Transform OpenWRT to a Yocto / openembedded layer (was: Re: dm-verity support)

Bas Mevissen abuse at basmevissen.nl
Thu Jul 30 04:54:00 EDT 2020


On 2020-07-30 09:13, Thomas Petazzoni wrote:
> Hello,
> 
> On Thu, 30 Jul 2020 00:17:28 +0200
> <mail at adrianschmutzler.de> wrote:
> 
>> your dm-verity patchset is in our patchwork since November 2019 (v2).
>> Unfortunately, nobody seemed to be particularly interested in
>> reviewing/merging it.
>> 
>> Since I don't see a reason why this should change in another 8
>> months, I'm going to finally mark it as Rejected now. After all, our
>> resources are limited.
>> 

Isn't there some deferred or other state that better expresses the 
actual situation?

>> I'm sorry, and although I fear a similar fate will hit the SELinux
>> effort, I still hope you will not feel repelled and continue to
>> contribute to OpenWrt in the future.
> 
> This is overall quite unfortunate. Initially, I have done this work for
> a customer that was using an old vendor-modified OpenWrt version.
> Instead of doing like most companies do: simply hack the old
> vendor-modified OpenWrt and keep the changes private, I instead took an
> upstream compatible approach: I did all my development on the latest
> OpenWrt upstream, submitted it to the community, and only then
> backported it to my customer vendor-specific OpenWrt.
> 
> It is therefore quite sad that despite this intention of being a good
> open-source citizen and try to do the "right" thing, OpenWrt as an
> upstream project is not interested. Such security features are more and
> more commonly needed, and it will at some point be a problem for
> OpenWrt to not have such features supported.
> 

This is another reason why OpenWRT IMHO should become a Yocto layer (or 
set of layers preferably). It would relief the OpenWRT community from 
maintaining a lot of generic infrastructure and open source packages. 
Freeing up their resources to work on what distinguishes OpenWRT from a 
generic Linux distribution.

Things like dm-verity and SELinux for smaller and targeted embedded 
devices could than be picked up by the much larger Yocto community and 
become available for OpenWRT almost for free or there would be at least 
the benefit of the main infrastructure being there.

FYI: there is already such a layer 
(https://github.com/kraj/meta-openwrt), but still very limited.

> Best regards,
> 
> Thomas Petazzoni




More information about the openwrt-devel mailing list