General Procedure of stripping down an OpenWrt based Firmware build

cdutz · June 7, 2021, 10:46am

Hi all,

we are using OpenWRT-based devices as Edge gateways in IIoT usecases. So there is a lot of stuff on these boxes we don't need and a lot of stuff we would like to remove (removing attack vectors).

With the build for my Mips based RUT955 device this was pretty simple. However when working on my ARM based RUTX09 device it seems I can't disable much because most options are "locked". Now I stated trying to find out what's requiring something I want to disable, but this is an extremely frustrating operation and some times it's not enough.

For example I wanted to disable luasec as we don't need it and it was causing compile errors (I could possibly update it from 0.6 to 0.7 but I would prefer to disable it). So I can see that:

luasoap (disabled)
prosody (disabled)
luarocks (disabled)
lua-pop3 (enabled but can't disable)

When searching for what's requiring "lua-pop3", it seems "email_to_sms" is requiring this but this again depends on lua-pop3. So I guess we're stuck in a hen-egg-problem. If I manually disable both in the .config and run make menuconfig it just enables both again.

So is there any tooling to help with disabling stuff or just even to list dependencies requiring something (I mean the functionality must be there otherwise make menuconfig wouldn't know to lock the option)

Chris

peternikolow · June 8, 2021, 1:25am

I have similar issues. Did you make:
make clean
make dirclean
make distclean
between builds?

Difference between them is here:

cdutz · June 8, 2021, 7:40am

All except the "distclean"

hnyman · June 8, 2021, 7:50am

You can use "/" key in menuconfig to initiate a search for package details like dependencies.

See example in

peternikolow · June 8, 2021, 8:13am

I found that distclean sometime fix weird build problems.

cdutz · June 8, 2021, 2:45pm

Ok ... I'll give that a try too ... will report back as soon as I have more infos.

cdutz · June 9, 2021, 7:40am

Well yesterday I gave it a spin and unfortunately the teltonika folks seem to have modeled things in a quite unflexible way ... so I generally don't want LUA or even the entire LUCI thing. In order to disable luasec, i need to disable lua-pop3 in order to do that I need to disable email_to_sms in order to disable that I need to disable mobile support in the teltonika section. But I want mobile support ... I just don't want the other stuff

hnyman · June 9, 2021, 9:20am

So, are you talking about actual OpenWrt, or about some vendor-specific variant by Teltonika?

If the device support is set up normally, you should be able to start with empty config, then just selct the device and add those packages that you want (plus their dependencies automatically).

but if it is some Teltonika's proprietary config, you may be in deep water and on your own.

reinerotto · June 9, 2021, 9:28am

Teltonika has its own SDK, to do custom builds from. In case of issues with this one, ask on their forum. For RUT955, though, "official" openwrt works like a charm, so you might ask here.

cdutz · June 9, 2021, 9:40am

Yeah It's the teltonika SDK ... so as usual ... I jumped in on the side of the ocean where the sharks are ... I'll take my questions over there. But thanks for your support @all

tmomas · June 19, 2021, 9:40am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.