OpenWrt 21.02 RC1 is in HBD branch

Dear Turris users,

We have been lately working on polishing things for the upcoming OpenWrt 21.02 RC1 as there was a branch off two months ago and OpenWrt finally brings an announcement that this version is out for a broader audience a few hours ago! This version is already available for testing in the HBD (D for Dangerous Dragons :fire: :dragon:) branch.

OpenWrt 21.02 RC1 – future Turris OS 6.0

The latest highlight of this release is that OpenWrt 21.02 will have thanks to @japa available to install RIPE Atlas SW Probe, so it means that anyone who has any router running OpenWrt, he/she can install it and use it! Unfortunately, it does not make it into RC1, but it will be part of RC2!

Main highlights for us are LTS Linux kernel 5.4 and Python 3.9.

image

:white_check_mark: Tested: Turris Omnia, Turris MOX (on the picture)
:x: Not tested: Turris 1.x (missing some packages will be hopefully fixed soon)

If you are interested to try this future release, don’t forget that isis a development branch and recommended to use by advanced users only. For more details about switching branches take a look at our docs.

3 Likes

OpenWrt 21.02 RC1 release notes:

Initial DSA support

  • OpenWrt in this release replaces swconfig by DSA and if you have some router, which runs OpenWrt and there is available sysupgrade, it won’t migrate your configuration about switch ports and VLANs.:warning: It means you will be forced to configure your router from scratch
    (Does not apply for us as we are using DSA already and we don’t have sysupgrade)

  • LuCI support is not there, yet.

WPA3 support included by default

Turris note: We will have support for this in reForis very soon!

ASLR activated

Address Space Layout Randomization (ASLR) support should make it harder to exploit OpenWrt for attackers.

Turris note: We have it enabled since Turris OS 5.0.

Packages updates

  • Updated toolchain:
    • musl libc 1.1.24
    • glibc 2.33
    • gcc 8.4.0
    • binutils 2.35.1
  • Updated Linux kernel
    • 5.4.111 for all targets
  • Network userland:
    • hostapd 2020-06-08, dnsmasq 2.84, dropbear 2020.81
  • System userland:
    • busybox 1.33.0

Increased min. HW specs

  • At least 8 MB of flash
  • At least 64 MB of RAM

Taken from official announcement.

4 Likes

Nice… is the 5.4 kernel bringing efficiency improvements? On Intel architectures this was the case but not sure about ARM platforms.

Well, a newer kernel is not always about bringing a better performance which results in efficiency improvements. However, it is a huge step going from kernel LTS 4.14 to 5.4, so there is and security matters as well. For example, if we would be speaking about fixing DSA roaming fix, then enabled HW buffer management for Turris Omnia by default, and so on!

Generally speaking, there are new drivers, including DVB tuners, fixes, and polished current ones, then new stuff like upstreamed Turris MOX like there is .dts, etc.

Even right now, we have some branch where we have OpenWrt daily snapshots with enabled testing kernel LTS 5.10 and that’s going to be huge, because there is initial Turris Omnia support for LEDs in kernel thanks to our kernel developers!

4 Likes

Is there a reason why Btrfs compression (e.g. mount -t btrfs -o compress=zstd) is not set for the root partition, or for the default /srv partition? Compression level could also be tuned with kernel >= 5.1.

Yes good point. Btrfs has really improved with kernels 5.x.

It also brings in kernel with container support, and while TOS already has this for LXC containers, this will likely result in docker packages being made available to install.

docker natively (not running it inside lxc) maybe be possible soon.

1 Like

Thats some great news but I am a bit scared to switch to dragons yet! I think I will wait until it reaches HBK that I am using lets say in the production right now. But DSA port fix would be awesome to test straight away since I am longing for that fix to use different configuration. But anyway… Great news thanks for the info!
EDIT: I couldn’t resist:
root@ap:~# pkgupdate
INFO:Target Turris OS: 6.0
line not found
[…]
line not found
ERROR:
inconsistent: Package suricata-pakon requires package suricata-bin that is not available.
Will leave my AP on HBD branch and wait until its fixed. Will see how this DSA fix is working after it manages to update at some point.

Thank you for your question, @salty! I started to wonder why we are not using Btrfs compression, and I asked it in our team, and it seems that we can not use Btrfs compression for now as the old U-boot version does not support it. Hopefully, in the future we might enable it.

Yes, Suricata and as well pakon are not present in HBD. I need to admit that this is a little bit challenging, indeed. Because the current version of Suricata, which we ship in all versions of Turris OS, does not support Python 3 and we can not update it as a newer version of Suricata requires Rust, and this one is not present in OpenWrt. There is some pending attempt in pull request, but I’d say it has a long way to be merged. Not from us, though.

Of course, we can patch it, but right now, we have different issues, which requires our attention now.

2 Likes

I prefer Suricata and pakon over this DSA fix. I think I will switch back to HBK and wait.