Minor fixes and improvements

[tomazzaman]

Description

Three small, independent improvements to the Mono Gateway DK board support:

1. Decouple QOSMARK iptables extensions from iptables package

The ASK extension previously patched the iptables source package to add QOSMARK/QOSCONNMARK xtables extensions, which required holding iptables to prevent upgrades from overwriting them. This turned out to be unnecessary - the patch only added new files (4 libxt_*.c + 4 UAPI headers), no modifications to existing iptables source.

The extensions are now compiled as standalone .so files against libxtables-dev headers and installed to /usr/lib/aarch64-linux-gnu/xtables/, where iptables loads them dynamically at runtime. They're bundled into the gateway-dk-ask .deb.

Result: iptables can now be upgraded freely via apt upgrade. The extensions survive iptables upgrades because they're owned by gateway-dk-ask, not iptables.

libnetfilter-conntrack3 and libnfnetlink0 remain patched + held - those patches modify library internals and cannot be decoupled. These are rarely updated (every couple of years), so having them held indefinitely is not an issue.

2. RTC sync via util-linux-extra (pcf2131)

The board has a PCF2131 I2C RTC, but the default fake-hwclock package interfered with proper RTC handling. Install util-linux-extra (provides hwclock + udev rule for automatic RTC→system sync at boot) and remove fake-hwclock. Same pattern as Helios64 and JetHub boards.

Result: system clock is seeded from the real RTC at boot without any custom script or service.

3. GPIO-based power off

The board has a power-hold circuit controlled by GPIO3_21 (DT &gpio2 pin 21): driving it high cuts power. Add a gpio-poweroff device tree node and enable CONFIG_POWER_RESET_GPIO=y so systemctl poweroff actually turns the device off instead of halting the CPU in an undefined state.

How Has This Been Tested?

• Full image build with CLEAN_LEVEL=make-kernel,images,debs
• Verified xtables extensions are in gateway-dk-ask .deb, owned by that package
• Confirmed apt-mark showhold shows only libnetfilter-conntrack3 and libnfnetlink0
• Verified iptables -j QOSMARK / -j QOSCONNMARK rules work on target
• RTC sync verified on boot (system clock seeded from pcf2131 automatically)
• GPIO poweroff verified -systemctl poweroff cuts power

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• My changes generate no new warnings

Summary by CodeRabbit

• New Features

  • Added Mono Gateway DK platform updates, device-tree adjustments, and SFP LED controller layout
  • Added kernel power-reset GPIO option and RTC/hwclock support

• Infrastructure

  • Replaced board’s fake-hwclock with util-linux-extra (hwclock)
  • Updated packaging to include built xtables extensions and adjusted iptables packaging/hold behavior

[coderabbitai]

Note

Reviews paused

It looks like this branch is under active development. To avoid overwhelming you with review comments due to an influx of new commits, CodeRabbit has automatically paused this review. You can configure this behavior by changing the reviews.auto_review.auto_pause_after_reviewed_commits setting.

Use the following commands to manage reviews:

• @coderabbitai resume to resume automatic reviews.
• @coderabbitai review to trigger a single review.

Use the checkboxes below for quick actions:

• ▶️ Resume reviews
• 🔍 Trigger review

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: bb063ba1-304b-4dfc-8861-4dd378317746

📥 Commits

Reviewing files that changed from the base of the PR and between caaf54f and a4404cf.

📒 Files selected for processing (1)

• config/boards/gateway-dk.conf

🚧 Files skipped from review as they are similar to previous changes (1)

• config/boards/gateway-dk.conf

---

📝 Walkthrough

Walkthrough

Adds a Mono Gateway DK device tree and DTB with gpio-poweroff and reworked SFP LED layout, enables GPIO power-reset in the kernel, replaces fake-hwclock with util-linux-extra (hwclock) at board level, and changes ASK build/packaging to produce standalone xtables extension .so files and include iptables at runtime.

Changes

Cohort / File(s)	Summary
Board config config/boards/gateway-dk.conf	Sets PACKAGE_LIST_BOARD_REMOVE="fake-hwclock", adds INTRODUCED="2026", and installs util-linux-extra (hwclock) in post_family_tweaks__gateway_dk_services.
Kernel config config/kernel/linux-ls1046a-current.config	Adds CONFIG_POWER_RESET_GPIO=y to enable kernel GPIO power-reset support.
Device tree & DTS build patch/kernel/archive/ls1046a-6.12/002-arm64-dts-Add-Mono-Gateway-DK-device-tree.patch, arch/arm64/boot/dts/freescale/mono-gateway-dk.dts, arch/arm64/boot/dts/freescale/Makefile	Adds mono-gateway-dk.dts/.dtb, introduces gpio-poweroff node, moves SFP LED wiring into a sfp-led-controller with port@0/port@1 children, and removes the partition@flash fixed-partition.
SFP LED driver packages/bsp/gateway-dk/sfp-led.c	Adapts driver to controller + port@N child-node layout: parse sfp phandle from each port node, obtain LEDs from the port node, iterate children with for_each_child_of_node(), and adjust node reference handling and error paths.
ASK build script & packaging extensions/gateway-dk-ask.sh	Bumps ASK commit ref; stops staging/rebuilding iptables; installs libxtables-dev and iptables in chroot, builds standalone xtables extension .so files and installs them under /usr/lib/${ASK_HOST_TRIPLET}/xtables/ and into the .deb; updates package Depends and apt-mark hold/unhold targets accordingly.

Sequence Diagram(s)

sequenceDiagram
  participant Bootloader
  participant Kernel
  participant DT as DeviceTree(mono-gateway-dk.dtb)
  participant Drivers
  participant Userspace

  Bootloader->>Kernel: load kernel + DTB
  Kernel->>DT: parse nodes (gpio-poweroff, sfp-led-controller, RTC, etc.)
  Kernel->>Drivers: probe devices per DT (gpio-poweroff, leds, RTC, PHYs)
  Drivers->>Kernel: register devices (poweroff handler, led controller, hwclock)
  Kernel->>Userspace: expose /dev/rtc, hwmon, net interfaces
  Userspace->>Kernel: util-linux hwclock, lm-sensors, fancontrol, networking start

Loading

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~60 minutes

Poem

🐇 I hopped through pins and device-tree art,

gpio-poweroff gave a gentle start,
clocks swapped fakes for a steady chime,
xtables shared .so bits just in time,
Mono Gateway hums — a rabbit's tiny heart.

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 50.00% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.
Title check	❓ Inconclusive	The title 'Minor fixes and improvements' is vague and generic, using non-descriptive terms that do not convey meaningful information about the changeset's primary objectives.	Consider using a more specific title that highlights the main changes, such as 'Gateway DK improvements: RTC sync, GPIO power-off, and xtables extension decoupling' or similar.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[tomazzaman]

Apologies for the PR spam, I'm new here :)

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (2)

patch/kernel/archive/ls1046a-6.12/002-arm64-dts-Add-Mono-Gateway-DK-device-tree.patch (2)

603-651: ⚠️ Potential issue | 🟠 Major

Remove the invalid partition@flash entry.

The fixed-partitions schema requires partition node names matching the pattern @[0-9a-f]+$ (hexadecimal digits only). partition@flash is invalid because "flash" contains non-hexadecimal characters ('l' and 's'). Additionally, this entry spans the entire flash range (0x0–0x4000000), overlapping all sibling partitions and creating layout ambiguity. The parent NOR MTD device already provides whole-chip access.

🧩 Minimal fix

 		partitions {
 			compatible = "fixed-partitions";
 			`#address-cells` = <1>;
 			`#size-cells` = <1>;
-
-			partition@flash {
-				label = "flash";
-				reg = <0x0 0x4000000>;
-			};
 
 			partition@0 {
 				label = "rcw-bl2";
 				reg = <0x0 0x100000>;
 			};

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@patch/kernel/archive/ls1046a-6.12/002-arm64-dts-Add-Mono-Gateway-DK-device-tree.patch`
around lines 603 - 651, Remove the invalid partition node named partition@flash
under the partitions fixed-partitions node: delete the entire partition@flash
block (label = "flash"; reg = <0x0 0x4000000>;), since node names must match the
@[0-9a-f]+ pattern and this entry overlaps all other partition entries; rely on
the parent NOR MTD device for whole-chip access and keep the remaining
partition@0, partition@100000, partition@300000, etc. entries unchanged.

---

100-119: ⚠️ Potential issue | 🟠 Major

Remove leds property from sff,sfp nodes—it violates the binding schema.

The sff,sfp binding (Documentation/devicetree/bindings/net/sff,sfp.yaml) defines only compatible, i2c-bus, maximum-power-milliwatt, GPIO properties, and pinctrl properties, with additionalProperties: false. The leds entries at lines 107 and 118 will fail schema validation.

The patch already includes the correct pattern: a separate sfp_led_controller node with compatible = "mono,sfp-led". Move the LED references there or into the leds { compatible = "gpio-leds"; } section instead of extending the SFP nodes directly.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In
`@patch/kernel/archive/ls1046a-6.12/002-arm64-dts-Add-Mono-Gateway-DK-device-tree.patch`
around lines 100 - 119, The sff,sfp nodes sfp_xfi0 and sfp_xfi1 include an
invalid "leds" property that violates the sff,sfp binding; remove the leds =
<&led_sfp0_link>, <&led_sfp0_activity> and leds = <&led_sfp1_link>,
<&led_sfp1_activity> from those nodes and instead reference or instantiate those
LED phandles under the existing sfp_led_controller (or under a gpio-leds node)
so the LED topology is declared outside the sff,sfp nodes; update
sfp_led_controller to include the led phandles (led_sfp0_link,
led_sfp0_activity, led_sfp1_link, led_sfp1_activity) or add them to the
gpio-leds node accordingly.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@config/kernel/linux-ls1046a-current.config`:
- Line 446: The config enables CONFIG_POWER_RESET_GPIO but omits its required
parent CONFIG_POWER_RESET; update the kernel config to also enable
CONFIG_POWER_RESET so the gpio-poweroff DTS node becomes functional—ensure both
CONFIG_POWER_RESET and CONFIG_POWER_RESET_GPIO are set to y (mirror the pattern
used for other boards) by adding CONFIG_POWER_RESET=y alongside the existing
CONFIG_POWER_RESET_GPIO=y.

In `@extensions/gateway-dk-ask.sh`:
- Around line 189-194: The package installs iptables into the chroot via
chroot_sdcard_apt_get_install (so xtables plugins will require the iptables
binary) but the generated Debian control stanza doesn't list iptables in
Depends; update the control-stanza generation code that builds the package
Depends for this ASK extension to include "iptables" (or a suitable versioned
dependency) so standalone dpkg -i/OTA installs pull in iptables when the
extension that installs xtables plugins is packaged.

---

Outside diff comments:
In
`@patch/kernel/archive/ls1046a-6.12/002-arm64-dts-Add-Mono-Gateway-DK-device-tree.patch`:
- Around line 603-651: Remove the invalid partition node named partition@flash
under the partitions fixed-partitions node: delete the entire partition@flash
block (label = "flash"; reg = <0x0 0x4000000>;), since node names must match the
@[0-9a-f]+ pattern and this entry overlaps all other partition entries; rely on
the parent NOR MTD device for whole-chip access and keep the remaining
partition@0, partition@100000, partition@300000, etc. entries unchanged.
- Around line 100-119: The sff,sfp nodes sfp_xfi0 and sfp_xfi1 include an
invalid "leds" property that violates the sff,sfp binding; remove the leds =
<&led_sfp0_link>, <&led_sfp0_activity> and leds = <&led_sfp1_link>,
<&led_sfp1_activity> from those nodes and instead reference or instantiate those
LED phandles under the existing sfp_led_controller (or under a gpio-leds node)
so the LED topology is declared outside the sff,sfp nodes; update
sfp_led_controller to include the led phandles (led_sfp0_link,
led_sfp0_activity, led_sfp1_link, led_sfp1_activity) or add them to the
gpio-leds node accordingly.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f9198605-73b6-46ba-9508-327b6542a846

📥 Commits

Reviewing files that changed from the base of the PR and between fdef407 and da2bf72.

📒 Files selected for processing (4)

• config/boards/gateway-dk.conf
• config/kernel/linux-ls1046a-current.config
• extensions/gateway-dk-ask.sh
• patch/kernel/archive/ls1046a-6.12/002-arm64-dts-Add-Mono-Gateway-DK-device-tree.patch

[coderabbitai]

⚠️ Potential issue | 🟠 Major

🧩 Analysis chain

🏁 Script executed:

# First, let's check if we have the DTS patch mentioned in the review
find . -name "*002-arm64-dts-Add-Mono-Gateway-DK-device-tree.patch" -o -name "*ls1046a*" | head -20

Repository: armbian/build

Length of output: 394

---

🏁 Script executed:

# Check the current config file to understand the context
find . -name "linux-ls1046a-current.config" -type f

Repository: armbian/build

Length of output: 101

---

🏁 Script executed:

# Search for POWER_RESET in any existing config files
rg "CONFIG_POWER_RESET" --type txt

Repository: armbian/build

Length of output: 39

---

🏁 Script executed:

# Search for references to ARCH_LAYERSCAPE in the repo
rg "ARCH_LAYERSCAPE" --type txt

Repository: armbian/build

Length of output: 39

---

🏁 Script executed:

# Check the DTS patch to see what it adds
cat -n patch/kernel/archive/ls1046a-6.12/002-arm64-dts-Add-Mono-Gateway-DK-device-tree.patch | sed -n '60,70p'

Repository: armbian/build

Length of output: 338

---

🏁 Script executed:

# Check the config file around line 446
cat -n config/kernel/linux-ls1046a-current.config | sed -n '440,455p'

Repository: armbian/build

Length of output: 554

---

🏁 Script executed:

# Look for any other references to POWER_RESET in patches or configs
rg "POWER_RESET" --type-list | head -5

Repository: armbian/build

Length of output: 446

---

🏁 Script executed:

# Search in all files, not just txt
rg "POWER_RESET" 2>/dev/null | head -20

Repository: armbian/build

Length of output: 2643

---

🌐 Web query:

Linux 6.12 kernel POWER_RESET Kconfig POWER_RESET_GPIO dependency

💡 Result:

In Linux kernel 6.12, CONFIG_POWER_RESET_GPIO is the Kconfig option for the GPIO power-off driver (drivers/power/reset/gpio-poweroff.c), which toggles a GPIO pin to power off the board. It is located under the "Board level reset or power off" menu in drivers/power/reset/Kconfig. It depends on CONFIG_POWER_RESET (the menuconfig enabling the board-level poweroff/reset drivers) and CONFIG_OF_GPIO (for Device Tree GPIO support). Sources indicate this dependency structure has been consistent from kernels 3.8 through 6.19. Note: There is a separate CONFIG_POWER_RESET_GPIO_RESTART for GPIO-based restart (gpio-restart.c), and RESET_GPIO in drivers/reset/Kconfig (depends on GPIOLIB) for the generic reset controller framework, which is distinct from poweroff.

Citations:

• 1: https://elixir.bootlin.com/linux/v6.12/source/kernel/power/Kconfig
• 2: https://github.com/torvalds/linux/blob/master/drivers/reset/Kconfig
• 3: https://www.kernelconfig.io/CONFIG_POWER_RESET
• 4: https://cateee.net/lkddb/web-lkddb/POWER_RESET_GPIO.html
• 5: https://github.com/torvalds/linux/tree/master/drivers/power/reset/Kconfig
• 6: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/power/reset
• 7: https://github.com/torvalds/linux/blob/master/drivers/power/reset/gpio-poweroff.c

---

Add CONFIG_POWER_RESET=y to enable the gpio-poweroff functionality.

CONFIG_POWER_RESET_GPIO depends on the parent CONFIG_POWER_RESET option in Linux 6.12. The DTS patch adds a gpio-poweroff device node, but without the parent symbol enabled, this node will be non-functional. This follows the established pattern in Armbian across other boards (filogic-6.16, sunxi kernels) where both symbols are explicitly enabled together.

🔧 Suggested config change

+CONFIG_POWER_RESET=y
 CONFIG_POWER_RESET_GPIO=y

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@config/kernel/linux-ls1046a-current.config` at line 446, The config enables
CONFIG_POWER_RESET_GPIO but omits its required parent CONFIG_POWER_RESET; update
the kernel config to also enable CONFIG_POWER_RESET so the gpio-poweroff DTS
node becomes functional—ensure both CONFIG_POWER_RESET and
CONFIG_POWER_RESET_GPIO are set to y (mirror the pattern used for other boards)
by adding CONFIG_POWER_RESET=y alongside the existing CONFIG_POWER_RESET_GPIO=y.

[HeyMeco]

@tomazzaman can you run ./compile.sh rewrite-kernel-config BOARD=gateway-dk BRANCH=current and check if the added config persists? Else the suggestion from coderabbit might need to be applied.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (1)

extensions/gateway-dk-ask.sh (1)

274-287: Use pkg-config to derive libxtables build flags instead of hardcoding them.

The current gcc line (-D_init=\${name}_init -I./include) relies on bundled headers and misses the -lxtables library link, despite libxtables-dev being installed in the chroot. The recommended approach—as documented by libxtables-dev—is to use pkg-config --cflags --libs xtables, which ensures the shared object links correctly and respects the build-time ABI metadata. Update the gcc command to incorporate $(pkg-config --cflags --libs xtables) and remove the local -I./include, following the same pattern already used elsewhere in the build for libnetfilter-conntrack (e.g., in the CMM build step).

The unversioned Depends: iptables is acceptable for Debian ABI compatibility, as libxtables maintains backward compatibility within major versions.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@extensions/gateway-dk-ask.sh` around lines 274 - 287, The xtables build step
in the chroot (inside the chroot_sdcard block that builds libxt_*.c) is
hardcoding -I./include and missing libxtables link flags; replace the local
include flag with a pkg-config invocation so gcc uses libxtables ABI flags:
invoke pkg-config --cflags --libs xtables inside the same chrooted command and
add its output to the gcc command (keep the existing -D_init=\${name}_init and
-shared -fPIC -O2 flags), removing -I./include so the shared objects link
correctly; update the chrooted loop around building libxt_*.c accordingly and
preserve the surrounding install and exit_with_error behavior.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@extensions/gateway-dk-ask.sh`:
- Around line 274-287: The build installs all libxt_*.so artifacts into
/usr/lib/${ASK_HOST_TRIPLET}/xtables while the packaging path later copies only
an explicit subset (qos/QOS), causing divergence; fix by introducing and using a
single explicit allowlist (e.g., XTABLES_ALLOWLIST) of expected extension
basenames and use that list both in the chroot build step (replace the glob
install -m 644 libxt_*.so with iterating over XTABLES_ALLOWLIST and installing
each named .so, failing if missing) and in the packaging/copy path (use the same
XTABLES_ALLOWLIST and error out if any expected file is absent) so builds and
.deb packaging remain identical; reference symbols to change: ASK_CACHE_DIR,
chroot_sdcard invocation that runs gcc and install, the install target
/usr/lib/${ASK_HOST_TRIPLET}/xtables, and the packaging copy logic that
currently handles qos/QOS matches.

---

Nitpick comments:
In `@extensions/gateway-dk-ask.sh`:
- Around line 274-287: The xtables build step in the chroot (inside the
chroot_sdcard block that builds libxt_*.c) is hardcoding -I./include and missing
libxtables link flags; replace the local include flag with a pkg-config
invocation so gcc uses libxtables ABI flags: invoke pkg-config --cflags --libs
xtables inside the same chrooted command and add its output to the gcc command
(keep the existing -D_init=\${name}_init and -shared -fPIC -O2 flags), removing
-I./include so the shared objects link correctly; update the chrooted loop
around building libxt_*.c accordingly and preserve the surrounding install and
exit_with_error behavior.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: a6f9b4b5-43ed-486a-81e3-1f7948f199e4

📥 Commits

Reviewing files that changed from the base of the PR and between da2bf72 and c344610.

📒 Files selected for processing (1)

• extensions/gateway-dk-ask.sh

[HeyMeco]

Apologies for the PR spam, I'm new here :)

No need to apologise :)
Any contribution is appreciated here

[tomazzaman]

I'm also addressing other concerns CodeRabbit brought up. Will push shortly.

[tomazzaman]

I'd also like some guidance on the kernel config.

Since we patch the file dynamically, it gets left in a dirty state after image build.

diff --git a/config/kernel/linux-ls1046a-current.config b/config/kernel/linux-ls1046a-current.config
index eef02a6dd..47e166a87 100644
--- a/config/kernel/linux-ls1046a-current.config
+++ b/config/kernel/linux-ls1046a-current.config
@@ -380,6 +380,12 @@ CONFIG_FSL_SDK_DPAA_ETH=y
 CONFIG_FSL_DPAA_1588=y
 CONFIG_FSL_DPAA_ETH_MAX_BUF_COUNT=640
 CONFIG_FSL_ENETC_MDIO=y
+CONFIG_NXP_ASK=y
+CONFIG_ASK_CDX=m
+CONFIG_ASK_FCI=m
+CONFIG_ASK_AUTO_BRIDGE=m
+CONFIG_ASK_SFP_LED=m
+CONFIG_ASK_LEDS_LP5812=m
 # CONFIG_NET_VENDOR_STMICRO is not set
 CONFIG_SFP=y
 CONFIG_AQUANTIA_PHY=y

Is it okay if I commit these? They will get discarded if unused anyway.

[igorpecovnik]

External sources is asking for compilers compatibility issues :( They work on todays Debian compiler, while it already fails with Ubuntu. https://paste.armbian.com/begodatojo.bash

(After enabling Ubuntu src package https://paste.armbian.com/ekesawotik.diff)

Now how much sense and additional work will be to make sources future (compilers) proof? At least for next generation.

[igorpecovnik]

Alternatively - we can forget about Ubuntu builds and ship only Debian.

As it is now: https://www.armbian.com/boards/gateway-dk

[tomazzaman]

I'll sort out Ubuntu as well, I don't see why it wouldn't work. Haven't gotten to it yet though.