             id="path242" />
+        </g>
+      </g>
+    </g>
+  </g>
+</svg>
--- a/include/meson.mk
+++ b/include/meson.mk
@@ -0,0 +1,146 @@
+# To build your package using meson:
+#
+# include $(INCLUDE_DIR)/meson.mk
+# MESON_ARGS+=-Dfoo -Dbar=baz
+#
+# To pass additional environment variables to meson:
+#
+# MESON_VARS+=FOO=bar
+#
+# Default configure/compile/install targets are provided, but can be
+# overwritten if required:
+#
+# define Build/Configure
+#   $(call Build/Configure/Meson)
+#   ...
+# endef
+#
+# same for Build/Compile and Build/Install
+#
+# Host packages are built in the same fashion, just use these vars instead:
+#
+# MESON_HOST_ARGS+=-Dfoo -Dbar=baz
+# MESON_HOST_VARS+=FOO=bar
+
+MESON_DIR:=$(STAGING_DIR_HOST)/lib/meson
+
+MESON_HOST_BUILD_DIR:=$(HOST_BUILD_DIR)/openwrt-build
+MESON_HOST_VARS:=
+MESON_HOST_ARGS:=
+
+MESON_BUILD_DIR:=$(PKG_BUILD_DIR)/openwrt-build
+MESON_VARS:=
+MESON_ARGS:=
+
+ifneq ($(findstring i386,$(CONFIG_ARCH)),)
+MESON_ARCH:="x86"
+else ifneq ($(findstring powerpc64,$(CONFIG_ARCH)),)
+MESON_ARCH:="ppc64"
+else ifneq ($(findstring powerpc,$(CONFIG_ARCH)),)
+MESON_ARCH:="ppc"
+else ifneq ($(findstring mips64el,$(CONFIG_ARCH)),)
+MESON_ARCH:="mips64"
+else ifneq ($(findstring mipsel,$(CONFIG_ARCH)),)
+MESON_ARCH:="mips"
+else ifneq ($(findstring armeb,$(CONFIG_ARCH)),)
+MESON_ARCH:="arm"
+else
+MESON_ARCH:=$(CONFIG_ARCH)
+endif
+
+# this is undefined for just x64_64
+ifeq ($(origin CPU_TYPE),undefined)
+MESON_CPU:="generic"
+else
+MESON_CPU:="$(CPU_TYPE)$(if $(CPU_SUBTYPE),+$(CPU_SUBTYPE))"
+endif
+
+define Meson
+	$(2) $(STAGING_DIR_HOST)/bin/$(PYTHON) $(STAGING_DIR_HOST)/bin/meson.py $(1)
+endef
+
+define Meson/CreateNativeFile
+	$(STAGING_DIR_HOST)/bin/sed \
+		-e "s|@CC@|$(foreach BIN,$(HOSTCC),'$(BIN)',)|" \
+		-e "s|@CXX@|$(foreach BIN,$(HOSTCXX),'$(BIN)',)|" \
+		-e "s|@PKGCONFIG@|$(PKG_CONFIG)|" \
+		-e "s|@CMAKE@|$(STAGING_DIR_HOST)/bin/cmake|" \
+		-e "s|@PYTHON@|$(STAGING_DIR_HOST)/bin/python3|" \
+		-e "s|@CFLAGS@|$(foreach FLAG,$(HOST_CFLAGS) $(HOST_CPPFLAGS),'$(FLAG)',)|" \
+		-e "s|@CXXFLAGS@|$(foreach FLAG,$(HOST_CXXFLAGS) $(HOST_CPPFLAGS),'$(FLAG)',)|" \
+		-e "s|@LDFLAGS@|$(foreach FLAG,$(HOST_LDFLAGS),'$(FLAG)',)|" \
+		-e "s|@PREFIX@|$(HOST_BUILD_PREFIX)|" \
+		< $(MESON_DIR)/openwrt-native.txt.in \
+		> $(1)
+endef
+
+define Meson/CreateCrossFile
+	$(STAGING_DIR_HOST)/bin/sed \
+		-e "s|@CC@|$(foreach BIN,$(TARGET_CC),'$(BIN)',)|" \
+		-e "s|@CXX@|$(foreach BIN,$(TARGET_CXX),'$(BIN)',)|" \
+		-e "s|@AR@|$(TARGET_AR)|" \
+		-e "s|@STRIP@|$(TARGET_CROSS)strip|" \
+		-e "s|@NM@|$(TARGET_NM)|" \
+		-e "s|@PKGCONFIG@|$(PKG_CONFIG)|" \
+		-e "s|@CMAKE@|$(STAGING_DIR_HOST)/bin/cmake|" \
+		-e "s|@PYTHON@|$(STAGING_DIR_HOST)/bin/python3|" \
+		-e "s|@CFLAGS@|$(foreach FLAG,$(TARGET_CFLAGS) $(EXTRA_CFLAGS) $(TARGET_CPPFLAGS) $(EXTRA_CPPFLAGS),'$(FLAG)',)|" \
+		-e "s|@CXXFLAGS@|$(foreach FLAG,$(TARGET_CXXFLAGS) $(EXTRA_CXXFLAGS) $(TARGET_CPPFLAGS) $(EXTRA_CPPFLAGS),'$(FLAG)',)|" \
+		-e "s|@LDFLAGS@|$(foreach FLAG,$(TARGET_LDFLAGS) $(EXTRA_LDFLAGS),'$(FLAG)',)|" \
+		-e "s|@ARCH@|$(MESON_ARCH)|" \
+		-e "s|@CPU@|$(MESON_CPU)|" \
+		-e "s|@ENDIAN@|$(if $(CONFIG_BIG_ENDIAN),big,little)|" \
+		< $(MESON_DIR)/openwrt-cross.txt.in \
+		> $(1)
+endef
+
+define Host/Configure/Meson
+	$(call Meson/CreateNativeFile,$(HOST_BUILD_DIR)/openwrt-native.txt)
+	$(call Meson, \
+		--native-file $(HOST_BUILD_DIR)/openwrt-native.txt \
+		$(MESON_HOST_ARGS) \
+		$(MESON_HOST_BUILD_DIR) \
+		$(MESON_HOST_BUILD_DIR)/.., \
+		$(MESON_HOST_VARS))
+endef
+
+define Host/Compile/Meson
+	+$(NINJA) -C $(MESON_HOST_BUILD_DIR) $(1)
+endef
+
+define Host/Install/Meson
+	+$(NINJA) -C $(MESON_HOST_BUILD_DIR) install
+endef
+
+define Host/Uninstall/Meson
+	+$(NINJA) -C $(MESON_HOST_BUILD_DIR) uninstall || true
+endef
+
+define Build/Configure/Meson
+	$(call Meson/CreateNativeFile,$(PKG_BUILD_DIR)/openwrt-native.txt)
+	$(call Meson/CreateCrossFile,$(PKG_BUILD_DIR)/openwrt-cross.txt)
+	$(call Meson, \
+		--buildtype plain \
+		--native-file $(PKG_BUILD_DIR)/openwrt-native.txt \
+		--cross-file $(PKG_BUILD_DIR)/openwrt-cross.txt \
+		$(MESON_ARGS) \
+		$(MESON_BUILD_DIR) \
+		$(MESON_BUILD_DIR)/.., \
+		$(MESON_VARS))
+endef
+
+define Build/Compile/Meson
+	+$(NINJA) -C $(MESON_BUILD_DIR) $(1)
+endef
+
+define Build/Install/Meson
+	+DESTDIR="$(PKG_INSTALL_DIR)" $(NINJA) -C $(MESON_BUILD_DIR) install
+endef
+
+Host/Configure=$(call Host/Configure/Meson)
+Host/Compile=$(call Host/Compile/Meson)
+Host/Install=$(call Host/Install/Meson)
+Host/Uninstall=$(call Host/Uninstall/Meson)
+Build/Configure=$(call Build/Configure/Meson)
+Build/Compile=$(call Build/Compile/Meson)
+Build/Install=$(call Build/Install/Meson)
--- a/include/netfilter.mk
+++ b/include/netfilter.mk
@@ -1,9 +1,6 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
-# Copyright (C) 2006-2014 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+# Copyright (C) 2006-2020 OpenWrt.org

 ifneq ($(__inc_netfilter),1)
 __inc_netfilter:=1
@@ -51,8 +48,6 @@ $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_COMMENT, $(P_XT)xt_comme
 $(eval $(call nf_add,IPT_CLUSTER,CONFIG_NETFILTER_XT_MATCH_CLUSTER, $(P_XT)xt_cluster))

 $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_LOG, $(P_XT)xt_LOG))
-$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_LOG, $(P_XT)nf_log_common))
-$(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_LOG, $(P_V4)nf_log_ipv4))
 $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_TARGET_TCPMSS, $(P_XT)xt_TCPMSS))
 $(eval $(call nf_add,IPT_CORE,CONFIG_IP_NF_TARGET_REJECT, $(P_V4)ipt_REJECT))
 $(eval $(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MATCH_TIME, $(P_XT)xt_time))
@@ -67,9 +62,7 @@ $(eval $(if $(NF_KMOD),,$(call nf_add,IPT_CORE,CONFIG_NETFILTER_XT_MARK, $(P_XT)

 # kernel only
 $(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_CONNTRACK, $(P_XT)nf_conntrack),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_CONNTRACK_RTCACHE, $(P_XT)nf_conntrack_rtcache),))
 $(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_DEFRAG_IPV4, $(P_V4)nf_defrag_ipv4),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_CONNTRACK_IPV4, $(P_V4)nf_conntrack_ipv4),))

 $(eval $(call nf_add,IPT_CONNTRACK,CONFIG_NETFILTER_XT_MATCH_STATE, $(P_XT)xt_state))
 $(eval $(call nf_add,IPT_CONNTRACK,CONFIG_NETFILTER_XT_TARGET_CT, $(P_XT)xt_CT))
@@ -97,6 +90,7 @@ $(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_ADDRTYPE, $(if $(NF_KMO
 $(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_OWNER, $(P_XT)xt_owner))
 $(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_PKTTYPE, $(P_XT)xt_pkttype))
 $(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_QUOTA, $(P_XT)xt_quota))
+$(eval $(call nf_add,IPT_EXTRA,CONFIG_NETFILTER_XT_MATCH_CGROUP, $(P_XT)xt_cgroup))

 #$(eval $(call nf_add,IPT_EXTRA,CONFIG_IP_NF_TARGET_ROUTE, $(P_V4)ipt_ROUTE))

@@ -122,7 +116,6 @@ $(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_MATCH_STATISTIC, $(P_XT)xt_st
 $(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_MATCH_TCPMSS, $(P_XT)xt_tcpmss))

 $(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_TARGET_CLASSIFY, $(P_XT)xt_CLASSIFY))
-$(eval $(call nf_add,IPT_IPOPT,CONFIG_IP_NF_MATCH_DSCP, $(P_V4)ipt_dscp))
 $(eval $(call nf_add,IPT_IPOPT,CONFIG_IP_NF_TARGET_ECN, $(P_V4)ipt_ECN))

 $(eval $(call nf_add,IPT_IPOPT,CONFIG_NETFILTER_XT_MATCH_ECN, $(P_XT)xt_ecn))
@@ -157,19 +150,15 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NF_REJECT6,CONFIG_NF_REJECT_IPV6, $(P_V6)nf

 $(eval $(if $(NF_KMOD),$(call nf_add,NF_IPT6,CONFIG_IP6_NF_IPTABLES, $(P_V6)ip6_tables),))

-$(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_DEFRAG_IPV6, $(P_V6)nf_defrag_ipv6, ge 4.19),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK6,CONFIG_NF_DEFRAG_IPV6, $(P_V6)nf_defrag_ipv6, lt 4.19),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK6,CONFIG_NF_CONNTRACK_IPV6, $(P_V6)nf_conntrack_ipv6),))
+$(eval $(if $(NF_KMOD),$(call nf_add,NF_CONNTRACK,CONFIG_NF_DEFRAG_IPV6, $(P_V6)nf_defrag_ipv6),))

 $(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_FILTER, $(P_V6)ip6table_filter),))
 $(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_MANGLE, $(P_V6)ip6table_mangle),))
-$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_QUEUE, $(P_V6)ip6_queue),))
-$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_NF_LOG_IPV6, $(P_V6)nf_log_ipv6),))
+$(eval $(if $(NF_KMOD),$(call nf_add,IPT_IPV6,CONFIG_NF_LOG_IPV6, $(P_V6)nf_log_ipv6,lt 5.13),))

 $(eval $(if $(NF_KMOD),,$(call nf_add,IPT_IPV6,CONFIG_IP6_NF_IPTABLES, ip6t_icmp6)))


-$(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_LOG, $(P_V6)ip6t_LOG))
 $(eval $(call nf_add,IPT_IPV6,CONFIG_IP6_NF_TARGET_REJECT, $(P_V6)ip6t_REJECT))

 # ipv6 extra
@@ -181,30 +170,32 @@ $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_OPTS, $(P_V6)ip6t_hbh))
 $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_FRAG, $(P_V6)ip6t_frag))
 $(eval $(call nf_add,IPT_IPV6_EXTRA,CONFIG_IP6_NF_MATCH_RT, $(P_V6)ip6t_rt))

+# log
+
+$(eval $(call nf_add,NF_LOG,CONFIG_NF_LOG_COMMON, $(P_XT)nf_log_common, lt 5.13))
+$(eval $(call nf_add,NF_LOG,CONFIG_NF_LOG_IPV4, $(P_V4)nf_log_ipv4, lt 5.13))
+$(eval $(call nf_add,NF_LOG,CONFIG_NF_LOG_SYSLOG, $(P_XT)nf_log_syslog, ge 5.13))
+# $(eval $(if $(NF_KMOD),$(call nf_add,NF_LOG6,CONFIG_NF_LOG_IPV6, $(P_V6)nf_log_ipv6,lt 5.13),))
+
 # nat

 # kernel only
 $(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT, $(P_XT)nf_nat),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_REDIRECT, $(P_XT)nf_nat_redirect, ge 3.19.0),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_IPV4, $(P_V4)nf_nat_ipv4),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_MASQUERADE_IPV4, $(P_V4)nf_nat_masquerade_ipv4, lt 4.18),))

-$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_IPV6, $(P_V6)nf_nat_ipv6),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_MASQUERADE_IPV6, $(P_V6)nf_nat_masquerade_ipv6, lt 4.18),))
+$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT,CONFIG_NF_NAT_IPV4, $(P_V4)nf_nat_ipv4, lt 5.1)))
+$(eval $(if $(NF_KMOD),$(call nf_add,NF_NAT6,CONFIG_NF_NAT_IPV6, $(P_V6)nf_nat_ipv6, lt 5.1)))

 $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_NETFILTER_XT_NAT, $(P_XT)xt_nat),))
 $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT,CONFIG_IP_NF_NAT, $(P_V4)iptable_nat),))
 $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT6,CONFIG_IP6_NF_NAT, $(P_V6)ip6table_nat),))
-$(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT6,CONFIG_IP6_NF_TARGET_MASQUERADE, $(P_V6)ip6t_MASQUERADE),))
 $(eval $(if $(NF_KMOD),$(call nf_add,IPT_NAT6,CONFIG_IP6_NF_TARGET_NPT, $(P_V6)ip6t_NPT),))

 # userland only
 $(eval $(if $(NF_KMOD),,$(call nf_add,IPT_NAT,CONFIG_NF_NAT, ipt_SNAT ipt_DNAT)))
 $(eval $(if $(NF_KMOD),,$(call nf_add,IPT_NAT6,CONFIG_IP6_NF_TARGET_NPT, ip6t_DNPT ip6t_SNPT)))

-$(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_MASQUERADE, $(P_V4)ipt_MASQUERADE, lt 5.2))
-$(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_MASQUERADE, $(P_XT)xt_MASQUERADE, ge 5.2))
-$(eval $(call nf_add,IPT_NAT,CONFIG_IP_NF_TARGET_REDIRECT, $(P_XT)xt_REDIRECT))
+$(eval $(call nf_add,IPT_NAT,CONFIG_NETFILTER_XT_TARGET_MASQUERADE, $(P_XT)xt_MASQUERADE))
+$(eval $(call nf_add,IPT_NAT,CONFIG_NETFILTER_XT_TARGET_REDIRECT, $(P_XT)xt_REDIRECT))


 # nat-extra
@@ -223,8 +214,8 @@ $(eval $(call nf_add,NF_NATHELPER,CONFIG_NF_NAT_FTP, $(P_XT)nf_nat_ftp))
 $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_BROADCAST, $(P_XT)nf_conntrack_broadcast))
 $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_AMANDA, $(P_XT)nf_conntrack_amanda))
 $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_AMANDA, $(P_XT)nf_nat_amanda))
-$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CT_PROTO_GRE, $(P_XT)nf_conntrack_proto_gre))
-$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_PROTO_GRE, $(P_V4)nf_nat_proto_gre))
+$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CT_PROTO_GRE, $(P_XT)nf_conntrack_proto_gre, lt 5.1))
+$(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_PROTO_GRE, $(P_V4)nf_nat_proto_gre, lt 5.0))
 $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_H323, $(P_XT)nf_conntrack_h323))
 $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_H323, $(P_V4)nf_nat_h323))
 $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_PPTP, $(P_XT)nf_conntrack_pptp))
@@ -239,11 +230,6 @@ $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_CONNTRACK_IRC, $(P_XT)nf_connt
 $(eval $(call nf_add,NF_NATHELPER_EXTRA,CONFIG_NF_NAT_IRC, $(P_XT)nf_nat_irc))


-# ulog
-
-$(eval $(call nf_add,IPT_ULOG,CONFIG_IP_NF_TARGET_ULOG, $(P_V4)ipt_ULOG))
-
-
 # nflog

 $(eval $(call nf_add,IPT_NFLOG,CONFIG_NETFILTER_XT_TARGET_NFLOG, $(P_XT)xt_NFLOG))
@@ -258,14 +244,15 @@ $(eval $(call nf_add,IPT_NFQUEUE,CONFIG_NETFILTER_XT_TARGET_NFQUEUE, $(P_XT)xt_N

 $(eval $(call nf_add,IPT_DEBUG,CONFIG_NETFILTER_XT_TARGET_TRACE, $(P_XT)xt_TRACE))

-# tproxy
+# socket
+$(eval $(call nf_add,NF_SOCKET,CONFIG_NF_SOCKET_IPV4, $(P_V4)nf_socket_ipv4))
+$(eval $(call nf_add,NF_SOCKET,CONFIG_NF_SOCKET_IPV6, $(P_V6)nf_socket_ipv6))
+$(eval $(call nf_add,IPT_SOCKET,CONFIG_NETFILTER_XT_MATCH_SOCKET, $(P_XT)xt_socket))

-$(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_MATCH_SOCKET, $(P_XT)xt_socket))
-$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_SOCKET_IPV4, $(P_V4)nf_socket_ipv4, ge 4.10))
-$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_SOCKET_IPV6, $(P_V6)nf_socket_ipv6, ge 4.10))
+# tproxy
+$(eval $(call nf_add,NF_TPROXY,CONFIG_NF_TPROXY_IPV4, $(P_V4)nf_tproxy_ipv4))
+$(eval $(call nf_add,NF_TPROXY,CONFIG_NF_TPROXY_IPV6, $(P_V6)nf_tproxy_ipv6))
 $(eval $(call nf_add,IPT_TPROXY,CONFIG_NETFILTER_XT_TARGET_TPROXY, $(P_XT)xt_TPROXY))
-$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_TPROXY_IPV4, $(P_V4)nf_tproxy_ipv4, ge 4.18))
-$(eval $(call nf_add,IPT_TPROXY,CONFIG_NF_TPROXY_IPV6, $(P_V6)nf_tproxy_ipv6, ge 4.18))

 # led
 $(eval $(call nf_add,IPT_LED,CONFIG_NETFILTER_XT_TARGET_LED, $(P_XT)xt_LED))
@@ -273,8 +260,8 @@ $(eval $(call nf_add,IPT_LED,CONFIG_NETFILTER_XT_TARGET_LED, $(P_XT)xt_LED))
 # tee

 $(eval $(call nf_add,IPT_TEE,CONFIG_NETFILTER_XT_TARGET_TEE, $(P_XT)xt_TEE))
-$(eval $(if $(NF_KMOD),$(call nf_add,IPT_TEE,CONFIG_NF_DUP_IPV4, $(P_V4)nf_dup_ipv4, ge 4.3),))
-$(eval $(if $(NF_KMOD),$(call nf_add,IPT_TEE,CONFIG_NF_DUP_IPV6, $(P_V6)nf_dup_ipv6, ge 4.3),))
+$(eval $(if $(NF_KMOD),$(call nf_add,IPT_TEE,CONFIG_NF_DUP_IPV4, $(P_V4)nf_dup_ipv4),))
+$(eval $(if $(NF_KMOD),$(call nf_add,IPT_TEE,CONFIG_NF_DUP_IPV6, $(P_V6)nf_dup_ipv6),))

 # u32

@@ -329,47 +316,36 @@ $(eval $(call nf_add,EBTABLES_IP4,CONFIG_BRIDGE_EBT_SNAT, $(P_EBT)ebt_snat))

 # watchers
 $(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_LOG, $(P_EBT)ebt_log))
-$(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_ULOG, $(P_EBT)ebt_ulog))
 $(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_NFLOG, $(P_EBT)ebt_nflog))
 $(eval $(call nf_add,EBTABLES_WATCHERS,CONFIG_BRIDGE_EBT_NFQUEUE, $(P_EBT)ebt_nfqueue))

 # nftables
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NF_TABLES, $(P_XT)nf_tables),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NF_TABLES_INET, $(P_XT)nf_tables_inet, lt 4.17),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_EXTHDR, $(P_XT)nft_exthdr),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_META, $(P_XT)nft_meta),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_NUMGEN, $(P_XT)nft_numgen, ge 4.9.0),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_CT, $(P_XT)nft_ct),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_SET_RBTREE, $(P_XT)nft_set_rbtree, ge 4.9.0),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_RBTREE, $(P_XT)nft_rbtree, lt 4.9.0),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_SET_HASH, $(P_XT)nft_set_hash, ge 4.9.0),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_HASH, $(P_XT)nft_hash, lt 4.9.0),))
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NF_TABLES_SET, $(P_XT)nf_tables_set),))
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_COUNTER, $(P_XT)nft_counter),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_LOG, $(P_XT)nft_log),))
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_CT, $(P_XT)nft_ct),))
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_HASH, $(P_XT)nft_hash),))
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_LIMIT, $(P_XT)nft_limit),))
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_LOG, $(P_XT)nft_log),))
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_META, $(P_XT)nft_meta),))
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_NUMGEN, $(P_XT)nft_numgen),))
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_OBJREF, $(P_XT)nft_objref),))
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_QUOTA, $(P_XT)nft_quota),))
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_REDIR, $(P_XT)nft_redir),))
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_REJECT, $(P_XT)nft_reject $(P_V4)nft_reject_ipv4 $(P_V6)nft_reject_ipv6),))
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_REJECT_INET, $(P_XT)nft_reject_inet),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NF_TABLES_IPV4, $(P_V4)nf_tables_ipv4, lt 4.17),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_CHAIN_ROUTE_IPV4, $(P_V4)nft_chain_route_ipv4),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NF_TABLES_IPV6, $(P_V6)nf_tables_ipv6, lt 4.17),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_CHAIN_ROUTE_IPV6, $(P_V6)nft_chain_route_ipv6),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_REDIR, $(P_XT)nft_redir, ge 3.19.0),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NFT_CORE,CONFIG_NFT_QUOTA, $(P_XT)nft_quota, ge 4.9.0),))

-$(eval $(if $(NF_KMOD),$(call nf_add,NFT_ARP,CONFIG_NF_TABLES_ARP, $(P_V4)nf_tables_arp, lt 4.17),))
-
-$(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NF_TABLES_BRIDGE, $(P_EBT)nf_tables_bridge, lt 4.17),))
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NFT_BRIDGE_META, $(P_EBT)nft_meta_bridge),))
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NFT_BRIDGE_REJECT, $(P_EBT)nft_reject_bridge),))
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_BRIDGE,CONFIG_NF_CONNTRACK_BRIDGE, $(P_EBT)nf_conntrack_bridge),))

 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_NAT, $(P_XT)nft_nat),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_CHAIN_NAT_IPV4, $(P_V4)nft_chain_nat_ipv4),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_REDIR_IPV4, $(P_V4)nft_redir_ipv4, ge 3.19.0),))
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_NAT, $(P_XT)nft_chain_nat),))
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_REDIR_IPV4, $(P_V4)nft_redir_ipv4),))
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_MASQ, $(P_XT)nft_masq),))
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT,CONFIG_NFT_MASQ_IPV4, $(P_V4)nft_masq_ipv4),))

-$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT6,CONFIG_NFT_REDIR_IPV6, $(P_V6)nft_redir_ipv6, ge 3.19.0),))
-$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT6,CONFIG_NFT_CHAIN_NAT_IPV6, $(P_V6)nft_chain_nat_ipv6),))
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT6,CONFIG_NFT_REDIR_IPV6, $(P_V6)nft_redir_ipv6),))
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_NAT6,CONFIG_NFT_MASQ_IPV6, $(P_V6)nft_masq_ipv6),))

 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_FIB,CONFIG_NFT_FIB, $(P_XT)nft_fib),))
@@ -377,6 +353,15 @@ $(eval $(if $(NF_KMOD),$(call nf_add,NFT_FIB,CONFIG_NFT_FIB_INET, $(P_XT)nft_fib
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_FIB,CONFIG_NFT_FIB_IPV4, $(P_V4)nft_fib_ipv4),))
 $(eval $(if $(NF_KMOD),$(call nf_add,NFT_FIB,CONFIG_NFT_FIB_IPV6, $(P_V6)nft_fib_ipv6),))

+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_QUEUE,CONFIG_NFT_QUEUE, $(P_XT)nft_queue),))
+
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_SOCKET,CONFIG_NFT_SOCKET, $(P_XT)nft_socket),))
+
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_TPROXY,CONFIG_NFT_TPROXY, $(P_XT)nft_tproxy),))
+
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_COMPAT,CONFIG_NFT_COMPAT, $(P_XT)nft_compat),))
+
+$(eval $(if $(NF_KMOD),$(call nf_add,NFT_XFRM,CONFIG_NFT_XFRM, $(P_XT)nft_xfrm),))

 # userland only
 IPT_BUILTIN += $(NF_IPT-y) $(NF_IPT-m)
@@ -402,7 +387,6 @@ IPT_BUILTIN += $(IPT_NAT6-y)
 IPT_BUILTIN += $(IPT_NAT_EXTRA-y)
 IPT_BUILTIN += $(NF_NATHELPER-y)
 IPT_BUILTIN += $(NF_NATHELPER_EXTRA-y)
-IPT_BUILTIN += $(IPT_ULOG-y)
 IPT_BUILTIN += $(IPT_TPROXY-y)
 IPT_BUILTIN += $(NFNETLINK-y)
 IPT_BUILTIN += $(NFNETLINK_LOG-y)
--- a/include/nls.mk
+++ b/include/nls.mk
@@ -1,9 +1,6 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
-# Copyright (C) 2011-2012 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+# Copyright (C) 2011-2020 OpenWrt.org

 # iconv full
 ifeq ($(CONFIG_BUILD_NLS),y)
@@ -13,27 +10,38 @@ ifeq ($(CONFIG_BUILD_NLS),y)
 	INTL_PREFIX:=$(STAGING_DIR)/usr/lib/libintl-full
 	INTL_FULL:=1

-# iconv stub
+	CMAKE_OPTIONS += -DCMAKE_PREFIX_PATH="$(ICONV_PREFIX);$(INTL_PREFIX)"
 else
-	ICONV_PREFIX:=$(STAGING_DIR)/usr/lib/libiconv-stub
+	ICONV_PREFIX:=
 	ICONV_FULL:=

-	INTL_PREFIX:=$(STAGING_DIR)/usr/lib/libintl-stub
+	INTL_PREFIX:=
 	INTL_FULL:=
 endif

 PKG_CONFIG_DEPENDS += CONFIG_BUILD_NLS
-PKG_BUILD_DEPENDS += !BUILD_NLS:libiconv !BUILD_NLS:gettext

 ICONV_DEPENDS:=+BUILD_NLS:libiconv-full
-ICONV_CFLAGS:=-I$(ICONV_PREFIX)/include
-ICONV_CPPFLAGS:=-I$(ICONV_PREFIX)/include
-ICONV_LDFLAGS:=-L$(ICONV_PREFIX)/lib -Wl,-rpath-link=$(ICONV_PREFIX)/lib
+ifeq ($(CONFIG_BUILD_NLS),y)
+	ICONV_CFLAGS:=-I$(ICONV_PREFIX)/include
+	ICONV_CPPFLAGS:=-I$(ICONV_PREFIX)/include
+	ICONV_LDFLAGS:=-L$(ICONV_PREFIX)/lib -Wl,-rpath-link=$(ICONV_PREFIX)/lib
+else
+	ICONV_CFLAGS:=
+	ICONV_CPPFLAGS:=
+	ICONV_LDFLAGS:=
+endif

 INTL_DEPENDS:=+BUILD_NLS:libintl-full
-INTL_CFLAGS:=-I$(INTL_PREFIX)/include
-INTL_CPPFLAGS:=-I$(INTL_PREFIX)/include
-INTL_LDFLAGS:=-L$(INTL_PREFIX)/lib -Wl,-rpath-link=$(INTL_PREFIX)/lib
+ifeq ($(CONFIG_BUILD_NLS),y)
+	INTL_CFLAGS:=-I$(INTL_PREFIX)/include
+	INTL_CPPFLAGS:=-I$(INTL_PREFIX)/include
+	INTL_LDFLAGS:=-L$(INTL_PREFIX)/lib -Wl,-rpath-link=$(INTL_PREFIX)/lib
+else
+	INTL_CFLAGS:=
+	INTL_CPPFLAGS:=
+	INTL_LDFLAGS:=
+endif

 TARGET_CFLAGS += $(ICONV_CFLAGS) $(INTL_CFLAGS)
 TARGET_CPPFLAGS += $(ICONV_CPPFLAGS) $(INTL_CPPFLAGS)
--- a/include/openssl-module.mk
+++ b/include/openssl-module.mk
@@ -0,0 +1,79 @@
+# SPDX-License-Identifier: GPL-2.0-only
+#
+# Copyright (C) 2022-2023 Enéas Ulir de Queiroz
+
+ENGINES_DIR=engines-3
+
+define Package/openssl/module/Default
+  SECTION:=libs
+  CATEGORY:=Libraries
+  SUBMENU:=SSL
+  DEPENDS:=libopenssl +libopenssl-conf
+endef
+
+define Package/openssl/engine/Default
+  $(Package/openssl/module/Default)
+  DEPENDS+=@OPENSSL_ENGINE
+endef
+
+
+# 1 = moudule type (engine|provider)
+# 2 = module name
+# 3 = directory to save .so file
+# 4 = [ package name, defaults to libopenssl-$(2) ]
+define Package/openssl/add-module
+  $(eval MOD_TYPE:=$(1))
+  $(eval MOD_NAME:=$(2))
+  $(eval MOD_DIR:=$(3))
+  $(eval OSSL_PKG:=$(if $(4),$(4),libopenssl-$(MOD_NAME)))
+  $(info Package/openssl/add-module 1='$(1)'; 2='$(2)'; 3='$(3)' 4='$(4)')
+  $(info MOD_TYPE='$(MOD_TYPE)'; MOD_NAME='$(MOD_NAME)'; MOD_DIR='$(MOD_DIR)' OSSL_PKG='$(OSSL_PKG)')
+  Package/$(OSSL_PKG)/conffiles:=/etc/ssl/modules.cnf.d/$(MOD_NAME).cnf
+
+  define Package/$(OSSL_PKG)/install
+	$$(INSTALL_DIR)  $$(1)/$(MOD_DIR)
+	$$(INSTALL_BIN)  $$(PKG_INSTALL_DIR)/$(MOD_DIR)/$(MOD_NAME).so \
+			 $$(1)/$(MOD_DIR)
+	$$(INSTALL_DIR)  $$(1)/etc/ssl/modules.cnf.d
+	$$(INSTALL_DATA) ./files/$(MOD_NAME).cnf $$(1)/etc/ssl/modules.cnf.d/
+  endef
+
+  define Package/$(OSSL_PKG)/postinst
+#!/bin/sh
+OPENSSL_UCI="$$$${IPKG_INSTROOT}/etc/config/openssl"
+
+[ -z "$$$${IPKG_INSTROOT}" ] \
+	&& uci -q get openssl.$(MOD_NAME) >/dev/null \
+	&& exit 0
+
+cat << EOF >> "$$$${OPENSSL_UCI}"
+
+config $(MOD_TYPE) '$(MOD_NAME)'
+	option enabled '1'
+EOF
+
+[ -n "$$$${IPKG_INSTROOT}" ] || /etc/init.d/openssl reload
+exit 0
+  endef
+
+  define Package/$(OSSL_PKG)/postrm
+#!/bin/sh
+[ -n "$$$${IPKG_INSTROOT}" ] && exit 0
+uci -q delete openssl.$(MOD_NAME) && uci commit openssl
+/etc/init.d/openssl reload
+exit 0
+  endef
+endef
+
+# 1 = engine name
+# 2 - package name, defaults to libopenssl-$(1)
+define Package/openssl/add-engine
+  $(call Package/openssl/add-module,engine,$(1),/usr/lib/$(ENGINES_DIR),$(2))
+endef
+
+# 1 = provider name
+# 2 = [ package name, defaults to libopenssl-$(1) ]
+define Package/openssl/add-provider
+  $(call Package/openssl/add-module,provider,$(1),/usr/lib/ossl-modules,$(2))
+endef
+
--- a/include/package-bin.mk
+++ b/include/package-bin.mk
@@ -1,13 +1,11 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
-# Copyright (C) 2007-2014 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+# Copyright (C) 2007-2020 OpenWrt.org

 ifeq ($(DUMP),)
  define BuildTarget/bin
-    ifeq ($(if $(VARIANT),$(BUILD_VARIANT)),$(VARIANT))
+    TARGET_VARIANT=$(if $(ALL_VARIANTS),$(if $(VARIANT),$(filter-out *,$(VARIANT)),$(firstword $(ALL_VARIANTS))))
+    ifeq ($(if $(TARGET_VARIANT),$(BUILD_VARIANT)),$(TARGET_VARIANT))
    ifdef Package/$(1)/install
      ifneq ($(CONFIG_PACKAGE_$(1))$(DEVELOPER),)
        $(_pkg_target)compile: $(PKG_BUILD_DIR)/.pkgdir/$(1).installed
--- a/include/package-defaults.mk
+++ b/include/package-defaults.mk
@@ -1,11 +1,8 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
-# Copyright (C) 2006 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+# Copyright (C) 2006-2020 OpenWrt.org

-PKG_DEFAULT_DEPENDS = +libc +GCC_LIBSSP:libssp +USE_GLIBC:librt +USE_GLIBC:libpthread
+PKG_DEFAULT_DEPENDS = +libc

 ifneq ($(PKG_NAME),toolchain)
  PKG_FIXUP_DEPENDS = $(if $(filter kmod-%,$(1)),$(2),$(PKG_DEFAULT_DEPENDS) $(filter-out $(PKG_DEFAULT_DEPENDS),$(2)))
@@ -59,6 +56,7 @@ define Package/Default
  ALTERNATIVES:=
  LICENSE:=$(PKG_LICENSE)
  LICENSE_FILES:=$(PKG_LICENSE_FILES)
+  FILE_MODES:=$(PKG_FILE_MODES)
 endef

 Build/Patch:=$(Build/Patch/Default)
--- a/include/package-dumpinfo.mk
+++ b/include/package-dumpinfo.mk
@@ -1,9 +1,6 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
-# Copyright (C) 2006 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+# Copyright (C) 2006-2020 OpenWrt.org

 ifneq ($(DUMP),)

@@ -24,8 +21,7 @@ $(if $(MENU),Menu: $(MENU)
 )$(if $(DEFAULT),Default: $(DEFAULT)
 )$(if $(findstring $(PREREQ_CHECK),1),Prereq-Check: 1
 )Version: $(VERSION)
-$(if $(ABI_VERSION),ABIVersion: $(ABI_VERSION)
-)Depends: $(call PKG_FIXUP_DEPENDS,$(1),$(DEPENDS))
+Depends: $(call PKG_FIXUP_DEPENDS,$(1),$(DEPENDS))
 Conflicts: $(CONFLICTS)
 Menu-Depends: $(MDEPENDS)
 Provides: $(PROVIDES)
--- a/include/package-ipkg.mk
+++ b/include/package-ipkg.mk
@@ -1,23 +1,28 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
-# Copyright (C) 2006-2014 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+# Copyright (C) 2006-2020 OpenWrt.org

 ifndef DUMP
  include $(INCLUDE_DIR)/feeds.mk
 endif

-# invoke ipkg-build with some default options
-IPKG_BUILD:= \
-  $(SCRIPT_DIR)/ipkg-build -c -o 0 -g 0
-
 IPKG_REMOVE:= \
  $(SCRIPT_DIR)/ipkg-remove

 IPKG_STATE_DIR:=$(TARGET_DIR)/usr/lib/opkg

+# Generates a make statement to return a wildcard for candidate ipkg files
+# 1: package name
+define gen_ipkg_wildcard
+  $(1)$$(if $$(filter -%,$$(ABIV_$(1))),,[^a-z-])*
+endef
+
+# 1: package name
+# 2: candidate ipk files
+define remove_ipkg_files
+  $(if $(strip $(2)),$(IPKG_REMOVE) $(1) $(2))
+endef
+
 # 1: package name
 # 2: variable name
 # 3: variable suffix
@@ -94,13 +99,14 @@ _endef=endef

 ifeq ($(DUMP),)
  define BuildTarget/ipkg
-    ABIV_$(1):=$(call GetABISuffix,$(1))
+    ABIV_$(1):=$(call FormatABISuffix,$(1),$(ABI_VERSION))
    PDIR_$(1):=$(call FeedPackageDir,$(1))
    IPKG_$(1):=$$(PDIR_$(1))/$(1)$$(ABIV_$(1))_$(VERSION)_$(PKGARCH).ipk
    IDIR_$(1):=$(PKG_BUILD_DIR)/ipkg-$(PKGARCH)/$(1)
    KEEP_$(1):=$(strip $(call Package/$(1)/conffiles))

-    ifeq ($(BUILD_VARIANT),$$(if $$(VARIANT),$$(VARIANT),$(BUILD_VARIANT)))
+    TARGET_VARIANT:=$$(if $(ALL_VARIANTS),$$(if $$(VARIANT),$$(filter-out *,$$(VARIANT)),$(firstword $(ALL_VARIANTS))))
+    ifeq ($(BUILD_VARIANT),$$(if $$(TARGET_VARIANT),$$(TARGET_VARIANT),$(BUILD_VARIANT)))
    do_install=
    ifdef Package/$(1)/install
      do_install=yes
@@ -151,7 +157,12 @@ ifeq ($(DUMP),)

    $(STAGING_DIR_ROOT)/stamp/.$(1)_installed: $(PKG_BUILD_DIR)/.pkgdir/$(1).installed
 	mkdir -p $(STAGING_DIR_ROOT)/stamp
-	$(if $(ABI_VERSION),echo '$(ABI_VERSION)' | cmp -s - $(PKG_INFO_DIR)/$(1).version || echo '$(ABI_VERSION)' > $(PKG_INFO_DIR)/$(1).version)
+	$(if $(ABI_VERSION),echo '$(ABI_VERSION)' | cmp -s - $(PKG_INFO_DIR)/$(1).version || { \
+		echo '$(ABI_VERSION)' > $(PKG_INFO_DIR)/$(1).version; \
+		$(foreach pkg,$(filter-out $(1),$(PROVIDES)), \
+			cp $(PKG_INFO_DIR)/$(1).version $(PKG_INFO_DIR)/$(pkg).version; \
+		) \
+	} )
 	$(call locked,$(CP) $(PKG_BUILD_DIR)/.pkgdir/$(1)/. $(STAGING_DIR_ROOT)/,root-copy)
 	touch $$@

@@ -165,7 +176,7 @@ Package: $(1)$$(ABIV_$(1))
 Version: $(VERSION)
 $$(call addfield,Depends,$$(Package/$(1)/DEPENDS)
 )$$(call addfield,Conflicts,$$(call mergelist,$(CONFLICTS))
-)$$(call addfield,Provides,$$(call mergelist,$$(filter-out $(1)$$(ABIV_$(1)),$(PROVIDES)$$(if $$(ABIV_$(1)), $(1) $(foreach provide,$(PROVIDES),$(provide)$$(call GetABISuffix,$(provide))))))
+)$$(call addfield,Provides,$$(call mergelist,$$(filter-out $(1)$$(ABIV_$(1)),$(PROVIDES)$$(if $$(ABIV_$(1)), $(1) $(foreach provide,$(PROVIDES),$(provide)$$(ABIV_$(1))))))
 )$$(call addfield,Alternatives,$$(call mergelist,$(ALTERNATIVES))
 )$$(call addfield,Source,$(SOURCE)
 )$$(call addfield,SourceName,$(1)
@@ -173,6 +184,9 @@ $$(call addfield,Depends,$$(Package/$(1)/DEPENDS)
 )$$(call addfield,LicenseFiles,$(LICENSE_FILES)
 )$$(call addfield,Section,$(SECTION)
 )$$(call addfield,Require-User,$(USERID)
+)$$(call addfield,SourceDateEpoch,$(PKG_SOURCE_DATE_EPOCH)
+)$$(if $$(ABIV_$(1)),ABIVersion: $$(ABIV_$(1))
+)$(if $(PKG_CPE_ID),CPE-ID: $(PKG_CPE_ID)
 )$(if $(filter hold,$(PKG_FLAGS)),Status: unknown hold not-installed
 )$(if $(filter essential,$(PKG_FLAGS)),Essential: yes
 )$(if $(MAINTAINER),Maintainer: $(MAINTAINER)
@@ -183,8 +197,10 @@ $(_endef)
    $$(IPKG_$(1)) : export CONTROL=$$(Package/$(1)/CONTROL)
    $$(IPKG_$(1)) : export DESCRIPTION=$$(Package/$(1)/description)
    $$(IPKG_$(1)) : export PATH=$$(TARGET_PATH_PKG)
+    $$(IPKG_$(1)) : export PKG_SOURCE_DATE_EPOCH:=$(PKG_SOURCE_DATE_EPOCH)
    $(PKG_INFO_DIR)/$(1).provides $$(IPKG_$(1)): $(STAMP_BUILT) $(INCLUDE_DIR)/package-ipkg.mk
-	@rm -rf $$(IDIR_$(1)) $$(if $$(call opkg_package_files,$(1)*),; $$(IPKG_REMOVE) $(1) $$(call opkg_package_files,$(1)*))
+	@rm -rf $$(IDIR_$(1)); \
+		$$(call remove_ipkg_files,$(1),$$(call opkg_package_files,$(call gen_ipkg_wildcard,$(1))))
 	mkdir -p $(PACKAGE_DIR) $$(IDIR_$(1))/CONTROL $(PKG_INFO_DIR)
 	$(call Package/$(1)/install,$$(IDIR_$(1)))
 	$(if $(Package/$(1)/install-overlay),mkdir -p $(PACKAGE_DIR) $$(IDIR_$(1))/rootfs-overlay)
@@ -206,8 +222,8 @@ $(_endef)
    ifneq ($$(CONFIG_IPK_FILES_CHECKSUMS),)
 	(cd $$(IDIR_$(1)); \
 		( \
-			find . -type f \! -path ./CONTROL/\* -exec sha256sum \{\} \; 2> /dev/null | \
-			sed 's|\([[:blank:]]\)\./|\1/|' > $$(IDIR_$(1))/CONTROL/files-sha256sum \
+			find . -type f \! -path ./CONTROL/\* -exec $(MKHASH) sha256 -n \{\} \; 2> /dev/null | \
+			sed 's|\([[:blank:]]\)\./| \1/|' > $$(IDIR_$(1))/CONTROL/files-sha256sum \
 		) || true \
 	)
    endif
@@ -220,13 +236,13 @@ $(_endef)
 		( \
 			echo "#!/bin/sh"; \
 			echo "[ \"\$$$${IPKG_NO_SCRIPT}\" = \"1\" ] && exit 0"; \
-			echo "[ -x "\$$$${IPKG_INSTROOT}/lib/functions.sh" ] || exit 0"; \
+			echo "[ -s "\$$$${IPKG_INSTROOT}/lib/functions.sh" ] || exit 0"; \
 			echo ". \$$$${IPKG_INSTROOT}/lib/functions.sh"; \
 			echo "default_postinst \$$$$0 \$$$$@"; \
 		) > postinst; \
 		( \
 			echo "#!/bin/sh"; \
-			echo "[ -x "\$$$${IPKG_INSTROOT}/lib/functions.sh" ] || exit 0"; \
+			echo "[ -s "\$$$${IPKG_INSTROOT}/lib/functions.sh" ] || exit 0"; \
 			echo ". \$$$${IPKG_INSTROOT}/lib/functions.sh"; \
 			echo "default_prerm \$$$$0 \$$$$@"; \
 		) > prerm; \
@@ -248,11 +264,11 @@ $(_endef)
    endif

 	$(INSTALL_DIR) $$(PDIR_$(1))
-	$(IPKG_BUILD) $$(IDIR_$(1)) $$(PDIR_$(1))
+	$(FAKEROOT) $(STAGING_DIR_HOST)/bin/bash $(SCRIPT_DIR)/ipkg-build -m "$(FILE_MODES)" $$(IDIR_$(1)) $$(PDIR_$(1))
 	@[ -f $$(IPKG_$(1)) ]

    $(1)-clean:
-	$$(if $$(call opkg_package_files,$(1)*),$$(IPKG_REMOVE) $(1) $$(call opkg_package_files,$(1)*))
+	$$(call remove_ipkg_files,$(1),$$(call opkg_package_files,$(call gen_ipkg_wildcard,$(1))))

    clean: $(1)-clean

--- a/include/package-seccomp.mk
+++ b/include/package-seccomp.mk
@@ -1,9 +1,6 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
-# Copyright (C) 2015 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+# Copyright (C) 2015-2020 OpenWrt.org

 PKG_CONFIG_DEPENDS+= CONFIG_KERNEL_SECCOMP

--- a/include/package.mk
+++ b/include/package.mk
@@ -1,9 +1,6 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
-# Copyright (C) 2006-2008 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+# Copyright (C) 2006-2020 OpenWrt.org

 __package_mk:=1

@@ -14,27 +11,63 @@ include $(INCLUDE_DIR)/download.mk
 PKG_BUILD_DIR ?= $(BUILD_DIR)/$(if $(BUILD_VARIANT),$(PKG_NAME)-$(BUILD_VARIANT)/)$(PKG_NAME)$(if $(PKG_VERSION),-$(PKG_VERSION))
 PKG_INSTALL_DIR ?= $(PKG_BUILD_DIR)/ipkg-install
 PKG_BUILD_PARALLEL ?=
-PKG_USE_MIPS16 ?= 1
-PKG_IREMAP ?= 1
+PKG_SKIP_DOWNLOAD=$(USE_SOURCE_DIR)$(USE_GIT_TREE)$(USE_GIT_SRC_CHECKOUT)

 MAKE_J:=$(if $(MAKE_JOBSERVER),$(MAKE_JOBSERVER) $(if $(filter 3.% 4.0 4.1,$(MAKE_VERSION)),-j))

+PKG_SOURCE_DATE_EPOCH:=$(if $(DUMP),,$(shell $(TOPDIR)/scripts/get_source_date_epoch.sh $(CURDIR)))
+
 ifeq ($(strip $(PKG_BUILD_PARALLEL)),0)
 PKG_JOBS?=-j1
 else
 PKG_JOBS?=$(if $(PKG_BUILD_PARALLEL),$(MAKE_J),-j1)
 endif
-ifdef CONFIG_USE_MIPS16
-  ifeq ($(strip $(PKG_USE_MIPS16)),1)
-    TARGET_ASFLAGS_DEFAULT = $(filter-out -mips16 -minterlink-mips16,$(TARGET_CFLAGS))
-    TARGET_CFLAGS += -mips16 -minterlink-mips16
-  endif
+
+PKG_BUILD_FLAGS?=
+# TODO remove this when all packages moved to PKG_BUILD_FLAGS=no-mips16
+PKG_USE_MIPS16?=1
+ifneq ($(strip $(PKG_USE_MIPS16)),1)
+  PKG_BUILD_FLAGS+=no-mips16
 endif
-ifeq ($(strip $(PKG_IREMAP)),1)
+
+__unknown_flags=$(filter-out no-iremap no-mips16 gc-sections no-gc-sections lto no-lto no-mold,$(PKG_BUILD_FLAGS))
+ifneq ($(__unknown_flags),)
+  $(error unknown PKG_BUILD_FLAGS: $(__unknown_flags))
+endif
+
+# $1=flagname, $2=default (0/1)
+define pkg_build_flag
+$(if $(filter no-$(1),$(PKG_BUILD_FLAGS)),0,$(if $(filter $(1),$(PKG_BUILD_FLAGS)),1,$(2)))
+endef
+
+ifeq ($(call pkg_build_flag,iremap,1),1)
  IREMAP_CFLAGS = $(call iremap,$(PKG_BUILD_DIR),$(notdir $(PKG_BUILD_DIR)))
  TARGET_CFLAGS += $(IREMAP_CFLAGS)
 endif

+ifdef CONFIG_USE_MIPS16
+  ifeq ($(call pkg_build_flag,mips16,1),1)
+    TARGET_ASFLAGS_DEFAULT = $(filter-out -mips16 -minterlink-mips16,$(TARGET_CFLAGS))
+    TARGET_CFLAGS += -mips16 -minterlink-mips16
+    TARGET_CXXFLAGS += -mips16 -minterlink-mips16
+  endif
+endif
+ifeq ($(call pkg_build_flag,gc-sections,$(if $(CONFIG_USE_GC_SECTIONS),1,0)),1)
+  TARGET_CFLAGS+= -ffunction-sections -fdata-sections
+  TARGET_CXXFLAGS+= -ffunction-sections -fdata-sections
+  TARGET_LDFLAGS+= -Wl,--gc-sections
+endif
+ifeq ($(call pkg_build_flag,lto,$(if $(CONFIG_USE_LTO),1,0)),1)
+  TARGET_CFLAGS+= -flto=auto -fno-fat-lto-objects
+  TARGET_CXXFLAGS+= -flto=auto -fno-fat-lto-objects
+  TARGET_LDFLAGS+= -flto=auto -fuse-linker-plugin
+endif
+ifdef CONFIG_USE_MOLD
+  ifeq ($(call pkg_build_flag,mold,1),1)
+    TARGET_LINKER:=mold
+  endif
+endif
+
 include $(INCLUDE_DIR)/hardening.mk
 include $(INCLUDE_DIR)/prereq.mk
 include $(INCLUDE_DIR)/unpack.mk
@@ -59,7 +92,7 @@ include $(INCLUDE_DIR)/quilt.mk

 find_library_dependencies = \
 	$(wildcard $(patsubst %,$(STAGING_DIR)/pkginfo/%.version, \
-		$(sort $(foreach dep4, \
+		$(filter-out $(BUILD_PACKAGES), $(sort $(foreach dep4, \
 			$(sort $(foreach dep3, \
 				$(sort $(foreach dep2, \
 					$(sort $(foreach dep1, \
@@ -74,7 +107,7 @@ find_library_dependencies = \
 				$(Package/$(dep3)/depends) $(dep3) \
 			)), \
 			$(Package/$(dep4)/depends) $(dep4) \
-		)), \
+		))) \
 	))


@@ -85,7 +118,7 @@ ifneq ($(PREV_STAMP_PREPARED),)
  STAMP_PREPARED:=$(PREV_STAMP_PREPARED)
  CONFIG_AUTOREBUILD:=
 else
-  STAMP_PREPARED=$(PKG_BUILD_DIR)/.prepared$(if $(QUILT)$(DUMP),,_$(shell $(call find_md5,${CURDIR} $(PKG_FILE_DEPENDS),))_$(call confvar,CONFIG_AUTOREMOVE $(PKG_PREPARED_DEPENDS)))
+  STAMP_PREPARED=$(PKG_BUILD_DIR)/.prepared$(if $(QUILT)$(DUMP),,_$(shell $(call $(if $(CONFIG_AUTOREMOVE),find_md5_reproducible,find_md5),${CURDIR} $(PKG_FILE_DEPENDS),))_$(call confvar,CONFIG_AUTOREMOVE $(PKG_PREPARED_DEPENDS)))
 endif
 STAMP_CONFIGURED=$(PKG_BUILD_DIR)/.configured$(if $(DUMP),,_$(call confvar,$(PKG_CONFIG_DEPENDS)))
 STAMP_CONFIGURED_WILDCARD=$(PKG_BUILD_DIR)/.configured_*
@@ -173,7 +206,6 @@ define Build/Exports/Default
  $(1) : export CONFIG_SITE:=$$(CONFIG_SITE)
  $(1) : export PKG_CONFIG_PATH:=$$(PKG_CONFIG_PATH)
  $(1) : export PKG_CONFIG_LIBDIR:=$$(PKG_CONFIG_PATH)
-  $(if $(CONFIG_CCACHE),$(1) : export CCACHE_DIR:=$(STAGING_DIR)/ccache)
 endef
 Build/Exports=$(Build/Exports/Default)

@@ -185,6 +217,8 @@ define Build/CoreTargets
  $(call Build/Autoclean)
  $(call DefaultTargets)

+  $(call check_download_integrity)
+
  download:
 	$(foreach hook,$(Hooks/Download),
 		$(call $(hook))$(sep)
@@ -223,7 +257,7 @@ define Build/CoreTargets
  $(STAMP_INSTALLED) : export PATH=$$(TARGET_PATH_PKG)
  $(STAMP_INSTALLED): $(STAMP_BUILT)
 	rm -rf $(TMP_DIR)/stage-$(PKG_DIR_NAME)
-	mkdir -p $(TMP_DIR)/stage-$(PKG_DIR_NAME)/host $(STAGING_DIR)/packages $(STAGING_DIR_HOST)/packages
+	mkdir -p $(TMP_DIR)/stage-$(PKG_DIR_NAME)/host $(STAGING_DIR)/packages
 	$(foreach hook,$(Hooks/InstallDev/Pre),\
 		$(call $(hook),$(TMP_DIR)/stage-$(PKG_DIR_NAME),$(TMP_DIR)/stage-$(PKG_DIR_NAME)/host)$(sep)\
 	)
@@ -258,13 +292,13 @@ define Build/CoreTargets
  ifneq ($(CONFIG_AUTOREMOVE),)
    compile:
 		-touch -r $(PKG_BUILD_DIR)/.built $(PKG_BUILD_DIR)/.autoremove 2>/dev/null >/dev/null
-		$(FIND) $(PKG_BUILD_DIR) -mindepth 1 -maxdepth 1 -not '(' -type f -and -name '.*' -and -size 0 ')' -and -not -name '.pkgdir' | \
-			$(XARGS) rm -rf
+		$(FIND) $(PKG_BUILD_DIR) -mindepth 1 -maxdepth 1 -not '(' -type f -and -name '.*' -and -size 0 ')' -and -not -name '.pkgdir'  -print0 | \
+			$(XARGS) -0 rm -rf
  endif
 endef

 define Build/DefaultTargets
-  $(if $(USE_SOURCE_DIR)$(USE_GIT_TREE)$(USE_GIT_SRC_CHECKOUT),,$(if $(strip $(PKG_SOURCE_URL)),$(call Download,default)))
+  $(if $(PKG_SKIP_DOWNLOAD),,$(if $(strip $(PKG_SOURCE_URL)),$(call Download,default)))
  $(if $(DUMP),,$(Build/CoreTargets))

  define Build/DefaultTargets
@@ -342,9 +376,9 @@ clean-build: $(if $(wildcard $(PKG_BUILD_DIR)/.autoremove),force-clean-build)

 clean: force-clean-build
 	$(CleanStaging)
-	$(call Build/UninstallDev,$(STAGING_DIR),$(STAGING_DIR_HOST))
+	$(call Build/UninstallDev,$(STAGING_DIR),$(STAGING_DIR)/host)
 	$(Build/Clean)
-	rm -f $(STAGING_DIR)/packages/$(STAGING_FILES_LIST) $(STAGING_DIR_HOST)/packages/$(STAGING_FILES_LIST)
+	rm -f $(STAGING_DIR)/packages/$(STAGING_FILES_LIST)

 dist:
 	$(Build/Dist)
--- a/include/prereq-build.mk
+++ b/include/prereq-build.mk
@@ -1,9 +1,6 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
-# Copyright (C) 2006-2012 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+# Copyright (C) 2006-2020 OpenWrt.org

 include $(TOPDIR)/rules.mk
 include $(INCLUDE_DIR)/prereq.mk
@@ -14,8 +11,8 @@ PKG_NAME:=Build dependency

 # Required for the toolchain
 $(eval $(call TestHostCommand,working-make, \
-	Please install GNU make v3.81 or later. (This version has bugs), \
-	$(MAKE) -v | grep -E 'Make (3\.8[1-9]|3\.9[0-9]|[4-9]\.)'))
+	Please install GNU make v4.1 or later., \
+	$(MAKE) -v | grep -E 'Make (4\.[1-9]|[5-9]\.)'))

 $(eval $(call TestHostCommand,case-sensitive-fs, \
 	OpenWrt can only be built on a case-sensitive filesystem, \
@@ -26,49 +23,43 @@ $(eval $(call TestHostCommand,proper-umask, \
 	Please build with umask 022 - other values produce broken packages, \
 	umask | grep -xE 0?0[012][012]))

+ifndef IB
 $(eval $(call SetupHostCommand,gcc, \
-	Please install the GNU C Compiler (gcc) 4.8 or later, \
-	$(CC) -dumpversion | grep -E '^(4\.[8-9]|[5-9]\.?)', \
-	gcc -dumpversion | grep -E '^(4\.[8-9]|[5-9]\.?)', \
-	gcc48 --version | grep gcc, \
-	gcc49 --version | grep gcc, \
-	gcc5 --version | grep gcc, \
-	gcc6 --version | grep gcc, \
-	gcc7 --version | grep gcc, \
-	gcc8 --version | grep gcc, \
-	gcc9 --version | grep gcc, \
+	Please install the GNU C Compiler (gcc) 6 or later, \
+	$(CC) -dumpversion | grep -E '^([6-9]\.?|1[0-9]\.?)', \
+	gcc -dumpversion | grep -E '^([6-9]\.?|1[0-9]\.?)', \
 	gcc --version | grep -E 'Apple.(LLVM|clang)' ))

 $(eval $(call TestHostCommand,working-gcc, \
-	\nPlease reinstall the GNU C Compiler (4.8 or later) - \
+	Please reinstall the GNU C Compiler (6 or later) - \
 	it appears to be broken, \
 	echo 'int main(int argc, char **argv) { return 0; }' | \
 		gcc -x c -o $(TMP_DIR)/a.out -))

 $(eval $(call SetupHostCommand,g++, \
-	Please install the GNU C++ Compiler (g++) 4.8 or later, \
-	$(CXX) -dumpversion | grep -E '^(4\.[8-9]|[5-9]\.?)', \
-	g++ -dumpversion | grep -E '^(4\.[8-9]|[5-9]\.?)', \
-	g++48 --version | grep g++, \
-	g++49 --version | grep g++, \
-	g++5 --version | grep g++, \
-	g++6 --version | grep g++, \
-	g++7 --version | grep g++, \
-	g++8 --version | grep g++, \
-	g++9 --version | grep g++, \
+	Please install the GNU C++ Compiler (g++) 6 or later, \
+	$(CXX) -dumpversion | grep -E '^([6-9]\.?|1[0-9]\.?)', \
+	g++ -dumpversion | grep -E '^([6-9]\.?|1[0-9]\.?)', \
 	g++ --version | grep -E 'Apple.(LLVM|clang)' ))

 $(eval $(call TestHostCommand,working-g++, \
-	\nPlease reinstall the GNU C++ Compiler (4.8 or later) - \
+	Please reinstall the GNU C++ Compiler (6 or later) - \
 	it appears to be broken, \
 	echo 'int main(int argc, char **argv) { return 0; }' | \
 		g++ -x c++ -o $(TMP_DIR)/a.out - -lstdc++ && \
 		$(TMP_DIR)/a.out))

-$(eval $(call TestHostCommand,ncurses, \
+$(eval $(call RequireCHeader,ncurses.h, \
 	Please install ncurses. (Missing libncurses.so or ncurses.h), \
-	echo 'int main(int argc, char **argv) { initscr(); return 0; }' | \
-		gcc -include ncurses.h -x c -o $(TMP_DIR)/a.out - -lncurses))
+	initscr(), -lncurses))
+
+$(eval $(call SetupHostCommand,git,Please install Git (git-core) >= 1.7.12.2, \
+	git --exec-path | xargs -I % -- grep -q -- --recursive %/git-submodule, \
+	git submodule --help | grep -- --recursive))
+
+$(eval $(call SetupHostCommand,rsync,Please install 'rsync', \
+	rsync --version </dev/null))
+endif # IB

 ifeq ($(HOST_OS),Linux)
  zlib_link_flags := -Wl,-Bstatic -lz -Wl,-Bdynamic
@@ -76,11 +67,26 @@ else
  zlib_link_flags := -lz
 endif

+$(eval $(call TestHostCommand,perl-data-dumper, \
+	Please install the Perl Data::Dumper module, \
+	perl -MData::Dumper -e 1))
+
+$(eval $(call TestHostCommand,perl-findbin, \
+	Please install the Perl FindBin module, \
+	perl -MFindBin -e 1))
+
+$(eval $(call TestHostCommand,perl-file-copy, \
+	Please install the Perl File::Copy module, \
+	perl -MFile::Copy -e 1))
+
+$(eval $(call TestHostCommand,perl-file-compare, \
+	Please install the Perl File::Compare module, \
+	perl -MFile::Compare -e 1))
+
 $(eval $(call TestHostCommand,perl-thread-queue, \
 	Please install the Perl Thread::Queue module, \
 	perl -MThread::Queue -e 1))

-
 $(eval $(call SetupHostCommand,tar,Please install GNU 'tar', \
 	gtar --version 2>&1 | grep GNU, \
 	gnutar --version 2>&1 | grep GNU, \
@@ -93,13 +99,18 @@ $(eval $(call SetupHostCommand,find,Please install GNU 'find', \
 $(eval $(call SetupHostCommand,bash,Please install GNU 'bash', \
 	bash --version 2>&1 | grep GNU))

+$(eval $(call SetupHostCommand,xargs, \
+	Please install 'xargs' that supports '-r/--no-run-if-empty', \
+	gxargs -r --version, \
+	xargs -r --version))
+
 $(eval $(call SetupHostCommand,patch,Please install GNU 'patch', \
 	gpatch --version 2>&1 | grep 'Free Software Foundation', \
 	patch --version 2>&1 | grep 'Free Software Foundation'))

-$(eval $(call SetupHostCommand,diff,Please install diffutils, \
-	gdiff --version 2>&1 | grep diff, \
-	diff --version 2>&1 | grep diff))
+$(eval $(call SetupHostCommand,diff,Please install GNU diffutils, \
+	gdiff --version 2>&1 | grep GNU, \
+	diff --version 2>&1 | grep GNU))

 $(eval $(call SetupHostCommand,cp,Please install GNU fileutils, \
 	gcp --help 2>&1 | grep 'Copy SOURCE', \
@@ -117,17 +128,29 @@ $(eval $(call SetupHostCommand,grep,Please install GNU 'grep', \
 	ggrep --version 2>&1 | grep GNU, \
 	grep --version 2>&1 | grep GNU))

+$(eval $(call SetupHostCommand,egrep,Please install GNU 'grep', \
+	gegrep --version 2>&1 | grep GNU, \
+	egrep --version 2>&1 | grep GNU))
+
 $(eval $(call SetupHostCommand,getopt, \
 	Please install an extended getopt version that supports --long, \
 	gnugetopt -o t --long test -- --test | grep '^ *--test *--', \
-	/usr/local/bin/getopt -o t --long test -- --test | grep '^ *--test *--', \
-	getopt -o t --long test -- --test | grep '^ *--test *--'))
+	getopt -o t --long test -- --test | grep '^ *--test *--', \
+	/usr/local/opt/gnu-getopt/bin/getopt -o t --long test -- --test | grep '^ *--test *--', \
+	/opt/local/bin/getopt -o t --long test -- --test | grep '^ *--test *--'))
+
+$(eval $(call SetupHostCommand,realpath,Please install a 'realpath' utility, \
+	grealpath /, \
+	realpath /))

 $(eval $(call SetupHostCommand,stat,Cannot find a file stat utility, \
 	gnustat -c%s $(TOPDIR)/Makefile, \
 	gstat -c%s $(TOPDIR)/Makefile, \
 	stat -c%s $(TOPDIR)/Makefile))

+$(eval $(call SetupHostCommand,gzip,Please install 'gzip', \
+	gzip --version </dev/null))
+
 $(eval $(call SetupHostCommand,unzip,Please install 'unzip', \
 	unzip 2>&1 | grep zipfile, \
 	unzip))
@@ -138,38 +161,72 @@ $(eval $(call SetupHostCommand,bzip2,Please install 'bzip2', \
 $(eval $(call SetupHostCommand,wget,Please install GNU 'wget', \
 	wget --version | grep GNU))

+$(eval $(call SetupHostCommand,install,Please install GNU 'install', \
+	install --version | grep GNU, \
+	ginstall --version | grep GNU))
+
 $(eval $(call SetupHostCommand,perl,Please install Perl 5.x, \
 	perl --version | grep "perl.*v5"))

 $(eval $(call CleanupPython2))

-$(eval $(call SetupHostCommand,python,Please install Python >= 3.5, \
+$(eval $(call SetupHostCommand,python,Please install Python >= 3.6, \
+	python3.11 -V 2>&1 | grep 'Python 3', \
+	python3.10 -V 2>&1 | grep 'Python 3', \
+	python3.9 -V 2>&1 | grep 'Python 3', \
 	python3.8 -V 2>&1 | grep 'Python 3', \
 	python3.7 -V 2>&1 | grep 'Python 3', \
 	python3.6 -V 2>&1 | grep 'Python 3', \
-	python3.5 -V 2>&1 | grep 'Python 3', \
-	python3 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?'))
+	python3 -V 2>&1 | grep -E 'Python 3\.([6-9]|[0-9][0-9])\.?'))

-$(eval $(call SetupHostCommand,python3,Please install Python >= 3.5, \
+$(eval $(call SetupHostCommand,python3,Please install Python >= 3.6, \
+	python3.11 -V 2>&1 | grep 'Python 3', \
+	python3.10 -V 2>&1 | grep 'Python 3', \
+	python3.9 -V 2>&1 | grep 'Python 3', \
 	python3.8 -V 2>&1 | grep 'Python 3', \
 	python3.7 -V 2>&1 | grep 'Python 3', \
 	python3.6 -V 2>&1 | grep 'Python 3', \
-	python3.5 -V 2>&1 | grep 'Python 3', \
-	python3 -V 2>&1 | grep -E 'Python 3\.[5-9]\.?'))
+	python3 -V 2>&1 | grep -E 'Python 3\.([6-9]|[0-9][0-9])\.?'))

-$(eval $(call SetupHostCommand,git,Please install Git (git-core) >= 1.7.12.2, \
-	git --exec-path | xargs -I % -- grep -q -- --recursive %/git-submodule))
+$(eval $(call TestHostCommand,python3-distutils, \
+	Please install the Python3 distutils module, \
+	$(STAGING_DIR_HOST)/bin/python3 -c 'from distutils import util'))
+
+$(eval $(call TestHostCommand,python3-stdlib, \
+	Please install the Python3 stdlib module, \
+	$(STAGING_DIR_HOST)/bin/python3 -c 'import ntpath'))

 $(eval $(call SetupHostCommand,file,Please install the 'file' package, \
 	file --version 2>&1 | grep file))

+$(eval $(call SetupHostCommand,which,Please install 'which', \
+	/usr/bin/which which, \
+	/bin/which which, \
+	which which))
+
+ifeq ($(HOST_OS),Linux)
+  $(eval $(call RequireCHeader,argp.h, \
+	Missing argp.h Please install the argp-standalone package if musl libc))
+
+  $(eval $(call RequireCHeader,fts.h, \
+	Missing fts.h Please install the musl-fts-dev package if musl libc))
+
+  $(eval $(call RequireCHeader,obstack.h, \
+	Missing obstack.h Please install the musl-obstack-dev package if musl libc))
+
+  $(eval $(call RequireCHeader,libintl.h, \
+	Missing libintl.h Please install the musl-libintl package if musl libc))
+endif
+
 $(STAGING_DIR_HOST)/bin/mkhash: $(SCRIPT_DIR)/mkhash.c
 	mkdir -p $(dir $@)
 	$(CC) -O2 -I$(TOPDIR)/tools/include -o $@ $<

-prereq: $(STAGING_DIR_HOST)/bin/mkhash
+$(STAGING_DIR_HOST)/bin/xxd: $(SCRIPT_DIR)/xxdi.pl
+	$(LN) $< $@
+
+prereq: $(STAGING_DIR_HOST)/bin/mkhash $(STAGING_DIR_HOST)/bin/xxd

 # Install ldconfig stub
 $(eval $(call TestHostCommand,ldconfig-stub,Failed to install stub, \
-	touch $(STAGING_DIR_HOST)/bin/ldconfig && \
-	chmod +x $(STAGING_DIR_HOST)/bin/ldconfig))
+	$(LN) $(SCRIPT_DIR)/noop.sh $(STAGING_DIR_HOST)/bin/ldconfig))
--- a/include/prereq.mk
+++ b/include/prereq.mk
@@ -1,9 +1,6 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
-# Copyright (C) 2006-2015 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+# Copyright (C) 2006-2020 OpenWrt.org

 ifneq ($(__prereq_inc),1)
 __prereq_inc:=1
@@ -52,7 +49,7 @@ endef

 define RequireCommand
  define Require/$(1)
-    which $(1)
+    command -v $(1)
  endef

  $$(eval $$(call Require,$(1),$(2)))
@@ -66,6 +63,18 @@ define RequireHeader
  $$(eval $$(call Require,$(1),$(2)))
 endef

+# 1: header to test
+# 2: failure message
+# 3: optional compile time test
+# 4: optional link library test (example -lncurses)
+define RequireCHeader
+  define Require/$(1)
+    echo 'int main(int argc, char **argv) { $(3); return 0; }' | gcc -include $(1) -x c -o $(TMP_DIR)/a.out - $(4)
+  endef
+
+  $$(eval $$(call Require,$(1),$(2)))
+endef
+
 define CleanupPython2
  define Require/python2-cleanup
 	if [ -f "$(STAGING_DIR_HOST)/bin/python" ] && \
@@ -106,7 +115,7 @@ define SetupHostCommand
 	           $(call QuoteHostCommand,$(11)) $(call QuoteHostCommand,$(12)); do \
 		if [ -n "$$$$$$$$cmd" ]; then \
 			bin="$$$$$$$$(PATH="$(subst $(space),:,$(filter-out $(STAGING_DIR_HOST)/%,$(subst :,$(space),$(PATH))))" \
-				which "$$$$$$$${cmd%% *}")"; \
+				command -v "$$$$$$$${cmd%% *}")"; \
 			if [ -x "$$$$$$$$bin" ] && eval "$$$$$$$$cmd" >/dev/null 2>/dev/null; then \
 				mkdir -p "$(STAGING_DIR_HOST)/bin"; \
 				ln -sf "$$$$$$$$bin" "$(STAGING_DIR_HOST)/bin/$(strip $(1))"; \
--- a/include/quilt.mk
+++ b/include/quilt.mk
@@ -1,8 +1,6 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
-# Copyright (C) 2007-2009 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
+# Copyright (C) 2007-2020 OpenWrt.org

 ifeq ($(TARGET_BUILD),1)
  PKG_BUILD_DIR:=$(LINUX_DIR)
@@ -118,7 +116,7 @@ define Quilt/RefreshDir
 endef

 define Quilt/Refresh/Host
-	$(call Quilt/RefreshDir,$(HOST_BUILD_DIR),$(PATCH_DIR))
+	$(call Quilt/RefreshDir,$(HOST_BUILD_DIR),$(HOST_PATCH_DIR))
 endef

 define Quilt/Refresh/Package
@@ -161,7 +159,7 @@ define Quilt/Template
 		false; \
 	}
 	@[ -n "$$$$(ls $(1)/patches/series)" -o \
-	   "$$$$(cat $(1)/patches/series | mkhash md5)" = "$$(sort $(1)/patches/series | mkhash md5)" ] || { \
+	   "$$$$(cat $(1)/patches/series | $(MKHASH) md5)" = "$$(sort $(1)/patches/series | $(MKHASH) md5)" ] || { \
 		echo "The patches are not sorted in the right order. Please fix."; \
 		false; \
 	}
--- a/include/rootfs.mk
+++ b/include/rootfs.mk
@@ -47,7 +47,7 @@ TARGET_DIR_ORIG := $(TARGET_ROOTFS_DIR)/root.orig-$(BOARD)

 ifdef CONFIG_CLEAN_IPKG
  define clean_ipkg
-	-find $(1)/usr/lib/opkg/info -type f -and -not -name '*.control' | $(XARGS) rm -rf
+	-find $(1)/usr/lib/opkg/info -type f -and -not -name '*.control' -delete
 	-sed -i -ne '/^Require-User: /p' $(1)/usr/lib/opkg/info/*.control
 	awk ' \
 		BEGIN { conffiles = 0; print "Conffiles:" } \
@@ -56,7 +56,7 @@ ifdef CONFIG_CLEAN_IPKG
 		conffiles == 1 { print } \
 	' $(1)/usr/lib/opkg/status >$(1)/usr/lib/opkg/status.new
 	mv $(1)/usr/lib/opkg/status.new $(1)/usr/lib/opkg/status
-	-find $(1)/usr/lib/opkg -empty | $(XARGS) rm -rf
+	-find $(1)/usr/lib/opkg -empty -delete
  endef
 endif

@@ -69,7 +69,7 @@ define prepare_rootfs
 	@( \
 		cd $(1); \
 		for script in ./usr/lib/opkg/info/*.postinst; do \
-			IPKG_INSTROOT=$(1) $$(which bash) $$script; \
+			IPKG_INSTROOT=$(1) $$(command -v bash) $$script; \
 			ret=$$?; \
 			if [ $$ret -ne 0 ]; then \
 				echo "postinst script $$script has failed with exit code $$ret" >&2; \
@@ -79,24 +79,22 @@ define prepare_rootfs
 		for script in ./etc/init.d/*; do \
 			grep '#!/bin/sh /etc/rc.common' $$script >/dev/null || continue; \
 			if ! echo " $(3) " | grep -q " $$(basename $$script) "; then \
-				IPKG_INSTROOT=$(1) $$(which bash) ./etc/rc.common $$script enable; \
+				IPKG_INSTROOT=$(1) $$(command -v bash) ./etc/rc.common $$script enable; \
 				echo "Enabling" $$(basename $$script); \
 			else \
-				IPKG_INSTROOT=$(1) $$(which bash) ./etc/rc.common $$script disable; \
+				IPKG_INSTROOT=$(1) $$(command -v bash) ./etc/rc.common $$script disable; \
 				echo "Disabling" $$(basename $$script); \
 			fi; \
 		done || true \
 	)
 	$(if $(SOURCE_DATE_EPOCH),sed -i "s/Installed-Time: .*/Installed-Time: $(SOURCE_DATE_EPOCH)/" $(1)/usr/lib/opkg/status)
-	@-find $(1) -name CVS   | $(XARGS) rm -rf
-	@-find $(1) -name .svn  | $(XARGS) rm -rf
-	@-find $(1) -name .git  | $(XARGS) rm -rf
-	@-find $(1) -name '.#*' | $(XARGS) rm -f
-	rm -rf $(1)/tmp/*
-	rm -f $(1)/usr/lib/opkg/lists/*
-	rm -f $(1)/usr/lib/opkg/info/*.postinst*
-	rm -f $(1)/var/lock/*.lock
-	rm -rf $(1)/boot
+	@-find $(1) -name CVS -o -name .svn -o -name .git -o -name '.#*' | $(XARGS) rm -rf
+	rm -rf \
+		$(1)/boot \
+		$(1)/tmp/* \
+		$(1)/usr/lib/opkg/info/*.postinst* \
+		$(1)/usr/lib/opkg/lists/* \
+		$(1)/var/lock/*.lock
 	$(call clean_ipkg,$(1))
 	$(call mklibs,$(1))
 	$(if $(SOURCE_DATE_EPOCH),find $(1)/ -mindepth 1 -execdir touch -hcd "@$(SOURCE_DATE_EPOCH)" "{}" +)
--- a/include/scan.mk
+++ b/include/scan.mk
@@ -1,4 +1,5 @@
 include $(TOPDIR)/include/verbose.mk
+include $(TOPDIR)/rules.mk
 TMP_DIR:=$(TOPDIR)/tmp

 all: $(TMP_DIR)/.$(SCAN_TARGET)
@@ -10,7 +11,7 @@ TARGET_STAMP:=$(TMP_DIR)/info/.files-$(SCAN_TARGET).stamp
 FILELIST:=$(TMP_DIR)/info/.files-$(SCAN_TARGET)-$(SCAN_COOKIE)
 OVERRIDELIST:=$(TMP_DIR)/info/.overrides-$(SCAN_TARGET)-$(SCAN_COOKIE)

-export PATH:=$(TOPDIR)/staging_dir/host/bin:$(PATH)
+export PATH:=$(STAGING_DIR_HOST)/bin:$(PATH)

 define feedname
 $(if $(patsubst feeds/%,,$(1)),,$(word 2,$(subst /, ,$(1))))
@@ -71,7 +72,7 @@ endif

 $(FILELIST): $(OVERRIDELIST)
 	rm -f $(TMP_DIR)/info/.files-$(SCAN_TARGET)-*
-	find -L $(SCAN_DIR) $(SCAN_EXTRA) -mindepth 1 $(if $(SCAN_DEPTH),-maxdepth $(SCAN_DEPTH)) -name Makefile | xargs grep -aHE 'call $(GREP_STRING)' | sed -e 's#^$(SCAN_DIR)/##' -e 's#/Makefile:.*##' | uniq | awk -v of=$(OVERRIDELIST) -f include/scan.awk > $@
+	find -L $(SCAN_DIR) -mindepth 1 $(if $(SCAN_DEPTH),-maxdepth $(SCAN_DEPTH)) $(SCAN_EXTRA) -name Makefile | xargs grep -aHE 'call $(GREP_STRING)' | sed -e 's#^$(SCAN_DIR)/##' -e 's#/Makefile:.*##' | uniq | awk -v of=$(OVERRIDELIST) -f include/scan.awk > $@

 $(TMP_DIR)/info/.files-$(SCAN_TARGET).mk: $(FILELIST)
 	( \
@@ -100,7 +101,7 @@ $(TMP_DIR)/info/.files-$(SCAN_TARGET).mk: $(FILELIST)
 $(TARGET_STAMP)::
 	+( \
 		$(NO_TRACE_MAKE) $(FILELIST); \
-		MD5SUM=$$(cat $(FILELIST) $(OVERRIDELIST) | mkhash md5 | awk '{print $$1}'); \
+		MD5SUM=$$(cat $(FILELIST) $(OVERRIDELIST) | $(MKHASH) md5 | awk '{print $$1}'); \
 		[ -f "$@.$$MD5SUM" ] || { \
 			rm -f $@.*; \
 			touch $@.$$MD5SUM; \
--- a/include/site/loongarch64
+++ b/include/site/loongarch64
@@ -0,0 +1,30 @@
+#!/bin/sh
+. $TOPDIR/include/site/linux
+ac_cv_c_littleendian=${ac_cv_c_littleendian=yes}
+ac_cv_c_bigendian=${ac_cv_c_bigendian=no}
+
+ac_cv_sizeof___int64=0
+ac_cv_sizeof_char=1
+ac_cv_sizeof_int=4
+ac_cv_sizeof_int16_t=2
+ac_cv_sizeof_int32_t=4
+ac_cv_sizeof_int64_t=8
+ac_cv_sizeof_long_int=8
+ac_cv_sizeof_long_long=8
+ac_cv_sizeof_long=8
+ac_cv_sizeof_off_t=8
+ac_cv_sizeof_short_int=2
+ac_cv_sizeof_short=2
+ac_cv_sizeof_size_t=8
+ac_cv_sizeof_ssize_t=8
+ac_cv_sizeof_u_int16_t=2
+ac_cv_sizeof_u_int32_t=4
+ac_cv_sizeof_u_int64_t=8
+ac_cv_sizeof_uint16_t=2
+ac_cv_sizeof_uint32_t=4
+ac_cv_sizeof_uint64_t=8
+ac_cv_sizeof_unsigned_int=4
+ac_cv_sizeof_unsigned_long=8
+ac_cv_sizeof_unsigned_long_long=8
+ac_cv_sizeof_unsigned_short=2
+ac_cv_sizeof_void_p=8
--- a/include/site/riscv64
+++ b/include/site/riscv64
@@ -0,0 +1,30 @@
+#!/bin/sh
+. $TOPDIR/include/site/linux
+ac_cv_c_littleendian=${ac_cv_c_littleendian=yes}
+ac_cv_c_bigendian=${ac_cv_c_bigendian=no}
+
+ac_cv_sizeof___int64=8
+ac_cv_sizeof_char=1
+ac_cv_sizeof_int=4
+ac_cv_sizeof_int16_t=2
+ac_cv_sizeof_int32_t=4
+ac_cv_sizeof_int64_t=8
+ac_cv_sizeof_long_int=8
+ac_cv_sizeof_long_long=8
+ac_cv_sizeof_long=8
+ac_cv_sizeof_off_t=8
+ac_cv_sizeof_short_int=2
+ac_cv_sizeof_short=2
+ac_cv_sizeof_size_t=8
+ac_cv_sizeof_ssize_t=8
+ac_cv_sizeof_u_int16_t=2
+ac_cv_sizeof_u_int32_t=4
+ac_cv_sizeof_u_int64_t=8
+ac_cv_sizeof_uint16_t=2
+ac_cv_sizeof_uint32_t=4
+ac_cv_sizeof_uint64_t=8
+ac_cv_sizeof_unsigned_int=4
+ac_cv_sizeof_unsigned_long=8
+ac_cv_sizeof_unsigned_long_long=8
+ac_cv_sizeof_unsigned_short=2
+ac_cv_sizeof_void_p=8
--- a/include/subdir.mk
+++ b/include/subdir.mk
@@ -1,13 +1,13 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
-# Copyright (C) 2007 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+# Copyright (C) 2007-2020 OpenWrt.org

 ifeq ($(MAKECMDGOALS),prereq)
  SUBTARGETS:=prereq
  PREREQ_ONLY:=1
+# For target/linux related target add dtb to selectively compile dtbs
+else ifneq ($(filter target/linux/%,$(MAKECMDGOALS)),)
+  SUBTARGETS:=$(DEFAULT_SUBDIR_TARGETS) dtb
 else
  SUBTARGETS:=$(DEFAULT_SUBDIR_TARGETS)
 endif
@@ -23,21 +23,23 @@ define subtarget
 endef

 define ERROR
-	($(call MESSAGE, $(2)); $(if $(BUILD_LOG), echo "$(2)" >> $(BUILD_LOG_DIR)/$(1)/error.txt))
+	($(call MESSAGE, $(2)); $(if $(BUILD_LOG), echo "$(2)" >> $(BUILD_LOG_DIR)/$(1)/error.txt;) $(if $(3),, exit 1;))
 endef

 lastdir=$(word $(words $(subst /, ,$(1))),$(subst /, ,$(1)))
 diralias=$(if $(findstring $(1),$(call lastdir,$(1))),,$(call lastdir,$(1)))

 subdir_make_opts = \
-	-r -C $(1) \
+	$(if $(SUBDIR_MAKE_DEBUG),-d) -r -C $(1) \
 		BUILD_SUBDIR="$(1)" \
-		BUILD_VARIANT="$(4)"
+		BUILD_VARIANT="$(4)" \
+		ALL_VARIANTS="$(5)"

 # 1: subdir
 # 2: target
 # 3: build type
 # 4: build variant
+# 5: all variants
 log_make = \
 	 $(if $(call debug,$(1),v),,@)+ \
 	 $(if $(BUILD_LOG), \
@@ -65,16 +67,16 @@ define subdir
    $(foreach target,$(SUBTARGETS) $($(1)/subtargets),
      $(foreach btype,$(buildtypes-$(bd)),
        $(call warn_eval,$(1)/$(bd),t,T,$(1)/$(bd)/$(btype)/$(target): $(if $(NO_DEPS)$(QUILT),,$($(1)/$(bd)/$(btype)/$(target)) $(call $(1)//$(btype)/$(target),$(1)/$(bd)/$(btype))))
-		  $(call log_make,$(1)/$(bd),$(target),$(btype),$(filter-out __default,$(variant))) \
-			$(if $(findstring $(bd),$($(1)/builddirs-ignore-$(btype)-$(target))), || $(call ERROR,$(1),   ERROR: $(1)/$(bd) [$(btype)] failed to build.))
+		  $(call log_make,$(1)/$(bd),$(target),$(btype),$(filter-out __default,$(variant)),$($(1)/$(bd)/variants)) \
+			|| $(call ERROR,$(2),   ERROR: $(1)/$(bd) [$(btype)] failed to build.,$(findstring $(bd),$($(1)/builddirs-ignore-$(btype)-$(target))))
        $(if $(call diralias,$(bd)),$(call warn_eval,$(1)/$(bd),l,T,$(1)/$(call diralias,$(bd))/$(btype)/$(target): $(1)/$(bd)/$(btype)/$(target)))
      )
      $(call warn_eval,$(1)/$(bd),t,T,$(1)/$(bd)/$(target): $(if $(NO_DEPS)$(QUILT),,$($(1)/$(bd)/$(target)) $(call $(1)//$(target),$(1)/$(bd))))
-        $(foreach variant,$(if $(BUILD_VARIANT),$(BUILD_VARIANT),$(if $(strip $($(1)/$(bd)/variants)),$($(1)/$(bd)/variants),$(if $($(1)/$(bd)/default-variant),$($(1)/$(bd)/default-variant),__default))),
+        $(foreach variant,$(filter-out *,$(if $(BUILD_VARIANT),$(BUILD_VARIANT),$(if $(strip $($(1)/$(bd)/variants)),$($(1)/$(bd)/variants),$(if $($(1)/$(bd)/default-variant),$($(1)/$(bd)/default-variant),__default)))),
 			$(if $(BUILD_LOG),@mkdir -p $(BUILD_LOG_DIR)/$(1)/$(bd)/$(filter-out __default,$(variant)))
-			$(if $($(1)/autoremove),$(call rebuild_check,$(1)/$(bd),$(target),,$(filter-out __default,$(variant))))
-			$(call log_make,$(1)/$(bd),$(target),,$(filter-out __default,$(variant))) \
-				$(if $(findstring $(bd),$($(1)/builddirs-ignore-$(target))), || $(call ERROR,$(1),   ERROR: $(1)/$(bd) failed to build$(if $(filter-out __default,$(variant)), (build variant: $(variant))).))
+			$(if $($(1)/autoremove),$(call rebuild_check,$(1)/$(bd),$(target),,$(filter-out __default,$(variant)),$($(1)/$(bd)/variants)))
+			$(call log_make,$(1)/$(bd),$(target),,$(filter-out __default,$(variant)),$($(1)/$(bd)/variants)) \
+				|| $(call ERROR,$(1),   ERROR: $(1)/$(bd) failed to build$(if $(filter-out __default,$(variant)), (build variant: $(variant))).,$(findstring $(bd),$($(1)/builddirs-ignore-$(target)))) 
        )
      $(if $(PREREQ_ONLY)$(DUMP_TARGET_DB),,
        # aliases
--- a/include/target.mk
+++ b/include/target.mk
@@ -1,10 +1,7 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
 # Copyright (C) 2007-2008 OpenWrt.org
 # Copyright (C) 2016 LEDE Project
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#

 ifneq ($(__target_inc),1)
 __target_inc=1
@@ -13,18 +10,55 @@ __target_inc=1
 DEVICE_TYPE?=router

 # Default packages - the really basic set
-DEFAULT_PACKAGES:=base-files libc libgcc busybox dropbear mtd uci opkg netifd fstools uclient-fetch logd urandom-seed urngd \
-block-mount coremark kmod-nf-nathelper kmod-nf-nathelper-extra kmod-ipt-raw wget libustream-openssl ca-certificates \
-default-settings luci luci-app-ddns luci-app-upnp luci-app-adbyby-plus luci-app-autoreboot \
-luci-app-filetransfer luci-app-vsftpd luci-app-ssr-plus luci-app-unblockmusic \
-luci-app-arpbind luci-app-vlmcsd luci-app-wol luci-app-ramfree \
-luci-app-sfe luci-app-flowoffload luci-app-nlbwmon luci-app-accesscontrol luci-app-cpufreq \
-ddns-scripts_aliyun ddns-scripts_dnspod
+DEFAULT_PACKAGES:=\
+	base-files \
+	ca-bundle \
+	dropbear \
+	fstools \
+	libc \
+	libgcc \
+	libustream-openssl \
+	logd \
+	mtd \
+	netifd \
+	opkg \
+	uci \
+	uclient-fetch \
+	urandom-seed \
+	urngd
+
+ifneq ($(CONFIG_SELINUX),)
+DEFAULT_PACKAGES+=busybox-selinux procd-selinux
+else
+DEFAULT_PACKAGES+=busybox procd
+endif
+
+# include ujail on systems with enough storage
+ifeq ($(CONFIG_SMALL_FLASH),)
+DEFAULT_PACKAGES+=procd-ujail
+endif
+
+# include seccomp ld-preload hooks if kernel supports it
+ifneq ($(CONFIG_SECCOMP),)
+DEFAULT_PACKAGES+=procd-seccomp
+endif
+
+# For the basic set
+DEFAULT_PACKAGES.basic:=
 # For nas targets
-DEFAULT_PACKAGES.nas:=block-mount fdisk lsblk mdadm
+DEFAULT_PACKAGES.nas:=\
+	block-mount \
+	fdisk \
+	lsblk \
+	mdadm
 # For router targets
-DEFAULT_PACKAGES.router:=dnsmasq-full iptables ppp ppp-mod-pppoe firewall kmod-ipt-offload kmod-tcp-bbr
-DEFAULT_PACKAGES.bootloader:=
+DEFAULT_PACKAGES.router:=\
+	dnsmasq-full firewall iptables ppp ppp-mod-pppoe odhcp6c odhcpd-ipv6only \
+	block-mount coremark kmod-nf-nathelper kmod-nf-nathelper-extra kmod-ipt-raw kmod-tun \
+	iptables-mod-tproxy iptables-mod-extra ipset ip-full default-settings luci luci-proto-ipv6 \
+	ddns-scripts_aliyun ddns-scripts_dnspod luci-app-ddns luci-app-upnp luci-app-autoreboot \
+	luci-app-arpbind luci-app-filetransfer luci-app-vsftpd luci-app-ssr-plus luci-app-vlmcsd \
+	luci-app-accesscontrol luci-app-nlbwmon luci-app-turboacc luci-app-wol curl ca-certificates

 ifneq ($(DUMP),)
  all: dumpinfo
@@ -32,7 +66,7 @@ endif

 target_conf=$(subst .,_,$(subst -,_,$(subst /,_,$(1))))
 ifeq ($(DUMP),)
-  PLATFORM_DIR:=$(TOPDIR)/target/linux/$(BOARD)
+  PLATFORM_DIR:=$(firstword $(wildcard $(TOPDIR)/target/linux/feeds/$(BOARD) $(TOPDIR)/target/linux/$(BOARD)))
  SUBTARGET:=$(strip $(foreach subdir,$(patsubst $(PLATFORM_DIR)/%/target.mk,%,$(wildcard $(PLATFORM_DIR)/*/target.mk)),$(if $(CONFIG_TARGET_$(call target_conf,$(BOARD)_$(subdir))),$(subdir))))
 else
  PLATFORM_DIR:=${CURDIR}
@@ -61,7 +95,7 @@ endif
 DEFAULT_PACKAGES += $(DEFAULT_PACKAGES.$(DEVICE_TYPE))

 filter_packages = $(filter-out -% $(patsubst -%,%,$(filter -%,$(1))),$(1))
-extra_packages = $(if $(filter wpad-mini wpad-basic wpad nas,$(1)),iwinfo)
+extra_packages = $(if $(filter wpad wpad-% nas,$(1)),iwinfo)

 define ProfileDefault
  NAME:=
@@ -137,29 +171,37 @@ USE_SUBTARGET_CONFIG = $(if $(wildcard $(LINUX_TARGET_CONFIG)),,$(if $(LINUX_SUB
 LINUX_RECONFIG_LIST = $(wildcard $(GENERIC_LINUX_CONFIG) $(LINUX_TARGET_CONFIG) $(if $(USE_SUBTARGET_CONFIG),$(LINUX_SUBTARGET_CONFIG)))
 LINUX_RECONFIG_TARGET = $(if $(USE_SUBTARGET_CONFIG),$(LINUX_SUBTARGET_CONFIG),$(LINUX_TARGET_CONFIG))

+CFG_TARGET = $(CONFIG_TARGET)
+ifeq ($(CFG_TARGET),platform)
+  CFG_TARGET = target
+  $(warning Deprecation warning: use CONFIG_TARGET=target instead.)
+else ifeq ($(CFG_TARGET),subtarget_platform)
+  CFG_TARGET = subtarget_target
+  $(warning Deprecation warning: use CONFIG_TARGET=subtarget_target instead.)
+endif
+
 # select the config file to be changed by kernel_menuconfig/kernel_oldconfig
-ifeq ($(CONFIG_TARGET),platform)
+ifeq ($(CFG_TARGET),target)
  LINUX_RECONFIG_LIST = $(wildcard $(GENERIC_LINUX_CONFIG) $(LINUX_TARGET_CONFIG))
  LINUX_RECONFIG_TARGET = $(LINUX_TARGET_CONFIG)
-endif
-ifeq ($(CONFIG_TARGET),subtarget)
+else ifeq ($(CFG_TARGET),subtarget)
  LINUX_RECONFIG_LIST = $(wildcard $(GENERIC_LINUX_CONFIG) $(LINUX_TARGET_CONFIG) $(LINUX_SUBTARGET_CONFIG))
  LINUX_RECONFIG_TARGET = $(LINUX_SUBTARGET_CONFIG)
-endif
-ifeq ($(CONFIG_TARGET),subtarget_platform)
+else ifeq ($(CFG_TARGET),subtarget_target)
  LINUX_RECONFIG_LIST = $(wildcard $(GENERIC_LINUX_CONFIG) $(LINUX_SUBTARGET_CONFIG) $(LINUX_TARGET_CONFIG))
  LINUX_RECONFIG_TARGET = $(LINUX_TARGET_CONFIG)
-endif
-ifeq ($(CONFIG_TARGET),env)
+else ifeq ($(CFG_TARGET),env)
  LINUX_RECONFIG_LIST = $(LINUX_KCONFIG_LIST)
  LINUX_RECONFIG_TARGET = $(TOPDIR)/env/kernel-config
+else ifneq ($(strip $(CFG_TARGET)),)
+  $(error CONFIG_TARGET=$(CFG_TARGET) is invalid. Valid: target|subtarget|subtarget_target|env)
 endif

-__linux_confcmd = $(SCRIPT_DIR)/kconfig.pl $(2) $(patsubst %,+,$(wordlist 2,9999,$(1))) $(1)
+__linux_confcmd = $(2) $(patsubst %,+,$(wordlist 2,9999,$(1))) $(1)

-LINUX_CONF_CMD = $(call __linux_confcmd,$(LINUX_KCONFIG_LIST),)
-LINUX_RECONF_CMD = $(call __linux_confcmd,$(LINUX_RECONFIG_LIST),)
-LINUX_RECONF_DIFF = $(call __linux_confcmd,$(filter-out $(LINUX_RECONFIG_TARGET),$(LINUX_RECONFIG_LIST)),'>')
+LINUX_CONF_CMD = $(SCRIPT_DIR)/kconfig.pl $(call __linux_confcmd,$(LINUX_KCONFIG_LIST))
+LINUX_RECONF_CMD = $(SCRIPT_DIR)/kconfig.pl $(call __linux_confcmd,$(LINUX_RECONFIG_LIST))
+LINUX_RECONF_DIFF = $(SCRIPT_DIR)/kconfig.pl - '>' $(call __linux_confcmd,$(filter-out $(LINUX_RECONFIG_TARGET),$(LINUX_RECONFIG_LIST))) $(1) $(GENERIC_PLATFORM_DIR)/config-filter

 ifeq ($(DUMP),1)
  BuildTarget=$(BuildTargets/DumpCurrent)
@@ -174,13 +216,15 @@ ifeq ($(DUMP),1)
    CPU_CFLAGS += -mno-branch-likely
    CPU_CFLAGS_mips32 = -mips32 -mtune=mips32
    CPU_CFLAGS_mips64 = -mips64 -mtune=mips64 -mabi=64
+    CPU_CFLAGS_mips64r2 = -mips64r2 -mtune=mips64r2 -mabi=64
+    CPU_CFLAGS_4kec = -mips32r2 -mtune=4kec
    CPU_CFLAGS_24kc = -mips32r2 -mtune=24kc
    CPU_CFLAGS_74kc = -mips32r2 -mtune=74kc
    CPU_CFLAGS_octeonplus = -march=octeon+ -mabi=64
  endif
  ifeq ($(ARCH),i386)
-    CPU_TYPE ?= pentium
-    CPU_CFLAGS_pentium = -march=pentium-mmx
+    CPU_TYPE ?= pentium-mmx
+    CPU_CFLAGS_pentium-mmx = -march=pentium-mmx
    CPU_CFLAGS_pentium4 = -march=pentium4
  endif
  ifneq ($(findstring arm,$(ARCH)),)
@@ -189,12 +233,14 @@ ifeq ($(DUMP),1)
  ifeq ($(ARCH),powerpc)
    CPU_CFLAGS_603e:=-mcpu=603e
    CPU_CFLAGS_8540:=-mcpu=8540
+    CPU_CFLAGS_8548:=-mcpu=8548
    CPU_CFLAGS_405:=-mcpu=405
    CPU_CFLAGS_440:=-mcpu=440
    CPU_CFLAGS_464fp:=-mcpu=464fp
  endif
  ifeq ($(ARCH),powerpc64)
    CPU_TYPE ?= powerpc64
+    CPU_CFLAGS_e5500:=-mcpu=e5500
    CPU_CFLAGS_powerpc64:=-mcpu=powerpc64
  endif
  ifeq ($(ARCH),sparc)
@@ -212,6 +258,15 @@ ifeq ($(DUMP),1)
    CPU_CFLAGS_arc700 = -mcpu=arc700
    CPU_CFLAGS_archs = -mcpu=archs
  endif
+  ifeq ($(ARCH),riscv64)
+    CPU_TYPE ?= riscv64
+    CPU_CFLAGS_riscv64:=-mabi=lp64d -march=rv64imafdc
+  endif
+  ifeq ($(ARCH),loongarch64)
+    CPU_TYPE ?= generic
+    CPU_CFLAGS := -O2 -pipe
+    CPU_CFLAGS_generic:=-march=loongarch64
+  endif
  ifneq ($(CPU_TYPE),)
    ifndef CPU_CFLAGS_$(CPU_TYPE)
      $(warning CPU_TYPE "$(CPU_TYPE)" doesn't correspond to a known type)
@@ -228,7 +283,9 @@ ifeq ($(DUMP),1)
    .PRECIOUS: $(TMP_CONFIG)

    ifdef KERNEL_TESTING_PATCHVER
-      FEATURES += testing-kernel
+      ifneq ($(KERNEL_TESTING_PATCHVER),$(KERNEL_PATCHVER))
+        FEATURES += testing-kernel
+      endif
    endif
    ifneq ($(CONFIG_OF),)
      FEATURES += dt
--- a/include/toolchain-build.mk
+++ b/include/toolchain-build.mk
@@ -1,9 +1,6 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
-# Copyright (C) 2009 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+# Copyright (C) 2009-2020 OpenWrt.org

 override CONFIG_AUTOREBUILD=
 override CONFIG_AUTOREMOVE=
@@ -21,6 +18,6 @@ define FixupLibdir
 		mkdir -p $(1)/lib; \
 		mv $(1)/lib64/* $(1)/lib/; \
 		rm -rf $(1)/lib64; \
+		ln -sf lib $(1)/lib64; \
 	fi
-	ln -sf lib $(1)/lib64
 endef
--- a/include/toplevel.mk
+++ b/include/toplevel.mk
@@ -1,14 +1,10 @@
-# Makefile for OpenWrt
-#
-# Copyright (C) 2007-2012 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
+# SPDX-License-Identifier: GPL-2.0-only
 #
+# Copyright (C) 2007-2020 OpenWrt.org

 PREP_MK= OPENWRT_BUILD= QUIET=0

-export IS_TTY=$(shell tty -s && echo 1 || echo 0)
+export IS_TTY=$(if $(MAKE_TERMOUT),1,0)

 include $(TOPDIR)/include/verbose.mk

@@ -19,7 +15,6 @@ else
  SOURCE_DATE_EPOCH:=$(shell $(TOPDIR)/scripts/get_source_date_epoch.sh)
 endif

-HOSTCC ?= $(CC)
 export REVISION
 export SOURCE_DATE_EPOCH
 export GIT_CONFIG_PARAMETERS='core.autocrlf=false'
@@ -29,6 +24,12 @@ export GNU_HOST_NAME:=$(shell $(TOPDIR)/scripts/config.guess)
 export HOST_OS:=$(shell uname)
 export HOST_ARCH:=$(shell uname -m)

+ifeq ($(HOST_OS),Darwin)
+  ifneq ($(filter /Applications/Xcode.app/% /Library/Developer/%,$(MAKE)),)
+    $(error Please use a newer version of GNU make. The version shipped by Apple is not supported)
+  endif
+endif
+
 # prevent perforce from messing with the patch utility
 unexport P4PORT P4USER P4CONFIG P4CLIENT

@@ -50,18 +51,12 @@ path:=$(subst :,$(space),$(PATH))
 path:=$(filter-out .%,$(path))
 path:=$(subst $(space),:,$(path))
 export PATH:=$(path)
+export STAGING_DIR_HOST:=$(if $(STAGING_DIR),$(abspath $(STAGING_DIR)/../host),$(TOPDIR)/staging_dir/host)

 unexport TAR_OPTIONS

-ifneq ($(shell $(HOSTCC) 2>&1 | grep clang),)
-  export HOSTCC_REAL?=$(HOSTCC)
-  export HOSTCC_WRAPPER:=$(TOPDIR)/scripts/clang-gcc-wrapper
-else
-  export HOSTCC_WRAPPER:=$(HOSTCC)
-endif
-
 ifeq ($(FORCE),)
-  .config scripts/config/conf scripts/config/mconf: staging_dir/host/.prereq-build
+  .config scripts/config/conf scripts/config/mconf: $(STAGING_DIR_HOST)/.prereq-build
 endif

 SCAN_COOKIE?=$(shell echo $$$$)
@@ -71,7 +66,7 @@ SUBMAKE:=umask 022; $(SUBMAKE)

 ULIMIT_FIX=_limit=`ulimit -n`; [ "$$_limit" = "unlimited" -o "$$_limit" -ge 1024 ] || ulimit -n 1024;

-prepare-mk: staging_dir/host/.prereq-build FORCE ;
+prepare-mk: $(STAGING_DIR_HOST)/.prereq-build FORCE ;

 ifdef SDK
  IGNORE_PACKAGES = linux
@@ -80,10 +75,10 @@ endif
 _ignore = $(foreach p,$(IGNORE_PACKAGES),--ignore $(p))

 prepare-tmpinfo: FORCE
-	@+$(MAKE) -r -s staging_dir/host/.prereq-build $(PREP_MK)
+	@+$(MAKE) -r -s $(STAGING_DIR_HOST)/.prereq-build $(PREP_MK)
 	mkdir -p tmp/info
 	$(_SINGLE)$(NO_TRACE_MAKE) -j1 -r -s -f include/scan.mk SCAN_TARGET="packageinfo" SCAN_DIR="package" SCAN_NAME="package" SCAN_DEPTH=5 SCAN_EXTRA=""
-	$(_SINGLE)$(NO_TRACE_MAKE) -j1 -r -s -f include/scan.mk SCAN_TARGET="targetinfo" SCAN_DIR="target/linux" SCAN_NAME="target" SCAN_DEPTH=2 SCAN_EXTRA="" SCAN_MAKEOPTS="TARGET_BUILD=1"
+	$(_SINGLE)$(NO_TRACE_MAKE) -j1 -r -s -f include/scan.mk SCAN_TARGET="targetinfo" SCAN_DIR="target/linux" SCAN_NAME="target" SCAN_DEPTH=3 SCAN_EXTRA="" SCAN_MAKEOPTS="TARGET_BUILD=1"
 	for type in package target; do \
 		f=tmp/.$${type}info; t=tmp/.config-$${type}.in; \
 		[ "$$t" -nt "$$f" ] || ./scripts/$${type}-metadata.pl $(_ignore) config "$$f" > "$$t" || { rm -f "$$t"; echo "Failed to build $$t"; false; break; }; \
@@ -91,6 +86,7 @@ prepare-tmpinfo: FORCE
 	[ tmp/.config-feeds.in -nt tmp/.packageauxvars ] || ./scripts/feeds feed_config > tmp/.config-feeds.in
 	./scripts/package-metadata.pl mk tmp/.packageinfo > tmp/.packagedeps || { rm -f tmp/.packagedeps; false; }
 	./scripts/package-metadata.pl pkgaux tmp/.packageinfo > tmp/.packageauxvars || { rm -f tmp/.packageauxvars; false; }
+	./scripts/package-metadata.pl usergroup tmp/.packageinfo > tmp/.packageusergroup || { rm -f tmp/.packageusergroup; false; }
 	touch $(TOPDIR)/tmp/.build

 .config: ./scripts/config/conf $(if $(CONFIG_HAVE_DOT_CONFIG),,prepare-tmpinfo)
@@ -99,25 +95,22 @@ prepare-tmpinfo: FORCE
 		$(_SINGLE)$(NO_TRACE_MAKE) menuconfig $(PREP_MK); \
 	fi

-ifneq ($(DISTRO_PKG_CONFIG),)
-scripts/config/mconf: export PATH:=$(dir $(DISTRO_PKG_CONFIG)):$(PATH)
+ifeq ($(RECURSIVE_DEP_IS_ERROR),1)
+  KCONF_FLAGS=--fatalrecursive
 endif
-scripts/config/mconf:
-	@$(_SINGLE)$(SUBMAKE) -s -C scripts/config all CC="$(HOSTCC_WRAPPER)"
+ifneq ($(DISTRO_PKG_CONFIG),)
+scripts/config/%onf: export PATH:=$(dir $(DISTRO_PKG_CONFIG)):$(PATH)
+endif
+scripts/config/%onf: CFLAGS+= -O2
+scripts/config/%onf: FORCE
+	@$(_SINGLE)$(SUBMAKE) $(if $(findstring s,$(OPENWRT_VERBOSE)),,-s) \
+		-C scripts/config $(notdir $@)

 $(eval $(call rdep,scripts/config,scripts/config/mconf))

-scripts/config/qconf:
-	@$(_SINGLE)$(SUBMAKE) -s -C scripts/config qconf \
-		CC="$(HOSTCC_WRAPPER)" \
-		DISTRO-PKG-CONFIG="$(DISTRO_PKG_CONFIG)"
-
-scripts/config/conf:
-	@$(_SINGLE)$(SUBMAKE) -s -C scripts/config conf CC="$(HOSTCC_WRAPPER)"
-
 config: scripts/config/conf prepare-tmpinfo FORCE
 	[ -L .config ] && export KCONFIG_OVERWRITECONFIG=1; \
-		$< Config.in
+		$< $(KCONF_FLAGS) Config.in

 config-clean: FORCE
 	$(_SINGLE)$(NO_TRACE_MAKE) -C scripts/config clean
@@ -126,7 +119,7 @@ defconfig: scripts/config/conf prepare-tmpinfo FORCE
 	touch .config
 	@if [ ! -s .config -a -e $(HOME)/.openwrt/defconfig ]; then cp $(HOME)/.openwrt/defconfig .config; fi
 	[ -L .config ] && export KCONFIG_OVERWRITECONFIG=1; \
-		$< --defconfig=.config Config.in
+		$< $(KCONF_FLAGS) --defconfig=.config Config.in

 confdefault-y=allyes
 confdefault-m=allmod
@@ -135,7 +128,7 @@ confdefault:=$(confdefault-$(CONFDEFAULT))

 oldconfig: scripts/config/conf prepare-tmpinfo FORCE
 	[ -L .config ] && export KCONFIG_OVERWRITECONFIG=1; \
-		$< --$(if $(confdefault),$(confdefault),old)config Config.in
+		$< $(KCONF_FLAGS) --$(if $(confdefault),$(confdefault),old)config Config.in

 menuconfig: scripts/config/mconf prepare-tmpinfo FORCE
 	if [ \! -e .config -a -e $(HOME)/.openwrt/defconfig ]; then \
@@ -144,6 +137,13 @@ menuconfig: scripts/config/mconf prepare-tmpinfo FORCE
 	[ -L .config ] && export KCONFIG_OVERWRITECONFIG=1; \
 		$< Config.in

+nconfig: scripts/config/nconf prepare-tmpinfo FORCE
+	if [ \! -e .config -a -e $(HOME)/.openwrt/defconfig ]; then \
+		cp $(HOME)/.openwrt/defconfig .config; \
+	fi
+	[ -L .config ] && export KCONFIG_OVERWRITECONFIG=1; \
+		$< Config.in
+
 xconfig: scripts/config/qconf prepare-tmpinfo FORCE
 	if [ \! -e .config -a -e $(HOME)/.openwrt/defconfig ]; then \
 		cp $(HOME)/.openwrt/defconfig .config; \
@@ -152,7 +152,7 @@ xconfig: scripts/config/qconf prepare-tmpinfo FORCE

 prepare_kernel_conf: .config toolchain/install FORCE

-ifeq ($(wildcard staging_dir/host/bin/quilt),)
+ifeq ($(wildcard $(STAGING_DIR_HOST)/bin/quilt),)
  prepare_kernel_conf:
 	@+$(SUBMAKE) -r tools/quilt/compile
 else
@@ -165,6 +165,7 @@ kernel_oldconfig: prepare_kernel_conf
 ifneq ($(DISTRO_PKG_CONFIG),)
 kernel_menuconfig: export PATH:=$(dir $(DISTRO_PKG_CONFIG)):$(PATH)
 kernel_nconfig: export PATH:=$(dir $(DISTRO_PKG_CONFIG)):$(PATH)
+kernel_xconfig: export PATH:=$(dir $(DISTRO_PKG_CONFIG)):$(PATH)
 endif
 kernel_menuconfig: prepare_kernel_conf
 	$(_SINGLE)$(NO_TRACE_MAKE) -C target/linux menuconfig
@@ -172,7 +173,10 @@ kernel_menuconfig: prepare_kernel_conf
 kernel_nconfig: prepare_kernel_conf
 	$(_SINGLE)$(NO_TRACE_MAKE) -C target/linux nconfig

-staging_dir/host/.prereq-build: include/prereq-build.mk
+kernel_xconfig: prepare_kernel_conf
+	$(_SINGLE)$(NO_TRACE_MAKE) -C target/linux xconfig
+
+$(STAGING_DIR_HOST)/.prereq-build: include/prereq-build.mk
 	mkdir -p tmp
 	@$(_SINGLE)$(NO_TRACE_MAKE) -j1 -r -s -f $(TOPDIR)/include/prereq-build.mk prereq 2>/dev/null || { \
 		echo "Prerequisite check failed. Use FORCE=1 to override."; \
@@ -195,7 +199,7 @@ else
  DOWNLOAD_DIRS = package/download
 endif

-download: .config FORCE $(if $(wildcard $(TOPDIR)/staging_dir/host/bin/flock),,tools/flock/compile)
+download: .config FORCE $(if $(wildcard $(STAGING_DIR_HOST)/bin/flock),,tools/flock/compile)
 	@+$(foreach dir,$(DOWNLOAD_DIRS),$(SUBMAKE) $(dir);)

 clean dirclean: .config
@@ -216,7 +220,7 @@ ifeq ($(SDK),1)

 %::
 	@+$(PREP_MK) $(NO_TRACE_MAKE) -r -s prereq
-	@./scripts/config/conf --defconfig=.config Config.in
+	@./scripts/config/conf $(KCONF_FLAGS) --defconfig=.config Config.in
 	@+$(ULIMIT_FIX) $(SUBMAKE) -r $@

 else
@@ -225,7 +229,7 @@ else
 	@+$(PREP_MK) $(NO_TRACE_MAKE) -r -s prereq
 	@( \
 		cp .config tmp/.config; \
-		./scripts/config/conf --defconfig=tmp/.config -w tmp/.config Config.in > /dev/null 2>&1; \
+		./scripts/config/conf $(KCONF_FLAGS) --defconfig=tmp/.config -w tmp/.config Config.in > /dev/null 2>&1; \
 		if ./scripts/kconfig.pl '>' .config tmp/.config | grep -q CONFIG; then \
 			printf "$(_R)WARNING: your configuration is out of sync. Please run make menuconfig, oldconfig or defconfig!$(_N)\n" >&2; \
 		fi \
@@ -252,14 +256,14 @@ package/symlinks-clean:
 	./scripts/feeds uninstall -a

 help:
-	cat README
+	cat README.md

 distclean:
-	rm -rf bin build_dir .config* dl feeds key-build* logs package/feeds package/openwrt-packages staging_dir tmp
+	rm -rf bin build_dir .ccache .config* dl feeds key-build* logs package/feeds staging_dir tmp
 	@$(_SINGLE)$(SUBMAKE) -C scripts/config clean

 ifeq ($(findstring v,$(DEBUG)),)
-  .SILENT: symlinkclean clean dirclean distclean config-clean download help tmpinfo-clean .config scripts/config/mconf scripts/config/conf menuconfig staging_dir/host/.prereq-build tmp/.prereq-package prepare-tmpinfo
+  .SILENT: symlinkclean clean dirclean distclean config-clean download help tmpinfo-clean .config scripts/config/mconf scripts/config/conf menuconfig $(STAGING_DIR_HOST)/.prereq-build tmp/.prereq-package prepare-tmpinfo
 endif
 .PHONY: help FORCE
 .NOTPARALLEL:
--- a/include/trusted-firmware-a.mk
+++ b/include/trusted-firmware-a.mk
@@ -0,0 +1,102 @@
+PKG_NAME ?= trusted-firmware-a
+PKG_CPE_ID ?= cpe:/a:arm:trusted_firmware-a
+
+ifndef PKG_SOURCE_PROTO
+PKG_SOURCE = trusted-firmware-a-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://git.trustedfirmware.org/TF-A/trusted-firmware-a.git/snapshot
+endif
+
+PKG_BUILD_DIR = $(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION)
+
+PKG_TARGETS := bin
+PKG_FLAGS:=nonshared
+
+PKG_LICENSE:=BSD-3-Clause
+PKG_LICENSE_FILES:=docs/license.rst
+
+PKG_BUILD_PARALLEL:=1
+
+export GCC_HONOUR_COPTS=s
+
+define Package/trusted-firmware-a/install/default
+	$(CP) $(patsubst %,$(PKG_BUILD_DIR)/build/$(PLAT)/release/%,$(TFA_IMAGE)) $(1)/
+endef
+
+Package/trusted-firmware-a/install = $(Package/trusted-firmware-a/install/default)
+
+define Trusted-Firmware-A/Init
+  BUILD_TARGET:=
+  BUILD_SUBTARGET:=
+  BUILD_DEVICES:=
+  NAME:=
+  DEPENDS:=
+  HIDDEN:=
+  DEFAULT:=
+  PLAT:=
+  VARIANT:=$(1)
+  TFA_IMAGE:=
+endef
+
+TARGET_DEP = TARGET_$(BUILD_TARGET)$(if $(BUILD_SUBTARGET),_$(BUILD_SUBTARGET))
+
+define Build/Trusted-Firmware-A/Target
+  $(eval $(call Trusted-Firmware-A/Init,$(1)))
+  $(eval $(call Trusted-Firmware-A/Default,$(1)))
+  $(eval $(call Trusted-Firmware-A/$(1),$(1)))
+
+ define Package/trusted-firmware-a-$(1)
+    SECTION:=boot
+    CATEGORY:=Boot Loaders
+    TITLE:=Trusted-Firmware-A for $(NAME)
+    VARIANT:=$(VARIANT)
+    DEPENDS:=@!IN_SDK $(DEPENDS)
+    HIDDEN:=$(HIDDEN)
+    ifneq ($(BUILD_TARGET),)
+      DEPENDS += @$(TARGET_DEP)
+      ifneq ($(BUILD_DEVICES),)
+        DEFAULT := y if ($(TARGET_DEP)_Default \
+		$(patsubst %,|| $(TARGET_DEP)_DEVICE_%,$(BUILD_DEVICES)) \
+		$(patsubst %,|| $(patsubst TARGET_%,TARGET_DEVICE_%,$(TARGET_DEP))_DEVICE_%,$(BUILD_DEVICES)))
+      endif
+    endif
+    $(if $(DEFAULT),DEFAULT:=$(DEFAULT))
+    URL:=https://www.trustedfirmware.org/projects/tf-a/
+  endef
+
+  define Package/trusted-firmware-a-$(1)/install
+	$$(Package/trusted-firmware-a/install)
+  endef
+endef
+
+define Build/Configure/Trusted-Firmware-A
+	$(INSTALL_DIR) $(STAGING_DIR)/usr/include
+endef
+
+DTC=$(wildcard $(LINUX_DIR)/scripts/dtc/dtc)
+
+define Build/Compile/Trusted-Firmware-A
+	+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
+		CROSS_COMPILE=$(TARGET_CROSS) \
+		OPENSSL_DIR=$(STAGING_DIR_HOST) \
+		$(if $(DTC),DTC="$(DTC)") \
+		PLAT=$(PLAT) \
+		BUILD_STRING="OpenWrt v$(PKG_VERSION)-$(PKG_RELEASE) ($(VARIANT))" \
+		$(if $(CONFIG_BINUTILS_VERSION_2_37)$(CONFIG_BINUTILS_VERSION_2_38),,LDFLAGS="-no-warn-rwx-segments") \
+		$(TFA_MAKE_FLAGS)
+endef
+
+define BuildPackage/Trusted-Firmware-A/Defaults
+  Build/Configure/Default = $$$$(Build/Configure/Trusted-Firmware-A)
+  Build/Compile/Default = $$$$(Build/Compile/Trusted-Firmware-A)
+endef
+
+define BuildPackage/Trusted-Firmware-A
+  $(eval $(call BuildPackage/Trusted-Firmware-A/Defaults))
+  $(foreach type,$(if $(DUMP),$(TFA_TARGETS),$(BUILD_VARIANT)), \
+    $(eval $(call Build/Trusted-Firmware-A/Target,$(type)))
+  )
+  $(eval $(call Build/DefaultTargets))
+  $(foreach type,$(if $(DUMP),$(TFA_TARGETS),$(BUILD_VARIANT)), \
+    $(call BuildPackage,trusted-firmware-a-$(type))
+  )
+endef
--- a/include/u-boot.mk
+++ b/include/u-boot.mk
@@ -1,9 +1,12 @@
+include $(INCLUDE_DIR)/prereq.mk
+
 PKG_NAME ?= u-boot

 ifndef PKG_SOURCE_PROTO
 PKG_SOURCE = $(PKG_NAME)-$(PKG_VERSION).tar.bz2
 PKG_SOURCE_URL = \
-	https://sources.openwrt.org \
+	https://mirror.cyberbits.eu/u-boot \
+	https://ftp.denx.de/pub/u-boot \
 	ftp://ftp.denx.de/pub/u-boot
 endif

@@ -15,7 +18,32 @@ PKG_FLAGS:=nonshared
 PKG_LICENSE:=GPL-2.0 GPL-2.0+
 PKG_LICENSE_FILES:=Licenses/README

-PKG_BUILD_PARALLEL:=1
+PKG_BUILD_PARALLEL ?= 1
+
+ifdef UBOOT_USE_BINMAN
+  $(eval $(call TestHostCommand,python3-pyelftools, \
+    Please install the Python3 elftools module, \
+    $(STAGING_DIR_HOST)/bin/python3 -c 'import elftools'))
+endif
+
+ifdef UBOOT_USE_INTREE_DTC
+  $(eval $(call TestHostCommand,python3-dev, \
+    Please install the python3-dev package, \
+    python3.11-config --includes 2>&1 | grep 'python3', \
+    python3.10-config --includes 2>&1 | grep 'python3', \
+    python3.9-config --includes 2>&1 | grep 'python3', \
+    python3.8-config --includes 2>&1 | grep 'python3', \
+    python3.7-config --includes 2>&1 | grep 'python3', \
+    python3-config --includes 2>&1 | grep -E 'python3\.([7-9]|[0-9][0-9])\.?'))
+
+  $(eval $(call TestHostCommand,python3-setuptools, \
+    Please install the Python3 setuptools module, \
+    $(STAGING_DIR_HOST)/bin/python3 -c 'import setuptools'))
+
+  $(eval $(call TestHostCommand,swig, \
+    Please install the swig package, \
+    swig -version))
+endif

 export GCC_HONOUR_COPTS=s

@@ -41,9 +69,16 @@ endef
 TARGET_DEP = TARGET_$(BUILD_TARGET)$(if $(BUILD_SUBTARGET),_$(BUILD_SUBTARGET))

 UBOOT_MAKE_FLAGS = \
+	PATH=$(STAGING_DIR_HOST)/bin:$(PATH) \
 	HOSTCC="$(HOSTCC)" \
 	HOSTCFLAGS="$(HOST_CFLAGS) $(HOST_CPPFLAGS) -std=gnu11" \
-	HOSTLDFLAGS="$(HOST_LDFLAGS)"
+	HOSTLDFLAGS="$(HOST_LDFLAGS)" \
+	LOCALVERSION="-OpenWrt-$(REVISION)" \
+	STAGING_PREFIX="$(STAGING_DIR_HOST)" \
+	PKG_CONFIG_PATH="$(STAGING_DIR_HOST)/lib/pkgconfig" \
+	PKG_CONFIG_LIBDIR="$(STAGING_DIR_HOST)/lib/pkgconfig" \
+	PKG_CONFIG_EXTRAARGS="--static" \
+	$(if $(findstring c,$(OPENWRT_VERBOSE)),V=1,V='')

 define Build/U-Boot/Target
  $(eval $(call U-Boot/Init,$(1)))
@@ -76,9 +111,14 @@ endef

 define Build/Configure/U-Boot
 	+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) $(UBOOT_CONFIGURE_VARS) $(UBOOT_CONFIG)_config
+	$(if $(strip $(UBOOT_CUSTOMIZE_CONFIG)),
+		$(PKG_BUILD_DIR)/scripts/config --file $(PKG_BUILD_DIR)/.config $(UBOOT_CUSTOMIZE_CONFIG)
+		+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) $(UBOOT_CONFIGURE_VARS) oldconfig)
 endef

-DTC=$(wildcard $(LINUX_DIR)/scripts/dtc/dtc)
+ifndef UBOOT_USE_INTREE_DTC
+  DTC=$(wildcard $(LINUX_DIR)/scripts/dtc/dtc)
+endif

 define Build/Compile/U-Boot
 	+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
--- a/include/uclibc++.mk
+++ b/include/uclibc++.mk
@@ -1,24 +1,2 @@
-ifndef DUMP
-  ifdef __package_mk
-    $(error uclibc++.mk must be included before package.mk)
-  endif
-endif
-
-PKG_PREPARED_DEPENDS += CONFIG_USE_UCLIBCXX CONFIG_USE_LIBCXX
-CXX_DEPENDS = +USE_UCLIBCXX:uclibcxx +USE_LIBCXX:libcxx +USE_LIBSTDCXX:libstdcpp
-
-ifneq ($(CONFIG_USE_UCLIBCXX),)
- ifneq ($(CONFIG_CCACHE),)
-  TARGET_CXX_NOCACHE=g++-uc
- else
-  TARGET_CXX=g++-uc
- endif
-endif
-
-ifneq ($(CONFIG_USE_LIBCXX),)
- ifneq ($(CONFIG_CCACHE),)
-  TARGET_CXX_NOCACHE=g++-libcxx
- else
-  TARGET_CXX=g++-libcxx
- endif
-endif
+$(warn uclibc++.mk is deprecated. Please remove it and CXX_DEPENDS)
+CXX_DEPENDS = +libstdcpp
--- a/include/unpack.mk
+++ b/include/unpack.mk
@@ -1,9 +1,6 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
-# Copyright (C) 2006-2007 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+# Copyright (C) 2006-2020 OpenWrt.org

 HOST_TAR:=$(TAR)
 TAR_CMD=$(HOST_TAR) -C $(1)/.. $(TAR_OPTIONS)
@@ -21,7 +18,7 @@ ifeq ($(strip $(UNPACK_CMD)),)

    ifeq ($(filter gz tgz,$(EXT)),$(EXT))
      EXT:=$(call ext,$(PKG_SOURCE:.$(EXT)=))
-      DECOMPRESS_CMD:=gzip -dc $(DL_DIR)/$(PKG_SOURCE) |
+      DECOMPRESS_CMD:=$(STAGING_DIR_HOST)/bin/libdeflate-gzip -dc $(DL_DIR)/$(PKG_SOURCE) |
    endif
    ifeq ($(filter bzip2 bz2 bz tbz2 tbz,$(EXT)),$(EXT))
      EXT:=$(call ext,$(PKG_SOURCE:.$(EXT)=))
@@ -31,6 +28,10 @@ ifeq ($(strip $(UNPACK_CMD)),)
      EXT:=$(call ext,$(PKG_SOURCE:.$(EXT)=))
      DECOMPRESS_CMD:=xzcat $(DL_DIR)/$(PKG_SOURCE) |
    endif
+    ifeq (zst,$(EXT))
+      EXT:=$(call ext,$(PKG_SOURCE:.$(EXT)=))
+      DECOMPRESS_CMD:=zstdcat $(DL_DIR)/$(PKG_SOURCE) |
+    endif
    ifeq ($(filter tgz tbz tbz2 txz,$(EXT1)),$(EXT1))
      EXT:=tar
    endif
@@ -39,7 +40,7 @@ ifeq ($(strip $(UNPACK_CMD)),)
      UNPACK_CMD=$(DECOMPRESS_CMD) $(TAR_CMD)
    endif
    ifeq ($(EXT),cpio)
-      UNPACK_CMD=$(DECOMPRESS_CMD) (cd $(1)/..; cpio -i -d)
+      UNPACK_CMD=$(DECOMPRESS_CMD) (cd $(1)/..; $(STAGING_DIR_HOST)/bin/cpio -i -d)
    endif
    ifeq ($(EXT),zip)
      UNPACK_CMD=$(UNZIP_CMD)
@@ -55,7 +56,7 @@ ifeq ($(strip $(UNPACK_CMD)),)
    endif
    # replace zcat with $(ZCAT), because some system don't support it properly
    ifeq ($(PKG_CAT),zcat)
-      UNPACK_CMD=gzip -dc $(DL_DIR)/$(PKG_SOURCE) | $(TAR_CMD)
+      UNPACK_CMD=$(STAGING_DIR_HOST)/bin/libdeflate-gzip -dc $(DL_DIR)/$(PKG_SOURCE) | $(TAR_CMD)
    endif
  endif
 endif
--- a/include/verbose.mk
+++ b/include/verbose.mk
@@ -1,9 +1,6 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
-# Copyright (C) 2006 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
+# Copyright (C) 2006-2020 OpenWrt.org

 ifndef OPENWRT_VERBOSE
  OPENWRT_VERBOSE:=
@@ -32,15 +29,15 @@ ifeq ($(IS_TTY),1)
  endif
 endif

+define ERROR_MESSAGE
+  printf "$(_R)%s$(_N)\n" "$(1)" >&8
+endef
+
 ifeq ($(findstring s,$(OPENWRT_VERBOSE)),)
  define MESSAGE
 	printf "$(_Y)%s$(_N)\n" "$(1)" >&8
  endef

-  define ERROR_MESSAGE
-	printf "$(_R)%s$(_N)\n" "$(1)" >&8
-  endef
-
  ifeq ($(QUIET),1)
    ifneq ($(CURDIR),$(TOPDIR))
      _DIR:=$(patsubst $(TOPDIR)/%,%,${CURDIR})
@@ -63,5 +60,4 @@ else
  define MESSAGE
    printf "%s\n" "$(1)"
  endef
-  ERROR_MESSAGE=$(MESSAGE)
 endif
--- a/include/version.mk
+++ b/include/version.mk
@@ -1,10 +1,7 @@
+# SPDX-License-Identifier: GPL-2.0-only
 #
 # Copyright (C) 2012-2015 OpenWrt.org
 # Copyright (C) 2016 LEDE Project
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#

 # Substituted by SDK, do not remove
 # REVISION:=x
@@ -32,7 +29,7 @@ VERSION_CODE:=$(call qstrip,$(CONFIG_VERSION_CODE))
 VERSION_CODE:=$(if $(VERSION_CODE),$(VERSION_CODE),$(REVISION))

 VERSION_REPO:=$(call qstrip,$(CONFIG_VERSION_REPO))
-VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),http://downloads.openwrt.org/snapshots)
+VERSION_REPO:=$(if $(VERSION_REPO),$(VERSION_REPO),https://downloads.openwrt.org/snapshots)

 VERSION_DIST:=$(call qstrip,$(CONFIG_VERSION_DIST))
 VERSION_DIST:=$(if $(VERSION_DIST),$(VERSION_DIST),OpenWrt)
--- a/openwrt_logs/20250408_180935/main_build_script.log
+++ b/openwrt_logs/20250408_180935/main_build_script.log
@@ -0,0 +1,56 @@
+[2025-04-08 18:09:35] [INFO]: 日志系统初始化完成。主日志文件: openwrt_logs/20250408_180935/main_build_script.log
+[2025-04-08 18:09:35] [0;32m[INFO ][0m: 检查运行环境...
+[2025-04-08 18:09:35] [0;32m[INFO ][0m: 环境检查通过。
+[2025-04-08 18:09:35] [0;32m[INFO ][0m: OpenWrt 构建管理脚本已启动\033[0m
+[2025-04-08 18:09:35] [0;32m[INFO ][0m: PID: 2874378
+[2025-04-08 18:09:35] [0;32m[INFO ][0m: 会话日志目录: openwrt_logs/20250408_180935
+
+[0;34m======= OpenWrt 构建管理菜单 =======[0m
+ [1;33m会话日志目录: openwrt_logs/20250408_180935[0m
+[0;32m 1.[0m 完整构建流程[0m (清理 > 更新源码/包/feeds > 配置 > 编译)
+[0;32m 2.[0m 清理工作区 (删除 tmp, bin, build_dir 等)
+[0;32m 3.[0m 更新所有组件 (源码 + 旧包清理 + 自定义包 + feeds)
+[0;32m 4.[0m 清理配置文件指定的旧包/目录
+[0;32m 5.[0m 编译固件[0m (make V=s)
+[0;32m 6.[0m 调整配置 (make menuconfig)
+[0;32m 7.[0m 更新所有自定义包
+[0;32m 8.[0m 更新特定的自定义包
+[0;32m 9.[0m 更新 OpenWrt 源码 (git pull)
+[0;32m10.[0m 更新并安装 Feeds
+-------------------------------------
+[0;32m 0.[0m 退出脚本
+[0;34m====================================[0m
+请输入选项 [0-10]: [2025-04-08 18:09:36] [0;34m[DEBUG][0m: 用户选择了: 1
+[2025-04-08 18:09:36] [0;32m[INFO ][0m: 启动完整构建流程...
+[2025-04-08 18:09:36] [0;32m[INFO ][0m: [1/6] 清理工作区...
+[2025-04-08 18:09:36] [0;32m[INFO ][0m: 开始彻底清理工作区...
+[2025-04-08 18:09:36] [0;32m[INFO ][0m: 执行 rm -rf ./tmp ./logs ./staging_dir ./build_dir ./bin ./dl ...
+[2025-04-08 18:09:36] [0;32m[INFO ][0m: 工作区清理完成。
+[2025-04-08 18:09:36] [0;32m[INFO ][0m: [2/6] 更新源码...
+[2025-04-08 18:09:36] [0;32m[INFO ][0m: 开始更新 OpenWrt 源码 (git pull)...
+error: cannot pull with rebase: You have unstaged changes.
+error: Please commit or stash them.
+[2025-04-08 18:09:36] [0;31m[ERROR][0m: 源码更新失败 (git pull --rebase)
+[2025-04-08 18:09:36] [1;33m[WARN ][0m: 请检查本地是否有未提交的修改，或尝试手动解决 Git 冲突。
+[2025-04-08 18:09:36] [0;31m[ERROR][0m: 源码更新失败，终止构建流程。
+
+[0;31m操作 '1' 执行时遇到错误 (退出码: 1)。[0m
+[1;33m按 Enter 键返回主菜单...[0m
+
+[0;34m======= OpenWrt 构建管理菜单 =======[0m
+ [1;33m会话日志目录: openwrt_logs/20250408_180935[0m
+[0;32m 1.[0m 完整构建流程[0m (清理 > 更新源码/包/feeds > 配置 > 编译)
+[0;32m 2.[0m 清理工作区 (删除 tmp, bin, build_dir 等)
+[0;32m 3.[0m 更新所有组件 (源码 + 旧包清理 + 自定义包 + feeds)
+[0;32m 4.[0m 清理配置文件指定的旧包/目录
+[0;32m 5.[0m 编译固件[0m (make V=s)
+[0;32m 6.[0m 调整配置 (make menuconfig)
+[0;32m 7.[0m 更新所有自定义包
+[0;32m 8.[0m 更新特定的自定义包
+[0;32m 9.[0m 更新 OpenWrt 源码 (git pull)
+[0;32m10.[0m 更新并安装 Feeds
+-------------------------------------
+[0;32m 0.[0m 退出脚本
+[0;34m====================================[0m
+请输入选项 [0-10]: [2025-04-08 18:09:40] [0;34m[DEBUG][0m: 用户选择了: 0
+[2025-04-08 18:09:40] [0;32m[INFO ][0m: 收到退出命令，正在退出脚本...
--- a/package/5G-Modem-Support
+++ b/package/5G-Modem-Support
--- a/package/Makefile
+++ b/package/Makefile
@@ -11,6 +11,7 @@ include $(INCLUDE_DIR)/feeds.mk
 include $(INCLUDE_DIR)/rootfs.mk

 -include $(TMP_DIR)/.packagedeps
+package-y += kernel/linux
 $(curdir)/autoremove:=1
 $(curdir)/builddirs:=$(sort $(package-) $(package-y) $(package-m))
 $(curdir)/builddirs-default:=. $(sort $(package-y) $(package-m))
@@ -65,8 +66,10 @@ $(curdir)/install: $(TMP_DIR)/.build $(curdir)/merge $(if $(CONFIG_TARGET_PER_DE
 	- find $(STAGING_DIR_ROOT) -type d | $(XARGS) chmod 0755
 	rm -rf $(TARGET_DIR) $(TARGET_DIR_ORIG)
 	mkdir -p $(TARGET_DIR)/tmp
-	$(call opkg,$(TARGET_DIR)) install \
-		$(call opkg_package_files,$(foreach pkg,$(shell cat $(PACKAGE_INSTALL_FILES) 2>/dev/null),$(pkg)$(call GetABISuffix,$(pkg))))
+	$(file >$(TMP_DIR)/opkg_install_list,\
+	  $(call opkg_package_files,\
+	    $(foreach pkg,$(shell cat $(PACKAGE_INSTALL_FILES) 2>/dev/null),$(pkg)$(call GetABISuffix,$(pkg)))))
+	$(call opkg,$(TARGET_DIR)) install $$(cat $(TMP_DIR)/opkg_install_list)
 	@for file in $(PACKAGE_INSTALL_FILES); do \
 		[ -s $$file.flags ] || continue; \
 		for flag in `cat $$file.flags`; do \
@@ -84,7 +87,7 @@ $(curdir)/index: FORCE
 		mkdir -p $$d; \
 		cd $$d || continue; \
 		$(SCRIPT_DIR)/ipkg-make-index.sh . 2>&1 > Packages.manifest; \
-		grep -vE '^(Maintainer|LicenseFiles|Source|SourceName|Require)' Packages.manifest > Packages; \
+		grep -vE '^(Maintainer|LicenseFiles|Source|SourceName|Require|SourceDateEpoch)' Packages.manifest > Packages; \
 		case "$$(((64 + $$(stat -L -c%s Packages)) % 128))" in 110|111) \
 			$(call ERROR_MESSAGE,WARNING: Applying padding in $$d/Packages to workaround usign SHA-512 bug!); \
 			{ echo ""; echo ""; } >> Packages;; \
--- a/package/adguardhome
+++ b/package/adguardhome
--- a/package/base-files/Makefile
+++ b/package/base-files/Makefile
@@ -1,5 +1,5 @@
 #
-# Copyright (C) 2007-2016 OpenWrt.org
+# Copyright (C) 2007-2021 OpenWrt.org
 # Copyright (C) 2010 Vertical Communications
 #
 # This is free software, licensed under the GNU General Public License v2.
@@ -12,8 +12,8 @@ include $(INCLUDE_DIR)/version.mk
 include $(INCLUDE_DIR)/feeds.mk

 PKG_NAME:=base-files
-PKG_RELEASE:=200
 PKG_FLAGS:=nonshared
+PKG_RELEASE:=$(COMMITCOUNT)

 PKG_FILE_DEPENDS:=$(PLATFORM_DIR)/ $(GENERIC_PLATFORM_DIR)/base-files/
 PKG_BUILD_DEPENDS:=usign/host ucert/host
@@ -23,6 +23,8 @@ PKG_LICENSE:=GPL-2.0
 PKG_CONFIG_DEPENDS += \
 	CONFIG_SIGNED_PACKAGES CONFIG_TARGET_INIT_PATH CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE \
 	CONFIG_NAND_SUPPORT \
+	CONFIG_LEGACY_SDCARD_SUPPORT \
+	CONFIG_EMMC_SUPPORT \
 	CONFIG_CLEAN_IPKG \
 	CONFIG_PER_FEED_REPO \
 	$(foreach feed,$(FEEDS_AVAILABLE),CONFIG_FEED_$(feed))
@@ -30,14 +32,14 @@ PKG_CONFIG_DEPENDS += \
 include $(INCLUDE_DIR)/package.mk

 ifneq ($(DUMP),1)
-  STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell echo $(CONFIG_TARGET_INIT_PATH) | mkhash md5)
+  STAMP_CONFIGURED:=$(strip $(STAMP_CONFIGURED))_$(shell echo $(CONFIG_TARGET_INIT_PATH) | $(MKHASH) md5)
  TARGET:=-$(BOARD)
 endif

 define Package/base-files
  SECTION:=base
  CATEGORY:=Base system
-  DEPENDS:=+netifd +libc +procd +jsonfilter +SIGNED_PACKAGES:usign +SIGNED_PACKAGES:openwrt-keyring +NAND_SUPPORT:ubi-utils +fstools +fwtool
+  DEPENDS:=+netifd +libc +jsonfilter +SIGNED_PACKAGES:usign +SIGNED_PACKAGES:openwrt-keyring +NAND_SUPPORT:ubi-utils +fstools +fwtool
  TITLE:=Base filesystem for OpenWrt
  URL:=http://openwrt.org/
  VERSION:=$(PKG_RELEASE)-$(REVISION)
@@ -63,6 +65,7 @@ define Package/base-files/conffiles
 /etc/services
 /etc/shadow
 /etc/shells
+/etc/shinit
 /etc/sysctl.conf
 /etc/sysupgrade.conf
 $(call $(TARGET)/conffiles)
@@ -87,6 +90,19 @@ define ImageConfigOptions
 	echo 'pi_preinit_net_messages="$(CONFIG_TARGET_PREINIT_SHOW_NETMSG)"' >>$(1)/lib/preinit/00_preinit.conf
 	echo 'pi_preinit_no_failsafe_netmsg="$(CONFIG_TARGET_PREINIT_SUPPRESS_FAILSAFE_NETMSG)"' >>$(1)/lib/preinit/00_preinit.conf
 	echo 'pi_preinit_no_failsafe="$(CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE)"' >>$(1)/lib/preinit/00_preinit.conf
+ifeq ($(CONFIG_TARGET_DEFAULT_LAN_IP_FROM_PREINIT),y)
+	mkdir -p $(1)/etc/board.d
+	echo '. /lib/functions/uci-defaults.sh' >$(1)/etc/board.d/99-lan-ip
+	echo 'logger -t 99-lan-ip "setting custom default LAN IP"' >>$(1)/etc/board.d/99-lan-ip
+	echo 'board_config_update' >>$(1)/etc/board.d/99-lan-ip
+	echo 'json_select network' >>$(1)/etc/board.d/99-lan-ip
+	echo 'json_select lan' >>$(1)/etc/board.d/99-lan-ip
+	echo 'json_add_string ipaddr $(if $(CONFIG_TARGET_PREINIT_IP),$(CONFIG_TARGET_PREINIT_IP),"192.168.1.1")' >>$(1)/etc/board.d/99-lan-ip
+	echo 'json_add_string netmask $(if $(CONFIG_TARGET_PREINIT_NETMASK),$(CONFIG_TARGET_PREINIT_NETMASK),"255.255.255.0")' >>$(1)/etc/board.d/99-lan-ip
+	echo 'json_select ..' >>$(1)/etc/board.d/99-lan-ip
+	echo 'json_select ..' >>$(1)/etc/board.d/99-lan-ip
+	echo 'board_config_flush' >>$(1)/etc/board.d/99-lan-ip
+endif
 endef

 define Build/Prepare
@@ -108,12 +124,14 @@ ifdef CONFIG_SIGNED_PACKAGES

  endef

+ifndef CONFIG_BUILDBOT
  define Package/base-files/install-key
 	mkdir -p $(1)/etc/opkg/keys
 	$(CP) $(BUILD_KEY).pub $(1)/etc/opkg/keys/`$(STAGING_DIR_HOST)/bin/usign -F -p $(BUILD_KEY).pub`

  endef
 endif
+endif

 ifeq ($(CONFIG_NAND_SUPPORT),)
  define Package/base-files/nand-support
@@ -121,10 +139,24 @@ ifeq ($(CONFIG_NAND_SUPPORT),)
  endef
 endif

+ifeq ($(CONFIG_LEGACY_SDCARD_SUPPORT),)
+  define Package/base-files/legacy-sdcard-support
+	rm -f $(1)/lib/upgrade/legacy-sdcard.sh
+  endef
+endif
+
+ifeq ($(CONFIG_EMMC_SUPPORT),)
+  define Package/base-files/emmc-support
+	rm -f $(1)/lib/upgrade/emmc.sh
+  endef
+endif
+
 define Package/base-files/install
 	$(CP) ./files/* $(1)/
 	$(Package/base-files/install-key)
 	$(Package/base-files/nand-support)
+	$(Package/base-files/legacy-sdcard-support)
+	$(Package/base-files/emmc-support)
 	if [ -d $(GENERIC_PLATFORM_DIR)/base-files/. ]; then \
 		$(CP) $(GENERIC_PLATFORM_DIR)/base-files/* $(1)/; \
 	fi
@@ -139,40 +171,45 @@ define Package/base-files/install

 	$(VERSION_SED_SCRIPT) \
 		$(1)/etc/banner \
+		$(1)/etc/device_info \
+		$(1)/etc/openwrt_release \
 		$(1)/etc/openwrt_version \
 		$(1)/usr/lib/os-release

-	$(VERSION_SED_SCRIPT) \
-		$(1)/etc/openwrt_release \
-		$(1)/etc/device_info \
-		$(1)/usr/lib/os-release

 	$(SED) "s#%PATH%#$(TARGET_INIT_PATH)#g" \
 		$(1)/sbin/hotplug-call \
 		$(1)/etc/preinit \
 		$(1)/etc/profile

-	mkdir -p $(1)/CONTROL
-	mkdir -p $(1)/dev
-	mkdir -p $(1)/etc/config
-	mkdir -p $(1)/etc/crontabs
-	mkdir -p $(1)/etc/rc.d
-	mkdir -p $(1)/overlay
-	mkdir -p $(1)/lib/firmware
-	$(if $(LIB_SUFFIX),-$(LN) lib $(1)/lib$(LIB_SUFFIX))
-	mkdir -p $(1)/mnt
-	mkdir -p $(1)/proc
-	mkdir -p $(1)/tmp
-	mkdir -p $(1)/usr/lib
-	$(if $(LIB_SUFFIX),-$(LN) lib $(1)/usr/lib$(LIB_SUFFIX))
-	mkdir -p $(1)/usr/bin
-	mkdir -p $(1)/sys
-	mkdir -p $(1)/www
-	mkdir -p $(1)/root
+	mkdir -p \
+		$(1)/CONTROL \
+		$(1)/dev \
+		$(1)/etc/config \
+		$(1)/etc/crontabs \
+		$(1)/etc/rc.d \
+		$(1)/overlay \
+		$(1)/lib/firmware \
+		$(1)/mnt \
+		$(1)/proc \
+		$(1)/tmp \
+		$(1)/usr/lib \
+		$(1)/usr/bin \
+		$(1)/sys \
+		$(1)/www \
+		$(1)/root
+
 	$(LN) /proc/mounts $(1)/etc/mtab
+	$(if $(LIB_SUFFIX),-$(LN) lib $(1)/lib$(LIB_SUFFIX))
+	$(if $(LIB_SUFFIX),-$(LN) lib $(1)/usr/lib$(LIB_SUFFIX))
+
+ifneq ($(CONFIG_TARGET_ROOTFS_PERSIST_VAR),y)
 	rm -f $(1)/var
 	$(LN) tmp $(1)/var
-	mkdir -p $(1)/etc
+else
+	mkdir -p $(1)/var
+	$(LN) /tmp/run $(1)/var/run
+endif
 	$(LN) /tmp/resolv.conf /tmp/TZ /tmp/localtime $(1)/etc/

 	chmod 0600 $(1)/etc/shadow
@@ -189,12 +226,19 @@ define Package/base-files/install

 	$(if $(CONFIG_INCLUDE_CONFIG), \
 		echo -e "# Build configuration for board $(BOARD)/$(SUBTARGET)/$(PROFILE)\n" >$(1)/etc/build.config; \
-		cat $(BIN_DIR)/config.seed >>$(1)/etc/build.config)
+		cat $(BIN_DIR)/config.buildinfo >>$(1)/etc/build.config; \
+		cat $(BIN_DIR)/feeds.buildinfo >>$(1)/etc/build.feeds; \
+		cat $(BIN_DIR)/version.buildinfo >>$(1)/etc/build.version)

 	$(if $(CONFIG_CLEAN_IPKG),, \
 		mkdir -p $(1)/etc/opkg; \
 		$(call FeedSourcesAppend,$(1)/etc/opkg/distfeeds.conf); \
 		$(VERSION_SED_SCRIPT) $(1)/etc/opkg/distfeeds.conf)
+	$(if $(CONFIG_IPK_FILES_CHECKSUMS),, \
+		rm -f $(1)/sbin/pkg_check)
+
+	$(if $(CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE), \
+		rm -f $(1)/etc/banner.failsafe,)
 endef

 ifneq ($(DUMP),1)
--- a/package/base-files/files/bin/board_detect
+++ b/package/base-files/files/bin/board_detect
@@ -5,8 +5,8 @@ CFG=$1
 [ -n "$CFG" ] || CFG=/etc/board.json

 [ -d "/etc/board.d/" -a ! -s "$CFG" ] && {
-	for a in `ls /etc/board.d/*`; do
-		[ -x $a ] || continue;
+	for a in $(ls /etc/board.d/*); do
+		[ -s $a ] || continue;
 		$(. $a)
 	done
 }
--- a/package/base-files/files/bin/config_generate
+++ b/package/base-files/files/bin/config_generate
@@ -7,6 +7,35 @@ CFG=/etc/board.json
 [ -s $CFG ] || /bin/board_detect || exit 1
 [ -s /etc/config/network -a -s /etc/config/system ] && exit 0

+generate_bridge() {
+	local name=$1
+	local macaddr=$2
+	uci -q batch <<-EOF
+		set network.$name=device
+		set network.$name.name=$name
+		set network.$name.type=bridge
+	EOF
+	if [ -n "$macaddr" ]; then
+		uci -q batch <<-EOF
+			set network.$name.macaddr=$macaddr
+		EOF
+	fi
+}
+
+bridge_vlan_id=0
+generate_bridge_vlan() {
+	local name=$1_vlan
+	local device=$2
+	local ports="$3"
+	local vlan="$4"
+	uci -q batch <<-EOF
+		set network.$name=bridge-vlan
+		set network.$name.device='$device'
+		set network.$name.vlan='$vlan'
+		set network.$name.ports='$ports'
+	EOF
+}
+
 generate_static_network() {
 	uci -q batch <<-EOF
 		delete network.loopback
@@ -62,20 +91,38 @@ generate_static_network() {

 addr_offset=2
 generate_network() {
-	local ifname macaddr protocol type ipaddr netmask
+	local ports ifname macaddr protocol type ipaddr netmask vlan
+	local bridge=$2

 	json_select network
 		json_select "$1"
-			json_get_vars ifname macaddr protocol ipaddr netmask
+			json_get_values ports ports
+			json_get_vars ifname macaddr protocol ipaddr netmask vlan
 		json_select ..
 	json_select ..

-	[ -n "$ifname" ] || return
+	[ -n "$ifname" -o -n "$ports" ] || return

-	# force bridge for multi-interface devices (and lan)
-	case "$1:$ifname" in
-		*\ * | lan:*) type="bridge" ;;
-	esac
+	# Force bridge for "lan" as it may have other devices (e.g. wireless)
+	# bridged
+	[ "$1" = "lan" -a -z "$ports" ] && {
+		ports="$ifname"
+	}
+
+	[ -n "$ports" ] && {
+		type="bridge"
+		ifname="$ports"
+	}
+
+	[ -n "$bridge" ] && {
+		if [ -z "$vlan" ]; then
+			bridge_vlan_id=$((bridge_vlan_id + 1))
+			vlan=$bridge_vlan_id
+		fi
+		generate_bridge_vlan $1 $bridge "$ifname" $vlan
+		ifname=$bridge.$vlan
+		type=""
+	}

 	uci -q batch <<-EOF
 		delete network.$1
@@ -85,12 +132,16 @@ generate_network() {
 		set network.$1.proto='none'
 	EOF

-	[ -n "$macaddr" ] && uci -q batch <<-EOF
-		delete network.$1_dev
-		set network.$1_dev='device'
-		set network.$1_dev.name='$ifname'
-		set network.$1_dev.macaddr='$macaddr'
-	EOF
+	if [ -n "$macaddr" ]; then
+		for name in $ifname; do
+			uci -q batch <<-EOF
+				delete network.$1_${name/./_}_dev
+				set network.$1_${name/./_}_dev='device'
+				set network.$1_${name/./_}_dev.name='$name'
+				set network.$1_${name/./_}_dev.macaddr='$macaddr'
+			EOF
+		done
+	fi

 	case "$protocol" in
 		static)
@@ -141,6 +192,14 @@ generate_network() {
 				EOF
 			}
 		;;
+
+		qmi|\
+		mbim)
+			uci -q batch <<-EOF
+				set network.$1.proto='${protocol}'
+				set network.$1.pdptype='ipv4'
+			EOF
+		;;
 	esac
 }

@@ -213,7 +272,8 @@ generate_switch() {

 	json_select switch
 	json_select "$key"
-	json_get_vars enable reset blinkrate cpu_port
+	json_get_vars enable reset blinkrate cpu_port \
+		ar8xxx_mib_type ar8xxx_mib_poll_interval

 	uci -q batch <<-EOF
 		add network switch
@@ -221,6 +281,8 @@ generate_switch() {
 		set network.@switch[-1].reset='$reset'
 		set network.@switch[-1].enable_vlan='$enable'
 		set network.@switch[-1].blinkrate='$blinkrate'
+		set network.@switch[-1].ar8xxx_mib_type='$ar8xxx_mib_type'
+		set network.@switch[-1].ar8xxx_mib_poll_interval='$ar8xxx_mib_poll_interval'
 	EOF

 	generate_switch_vlans_ports "$1"
@@ -229,7 +291,6 @@ generate_switch() {
 	json_select ..
 }

-
 generate_static_system() {
 	uci -q batch <<-EOF
 		delete system.@system[0]
@@ -243,11 +304,11 @@ generate_static_system() {
 		delete system.ntp
 		set system.ntp='timeserver'
 		set system.ntp.enabled='1'
-		set system.ntp.enable_server='0'
-		add_list system.ntp.server='ntp1.aliyun.com'
-		add_list system.ntp.server='time1.cloud.tencent.com'
-		add_list system.ntp.server='time.ustc.edu.cn'
-		add_list system.ntp.server='pool.ntp.org'
+		set system.ntp.enable_server='1'
+		add_list system.ntp.server='time.apple.com'
+		add_list system.ntp.server='time.google.com'
+		add_list system.ntp.server='time.windows.com'
+		add_list system.ntp.server='time.cloudflare.com'
 	EOF

 	if json_is_a system object; then
@@ -257,6 +318,13 @@ generate_static_system() {
 				uci -q set "system.@system[-1].hostname=$hostname"
 			fi

+			local compat_version
+			if json_get_var compat_version compat_version; then
+				uci -q set "system.@system[-1].compat_version=$compat_version"
+			else
+				uci -q set "system.@system[-1].compat_version=1.0"
+			fi
+
 			if json_is_a ntpserver array; then
 				local keys key
 				json_get_keys keys ntpserver
@@ -419,12 +487,24 @@ generate_gpioswitch() {
 json_init
 json_load "$(cat ${CFG})"

+umask 077
+
 if [ ! -s /etc/config/network ]; then
+	bridge_name=""
 	touch /etc/config/network
 	generate_static_network

+	json_get_vars bridge
+	[ -n "$bridge" ] && {
+		json_select bridge
+		json_get_vars name macaddr
+		generate_bridge "$name" "$macaddr"
+		json_select ..
+		bridge_name=$name
+	}
+
 	json_get_keys keys network
-	for key in $keys; do generate_network $key; done
+	for key in $keys; do generate_network $key $bridge_name; done

 	json_get_keys keys switch
 	for key in $keys; do generate_switch $key; done
--- a/package/base-files/files/etc/banner
+++ b/package/base-files/files/etc/banner
@@ -1,8 +1,12 @@
-  _______                     ________        __
- |       |.-----.-----.-----.|  |  |  |.----.|  |_
- |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
- |_______||   __|_____|__|__||________||__|  |____|
-          |__| W I R E L E S S   F R E E D O M
- -----------------------------------------------------
- %D %V, %C
- -----------------------------------------------------
+ ▒█████   ██▓███  ▓█████  ███▄    █  █     █░ ██▀███  ▄▄▄█████▓
+▒██▒  ██▒▓██░  ██▒▓█   ▀  ██ ▀█   █ ▓█░ █ ░█░▓██ ▒ ██▒▓  ██▒ ▓▒
+▒██░  ██▒▓██░ ██▓▒▒███   ▓██  ▀█ ██▒▒█░ █ ░█ ▓██ ░▄█ ▒▒ ▓██░ ▒░
+▒██   ██░▒██▄█▓▒ ▒▒▓█  ▄ ▓██▒  ▐▌██▒░█░ █ ░█ ▒██▀▀█▄  ░ ▓██▓ ░ 
+░ ████▓▒░▒██▒ ░  ░░▒████▒▒██░   ▓██░░░██▒██▓ ░██▓ ▒██▒  ▒██▒ ░ 
+░ ▒░▒░▒░ ▒▓▒░ ░  ░░░ ▒░ ░░ ▒░   ▒ ▒ ░ ▓░▒ ▒  ░ ▒▓ ░▒▓░  ▒ ░░   
+  ░ ▒ ▒░ ░▒ ░      ░ ░  ░░ ░░   ░ ▒░  ▒ ░ ░    ░▒ ░ ▒░    ░    
+░ ░ ░ ▒  ░░          ░      ░   ░ ░   ░   ░    ░░   ░   ░      
+    ░ ░              ░  ░         ░     ░       ░              
+  -------------------------------------------------------------
+      %D %V, %C
+  -------------------------------------------------------------
--- a/package/base-files/files/etc/board.d/99-default_network
+++ b/package/base-files/files/etc/board.d/99-default_network
@@ -1,4 +1,3 @@
-#!/bin/sh
 #
 # Copyright (C) 2013-2015 OpenWrt.org
 #
--- a/package/base-files/files/etc/diag.sh
+++ b/package/base-files/files/etc/diag.sh
@@ -37,6 +37,8 @@ set_led_state() {
 		;;
 	done)
 		status_led_off
+		[ "$status_led" != "$running" ] && \
+			status_led_restore_trigger "boot"
 		[ -n "$running" ] && {
 			status_led="$running"
 			status_led_on
--- a/package/base-files/files/etc/group
+++ b/package/base-files/files/etc/group
@@ -1,8 +1,8 @@
 root:x:0:
 daemon:x:1:
 adm:x:4:
-tty:x:5:
 mail:x:8:
+dialout:x:20:
 audio:x:29:
 www-data:x:33:
 ftp:x:55:
--- a/package/base-files/files/etc/init.d/boot
+++ b/package/base-files/files/etc/init.d/boot
@@ -2,7 +2,7 @@
 # Copyright (C) 2006-2011 OpenWrt.org

 START=10
-STOP=98
+STOP=90

 uci_apply_defaults() {
 	. /lib/functions/system.sh
@@ -20,31 +20,35 @@ uci_apply_defaults() {
 boot() {
 	[ -f /proc/mounts ] || /sbin/mount_root
 	[ -f /proc/jffs2_bbc ] && echo "S" > /proc/jffs2_bbc
-	[ -f /proc/net/vlan/config ] && vconfig set_name_type DEV_PLUS_VID_NO_PAD

-	mkdir -p /var/run
-	mkdir -p /var/log
 	mkdir -p /var/lock
+	chmod 1777 /var/lock
+	mkdir -p /var/log
+	mkdir -p /var/run
 	mkdir -p /var/state
 	mkdir -p /var/tmp
 	mkdir -p /tmp/.uci
 	chmod 0700 /tmp/.uci
 	touch /var/log/wtmp
 	touch /var/log/lastlog
-	touch /tmp/resolv.conf.auto
-	ln -sf /tmp/resolv.conf.auto /tmp/resolv.conf
+	mkdir -p /tmp/resolv.conf.d
+	touch /tmp/resolv.conf.d/resolv.conf.auto
+	ln -sf /tmp/resolv.conf.d/resolv.conf.auto /tmp/resolv.conf
 	grep -q debugfs /proc/filesystems && /bin/mount -o noatime -t debugfs debugfs /sys/kernel/debug
+	grep -q bpf /proc/filesystems && /bin/mount -o nosuid,nodev,noexec,noatime,mode=0700 -t bpf bpffs /sys/fs/bpf
+	grep -q pstore /proc/filesystems && /bin/mount -o noatime -t pstore pstore /sys/fs/pstore
 	[ "$FAILSAFE" = "true" ] && touch /tmp/.failsafe

 	/sbin/kmodloader

 	[ ! -f /etc/config/wireless ] && {
-		# compat for brcm47xx and mvebu
+		# compat for bcm47xx and mvebu
 		sleep 1
 	}

 	/bin/config_generate
 	uci_apply_defaults
+	sync
 	
 	# temporary hack until configd exists
 	/sbin/reload_config
--- a/package/base-files/files/etc/init.d/done
+++ b/package/base-files/files/etc/init.d/done
@@ -4,7 +4,7 @@
 START=95
 boot() {
 	mount_root done
-	rm -f /sysupgrade.tgz
+	rm -f /sysupgrade.tgz && sync

 	# process user commands
 	[ -f /etc/rc.local ] && {
--- a/package/base-files/files/etc/init.d/gpio_switch
+++ b/package/base-files/files/etc/init.d/gpio_switch
@@ -16,21 +16,39 @@ load_gpio_switch()
 	config_get name "$1" name
 	config_get value "$1" value 0

-	local gpio_path="/sys/class/gpio/gpio${gpio_pin}"
-	# export GPIO pin for access
-	[ -d "$gpio_path" ] || {
-		echo "$gpio_pin" >/sys/class/gpio/export
-		# we need to wait a bit until the GPIO appears
-		[ -d "$gpio_path" ] || sleep 1
+	[ -z "$gpio_pin" ] && {
+		echo >&2 "Skipping gpio_switch '$name' due to missing gpio_pin"
+		return 1
 	}

-	# direction attribute only exists if the kernel supports changing the
-	# direction of a GPIO
-	if [ -e "${gpio_path}/direction" ]; then
-		# set the pin to output with high or low pin value
-		{ [ "$value" = "0" ] && echo "low" || echo "high"; } >"$gpio_path/direction"
+	local gpio_path
+	if [ -n "$(echo "$gpio_pin" | grep -E "^[0-9]+$")" ]; then
+		gpio_path="/sys/class/gpio/gpio${gpio_pin}"
+
+		# export GPIO pin for access
+		[ -d "$gpio_path" ] || {
+			echo "$gpio_pin" >/sys/class/gpio/export
+			# we need to wait a bit until the GPIO appears
+			[ -d "$gpio_path" ] || sleep 1
+		}
+
+		# direction attribute only exists if the kernel supports changing the
+		# direction of a GPIO
+		if [ -e "${gpio_path}/direction" ]; then
+			# set the pin to output with high or low pin value
+			{ [ "$value" = "0" ] && echo "low" || echo "high"; } \
+				>"$gpio_path/direction"
+		else
+			{ [ "$value" = "0" ] && echo "0" || echo "1"; } \
+				>"$gpio_path/value"
+		fi
 	else
-		{ [ "$value" = "0" ] && echo "0" || echo "1"; } >"$gpio_path/value"
+		gpio_path="/sys/class/gpio/${gpio_pin}"
+
+		[ -d "$gpio_path" ] && {
+			{ [ "$value" = "0" ] && echo "0" || echo "1"; } \
+				>"$gpio_path/value"
+		}
 	fi
 }

--- a/package/base-files/files/etc/init.d/led
+++ b/package/base-files/files/etc/init.d/led
@@ -21,7 +21,7 @@ load_led() {
 	config_get dev $1 dev
 	config_get ports $1 port
 	config_get mode $1 mode
-	config_get_bool default $1 default "nil"
+	config_get_bool default $1 default "0"
 	config_get delayon $1 delayon
 	config_get delayoff $1 delayoff
 	config_get interval $1 interval "50"
@@ -31,10 +31,11 @@ load_led() {
 	config_get gpio $1 gpio "0"
 	config_get inverted $1 inverted "0"

-	if [ "$trigger" = "rssi" ]; then
-		# handled by rssileds userspace process
-		return
-	fi
+	# execute application led trigger
+	[ -f "/usr/libexec/led-trigger/${trigger}" ] && {
+		. "/usr/libexec/led-trigger/${trigger}"
+		return 0
+	}

 	[ "$trigger" = "usbdev" ] && {
 		# Backward compatibility: translate to the new trigger
--- a/package/base-files/files/etc/init.d/sysfixtime
+++ b/package/base-files/files/etc/init.d/sysfixtime
@@ -8,23 +8,33 @@ RTC_DEV=/dev/rtc0
 HWCLOCK=/sbin/hwclock

 boot() {
-	start && exit 0
-
-	local maxtime="$(maxtime)"
+	hwclock_load
+	local maxtime="$(find_max_time)"
 	local curtime="$(date +%s)"
-	[ $curtime -lt $maxtime ] && date -s @$maxtime
+	if [ $curtime -lt $maxtime ]; then
+		date -s @$maxtime
+		hwclock_save
+	fi
 }

 start() {
-	[ -e "$RTC_DEV" ] && [ -e "$HWCLOCK" ] && $HWCLOCK -s -u -f $RTC_DEV
+	hwclock_load
 }

 stop() {
+	hwclock_save
+}
+
+hwclock_load() {
+	[ -e "$RTC_DEV" ] && [ -e "$HWCLOCK" ] && $HWCLOCK -s -u -f $RTC_DEV
+}
+
+hwclock_save(){
 	[ -e "$RTC_DEV" ] && [ -e "$HWCLOCK" ] && $HWCLOCK -w -u -f $RTC_DEV && \
 		logger -t sysfixtime "saved '$(date)' to $RTC_DEV"
 }

-maxtime() {
+find_max_time() {
 	local file newest

 	for file in $( find /etc -type f ) ; do
--- a/package/base-files/files/etc/init.d/system
+++ b/package/base-files/files/etc/init.d/system
@@ -4,9 +4,8 @@
 START=10
 USE_PROCD=1

-validate_system_section()
-{
-	uci_validate_section system system "${1}" \
+validate_system_section() {
+	uci_load_validate system system "$1" "$2" \
 		'hostname:string:OpenWrt' \
 		'conloglevel:uinteger' \
 		'buffersize:uinteger' \
@@ -15,11 +14,7 @@ validate_system_section()
 }

 system_config() {
-	local cfg="$1"
-
-	local hostname conloglevel buffersize timezone zonename
-
-	validate_system_section "${1}" || {
+	[ "$2" = 0 ] || {
 		echo "validation failed"
 		return 1
 	}
@@ -27,20 +22,20 @@ system_config() {
 	echo "$hostname" > /proc/sys/kernel/hostname
 	[ -z "$conloglevel" -a -z "$buffersize" ] || dmesg ${conloglevel:+-n $conloglevel} ${buffersize:+-s $buffersize}
 	echo "$timezone" > /tmp/TZ
-	[ -n "$zonename" ] && [ -f "/usr/share/zoneinfo/$zonename" ] && \
-		ln -sf "/usr/share/zoneinfo/$zonename" /tmp/localtime && rm -f /tmp/TZ
+	[ -n "$zonename" ] && [ -f "/usr/share/zoneinfo/${zonename// /_}" ] \
+		&& ln -sf "/usr/share/zoneinfo/${zonename// /_}" /tmp/localtime \
+		&& rm -f /tmp/TZ

 	# apply timezone to kernel
-	date -k
+	hwclock -u --systz
 }

 reload_service() {
 	config_load system
-	config_foreach system_config system
+	config_foreach validate_system_section system system_config
 }

-service_triggers()
-{
+service_triggers() {
 	procd_add_reload_trigger "system"
 	procd_add_validation validate_system_section
 }
--- a/package/base-files/files/etc/init.d/umount
+++ b/package/base-files/files/etc/init.d/umount
@@ -1,7 +1,12 @@
 #!/bin/sh /etc/rc.common
 # Copyright (C) 2006 OpenWrt.org

-STOP=99
+STOP=90
+
+restart() {
+	:
+}
+
 stop() {
 	sync
 	/bin/umount -a -d -r
--- a/package/base-files/files/etc/profile
+++ b/package/base-files/files/etc/profile
@@ -1,10 +1,9 @@
-#!/bin/sh
 [ -e /tmp/.failsafe ] && export FAILSAFE=1

 [ -f /etc/banner ] && cat /etc/banner
 [ -n "$FAILSAFE" ] && cat /etc/banner.failsafe

-fgrep -sq '/ overlay ro,' /proc/mounts && {
+grep -Fsq '/ overlay ro,' /proc/mounts && {
 	echo 'Your JFFS2-partition seems full and overlayfs is mounted read-only.'
 	echo 'Please try to remove files from /overlay/upper/... and reboot!'
 }
@@ -13,6 +12,7 @@ export PATH="%PATH%"
 export HOME=$(grep -e "^${USER:-root}:" /etc/passwd | cut -d ":" -f 6)
 export HOME=${HOME:-/root}
 export PS1='\u@\h:\w\$ '
+export ENV=/etc/shinit

 case "$TERM" in
 	xterm*|rxvt*)
@@ -20,16 +20,6 @@ case "$TERM" in
 		;;
 esac

-[ -x /bin/more ] || alias more=less
-[ -x /usr/bin/vim ] && alias vi=vim || alias vim=vi
-
-alias ll='ls -alF --color=auto'
-
-[ -z "$KSH_VERSION" -o \! -s /etc/mkshrc ] || . /etc/mkshrc
-
-[ -x /usr/bin/arp -o -x /sbin/arp ] || arp() { cat /proc/net/arp; }
-[ -x /usr/bin/ldd ] || ldd() { LD_TRACE_LOADED_OBJECTS=1 $*; }
-
 [ -n "$FAILSAFE" ] || {
 	for FILE in /etc/profile.d/*.sh; do
 		[ -e "$FILE" ] && . "$FILE"
@@ -48,12 +38,3 @@ in order to prevent unauthorized SSH logins.
 --------------------------------------------------
 EOF
 fi
-
-service() {
-	[ -f "/etc/init.d/$1" ] || {
-		echo "service "'"'"$1"'"'" not found, the following services are available:"
-		ls "/etc/init.d"
-		return 1
-	}
-	/etc/init.d/$@
-}
--- a/package/base-files/files/etc/rc.button/reboot
+++ b/package/base-files/files/etc/rc.button/reboot
@@ -0,0 +1,12 @@
+#!/bin/sh
+
+[ "${ACTION}" = "released" ] || exit 0
+
+if [ "$SEEN" -ge 5 ]
+then
+	echo "REBOOT" > /dev/console
+	sync
+	reboot
+fi
+
+return 0
--- a/package/base-files/files/etc/rc.common
+++ b/package/base-files/files/etc/rc.common
@@ -62,19 +62,24 @@ depends() {
 	return 0
 }

+ALL_HELP=""
+ALL_COMMANDS="boot shutdown depends"
+extra_command() {
+	local cmd="$1"
+	local help="$2"
+
+	local extra="$(printf "%-16s%s" "${cmd}" "${help}")"
+	ALL_HELP="${ALL_HELP}\t${extra}\n"
+	ALL_COMMANDS="${ALL_COMMANDS} ${cmd}"
+}
+
 help() {
 	cat <<EOF
 Syntax: $initscript [command]

 Available commands:
-	start	Start the service
-	stop	Stop the service
-	restart	Restart the service
-	reload	Reload configuration files (or restart if service does not implement reload)
-	enable	Enable service autostart
-	disable	Disable service autostart
-$EXTRA_HELP
 EOF
+	echo -e "$ALL_HELP"
 }

 # for procd
@@ -95,15 +100,27 @@ service_data() {
 }

 service_running() {
-	return 0
+	local service="${1:-$(basename $initscript)}"
+	local instance="${2:-*}"
+	procd_running "$service" "$instance" "$@"
 }

 ${INIT_TRACE:+set -x}

+extra_command "start" "Start the service"
+extra_command "stop" "Stop the service"
+extra_command "restart" "Restart the service"
+extra_command "reload" "Reload configuration files (or restart if service does not implement reload)"
+extra_command "enable" "Enable service autostart"
+extra_command "disable" "Disable service autostart"
+extra_command "enabled" "Check if service is started on boot"
+
 . "$initscript"

 [ -n "$USE_PROCD" ] && {
-	EXTRA_COMMANDS="${EXTRA_COMMANDS} running trace"
+	extra_command "running" "Check if service is running"
+	extra_command "status" "Service status"
+	extra_command "trace" "Start with syscall trace"

 	. $IPKG_INSTROOT/lib/functions/procd.sh
 	basescript=$(readlink "$initscript")
@@ -131,6 +148,9 @@ ${INIT_TRACE:+set -x}
 		procd_lock
 		stop_service "$@"
 		procd_kill "$(basename ${basescript:-$initscript})" "$1"
+		if eval "type service_stopped" 2>/dev/null >/dev/null; then
+			service_stopped
+		fi
 	}

 	reload() {
@@ -145,8 +165,17 @@ ${INIT_TRACE:+set -x}
 	running() {
 		service_running "$@"
 	}
+
+	status() {
+		if eval "type status_service" 2>/dev/null >/dev/null; then
+			status_service "$@"
+		else
+			_procd_status "$(basename ${basescript:-$initscript})" "$1"
+		fi
+	}
 }

-ALL_COMMANDS="start stop reload restart boot shutdown enable disable enabled depends ${EXTRA_COMMANDS}"
+ALL_COMMANDS="${ALL_COMMANDS} ${EXTRA_COMMANDS}"
+ALL_HELP="${ALL_HELP}${EXTRA_HELP}"
 list_contains ALL_COMMANDS "$action" || action=help
 $action "$@"
--- a/package/base-files/files/etc/shadow
+++ b/package/base-files/files/etc/shadow
@@ -1,4 +1,4 @@
-root::0:0:99999:7:::
+root:::0:99999:7:::
 daemon:*:0:0:99999:7:::
 ftp:*:0:0:99999:7:::
 network:*:0:0:99999:7:::
--- a/package/base-files/files/etc/shinit
+++ b/package/base-files/files/etc/shinit
@@ -0,0 +1,33 @@
+[ -x /bin/more ] || [ -x /usr/bin/more ] || alias more=less
+[ -x /usr/bin/vim ] && alias vi=vim || alias vim=vi
+
+alias ll='ls -alF --color=auto'
+
+[ -z "$KSH_VERSION" -o \! -s /etc/mkshrc ] || . /etc/mkshrc
+
+[ -x /usr/bin/arp -o -x /sbin/arp ] || arp() { cat /proc/net/arp; }
+[ -x /usr/bin/ldd ] || ldd() { LD_TRACE_LOADED_OBJECTS=1 $*; }
+
+service() {
+	if [ -f "/etc/init.d/$1" ]; then
+		/etc/init.d/$@
+	else
+		echo "Usage: service <service> [command]"
+		if [ -n "$1" ]; then
+			echo "Service "'"'"$1"'"'" not found, the following services are available:"
+		else
+			echo "The following services are available:"
+		fi
+		for F in /etc/init.d/* ; do
+			printf "%-30s\t%10s\t%10s\n"  "$F" \
+			$( $($F enabled) && echo "enabled" || echo "disabled" ) \
+			$( [ "$(ubus call service list "{ 'verbose': true, 'name': '$(basename $F)' }" \
+			| jsonfilter -q -e "@['$(basename $F)'].instances[*].running" | uniq)" = "true" ] \
+			&& echo "running" || echo "stopped" )
+		done;
+		return 1
+	fi
+}
+
+[ -n "$KSH_VERSION" -o \! -s "$HOME/.shinit" ] || . "$HOME/.shinit"
+[ -z "$KSH_VERSION" -o \! -s "$HOME/.mkshrc" ] || . "$HOME/.mkshrc"
--- a/package/base-files/files/etc/sysctl.conf
+++ b/package/base-files/files/etc/sysctl.conf
@@ -1 +1,5 @@
 # Defaults are configured in /etc/sysctl.d/* and can be customized in this file
+
+net.bridge.bridge-nf-call-arptables = 0
+net.bridge.bridge-nf-call-ip6tables = 0
+net.bridge.bridge-nf-call-iptables = 0
--- a/Show More
+++ b/Show More
				`@@ -0,0 +1 @@`
				ack antlr3 asciidoc autoconf automake autopoint binutils bison build-essential bzip2 ccache cmake cpio curl device-tree-compiler fastjar flex gawk gettext git gperf haveged help2man intltool libelf-dev libglib2.0-dev libgmp3-dev libltdl-dev vpnc libmpc-dev libmpfr-dev libncurses5-dev libncursesw5-dev libreadline-dev libssl-dev libtool lrzsz aria2 mkisofs msmtp nano ninja-build p7zip p7zip-full patch pkgconf python2.7 python3 python3-pip libpython3-dev qemu-utils rsync scons squashfs-tools subversion swig texinfo uglifyjs upx-ucl unzip vim wget xmlto xxd zlib1g-dev libfuse-dev