Changed default OpenWrt version from 25.12.0-rc1 to 24.10.5 to match
local-build.sh configuration and ensure stable builds by default.
Changes in both workflows:
- build-openwrt-packages.yml: default and env fallback
- build-secubox-images.yml: default and env fallback
- Reordered options to show 24.10.5 first
Users can still manually select other versions when triggering workflows.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add ninja-build to package build workflow (build-openwrt-packages.yml)
- Add ninja-build to image build workflow (build-secubox-images.yml)
- Update secubox-tools/README.md with ninja-build dependency
- Update secubox-tools/local-build.sh dependency check and install instructions
- Ninja is required by OpenWrt build system for some compilation tasks
This resolves missing ninja errors in GitHub Actions builds.
Updated GitHub Actions workflows and build scripts to support the
latest OpenWrt versions:
- Added 25.12.0-rc1 (latest release candidate) for testing
- Added 24.10.5 (latest stable release)
- Changed default version from 23.05.5 to 24.10.5
Changes:
- .github/workflows/build-secubox-images.yml: Added new versions, updated default
- .github/workflows/build-openwrt-packages.yml: Added new versions, updated default
- secubox-tools/local-build.sh: Updated default version and added comment
- CLAUDE.md: Updated documentation with supported versions
- README.md: Updated build instructions and compatibility table
- secubox-tools/README.md: Updated environment variables documentation
The 25.12.0-rc1 includes major changes:
- Switch from opkg to apk package manager
- Integration of attended Sysupgrade into default LuCI
- Wi-Fi scripts converted to ucode
- Support for 160+ new devices (2180+ total)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Improvements to build-secubox-images.yml workflow:
- Added automatic trigger on version tags (v*.*.*)
- Auto-build all devices when triggered by tag push
- SecuBox packages included by default on tag builds
- Fixed release creation logic (use tag name, not run number)
- Mark pre-releases automatically (alpha/beta/rc tags)
- Better handling of workflow inputs with fallback defaults
- Enhanced build summaries with tag information
Now you can trigger firmware builds by pushing tags like:
git tag v0.1.3-alpha && git push origin v0.1.3-alpha
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Added luci-app-traffic-shaper to firmware configuration
- Added luci-app-ksm-manager to firmware configuration
- Updated release notes to include all 15 SecuBox modules organized by category
- Ensures complete SecuBox suite is pre-installed in firmware images
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
During firmware image creation, opkg tries to create a lock file in the
staging root filesystem's /tmp directory, but this directory doesn't
always exist, causing the build to fail at the final packaging stage.
Error:
opkg_conf_load: Could not create lock file
.../root.orig-mvebu//tmp/opkg.lock: No such file or directory
ERROR: target/linux failed to build
Solution:
- Create tmp directories in all staging root filesystems before build
- Apply fix in both parallel and single-threaded build paths
- Use wildcard patterns to catch all target architectures
Changes:
- local-build.sh: Create tmp dirs before and during retry
- build-secubox-images.yml: Create tmp dirs in workflow
- .gitignore: Ignore build artifacts (openwrt/, local-feed/, .vscode/)
This ensures the build can complete the final image packaging step
successfully, generating the firmware images.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The firmware builds were failing during toolchain compilation due to
GDB (GNU debugger) missing testsuite/Makefile. This is a known issue
with OpenWrt's GDB toolchain component.
Error:
Missing testsuite/Makefile
make[7]: *** [Makefile:1992: subdir_do] Error 1
ERROR: toolchain/gdb failed to build
Solution:
- Disable GDB in toolchain with '# CONFIG_GDB is not set'
- GDB is not needed for building firmware images
- Only useful for on-device debugging (can be installed separately)
- Enable BUILD_LOG for better debugging
This fix applies to both:
- Local firmware builds (local-build.sh)
- GitHub Actions firmware builds (build-secubox-images.yml)
Impact:
- Toolchain will compile successfully
- Firmware images will be generated
- Build time remains the same (1-2 hours for full build)
- No impact on firmware functionality
Tested with:
- OpenWrt 23.05.5
- Target: mvebu/cortexa72 (MOCHAbin)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The build workflow was completing successfully but only generating
packages (.ipk files) without producing actual firmware images
(.img.gz, *sysupgrade.bin, etc.). This commit adds the necessary
configuration and diagnostics to ensure firmware images are built.
Changes:
- Add explicit image building flags (CONFIG_TARGET_PER_DEVICE_ROOTFS)
to enable firmware generation in OpenWrt build
- Add CONFIG_TARGET_MULTI_PROFILE=n and CONFIG_TARGET_ALL_PROFILES=n
to ensure single device profile builds correctly
- Add device profile verification step after make defconfig to catch
configuration issues early before the lengthy build process
- Specify PROFILE parameter explicitly in make commands to ensure
OpenWrt builds firmware for the exact device profile
- Add comprehensive diagnostics when no images are found:
* List available targets that were built
* Scan build logs for errors
* Show all files in target directory
* Provide actionable troubleshooting steps
- Add step to save build logs and .config file to artifacts for
post-mortem debugging
Root cause: OpenWrt requires explicit configuration flags to build
firmware images. Without them, it only builds packages. The build
system also needs the PROFILE parameter to target specific devices.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fix critical build failure in GitHub Actions workflows and local build script.
The issue was that LuCI package Makefiles reference ../../luci.mk which doesn't
exist when packages are copied to SDK or OpenWrt build environments.
Changes:
- build-openwrt-packages.yml: Auto-fix Makefile paths after package copy
- build-secubox-images.yml: Auto-fix Makefile paths for image builds
- local-build.sh: Complete rewrite to use feed-based architecture
* Packages installed as local feed instead of direct copy
* Automatic Makefile path correction (../../luci.mk → $(TOPDIR)/feeds/luci/luci.mk)
* Skip dependency resolution with NO_DEPS=1 for arch-independent packages
* Single package build support throughout the pipeline
This fixes the "No such file or directory: ../../luci.mk" error that prevented
all package and firmware image builds from succeeding.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Major improvements to feed management across all workflows:
1. **build-openwrt-packages.yml:**
- Removed 'base' feed (not needed for SDK)
- Added comprehensive error handling with retry logic
- Verify feed directories exist after update
- Fail fast if feeds don't update successfully
- Log feed update/install output for debugging
2. **build-secubox-images.yml & test-validate.yml:**
- Added feed verification after update/install
- Capture logs for debugging feed issues
- Exit with error if critical feeds missing
- Show feed directory sizes for verification
Key changes:
- Feeds are now validated to exist before continuing
- Better error messages when feeds fail to update
- Logs captured for troubleshooting
- Workflow fails immediately if feeds missing
This should fix the 'find: feeds/packages: No such file or directory'
error by ensuring feeds are actually cloned successfully.
Enhanced the firmware build workflow with better diagnostics:
1. Added directory listing before artifact collection to show what was built
2. Changed collection strategy to copy all files from target dir (excluding
metadata like .ipk, .manifest, .json, .buildinfo)
3. Added warnings when no firmware images are found
4. Added file listing after successful builds to verify output
5. Show file sizes during collection
This should help identify why firmware artifacts might be missing:
- Shows exactly what files were generated
- Provides clear warnings if target directory is empty
- Helps debug firmware build issues
The new approach copies all firmware image files regardless of extension,
which is more robust than pattern matching specific file types.
Extended the feed removal to also exclude the routing feed, which was
causing the same indexing error during make defconfig.
Now removing both telephony and routing feeds from feeds.conf.default
before updating feeds in all three workflows.
This ensures only base, packages, and luci feeds are used.
Moved telephony removal to occur BEFORE './scripts/feeds update' to prevent
the telephony feed from ever being cloned or indexed. The previous fix tried
to remove telephony after feeds were already updated, which was too late.
Key changes:
- Remove telephony from feeds.conf.default BEFORE feed updates
- Keep final cleanup before make defconfig as safety measure
- Applies to all three workflows
This should completely eliminate the 'Collecting package info: feeds/telephony'
error during make defconfig.
The telephony feed was causing 'Collecting package info' failures during
make defconfig. This fix removes the telephony feed directory and references
from feeds.conf.default before running defconfig in all workflows.
Fixes applied to:
- build-openwrt-packages.yml
- build-secubox-images.yml
- test-validate.yml
