During firmware image creation, opkg tries to create a lock file in the
staging root filesystem's /tmp directory, but this directory doesn't
always exist, causing the build to fail at the final packaging stage.
Error:
opkg_conf_load: Could not create lock file
.../root.orig-mvebu//tmp/opkg.lock: No such file or directory
ERROR: target/linux failed to build
Solution:
- Create tmp directories in all staging root filesystems before build
- Apply fix in both parallel and single-threaded build paths
- Use wildcard patterns to catch all target architectures
Changes:
- local-build.sh: Create tmp dirs before and during retry
- build-secubox-images.yml: Create tmp dirs in workflow
- .gitignore: Ignore build artifacts (openwrt/, local-feed/, .vscode/)
This ensures the build can complete the final image packaging step
successfully, generating the firmware images.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The firmware builds were failing during toolchain compilation due to
GDB (GNU debugger) missing testsuite/Makefile. This is a known issue
with OpenWrt's GDB toolchain component.
Error:
Missing testsuite/Makefile
make[7]: *** [Makefile:1992: subdir_do] Error 1
ERROR: toolchain/gdb failed to build
Solution:
- Disable GDB in toolchain with '# CONFIG_GDB is not set'
- GDB is not needed for building firmware images
- Only useful for on-device debugging (can be installed separately)
- Enable BUILD_LOG for better debugging
This fix applies to both:
- Local firmware builds (local-build.sh)
- GitHub Actions firmware builds (build-secubox-images.yml)
Impact:
- Toolchain will compile successfully
- Firmware images will be generated
- Build time remains the same (1-2 hours for full build)
- No impact on firmware functionality
Tested with:
- OpenWrt 23.05.5
- Target: mvebu/cortexa72 (MOCHAbin)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add comprehensive diagnostics when firmware images aren't generated and
a new debug-firmware command to troubleshoot build configuration without
running the full build process.
New Features:
- debug-firmware command to check configuration and available profiles
- Enhanced diagnostic output when no firmware images are found:
* Shows all files in target directory
* Lists available targets that were built
* Scans build log for errors
* Analyzes file types in target directory
* Provides actionable troubleshooting steps
The debug-firmware command shows:
- Device configuration (target, subtarget, profile)
- Current .config settings
- Whether device profile is properly configured
- Available device profiles for the target
- Build output directory contents
- Suggestions for next steps
Usage:
./secubox-tools/local-build.sh debug-firmware mochabin
This helps identify configuration issues before running the lengthy
build process again.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add comprehensive firmware building functionality to local-build.sh,
replicating the GitHub Actions firmware build workflow. Users can now
build complete OpenWrt firmware images with SecuBox pre-installed
locally, in addition to building packages.
New Features:
- New 'build-firmware' command to build complete firmware images
- Support for GlobalScale devices (ESPRESSObin, Sheeva64, MOCHAbin)
- Device profile definitions with automatic target/subtarget configuration
- Automatic OpenWrt source download and caching
- Device-specific package configuration (10G for MOCHAbin, WiFi for Ultra)
- Firmware configuration with same settings as GitHub Actions workflow:
* CONFIG_TARGET_PER_DEVICE_ROOTFS=y for image generation
* Explicit PROFILE parameter in make commands
* Device profile verification before building
- Artifact collection with firmware images, packages, and checksums
- Build time tracking and verbose logging
- 'clean-all' command to remove OpenWrt source (saves ~20GB)
Device Profiles:
- espressobin-v7 (mvebu/cortexa53)
- espressobin-ultra (mvebu/cortexa53 with WiFi)
- sheeva64 (mvebu/cortexa53)
- mochabin (mvebu/cortexa72 with 10G networking)
- x86-64 (x86/64 generic PC)
Usage:
./secubox-tools/local-build.sh build-firmware mochabin
./secubox-tools/local-build.sh build-firmware espressobin-v7
Output:
Firmware images placed in build/firmware/<device>/
- *.img.gz, *sysupgrade.bin, *factory.bin files
- SHA256SUMS checksums
- BUILD_INFO.txt with build details
- packages/ directory with SecuBox .ipk files
Documentation:
- Updated README.md with firmware building examples
- Added device profiles and environment variables
- Added example workflows for firmware building
- Distinguished between package building (SDK) and firmware building (full source)
Technical Details:
- Uses full OpenWrt source (not SDK) for firmware builds
- Configures feeds identically to GitHub Actions workflow
- Includes same configuration fixes for image generation
- Verifies device profile selection before lengthy build
- Supports parallel and single-threaded builds with automatic retry
- Downloads and caches OpenWrt source for reuse
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fix critical build failure in GitHub Actions workflows and local build script.
The issue was that LuCI package Makefiles reference ../../luci.mk which doesn't
exist when packages are copied to SDK or OpenWrt build environments.
Changes:
- build-openwrt-packages.yml: Auto-fix Makefile paths after package copy
- build-secubox-images.yml: Auto-fix Makefile paths for image builds
- local-build.sh: Complete rewrite to use feed-based architecture
* Packages installed as local feed instead of direct copy
* Automatic Makefile path correction (../../luci.mk → $(TOPDIR)/feeds/luci/luci.mk)
* Skip dependency resolution with NO_DEPS=1 for arch-independent packages
* Single package build support throughout the pipeline
This fixes the "No such file or directory: ../../luci.mk" error that prevented
all package and firmware image builds from succeeding.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add local-build.sh: comprehensive local build system
- Validates packages (Makefiles, JSON, JavaScript, shell scripts)
- Downloads and caches OpenWrt SDK
- Builds .ipk packages locally
- Supports multiple architectures (x86-64, ARM, MIPS)
- Collects artifacts with SHA256 checksums
- Update CLAUDE.md with local build documentation
- Add Local Build section with usage examples
- Update Development Workflow to include local testing
- List supported architectures and environment variables
- Update secubox-tools/README.md
- Add comprehensive local-build.sh documentation
- Update workflow examples to include local building
- Add dependencies and installation instructions
Benefits:
- Test builds locally before CI/CD
- Faster development iteration
- Reduced GitHub Actions usage
- Offline development support
Usage:
./secubox-tools/local-build.sh validate
./secubox-tools/local-build.sh build
./secubox-tools/local-build.sh build luci-app-<name>
./secubox-tools/local-build.sh build --arch <arch>
./secubox-tools/local-build.sh full
🤖 Generated with Claude Code
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add validate-modules.sh script that validates critical naming conventions
and module structure to prevent common RPC and HTTP 404 errors.
New validation checks:
- RPCD script names must match ubus object names (luci.* prefix)
- Menu paths must match view file locations
- View files must have corresponding menu entries
- RPCD scripts must be executable
- JSON files must have valid syntax
- ubus objects must follow naming convention
Updated CLAUDE.md documentation with:
- Critical naming conventions section with examples
- Common error patterns and solutions
- Updated development workflow to include validation
- Enhanced troubleshooting guide for RPC and 404 errors
- Updated package structure diagram with correct RPCD naming
Added secubox-tools/README.md:
- Detailed usage instructions for validation script
- Common fixes for naming issues
- CI/CD integration examples
- Quick reference for critical naming rules
This tooling prevents deployment of modules with naming mismatches that
cause runtime errors like:
- RPC call failed with error -32000: Object not found
- HTTP error 404 while loading view files
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
