From 7a2cd66cb9ad7462245bb2ad7735fe7b49c0d44a Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Mon, 13 Sep 2021 17:37:59 +0200 Subject: [PATCH 01/70] gluon-core: move a few WLAN-specific functions from gluon.platform to gluon.wireless Avoid requiring gluon.wireless from gluon.platform, and requiring gluon.platform from various other scripts. --- .../upgrade/320-gluon-client-bridge-wireless | 5 +-- .../gluon/config-mode/wizard/0250-outdoor.lua | 2 +- .../luasrc/lib/gluon/upgrade/180-outdoors | 3 +- .../luasrc/usr/lib/lua/gluon/platform.lua | 39 ------------------- .../luasrc/usr/lib/lua/gluon/wireless.lua | 37 ++++++++++++++++++ .../config-mode/model/admin/privatewifi.lua | 7 ++-- 6 files changed, 45 insertions(+), 48 deletions(-) diff --git a/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/320-gluon-client-bridge-wireless b/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/320-gluon-client-bridge-wireless index 972b9b61..b74af5bf 100755 --- a/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/320-gluon-client-bridge-wireless +++ b/package/gluon-client-bridge/luasrc/lib/gluon/upgrade/320-gluon-client-bridge-wireless @@ -1,6 +1,5 @@ #!/usr/bin/lua -local platform = require 'gluon.platform' local wireless = require 'gluon.wireless' local uci = require('simple-uci').cursor() @@ -52,7 +51,7 @@ local function configure_owe(radio, index, config, radio_name) -- Don't configure OWE in case our device -- can't do MFP, as it's mandatory for OWE. - if not platform.device_supports_mfp(uci) then + if not wireless.device_supports_mfp(uci) then return end @@ -80,7 +79,7 @@ local function configure_owe_transition_mode(config, radio_name) -- Don't configure OWE in case our device -- can't do MFP, as it's mandatory for OWE. - if not platform.device_supports_mfp(uci) then + if not wireless.device_supports_mfp(uci) then return end diff --git a/package/gluon-config-mode-outdoor/luasrc/lib/gluon/config-mode/wizard/0250-outdoor.lua b/package/gluon-config-mode-outdoor/luasrc/lib/gluon/config-mode/wizard/0250-outdoor.lua index 2fbc0fba..2ddf0a85 100644 --- a/package/gluon-config-mode-outdoor/luasrc/lib/gluon/config-mode/wizard/0250-outdoor.lua +++ b/package/gluon-config-mode-outdoor/luasrc/lib/gluon/config-mode/wizard/0250-outdoor.lua @@ -2,7 +2,7 @@ return function(form, uci) local platform = require 'gluon.platform' local wireless = require 'gluon.wireless' - if not (platform.is_outdoor_device() and platform.device_uses_11a(uci)) then + if not (platform.is_outdoor_device() and wireless.device_uses_11a(uci)) then -- only visible on wizard for outdoor devices return end diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/180-outdoors b/package/gluon-core/luasrc/lib/gluon/upgrade/180-outdoors index 5c5a92e2..59704bff 100755 --- a/package/gluon-core/luasrc/lib/gluon/upgrade/180-outdoors +++ b/package/gluon-core/luasrc/lib/gluon/upgrade/180-outdoors @@ -13,6 +13,7 @@ end local sysconfig = require 'gluon.sysconfig' local platform = require 'gluon.platform' +local wireless = require 'gluon.wireless' local config = site.wifi5.outdoors('preset') local outdoor @@ -22,7 +23,7 @@ if sysconfig.gluon_version then outdoor = false elseif config == 'preset' then -- enable outdoor mode through presets on new installs - outdoor = platform.is_outdoor_device() and platform.device_uses_11a(uci) + outdoor = platform.is_outdoor_device() and wireless.device_uses_11a(uci) else -- enable/disable outdoor mode unconditionally on new installs outdoor = config diff --git a/package/gluon-core/luasrc/usr/lib/lua/gluon/platform.lua b/package/gluon-core/luasrc/usr/lib/lua/gluon/platform.lua index 9c4974ea..df0eda08 100644 --- a/package/gluon-core/luasrc/usr/lib/lua/gluon/platform.lua +++ b/package/gluon-core/luasrc/usr/lib/lua/gluon/platform.lua @@ -1,7 +1,5 @@ local platform_info = require 'platform_info' local util = require 'gluon.util' -local wireless = require 'gluon.wireless' -local unistd = require 'posix.unistd' local M = setmetatable({}, { @@ -48,41 +46,4 @@ function M.is_outdoor_device() return false end -function M.device_supports_wpa3() - return unistd.access('/lib/gluon/features/wpa3') -end - -function M.device_supports_mfp(uci) - local supports_mfp = true - - if not M.device_supports_wpa3() then - return false - end - - uci:foreach('wireless', 'wifi-device', function(radio) - local phy = wireless.find_phy(radio) - local phypath = '/sys/kernel/debug/ieee80211/' .. phy .. '/' - - if not util.file_contains_line(phypath .. 'hwflags', 'MFP_CAPABLE') then - supports_mfp = false - return false - end - end) - - return supports_mfp -end - -function M.device_uses_11a(uci) - local ret = false - - uci:foreach('wireless', 'wifi-device', function(radio) - if radio.hwmode == '11a' or radio.hwmode == '11na' then - ret = true - return false - end - end) - - return ret -end - return M diff --git a/package/gluon-core/luasrc/usr/lib/lua/gluon/wireless.lua b/package/gluon-core/luasrc/usr/lib/lua/gluon/wireless.lua index 0eb68023..0eec8a83 100644 --- a/package/gluon-core/luasrc/usr/lib/lua/gluon/wireless.lua +++ b/package/gluon-core/luasrc/usr/lib/lua/gluon/wireless.lua @@ -126,4 +126,41 @@ function M.preserve_channels(uci) return uci:get_first('gluon-core', 'wireless', 'preserve_channels') end +function M.device_supports_wpa3() + return unistd.access('/lib/gluon/features/wpa3') +end + +function M.device_supports_mfp(uci) + local supports_mfp = true + + if not M.device_supports_wpa3() then + return false + end + + uci:foreach('wireless', 'wifi-device', function(radio) + local phy = M.find_phy(radio) + local phypath = '/sys/kernel/debug/ieee80211/' .. phy .. '/' + + if not util.file_contains_line(phypath .. 'hwflags', 'MFP_CAPABLE') then + supports_mfp = false + return false + end + end) + + return supports_mfp +end + +function M.device_uses_11a(uci) + local ret = false + + uci:foreach('wireless', 'wifi-device', function(radio) + if radio.hwmode == '11a' or radio.hwmode == '11na' then + ret = true + return false + end + end) + + return ret +end + return M diff --git a/package/gluon-web-private-wifi/luasrc/lib/gluon/config-mode/model/admin/privatewifi.lua b/package/gluon-web-private-wifi/luasrc/lib/gluon/config-mode/model/admin/privatewifi.lua index a3b80432..8be95ed6 100644 --- a/package/gluon-web-private-wifi/luasrc/lib/gluon/config-mode/model/admin/privatewifi.lua +++ b/package/gluon-web-private-wifi/luasrc/lib/gluon/config-mode/model/admin/privatewifi.lua @@ -1,5 +1,4 @@ local uci = require("simple-uci").cursor() -local platform = require 'gluon.platform' local wireless = require 'gluon.wireless' -- where to read the configuration from @@ -30,7 +29,7 @@ key.default = uci:get('wireless', primary_iface, "key") local encryption = s:option(ListValue, "encryption", translate("Encryption")) encryption:depends(enabled, true) encryption:value("psk2", translate("WPA2")) -if platform.device_supports_wpa3() then +if wireless.device_supports_wpa3() then encryption:value("psk3-mixed", translate("WPA2 / WPA3")) encryption:value("psk3", translate("WPA3")) end @@ -39,7 +38,7 @@ encryption.default = uci:get('wireless', primary_iface, 'encryption') or "psk2" local mfp = s:option(ListValue, "mfp", translate("Management Frame Protection")) mfp:depends(enabled, true) mfp:value("0", translate("Disabled")) -if platform.device_supports_mfp(uci) then +if wireless.device_supports_mfp(uci) then mfp:value("1", translate("Optional")) mfp:value("2", translate("Required")) end @@ -68,7 +67,7 @@ function f:write() }) -- hostapd-mini won't start in case 802.11w is configured - if platform.device_supports_mfp(uci) then + if wireless.device_supports_mfp(uci) then uci:set('wireless', name, 'ieee80211w', mfp.data) else uci:delete('wireless', name, 'ieee80211w') From ed7134fae6007713d2ea6a3b54e0f8b236d43673 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Mon, 13 Sep 2021 17:43:16 +0200 Subject: [PATCH 02/70] gluon-web-wifi-config: reuse device_uses_11a() instead of reimplementing it less efficiently --- .../gluon/config-mode/model/admin/wifi-config.lua | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/package/gluon-web-wifi-config/luasrc/lib/gluon/config-mode/model/admin/wifi-config.lua b/package/gluon-web-wifi-config/luasrc/lib/gluon/config-mode/model/admin/wifi-config.lua index 49580413..9915a40b 100644 --- a/package/gluon-web-wifi-config/luasrc/lib/gluon/config-mode/model/admin/wifi-config.lua +++ b/package/gluon-web-wifi-config/luasrc/lib/gluon/config-mode/model/admin/wifi-config.lua @@ -24,18 +24,6 @@ local function txpower_list(phy) return new end -local function has_5ghz_radio() - local result = false - uci:foreach('wireless', 'wifi-device', function(config) - local radio = config['.name'] - local hwmode = uci:get('wireless', radio, 'hwmode') - - result = result or (hwmode == '11a' or hwmode == '11na') - end) - - return result -end - local f = Form(translate("WLAN")) f:section(Section, nil, translate( @@ -142,7 +130,7 @@ uci:foreach('wireless', 'wifi-device', function(config) end) -if has_5ghz_radio() and not wireless.preserve_channels(uci) then +if wireless.device_uses_11a(uci) and not wireless.preserve_channels(uci) then local r = f:section(Section, translate("Outdoor Installation"), translate( "Configuring the node for outdoor use tunes the 5 GHz radio to a frequency " .. "and transmission power that conforms with the local regulatory requirements. " From 5f1f96075340e0cd1f2e4ae6160aed6bec87be14 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Mon, 13 Sep 2021 17:47:04 +0200 Subject: [PATCH 03/70] gluon-core: introduce device_uses_wlan() helper --- .../gluon-core/luasrc/usr/lib/lua/gluon/wireless.lua | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/package/gluon-core/luasrc/usr/lib/lua/gluon/wireless.lua b/package/gluon-core/luasrc/usr/lib/lua/gluon/wireless.lua index 0eec8a83..4a6ca757 100644 --- a/package/gluon-core/luasrc/usr/lib/lua/gluon/wireless.lua +++ b/package/gluon-core/luasrc/usr/lib/lua/gluon/wireless.lua @@ -150,6 +150,17 @@ function M.device_supports_mfp(uci) return supports_mfp end +function M.device_uses_wlan(uci) + local ret = false + + uci:foreach('wireless', 'wifi-device', function() + ret = true + return false + end) + + return ret +end + function M.device_uses_11a(uci) local ret = false From a40a89d9068f03fb62503bb025a43502e213872c Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Mon, 13 Sep 2021 17:47:38 +0200 Subject: [PATCH 04/70] gluon-web-wifi-config, gluon-web-private-wifi: hide pages on devices without WLAN Fixes: #2311 --- .../lib/gluon/config-mode/controller/admin/privatewifi.lua | 7 ++++++- .../lib/gluon/config-mode/controller/admin/wifi-config.lua | 7 ++++++- 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/package/gluon-web-private-wifi/luasrc/lib/gluon/config-mode/controller/admin/privatewifi.lua b/package/gluon-web-private-wifi/luasrc/lib/gluon/config-mode/controller/admin/privatewifi.lua index febfb4e4..0b4647cf 100644 --- a/package/gluon-web-private-wifi/luasrc/lib/gluon/config-mode/controller/admin/privatewifi.lua +++ b/package/gluon-web-private-wifi/luasrc/lib/gluon/config-mode/controller/admin/privatewifi.lua @@ -1,3 +1,8 @@ +local uci = require("simple-uci").cursor() +local wireless = require 'gluon.wireless' + package 'gluon-web-private-wifi' -entry({"admin", "privatewifi"}, model("admin/privatewifi"), _("Private WLAN"), 30) +if wireless.device_uses_wlan(uci) then + entry({"admin", "privatewifi"}, model("admin/privatewifi"), _("Private WLAN"), 30) +end diff --git a/package/gluon-web-wifi-config/luasrc/lib/gluon/config-mode/controller/admin/wifi-config.lua b/package/gluon-web-wifi-config/luasrc/lib/gluon/config-mode/controller/admin/wifi-config.lua index 4a0b5256..c6c45075 100644 --- a/package/gluon-web-wifi-config/luasrc/lib/gluon/config-mode/controller/admin/wifi-config.lua +++ b/package/gluon-web-wifi-config/luasrc/lib/gluon/config-mode/controller/admin/wifi-config.lua @@ -1,3 +1,8 @@ +local uci = require("simple-uci").cursor() +local wireless = require 'gluon.wireless' + package 'gluon-web-wifi-config' -entry({"admin", "wifi-config"}, model("admin/wifi-config"), _("WLAN"), 20) +if wireless.device_uses_wlan(uci) then + entry({"admin", "wifi-config"}, model("admin/wifi-config"), _("WLAN"), 20) +end From caa09e2faec7ea555d9d2071fb0216116a645ebf Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Wed, 15 Dec 2021 20:48:53 +0100 Subject: [PATCH 05/70] Makefile: remove duplicate GLUON_RELEASE entry from GLUON_VARS --- Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Makefile b/Makefile index 760335a2..c8f03f6f 100644 --- a/Makefile +++ b/Makefile @@ -70,7 +70,7 @@ GLUON_VARS = \ GLUON_VERSION GLUON_SITE_VERSION \ GLUON_RELEASE GLUON_REGION GLUON_MULTIDOMAIN GLUON_AUTOREMOVE GLUON_DEBUG GLUON_MINIFY GLUON_DEPRECATED \ GLUON_DEVICES GLUON_TARGETSDIR GLUON_PATCHESDIR GLUON_TMPDIR GLUON_IMAGEDIR GLUON_PACKAGEDIR GLUON_DEBUGDIR \ - GLUON_SITEDIR GLUON_RELEASE GLUON_AUTOUPDATER_BRANCH GLUON_AUTOUPDATER_ENABLED GLUON_LANGS GLUON_BASE_FEEDS \ + GLUON_SITEDIR GLUON_AUTOUPDATER_BRANCH GLUON_AUTOUPDATER_ENABLED GLUON_LANGS GLUON_BASE_FEEDS \ GLUON_TARGET BOARD SUBTARGET unexport $(GLUON_VARS) From 286d07b35f7e23c7e4d67ee103a67154a96a95cc Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Wed, 15 Dec 2021 20:59:26 +0100 Subject: [PATCH 06/70] Makefile: error earlier when site.mk is missing The site.mk target was only evaluated after the whole makefile was parsed. This caused the GLUON_DEPRECATED error to be emitted first (hiding the more helpful message that no site config was found) on Gluon 2021.1.x, where GLUON_DEPRECATED is used in a toplevel if in targets.mk. By moving the check from recipe context to the toplevel, we ensure that it is evaluated during parsing. --- Makefile | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index c8f03f6f..676aa06d 100644 --- a/Makefile +++ b/Makefile @@ -19,8 +19,9 @@ escape = '$(subst ','\'',$(1))' GLUON_SITEDIR ?= site $(eval $(call mkabspath,GLUON_SITEDIR)) -$(GLUON_SITEDIR)/site.mk: - $(error No site configuration was found. Please check out a site configuration to $(GLUON_SITEDIR)) +ifeq ($(realpath $(GLUON_SITEDIR)/site.mk),) +$(error No site configuration was found. Please check out a site configuration to $(GLUON_SITEDIR)) +endif include $(GLUON_SITEDIR)/site.mk From 201e1597b122fbb343516b97a6baa2ed1e015f22 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Wed, 15 Dec 2021 19:46:26 +0100 Subject: [PATCH 07/70] gluon-status-page: use UCI + iwinfo to get channel information The network.wireless status ubus call only returns the configured channel from UCI, breaking the status page in outdoor mode, where the configuration contains 'auto' instead of a number. Fixes: 0d3fa6b59be7 ("gluon-status-page: use ubus to get radio channels") Closes #2336 --- .../gluon/status-page/view/status-page.html | 23 +++++++++++-------- 1 file changed, 14 insertions(+), 9 deletions(-) diff --git a/package/gluon-status-page/files/lib/gluon/status-page/view/status-page.html b/package/gluon-status-page/files/lib/gluon/status-page/view/status-page.html index bdce64fb..73029d1d 100644 --- a/package/gluon-status-page/files/lib/gluon/status-page/view/status-page.html +++ b/package/gluon-status-page/files/lib/gluon/status-page/view/status-page.html @@ -1,7 +1,11 @@ <%- + local iwinfo = require 'iwinfo' local ubus = require 'ubus' local unistd = require 'posix.unistd' local util = require 'gluon.util' + local wireless = require 'gluon.wireless' + + local uci = require('simple-uci').cursor() local translations = {} local site_i18n = i18n 'gluon-site' @@ -35,22 +39,22 @@ return interfaces end - local function get_radios(uconn) - local radios = uconn:call("network.wireless", "status", {}) + local function get_radios() local ret = {} - for radio, info in pairs(radios) do - if info.up then + wireless.foreach_radio(uci, function(radio) + local channel = iwinfo.nl80211.channel(wireless.find_phy(radio)) + if channel then table.insert(ret, { - name = radio, - channel = info.config.channel, + name = radio['.name'], + channel = channel, }) end - end - + end) table.sort(ret, function(a, b) return a.name < b.name end) + return ret end @@ -72,10 +76,11 @@ end local interfaces = get_interfaces(uconn) - local radios = get_radios(uconn) ubus.close(uconn) + local radios = get_radios() + local function sorted(t) t = {unpack(t)} table.sort(t) From 1013dcb148154f775e8f5ef9f6a24192d0af87ec Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Thu, 16 Dec 2021 20:01:57 +0100 Subject: [PATCH 08/70] gluon-ebtables-filter-ra-dhcp: disable DHCPv4 filter when gw_mode == 'server' (#2324) In meshes without VPN or supernodes, it may be desirable to connect a router providing IPv4 addresses directly to a regular Gluon node. For this to work, it was necessary to remove the gluon-ebtables-filter-ra-dhcp package from the node, so the autoupdater also needed to be disabled. To avoid this, make gluon-ebtables-filter-ra-dhcp disable the DHCPv4 filter rules when gw_mode is set to 'server'. No solution is provided for RA/DHCPv6, but this seems less pressing for local meshes, as nodes can already provide working IPv6 connectivity by themselves through gluon-radvd. --- .../luasrc/lib/gluon/ebtables/200-dir-dhcpv4 | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/package/gluon-ebtables-filter-ra-dhcp/luasrc/lib/gluon/ebtables/200-dir-dhcpv4 b/package/gluon-ebtables-filter-ra-dhcp/luasrc/lib/gluon/ebtables/200-dir-dhcpv4 index ec56ff1d..87b4bd7f 100644 --- a/package/gluon-ebtables-filter-ra-dhcp/luasrc/lib/gluon/ebtables/200-dir-dhcpv4 +++ b/package/gluon-ebtables-filter-ra-dhcp/luasrc/lib/gluon/ebtables/200-dir-dhcpv4 @@ -1,5 +1,11 @@ -rule 'FORWARD -p IPv4 --ip-protocol udp --ip-destination-port 67 -j OUT_ONLY' -rule 'OUTPUT -p IPv4 --ip-protocol udp --ip-destination-port 67 -j OUT_ONLY' +local uci = require('simple-uci').cursor() -rule 'FORWARD -p IPv4 --ip-protocol udp --ip-destination-port 68 -j IN_ONLY' -rule 'INPUT -p IPv4 --ip-protocol udp --ip-destination-port 68 -j IN_ONLY' +local gw_mode = uci:get('network', 'gluon_bat0', 'gw_mode') + +if gw_mode ~= 'server' then + rule 'FORWARD -p IPv4 --ip-protocol udp --ip-destination-port 67 -j OUT_ONLY' + rule 'OUTPUT -p IPv4 --ip-protocol udp --ip-destination-port 67 -j OUT_ONLY' + + rule 'FORWARD -p IPv4 --ip-protocol udp --ip-destination-port 68 -j IN_ONLY' + rule 'INPUT -p IPv4 --ip-protocol udp --ip-destination-port 68 -j IN_ONLY' +end From ae911a13313be7a9c2e2886c90056605055ac66b Mon Sep 17 00:00:00 2001 From: Felix Date: Sat, 18 Dec 2021 15:41:33 +0100 Subject: [PATCH 09/70] Add dependabot.yml config (#2335) --- .github/dependabot.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..f1b24d13 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,12 @@ +# Docs: + +version: 2 + +updates: + - package-ecosystem: github-actions + directory: / + schedule: {interval: monthly} + + - package-ecosystem: pip + directory: /docs/ + schedule: {interval: monthly} From 18cddd2046c22da75fbd4eed06a63b55513acc84 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 18 Dec 2021 14:41:54 +0000 Subject: [PATCH 10/70] build(deps): bump actions/upload-artifact from 1 to 2.3.1 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 1 to 2.3.1. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v1...v2.3.1) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build-docs.yml | 2 +- .github/workflows/build-gluon.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build-docs.yml b/.github/workflows/build-docs.yml index ccd51090..9ff3504e 100644 --- a/.github/workflows/build-docs.yml +++ b/.github/workflows/build-docs.yml @@ -20,7 +20,7 @@ jobs: - name: Build documentation run: make -C docs html - name: Archive build output - uses: actions/upload-artifact@v1 + uses: actions/upload-artifact@v2.3.1 with: name: docs_output path: docs/_build/html diff --git a/.github/workflows/build-gluon.yml b/.github/workflows/build-gluon.yml index 897e7744..2bb2297c 100644 --- a/.github/workflows/build-gluon.yml +++ b/.github/workflows/build-gluon.yml @@ -45,13 +45,13 @@ jobs: - name: Archive build logs if: ${{ !cancelled() }} - uses: actions/upload-artifact@v1 + uses: actions/upload-artifact@v2.3.1 with: name: ${{ matrix.target }}_logs path: openwrt/logs - name: Archive build output - uses: actions/upload-artifact@v1 + uses: actions/upload-artifact@v2.3.1 with: name: ${{ matrix.target }}_output path: output From 131baaa555867debcb2c6bb4b3ee6c7e0f3cbe10 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 18 Dec 2021 14:41:58 +0000 Subject: [PATCH 11/70] build(deps): bump sphinx-rtd-theme from 0.5.2 to 1.0.0 in /docs Bumps [sphinx-rtd-theme](https://github.com/readthedocs/sphinx_rtd_theme) from 0.5.2 to 1.0.0. - [Release notes](https://github.com/readthedocs/sphinx_rtd_theme/releases) - [Changelog](https://github.com/readthedocs/sphinx_rtd_theme/blob/master/docs/changelog.rst) - [Commits](https://github.com/readthedocs/sphinx_rtd_theme/compare/0.5.2...1.0.0) --- updated-dependencies: - dependency-name: sphinx-rtd-theme dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- docs/requirements.txt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/requirements.txt b/docs/requirements.txt index f85be1ff..5babfe38 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1 +1 @@ -sphinx-rtd-theme==0.5.2 +sphinx-rtd-theme==1.0.0 From 83808221d72463010661191bc4b44d6e2359e948 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sat, 18 Dec 2021 23:47:41 +0100 Subject: [PATCH 12/70] workflows: build-gluon: remove obsolete comment build-gluon.yml is not generated anymore. --- .github/workflows/build-gluon.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/build-gluon.yml b/.github/workflows/build-gluon.yml index 2bb2297c..63c5c420 100644 --- a/.github/workflows/build-gluon.yml +++ b/.github/workflows/build-gluon.yml @@ -1,7 +1,3 @@ - -# Update this file after adding/removing/renaming a target by running -# `make list-targets BROKEN=1 | ./contrib/actions/generate-actions.py > ./.github/workflows/build-gluon.yml` - name: Build Gluon on: push: From d8aca7f2115ff63f502793dfa0e3e1611ead44a1 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sat, 18 Dec 2021 23:51:17 +0100 Subject: [PATCH 13/70] workflows: build-gluon: avoid failure when no path filter matches The CI should be successful when there is nothing to check. Add if condition as proposed in [1]. [1] https://github.com/dorny/paths-filter/issues/66#issuecomment-778267385 --- .github/workflows/build-gluon.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/build-gluon.yml b/.github/workflows/build-gluon.yml index 63c5c420..dccdb347 100644 --- a/.github/workflows/build-gluon.yml +++ b/.github/workflows/build-gluon.yml @@ -24,6 +24,7 @@ jobs: build_firmware: needs: changed + if: ${{ needs.changed.outputs.targets != '[]' && needs.changed.outputs.targets != '' }} strategy: fail-fast: false matrix: From c52089fcda5e5243b168596c07d60637d21404a2 Mon Sep 17 00:00:00 2001 From: David Bauer Date: Mon, 14 Jun 2021 22:29:07 +0200 Subject: [PATCH 14/70] treewide: use radio band option to determine frequency band The 'hwmode' setting has been replaced with 'band' in OpenWrt to add support for newer bands outside of 2.4G and 5G. Adjust Gluon accordingly. [Matthias Schiffer: rebased, extended commit message] --- .../lib/gluon/config-mode/wizard/0250-outdoor.lua | 2 +- .../luasrc/lib/gluon/upgrade/200-wireless | 14 +++++++------- .../luasrc/usr/lib/lua/gluon/wireless.lua | 8 ++++---- .../gluon/config-mode/model/admin/wifi-config.lua | 8 ++++---- 4 files changed, 16 insertions(+), 16 deletions(-) diff --git a/package/gluon-config-mode-outdoor/luasrc/lib/gluon/config-mode/wizard/0250-outdoor.lua b/package/gluon-config-mode-outdoor/luasrc/lib/gluon/config-mode/wizard/0250-outdoor.lua index 2ddf0a85..947fa0b4 100644 --- a/package/gluon-config-mode-outdoor/luasrc/lib/gluon/config-mode/wizard/0250-outdoor.lua +++ b/package/gluon-config-mode-outdoor/luasrc/lib/gluon/config-mode/wizard/0250-outdoor.lua @@ -31,7 +31,7 @@ return function(form, uci) if data == false then local mesh_ifaces_5ghz = {} uci:foreach('wireless', 'wifi-device', function(config) - if config.hwmode ~= '11a' and config.hwmode ~= '11na' then + if config.band ~= '5g' then return end diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/200-wireless b/package/gluon-core/luasrc/lib/gluon/upgrade/200-wireless index b86e006e..b0a5485f 100755 --- a/package/gluon-core/luasrc/lib/gluon/upgrade/200-wireless +++ b/package/gluon-core/luasrc/lib/gluon/upgrade/200-wireless @@ -38,11 +38,11 @@ if not sysconfig.gluon_version then if radio_band_count["band24"] <= radio_band_count["band5"] then -- Assign radio to 2.4GHz band radio_band_count["band24"] = radio_band_count["band24"] + 1 - uci:set('wireless', radio_name, 'hwmode', '11g') + uci:set('wireless', radio_name, 'band', '2g') else -- Assign radio to 5GHz band radio_band_count["band5"] = radio_band_count["band5"] + 1 - uci:set('wireless', radio_name, 'hwmode', '11a') + uci:set('wireless', radio_name, 'band', '5g') end end end) @@ -57,7 +57,7 @@ local function get_channel(radio, config) if wireless.preserve_channels(uci) then -- preserved channel always wins channel = radio.channel - elseif (radio.hwmode == '11a' or radio.hwmode == '11na') and is_outdoor() then + elseif radio.band == '5g' and is_outdoor() then -- actual channel will be picked and probed from chanlist channel = 'auto' end @@ -66,7 +66,7 @@ local function get_channel(radio, config) end local function get_htmode(radio) - if (radio.hwmode == '11a' or radio.hwmode == '11na') and is_outdoor() then + if radio.band == '5g' and is_outdoor() then local outdoor_htmode = uci:get('gluon', 'wireless', 'outdoor_' .. radio['.name'] .. '_htmode') if outdoor_htmode ~= nil then return outdoor_htmode @@ -207,11 +207,11 @@ wireless.foreach_radio(uci, function(radio, index, config) uci:delete('wireless', radio_name, 'supported_rates') uci:delete('wireless', radio_name, 'basic_rate') - local hwmode = radio.hwmode - if hwmode == '11g' or hwmode == '11ng' then + local band = radio.band + if band == '2g' then uci:set('wireless', radio_name, 'legacy_rates', false) configure_mesh_wireless(radio, index, config) - elseif (hwmode == '11a' or hwmode == '11na') then + elseif (band == '5g') then if is_outdoor() then uci:set('wireless', radio_name, 'channels', config.outdoor_chanlist()) diff --git a/package/gluon-core/luasrc/usr/lib/lua/gluon/wireless.lua b/package/gluon-core/luasrc/usr/lib/lua/gluon/wireless.lua index 4a6ca757..3e0696aa 100644 --- a/package/gluon-core/luasrc/usr/lib/lua/gluon/wireless.lua +++ b/package/gluon-core/luasrc/usr/lib/lua/gluon/wireless.lua @@ -112,11 +112,11 @@ function M.foreach_radio(uci, f) end) for index, radio in ipairs(radios) do - local hwmode = radio.hwmode + local band = radio.band - if hwmode == '11g' or hwmode == '11ng' then + if band == '2g' then f(radio, index, site.wifi24) - elseif hwmode == '11a' or hwmode == '11na' then + elseif band == '5g' then f(radio, index, site.wifi5) end end @@ -165,7 +165,7 @@ function M.device_uses_11a(uci) local ret = false uci:foreach('wireless', 'wifi-device', function(radio) - if radio.hwmode == '11a' or radio.hwmode == '11na' then + if radio.band == '5g' then ret = true return false end diff --git a/package/gluon-web-wifi-config/luasrc/lib/gluon/config-mode/model/admin/wifi-config.lua b/package/gluon-web-wifi-config/luasrc/lib/gluon/config-mode/model/admin/wifi-config.lua index 9915a40b..13ac6434 100644 --- a/package/gluon-web-wifi-config/luasrc/lib/gluon/config-mode/model/admin/wifi-config.lua +++ b/package/gluon-web-wifi-config/luasrc/lib/gluon/config-mode/model/admin/wifi-config.lua @@ -44,9 +44,9 @@ uci:foreach('wireless', 'wifi-device', function(config) local is_5ghz = false local title - if config.hwmode == '11g' or config.hwmode == '11ng' then + if config.band == '2g' then title = translate("2.4GHz WLAN") - elseif config.hwmode == '11a' or config.hwmode == '11na' then + elseif config.band == '5g' then is_5ghz = true title = translate("5GHz WLAN") else @@ -155,9 +155,9 @@ if wireless.device_uses_11a(uci) and not wireless.preserve_channels(uci) then uci:foreach('wireless', 'wifi-device', function(config) local radio = config['.name'] - local hwmode = uci:get('wireless', radio, 'hwmode') + local band = uci:get('wireless', radio, 'band') - if hwmode ~= '11a' and hwmode ~= '11na' then + if band ~= '5g' then return end From 17e1aa4ffdf07d82a4de13bd7c9264e0c830eede Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Wed, 15 Dec 2021 22:29:04 +0100 Subject: [PATCH 15/70] gluon-core: migrate wireless configuration from hwmode to band The migration is done very early, as other upgrade scripts depend on the band setting through platform.device_uses_11a(). --- .../lib/gluon/upgrade/005-wireless-migration | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100755 package/gluon-core/luasrc/lib/gluon/upgrade/005-wireless-migration diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/005-wireless-migration b/package/gluon-core/luasrc/lib/gluon/upgrade/005-wireless-migration new file mode 100755 index 00000000..fc79249b --- /dev/null +++ b/package/gluon-core/luasrc/lib/gluon/upgrade/005-wireless-migration @@ -0,0 +1,20 @@ +#!/usr/bin/lua + +local uci = require('simple-uci').cursor() + +-- Migration from hwmode to band (OpenWrt 21.02) +-- Use uci:foreach(), as wireless.foreach_radio() depends on band already being set +uci:foreach('wireless', 'wifi-device', function(radio) + local radio_name = radio['.name'] + local hwmode = radio.hwmode + if not radio.band then + if hwmode == '11g' or hwmode == '11ng' then + uci:set('wireless', radio_name, 'band', '2g') + elseif hwmode == '11a' or hwmode == '11na' then + uci:set('wireless', radio_name, 'band', '5g') + end + end + uci:delete('wireless', radio_name, 'hwmode') +end) + +uci:save('wireless') From fdc79c5721b35622314dc1faaf54ad16d5e16cd9 Mon Sep 17 00:00:00 2001 From: David Bauer Date: Mon, 20 Dec 2021 17:37:51 +0100 Subject: [PATCH 16/70] gluon-ebtables-limit-arp: declare clock as extern (#2343) Declare the clock variable as extern in the header file. Fixes compilation of gluon-ebtables-limit-arp with OpenWrt master: multiple definition of `clock'; /gluon/openwrt/tmp/ccuynR0G.o:(.bss+0x230): first defined here Signed-off-by: David Bauer --- package/gluon-ebtables-limit-arp/src/gluon-arp-limiter.c | 2 ++ package/gluon-ebtables-limit-arp/src/gluon-arp-limiter.h | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/package/gluon-ebtables-limit-arp/src/gluon-arp-limiter.c b/package/gluon-ebtables-limit-arp/src/gluon-arp-limiter.c index 9c764006..c14fce6b 100644 --- a/package/gluon-ebtables-limit-arp/src/gluon-arp-limiter.c +++ b/package/gluon-ebtables-limit-arp/src/gluon-arp-limiter.c @@ -25,6 +25,8 @@ static struct addr_store ip_store; static struct addr_store mac_store; +int clock; + char *addr_mac_ntoa(void *addr) { return mac_ntoa((struct mac_addr *)addr); diff --git a/package/gluon-ebtables-limit-arp/src/gluon-arp-limiter.h b/package/gluon-ebtables-limit-arp/src/gluon-arp-limiter.h index 203ab217..3715ed70 100644 --- a/package/gluon-ebtables-limit-arp/src/gluon-arp-limiter.h +++ b/package/gluon-ebtables-limit-arp/src/gluon-arp-limiter.h @@ -8,6 +8,6 @@ #ifndef _GLUON_ARP_LIMITER_H_ #define _GLUON_ARP_LIMITER_H_ -int clock; +extern int clock; #endif /* _GLUON_ARP_LIMITER_H_ */ From cadee7bfc631f0f82d326715f65c3aa98560fde6 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Tue, 21 Dec 2021 21:17:58 +0100 Subject: [PATCH 17/70] modules: update openwrt e1b79b1dc3 mac80211: optimize airtime fairness code to reduce cpu usage 5414aa88ae kernel: backport the upstream implementation of threaded NAPI to 5.4 4b52d89531 mac80211: Update toversion 5.10.85 5a8faa407a bcm53xx: sysupgrade: fix support for Luxul's legacy firmware format 052619a71b bcm4908: build chk image for Netgear RAXE500 d5f9c6729f bcm4908: start working on Netgear RAXE500 image 76ccf10c59 bcm4908: enable MTD_CMDLINE_PARTS 97b76de576 bcm4908: continue work on images for U-Boot based devices 1da38bb4db bcm4908: backport upstream DT commits 570c26f664 bcm4908: add watchdog support 027dd3c50b bcm4908: start work on images for devices using U-Boot 2c1f27bf4b bcm4908img: detect Linksys images 1d1c695273 bcm4908img: store offset of tail data f24e745b25 bcm63xx-cfe: update to the latest master c808c55b39 bcm53xx: sysupgrade: refactor handling different firmware formats 29f73a7968 bcm53xx: sysupgrade: simplify extracting image from Seama seal 0ebf62e7f4 bcm53xx: enable Linksys EA6300 & EA9200 builds 67978e4ce5 bcm53xx: backport the latest upstream DT changes 6f9e9d978a bcm53xx: fix Luxul XWR-3150 LAN ports numbering 2912bba4cb otrx: update to the latest master 3d05cd40a6 otrx: use firmware-utils.git to avoid code duplication 14940aee45 kernel: bump 5.4 to 5.4.163 06547e0a58 ath79: add support for Xiaomi AIoT Router AC2350 c67509efd7 ramips: fix tl-mr3020-v3 switch topology to configure vlans via luci 5124b96e72 busybox: update to 1.33.2 bugfix release 266890bb12 mt76: update to the latest version efc76b1361 mac80211: bump PKG_RELEASE 1276ef9c1c mac80211: fix tx aggregation locking issue b1e684fa88 mac80211: fix queue assignment of aggregation start requests 462ccf90be mt76: update to the latest version 36848e2c29 uboot-lantiq: danube: fix hanging lzma kernel uncompression #2 4172a8e0ad lantiq: set maximum kernel size for P2812HNUF3 0e0192098a mac80211: backport fix for dealing with stripped IV on rx 77667a7eb6 hostapd: add a patch that allows processing auth requests for peers in blocked state 9127e5193e hostapd: bump PKG_RELEASE 4679c4ae25 mac80211: bump PKG_RELEASE 36c3103cba mac80211: add a fix for kernel warnings when forwarding packets in mesh mode ea91ebedce mac80211: fix regression in SSN handling of addba tx --- modules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules b/modules index 97d8043f..cef7d22e 100644 --- a/modules +++ b/modules @@ -2,7 +2,7 @@ GLUON_FEEDS='packages routing gluon' OPENWRT_REPO=https://github.com/openwrt/openwrt.git OPENWRT_BRANCH=openwrt-21.02 -OPENWRT_COMMIT=dec9e8395605d9ff3f1eb09f9dfb7d743939ee37 +OPENWRT_COMMIT=e1b79b1dc39febcfb8eb9a32123abb64b10b5524 PACKAGES_PACKAGES_REPO=https://github.com/openwrt/packages.git PACKAGES_PACKAGES_BRANCH=openwrt-21.02 From d7c2df08d4e248221f95f2cdaee6663ac5fd5afa Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Tue, 21 Dec 2021 21:18:07 +0100 Subject: [PATCH 18/70] modules: update packages a87752712 python-lxml: update to version 4.6.5 944e937d9 php8: update to 8.0.14 4308764d8 seafile: remove myself as maintainer of these packages aa7454e46 python-packages: remove myself as maintainer f01af1e66 crowdsec-firewall-bouncer: update to 0.0.18 f4519023c php7: update to 7.4.27 e818e3ed3 nano: update to version 6.0 e7e91ca07 libqmi: fix missing CONFIG_ prefix 7164762fd ldns: update to 1.8.1 59e70a29c unbound: update to 1.14.0 e6628357a htop: update to 3.1.2-1 c28d3dcb5 htop: explicitly disable some build options 97574e9de htop: update to 3.1.0 6ddb16bc3 node: bump to 14.18.2 4f251d6df hwdata: update to version 0.354 92129f9cf python-babel: update to version 2.9.1 134bae302 python-babel: update to version 2.9.0 5750f8337 knot: update to 3.1.4 149c3014f gnutls: don't run aclocal --install 4ee031906 bind: bump to 9.17.20 cbc9de5f1 knot-resolver: update to version 5.4.3 bb89205f5 yq: Update to 4.16.1 1743adc23 python3: update to version 3.9.9 5ebaa73d5 msmtp: update to version 1.8.1.9 a9fed2403 mariadb: Create compatibility symlinks 0e40e25fc mariadb: Install all supporting sql files 753fe1d21 mariadb: Tweak default configuration ed572e389 mariadb: Init script improvements fb4c9e5c4 mariadb-common: Drop package and adjust configuration e84c48890 nextdns: Update to version 1.37.7 75a0ffc21 nextdns: Update to version 1.37.6 a97bd3135 syslog-ng: update to version 3.35.1 3cad5b76d yggdrasil: bump to 0.4.2 a7a724733 yggdrasil: uci ifname is now known as device 271961e3a nextdns: Update to version 1.37.5 5d82c0716 ddns-scripts: use HTTPS for spdyn ff5728497 icu: bump to 70.1 8162066e1 curl: update to 7.80.0 4877a3b72 yq: Update to 4.15.1 4f78eb825 crowdsec: update to 1.2.1 crowdsec-firewall-boucer: update to 0.0.16 103484c4b nebula: update to 1.5.0 --- modules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules b/modules index cef7d22e..37fbefaf 100644 --- a/modules +++ b/modules @@ -6,7 +6,7 @@ OPENWRT_COMMIT=e1b79b1dc39febcfb8eb9a32123abb64b10b5524 PACKAGES_PACKAGES_REPO=https://github.com/openwrt/packages.git PACKAGES_PACKAGES_BRANCH=openwrt-21.02 -PACKAGES_PACKAGES_COMMIT=f71a9c91cb44f4e50fbfb53ce5666fa0097d61a0 +PACKAGES_PACKAGES_COMMIT=a8775271236e9c6d7a6cce040a78a235c6c73d40 PACKAGES_ROUTING_REPO=https://github.com/openwrt/routing.git PACKAGES_ROUTING_BRANCH=openwrt-21.02 From 5e11afbe8660b8f9a16cfea95353057849fbc1e0 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Tue, 21 Dec 2021 21:18:08 +0100 Subject: [PATCH 19/70] modules: update routing a85b7c7 opennds: Release v9.5.1 (for 21.02) d4622d8 ohybridproxy: revert to default log level 47436b0 batman-adv: Prevent use from libc headers to not build with BIG_ENDIAN --- modules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules b/modules index 37fbefaf..d73df63c 100644 --- a/modules +++ b/modules @@ -10,7 +10,7 @@ PACKAGES_PACKAGES_COMMIT=a8775271236e9c6d7a6cce040a78a235c6c73d40 PACKAGES_ROUTING_REPO=https://github.com/openwrt/routing.git PACKAGES_ROUTING_BRANCH=openwrt-21.02 -PACKAGES_ROUTING_COMMIT=da7d7a0255efec87c1b0a511d6082e86754cba7e +PACKAGES_ROUTING_COMMIT=a85b7c7ea865e0e11ffaa2f7b08ed3e52624f07c PACKAGES_GLUON_REPO=https://github.com/freifunk-gluon/packages.git PACKAGES_GLUON_COMMIT=52d7ac4aea7dc17c639c96ad9e179137ca66e614 From 6728c4a10379dec56f366cb34c6ad9d39c070d7e Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Tue, 21 Dec 2021 21:40:27 +0100 Subject: [PATCH 20/70] Add helper to run a containerized build environment (#2292) Using `make container` or, if you don't have automake/gmake on your host system, `./scripts/container.sh` will build an image for the current branch your are on and drop you into a shell running inside a container using that image. From there all tooling required to work on Gluon is available. Supports both podman (preferred) and docker. --- Makefile | 4 ++++ contrib/{ => docker}/Dockerfile | 0 docs/user/getting_started.rst | 6 ++++++ scripts/container.sh | 24 ++++++++++++++++++++++++ 4 files changed, 34 insertions(+) rename contrib/{ => docker}/Dockerfile (100%) create mode 100755 scripts/container.sh diff --git a/Makefile b/Makefile index 676aa06d..c25f82f5 100644 --- a/Makefile +++ b/Makefile @@ -186,6 +186,10 @@ config: $(LUA) FORCE $(GLUON_ENV) $(LUA) scripts/target_config_check.lua +container: FORCE + @scripts/container.sh + + all: config +@ $(GLUON_ENV) $(LUA) scripts/clean_output.lua diff --git a/contrib/Dockerfile b/contrib/docker/Dockerfile similarity index 100% rename from contrib/Dockerfile rename to contrib/docker/Dockerfile diff --git a/docs/user/getting_started.rst b/docs/user/getting_started.rst index 7cf00834..5d8d6aa2 100644 --- a/docs/user/getting_started.rst +++ b/docs/user/getting_started.rst @@ -40,6 +40,12 @@ freshly installed Debian Stretch system the following packages are required: * `time` (built-in `time` doesn't work) * `qemu-utils` +We also provide a container environment that already tracks all these dependencies. It quickly gets you up and running, if you already have either Docker or Podman installed locally. + +:: + + ./scripts/container.sh + Building the images ------------------- diff --git a/scripts/container.sh b/scripts/container.sh new file mode 100755 index 00000000..c18bf322 --- /dev/null +++ b/scripts/container.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash + +set -euo pipefail + +# move into base directory, in case this script is not executed via `make container` +cd "$(dirname "$0")/.." + +# normalize branch name to reflect a valid image name +BRANCH=$(git branch --show-current | sed 's/[^a-z0-9-]/_/ig') +TAG=gluon:${BRANCH} + +if [ "$(command -v podman)" ] +then + podman build -t "${TAG}" contrib/docker + podman run -it --rm --userns=keep-id --volume="$(pwd):/gluon" "${TAG}" +elif [ "$(command -v docker)" ] +then + docker build -t "${TAG}" contrib/docker + docker run -it --rm --volume="$(pwd):/gluon" "${TAG}" +else + 1>&2 echo "Please install either podman or docker. Exiting" >/dev/null + exit 1 +fi + From 854fef4e12c07751c4da78081ac534e87ade9afd Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Fri, 24 Dec 2021 14:16:04 +0100 Subject: [PATCH 21/70] docs: consistently indent .rst files with 2 spaces 2 spaces is the most common indentation width used in the docs; adjust the rest for consistency. Also change .editorconfig accordingly. --- .editorconfig | 2 +- docs/dev/basics.rst | 6 +- docs/dev/debugging.rst | 10 +- docs/dev/packages.rst | 17 +- docs/features/autoupdater.rst | 14 +- docs/features/multidomain.rst | 204 ++-- docs/features/vpn.rst | 6 +- docs/package/gluon-mesh-batman-adv.rst | 4 +- .../package/gluon-scheduled-domain-switch.rst | 18 +- docs/releases/v2015.1.rst | 28 +- docs/releases/v2016.1.5.rst | 18 +- docs/releases/v2019.1.1.rst | 12 +- docs/releases/v2019.1.2.rst | 12 +- docs/releases/v2019.1.3.rst | 12 +- docs/releases/v2019.1.rst | 38 +- docs/releases/v2020.1.1.rst | 12 +- docs/releases/v2020.1.2.rst | 12 +- docs/releases/v2020.1.3.rst | 12 +- docs/releases/v2020.1.rst | 92 +- docs/user/getting_started.rst | 38 +- docs/user/site.rst | 875 +++++++++--------- 21 files changed, 719 insertions(+), 723 deletions(-) diff --git a/.editorconfig b/.editorconfig index 5174a187..9dca9dab 100644 --- a/.editorconfig +++ b/.editorconfig @@ -25,7 +25,7 @@ indent_size = 4 [*.rst] indent_style = space -indent_size = 3 +indent_size = 2 [*.yml] indent_style = space diff --git a/docs/dev/basics.rst b/docs/dev/basics.rst index 5508897c..8608567e 100644 --- a/docs/dev/basics.rst +++ b/docs/dev/basics.rst @@ -32,7 +32,7 @@ rerun :: - make update + make update `make update` also applies the patches that can be found in the directories found in `patches`; the resulting branch will be called `patched`, while the commit specified in `modules` @@ -44,7 +44,7 @@ using :: - make update-patches + make update-patches If applying a patch fails because you have changed the base commit, the repository will be reset to the old `patched` branch and you can try rebasing it onto the new `base` branch yourself and after that call `make update-patches` to fix the problem. @@ -54,7 +54,7 @@ commits, making `git reflog` the only way to recover them! :: - make refresh-patches + make refresh-patches In order to refresh patches when updating feeds or the OpenWrt base, `make refresh-patches` applies and updates all of their patches without installing feed packages to the OpenWrt buildsystem. diff --git a/docs/dev/debugging.rst b/docs/dev/debugging.rst index 52073428..ca1cd041 100644 --- a/docs/dev/debugging.rst +++ b/docs/dev/debugging.rst @@ -32,12 +32,12 @@ The tooling is contained in the kernel source tree in the file `decode_stacktrace.sh `__. This file and the needed source tree are available in the directory: :: - openwrt/build_dir/target-/linux-/linux-/ + openwrt/build_dir/target-/linux-/linux-/ .. note:: - Make sure to use a kernel tree that matches the version and patches - that was used to build the kernel. - If in doubt just re-build the images for the target. + Make sure to use a kernel tree that matches the version and patches + that was used to build the kernel. + If in doubt just re-build the images for the target. Some more information on how to use this tool can be found at `LWN `__. @@ -48,4 +48,4 @@ Obtaining Stacktraces On many targets stacktraces can be read from the following location after reboot: :: - /sys/kernel/debug/crashlog + /sys/kernel/debug/crashlog diff --git a/docs/dev/packages.rst b/docs/dev/packages.rst index 098b0276..7c239675 100644 --- a/docs/dev/packages.rst +++ b/docs/dev/packages.rst @@ -9,13 +9,16 @@ Development workflow When you are developing packages, it often happens that you iteratively want to deploy and verify the state your development. There are two ways to verify your changes: -1) One way is to rebuild the complete firmware, flash it, configure it and verify your - development then. This usually takes at least a few minutes to get your changes - working so you can test them. Especially if you iterate a lot, this becomes tedious. -2) Another way is to rebuild only the package you are currently working on and - to deploy this package to your test system. Here not even a reboot is required. - This makes iterating relatively fast. Your test system could be real hardware or - even a qemu in most cases. +1) + One way is to rebuild the complete firmware, flash it, configure it and verify your + development then. This usually takes at least a few minutes to get your changes + working so you can test them. Especially if you iterate a lot, this becomes tedious. + +2) + Another way is to rebuild only the package you are currently working on and + to deploy this package to your test system. Here not even a reboot is required. + This makes iterating relatively fast. Your test system could be real hardware or + even a qemu in most cases. Gluon provides scripts to enhance workflow 2). Here is an example illustrating the workflow using these scripts: diff --git a/docs/features/autoupdater.rst b/docs/features/autoupdater.rst index 6e011245..545b8237 100644 --- a/docs/features/autoupdater.rst +++ b/docs/features/autoupdater.rst @@ -99,16 +99,16 @@ These commands can be used on a node: :: - # Update with some probability - autoupdater + # Update with some probability + autoupdater :: - # Force update check, even when the updater is disabled - autoupdater -f + # Force update check, even when the updater is disabled + autoupdater -f :: - # If fallback is true the updater will perform an update only if the timespan - # PRIORITY days (as defined in the manifest) and another 24h have passed - autoupdater --fallback + # If fallback is true the updater will perform an update only if the timespan + # PRIORITY days (as defined in the manifest) and another 24h have passed + autoupdater --fallback diff --git a/docs/features/multidomain.rst b/docs/features/multidomain.rst index 7abd59a8..91dd7bcf 100644 --- a/docs/features/multidomain.rst +++ b/docs/features/multidomain.rst @@ -21,18 +21,18 @@ Overview Multidomain support allows to build a single firmware with multiple, switchable domain configurations. The nomenclature is as follows: -- ``site``: an aggregate over multiple domains -- ``domain``: mesh network with connectivity parameters that prevent - accidental bridging with other domains -- ``domain code``: unique domain identifier -- ``domain name``: pretty name for a domain code +- ``site``: an aggregate over multiple domains +- ``domain``: mesh network with connectivity parameters that prevent + accidental bridging with other domains +- ``domain code``: unique domain identifier +- ``domain name``: pretty name for a domain code By default Gluon builds firmware with a single domain embedded into ``site.conf``. To use multiple domains, enable it in ``site.mk``: :: - GLUON_MULTIDOMAIN=1 + GLUON_MULTIDOMAIN=1 In the site repository, create the ``domains/`` directory, which will hold your domain configurations. Each domain configuration file is named @@ -41,26 +41,26 @@ supported. :: - site/ - |-- site.conf - |-- site.mk - |-- i18n/ - |-- domains/ - |-- alpha_centauri.conf - |-- beta_centauri.conf - |-- gamma_centauri.conf + site/ + |-- site.conf + |-- site.mk + |-- i18n/ + |-- domains/ + |-- alpha_centauri.conf + |-- beta_centauri.conf + |-- gamma_centauri.conf The domain configuration ``alpha_centauri.conf`` could look like this. :: - { - domain_names = { - alpha_centauri = 'Alpha Centauri' - }, + { + domain_names = { + alpha_centauri = 'Alpha Centauri' + }, - -- more domain specific config follows below - } + -- more domain specific config follows below + } In this example “Alpha Centauri” is the user-visible ``domain_name`` for the domain_code ``alpha_centauri``. Also note that the domain code @@ -93,12 +93,12 @@ Via commandline :: - gluon-switch-domain 'newdomaincode' + gluon-switch-domain 'newdomaincode' When the node is not in config mode, ``gluon-switch-domain`` will automatically reboot the node by default. This can be suppressed by passing ``--no-reboot``:: - gluon-switch-domain --no-reboot 'newdomaincode' + gluon-switch-domain --no-reboot 'newdomaincode' Switching the domain without reboot is currently **experimental**. @@ -123,115 +123,115 @@ site or domain context. site.conf only variables ^^^^^^^^^^^^^^^^^^^^^^^^ -- Used in as initial default values, when the firmware was just flashed - and/or the config mode is skipped, so they do not make sense in a - domain specific way: +- Used in as initial default values, when the firmware was just flashed + and/or the config mode is skipped, so they do not make sense in a + domain specific way: - - authorized_keys - - default_domain - - poe_passthrough - - mesh_on_wan - - mesh_on_lan - - single_as_lan - - setup_mode.skip - - autoupdater.branch - - mesh_vpn.enabled - - mesh_vpn.pubkey_privacy - - mesh_vpn.bandwidth_limit - - mesh_vpn.bandwidth_limit.enabled - - mesh_vpn.bandwidth_limit.ingress - - mesh_vpn.bandwidth_limit.egress + - authorized_keys + - default_domain + - poe_passthrough + - mesh_on_wan + - mesh_on_lan + - single_as_lan + - setup_mode.skip + - autoupdater.branch + - mesh_vpn.enabled + - mesh_vpn.pubkey_privacy + - mesh_vpn.bandwidth_limit + - mesh_vpn.bandwidth_limit.enabled + - mesh_vpn.bandwidth_limit.ingress + - mesh_vpn.bandwidth_limit.egress -- Variables that influence the appearance of the config mode, - domain-independent because they are relevant before a domain was selected. +- Variables that influence the appearance of the config mode, + domain-independent because they are relevant before a domain was selected. - - config_mode.geo_location.show_altitude - - config_mode.hostname.optional - - config_mode.remote_login - - config_mode.remote_login.show_password_form - - config_mode.remote_login.min_password_length - - hostname_prefix - - mesh_vpn.fastd.configurable - - roles.default - - roles.list + - config_mode.geo_location.show_altitude + - config_mode.hostname.optional + - config_mode.remote_login + - config_mode.remote_login.show_password_form + - config_mode.remote_login.min_password_length + - hostname_prefix + - mesh_vpn.fastd.configurable + - roles.default + - roles.list -- Specific to a firmware build itself: +- Specific to a firmware build itself: - - site_code - - site_name - - autoupdater.branches.*.name - - autoupdater.branches.*.good_signatures - - autoupdater.branches.*.pubkeys + - site_code + - site_name + - autoupdater.branches.*.name + - autoupdater.branches.*.good_signatures + - autoupdater.branches.*.pubkeys -- We simply do not see any reason, why these variables could be helpful - in a domain specific way: +- We simply do not see any reason, why these variables could be helpful + in a domain specific way: - - mesh_vpn.fastd.syslog_level - - timezone - - regdom + - mesh_vpn.fastd.syslog_level + - timezone + - regdom domain.conf only variables ^^^^^^^^^^^^^^^^^^^^^^^^^^ -- Obviously: +- Obviously: - - domain_names + - domain_names - - a table of domain codes to domain names - ``domain_names = { foo = 'Foo Domain', bar = 'Bar Domain', baz = 'Baz Domain' }`` + - a table of domain codes to domain names + ``domain_names = { foo = 'Foo Domain', bar = 'Bar Domain', baz = 'Baz Domain' }`` - - hide_domain + - hide_domain - - prevents a domain name(s) from appearing in config mode, either - boolean or array of domain codes + - prevents a domain name(s) from appearing in config mode, either + boolean or array of domain codes - - ``true``, ``false`` - - ``{ 'foo', 'bar' }`` + - ``true``, ``false`` + - ``{ 'foo', 'bar' }`` -- Because each domain is considered as an own layer 2 network, these - values should be different in each domain: +- Because each domain is considered as an own layer 2 network, these + values should be different in each domain: - - next_node.ip4 - - next_node.ip6 - - next_node.name - - prefix6 - - prefix4 - - extra_prefixes6 + - next_node.ip4 + - next_node.ip6 + - next_node.name + - prefix6 + - prefix4 + - extra_prefixes6 -- To prevent accidental bridging of different domains, all meshing - technologies should be separated: +- To prevent accidental bridging of different domains, all meshing + technologies should be separated: - - domain_seed (wired mesh) + - domain_seed (wired mesh) - - must be a random value used to derive the vxlan id for wired meshing + - must be a random value used to derive the vxlan id for wired meshing - - wifi*.mesh.id - - mesh_vpn.fastd.groups.*.peers.remotes - - mesh_vpn.fastd.groups.*.peers.key - - mesh_vpn.tunneldigger.brokers + - wifi*.mesh.id + - mesh_vpn.fastd.groups.*.peers.remotes + - mesh_vpn.fastd.groups.*.peers.key + - mesh_vpn.tunneldigger.brokers -- Clients consider WiFi networks sharing the same ESSID as if they were - the same L2 network and try to reconfirm and reuse previous - addressing. If multiple neighbouring domains shared the same ESSID, - the roaming experience of clients would degrade. +- Clients consider WiFi networks sharing the same ESSID as if they were + the same L2 network and try to reconfirm and reuse previous + addressing. If multiple neighbouring domains shared the same ESSID, + the roaming experience of clients would degrade. - - wifi*.ap.ssid + - wifi*.ap.ssid -- Some values should be only set in legacy domains and not in new domains. +- Some values should be only set in legacy domains and not in new domains. - - mesh.vxlan + - mesh.vxlan - - By default, this value is `true`. It should be only set to `false` - for one legacy domain, since vxlan prevents accidental wired - merges of domains. For old domains this value is still available - to keep compatibility between all nodes in one domain. + - By default, this value is `true`. It should be only set to `false` + for one legacy domain, since vxlan prevents accidental wired + merges of domains. For old domains this value is still available + to keep compatibility between all nodes in one domain. - - next_node.mac + - next_node.mac - - For new domains, the default value should be used, since there is - no need for a special mac (or domain specific mac). For old domains - this value is still available to keep compatibility between all - nodes in one domain. + - For new domains, the default value should be used, since there is + no need for a special mac (or domain specific mac). For old domains + this value is still available to keep compatibility between all + nodes in one domain. Example config -------------- diff --git a/docs/features/vpn.rst b/docs/features/vpn.rst index 8697baad..c1ed9336 100644 --- a/docs/features/vpn.rst +++ b/docs/features/vpn.rst @@ -52,6 +52,6 @@ socket can be interrogated, after installing for example `socat`. :: - opkg update - opkg install socat - socat - UNIX-CONNECT:/var/run/fastd.mesh_vpn.socket + opkg update + opkg install socat + socat - UNIX-CONNECT:/var/run/fastd.mesh_vpn.socket diff --git a/docs/package/gluon-mesh-batman-adv.rst b/docs/package/gluon-mesh-batman-adv.rst index 29135324..cd362ede 100644 --- a/docs/package/gluon-mesh-batman-adv.rst +++ b/docs/package/gluon-mesh-batman-adv.rst @@ -2,7 +2,7 @@ gluon-mesh-batman-adv ===================== .. image:: gluon-mesh-batman-adv-logo.svg - :width: 300 px + :width: 300 px B.A.T.M.A.N. Advanced (often referenced as batman-adv) is an implementation of the B.A.T.M.A.N. routing protocol in form of a linux kernel module operating on layer 2. @@ -47,7 +47,7 @@ Multicast Architecture ---------------------- .. image:: gluon-mesh-batman-adv-multicast.svg - :width: 300 px + :width: 300 px While generally broadcast capability is a nice feature of a layer 2 mesh protocol, it quickly reaches its limit. diff --git a/docs/package/gluon-scheduled-domain-switch.rst b/docs/package/gluon-scheduled-domain-switch.rst index ee1fe146..f67c500d 100644 --- a/docs/package/gluon-scheduled-domain-switch.rst +++ b/docs/package/gluon-scheduled-domain-switch.rst @@ -15,15 +15,15 @@ site.conf All those settings have to be defined exclusively in the domain, not the site. domain_switch : optional (needed for domains to switch) - target_domain : - - target domain to switch to - switch_after_offline_mins : - - amount of time without reachable gateway to switch unconditionally - switch_time : - - UNIX epoch after which domain will be switched - connection_check_targets : - - array of IPv6 addresses which are probed to determine if the node is - connected to the mesh + target_domain : + - target domain to switch to + switch_after_offline_mins : + - amount of time without reachable gateway to switch unconditionally + switch_time : + - UNIX epoch after which domain will be switched + connection_check_targets : + - array of IPv6 addresses which are probed to determine if the node is + connected to the mesh Example:: diff --git a/docs/releases/v2015.1.rst b/docs/releases/v2015.1.rst index 2fd694c1..785c2b28 100644 --- a/docs/releases/v2015.1.rst +++ b/docs/releases/v2015.1.rst @@ -170,16 +170,16 @@ Site changes for example:: fastd_mesh_vpn = { - methods = {'salsa2012+umac'}, - mtu = 1426, - groups = { - backbone = { - limit = 2, - peers = { - -- ... - } - } + methods = {'salsa2012+umac'}, + mtu = 1426, + groups = { + backbone = { + limit = 2, + peers = { + -- ... + } } + } } - ``config_mode``: The config mode messages aren't configured in ``site.conf`` anymore. Instead, they are @@ -190,11 +190,11 @@ Site changes in the site i18n files. The ``site.conf`` section becomes:: roles = { - default = 'foo', - list = { - 'foo', - 'bar', - } + default = 'foo', + list = { + 'foo', + 'bar', + } } The display string use i18n message IDs like ``gluon-luci-node-role:role:foo`` and ``gluon-luci-node-role:role:bar``. diff --git a/docs/releases/v2016.1.5.rst b/docs/releases/v2016.1.5.rst index 142be29e..8752a917 100644 --- a/docs/releases/v2016.1.5.rst +++ b/docs/releases/v2016.1.5.rst @@ -9,21 +9,21 @@ ar71xx-generic * OpenMesh - - MR600 (v1, v2) - - MR900 (v1, v2) - - OM2P (v1, v2) - - OM2P-HS (v1, v2) - - OM2P-LC - - OM5P - - OM5P-AN + - MR600 (v1, v2) + - MR900 (v1, v2) + - OM2P (v1, v2) + - OM2P-HS (v1, v2) + - OM2P-LC + - OM5P + - OM5P-AN * Ubiquiti - - Rocket M XW + - Rocket M XW * TP-LINK - - TL-WR841N/ND v11 + - TL-WR841N/ND v11 Bugfixes ~~~~~~~~ diff --git a/docs/releases/v2019.1.1.rst b/docs/releases/v2019.1.1.rst index 0385e8bf..2e173d7a 100644 --- a/docs/releases/v2019.1.1.rst +++ b/docs/releases/v2019.1.1.rst @@ -30,13 +30,13 @@ Known issues * The integration of the BATMAN_V routing algorithm is incomplete. - - | Mesh neighbors don't appear on the status page. (`#1726 `_) - | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput - | metric. + - | Mesh neighbors don't appear on the status page. (`#1726 `_) + | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput + | metric. - - | Throughput values are not correctly acquired for different interface types. - | (`#1728 `_) - | This affects virtual interface types like bridges and VXLAN. + - | Throughput values are not correctly acquired for different interface types. + | (`#1728 `_) + | This affects virtual interface types like bridges and VXLAN. * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 `_) diff --git a/docs/releases/v2019.1.2.rst b/docs/releases/v2019.1.2.rst index 7d44fd49..7231b4ef 100644 --- a/docs/releases/v2019.1.2.rst +++ b/docs/releases/v2019.1.2.rst @@ -26,13 +26,13 @@ Known issues * The integration of the BATMAN_V routing algorithm is incomplete. - - | Mesh neighbors don't appear on the status page. (`#1726 `_) - | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput - | metric. + - | Mesh neighbors don't appear on the status page. (`#1726 `_) + | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput + | metric. - - | Throughput values are not correctly acquired for different interface types. - | (`#1728 `_) - | This affects virtual interface types like bridges and VXLAN. + - | Throughput values are not correctly acquired for different interface types. + | (`#1728 `_) + | This affects virtual interface types like bridges and VXLAN. * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 `_) diff --git a/docs/releases/v2019.1.3.rst b/docs/releases/v2019.1.3.rst index 11dd0959..aab21693 100644 --- a/docs/releases/v2019.1.3.rst +++ b/docs/releases/v2019.1.3.rst @@ -36,13 +36,13 @@ Known issues * The integration of the BATMAN_V routing algorithm is incomplete. - - | Mesh neighbors don't appear on the status page. (`#1726 `_) - | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput - | metric. + - | Mesh neighbors don't appear on the status page. (`#1726 `_) + | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput + | metric. - - | Throughput values are not correctly acquired for different interface types. - | (`#1728 `_) - | This affects virtual interface types like bridges and VXLAN. + - | Throughput values are not correctly acquired for different interface types. + | (`#1728 `_) + | This affects virtual interface types like bridges and VXLAN. * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 `_) diff --git a/docs/releases/v2019.1.rst b/docs/releases/v2019.1.rst index a9e0a829..6632b119 100644 --- a/docs/releases/v2019.1.rst +++ b/docs/releases/v2019.1.rst @@ -73,8 +73,8 @@ ramips-mt7621 .. note:: - The ``ipq806x`` target has been flagged as broken, as none of its devices are fully supported in this OpenWrt - release yet. You might have to update your build scripts accordingly. + The ``ipq806x`` target has been flagged as broken, as none of its devices are fully supported in this OpenWrt + release yet. You might have to update your build scripts accordingly. @@ -109,20 +109,20 @@ have outdoor mode automatically enabled during their initial setup, specifically * Ubiquiti - - Bullet M - - Litebeam M5 - - Nanostation M5 - - Nanostation M5 Loco - - Rocket M5 - - Rocket M5 TI - - Unifi AC Mesh - - Unifi AC Mesh Pro - - Unifi Outdoor + - Bullet M + - Litebeam M5 + - Nanostation M5 + - Nanostation M5 Loco + - Rocket M5 + - Rocket M5 TI + - Unifi AC Mesh + - Unifi AC Mesh Pro + - Unifi Outdoor * TP-Link - - CPE510 - - WBS510 + - CPE510 + - WBS510 See the :ref:`wifi5 ` section for the *site.conf* configuration of this feature. @@ -253,13 +253,13 @@ Known issues * The integration of the BATMAN_V routing algorithm is incomplete. - - | Mesh neighbors don't appear on the status page. (`#1726 `_) - | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput - | metric. + - | Mesh neighbors don't appear on the status page. (`#1726 `_) + | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput + | metric. - - | Throughput values are not correctly acquired for different interface types. - | (`#1728 `_) - | This affects virtual interface types like bridges and VXLAN. + - | Throughput values are not correctly acquired for different interface types. + | (`#1728 `_) + | This affects virtual interface types like bridges and VXLAN. * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 `_) diff --git a/docs/releases/v2020.1.1.rst b/docs/releases/v2020.1.1.rst index f18d1133..c7841531 100644 --- a/docs/releases/v2020.1.1.rst +++ b/docs/releases/v2020.1.1.rst @@ -25,13 +25,13 @@ Known issues - The integration of the BATMAN_V routing algorithm is incomplete. - - | Mesh neighbors don't appear on the status page. (`#1726 `_) - | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput - | metric. + - | Mesh neighbors don't appear on the status page. (`#1726 `_) + | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput + | metric. - - | Throughput values are not correctly acquired for different interface types. - | (`#1728 `_) - | This affects virtual interface types like bridges and VXLAN. + - | Throughput values are not correctly acquired for different interface types. + | (`#1728 `_) + | This affects virtual interface types like bridges and VXLAN. - Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 `_) diff --git a/docs/releases/v2020.1.2.rst b/docs/releases/v2020.1.2.rst index 37adb6a1..4bc7c800 100644 --- a/docs/releases/v2020.1.2.rst +++ b/docs/releases/v2020.1.2.rst @@ -50,13 +50,13 @@ Known issues - The integration of the BATMAN_V routing algorithm is incomplete. - - | Mesh neighbors don't appear on the status page. (`#1726 `_) - | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput - | metric. + - | Mesh neighbors don't appear on the status page. (`#1726 `_) + | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput + | metric. - - | Throughput values are not correctly acquired for different interface types. - | (`#1728 `_) - | This affects virtual interface types like bridges and VXLAN. + - | Throughput values are not correctly acquired for different interface types. + | (`#1728 `_) + | This affects virtual interface types like bridges and VXLAN. - Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 `_) diff --git a/docs/releases/v2020.1.3.rst b/docs/releases/v2020.1.3.rst index 429d4c78..7b82b433 100644 --- a/docs/releases/v2020.1.3.rst +++ b/docs/releases/v2020.1.3.rst @@ -30,13 +30,13 @@ Known issues - The integration of the BATMAN_V routing algorithm is incomplete. - - | Mesh neighbors don't appear on the status page. (`#1726 `_) - | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput - | metric. + - | Mesh neighbors don't appear on the status page. (`#1726 `_) + | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput + | metric. - - | Throughput values are not correctly acquired for different interface types. - | (`#1728 `_) - | This affects virtual interface types like bridges and VXLAN. + - | Throughput values are not correctly acquired for different interface types. + | (`#1728 `_) + | This affects virtual interface types like bridges and VXLAN. - Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 `_) diff --git a/docs/releases/v2020.1.rst b/docs/releases/v2020.1.rst index d3bea233..8dd23630 100644 --- a/docs/releases/v2020.1.rst +++ b/docs/releases/v2020.1.rst @@ -11,80 +11,80 @@ Added hardware support ath79-generic ~~~~~~~~~~~~~ -- devolo WiFi pro 1200e -- devolo WiFi pro 1200i -- devolo WiFi pro 1750c -- devolo WiFi pro 1750e -- devolo WiFi pro 1750i -- devolo WiFi pro 1750x -- GL.iNet GL-AR300M-Lite -- OCEDO Raccoon -- TP-Link Archer C6 v2 +- devolo WiFi pro 1200e +- devolo WiFi pro 1200i +- devolo WiFi pro 1750c +- devolo WiFi pro 1750e +- devolo WiFi pro 1750i +- devolo WiFi pro 1750x +- GL.iNet GL-AR300M-Lite +- OCEDO Raccoon +- TP-Link Archer C6 v2 ipq40xx-generic ~~~~~~~~~~~~~~~ -- Aruba AP-303 -- Aruba Instant On AP11 -- AVM FRITZ!Repeater 1200 +- Aruba AP-303 +- Aruba Instant On AP11 +- AVM FRITZ!Repeater 1200 ipq806x-generic ~~~~~~~~~~~~~~~ -- Netgear R7800 +- Netgear R7800 lantiq-xway ~~~~~~~~~~~ -- AVM FRITZ!Box 7312 -- AVM FRITZ!Box 7320 -- AVM FRITZ!Box 7330 -- AVM FRITZ!Box 7330 SL +- AVM FRITZ!Box 7312 +- AVM FRITZ!Box 7320 +- AVM FRITZ!Box 7330 +- AVM FRITZ!Box 7330 SL lantiq-xrx200 ~~~~~~~~~~~~~ -- AVM FRITZ!Box 7360 (v1, v2) -- AVM FRITZ!Box 7360 SL -- AVM FRITZ!Box 7362 SL -- AVM FRITZ!Box 7412 +- AVM FRITZ!Box 7360 (v1, v2) +- AVM FRITZ!Box 7360 SL +- AVM FRITZ!Box 7362 SL +- AVM FRITZ!Box 7412 mpc85xx-p1020 ~~~~~~~~~~~~~ -- Enterasys WS-AP3710i -- OCEDO Panda +- Enterasys WS-AP3710i +- OCEDO Panda ramips-mt7620 ~~~~~~~~~~~~~ -- TP-Link Archer C2 (v1) -- TP-Link Archer C20 (v1) -- TP-Link Archer C20i -- TP-Link Archer C50 (v1) -- Xiaomi MiWifi Mini +- TP-Link Archer C2 (v1) +- TP-Link Archer C20 (v1) +- TP-Link Archer C20i +- TP-Link Archer C50 (v1) +- Xiaomi MiWifi Mini ramips-mt7621 ~~~~~~~~~~~~~ -- Netgear EX6150 (v1) -- Netgear R6220 +- Netgear EX6150 (v1) +- Netgear R6220 ramips-mt76x8 ~~~~~~~~~~~~~ -- GL.iNet VIXMINI -- TP-Link TL-MR3020 (v3) -- TP-Link TL-WA801ND (v5) -- TP-Link TL-WR902AC (v3) +- GL.iNet VIXMINI +- TP-Link TL-MR3020 (v3) +- TP-Link TL-WA801ND (v5) +- TP-Link TL-WR902AC (v3) Removed hardware support ------------------------ -- ALFA Network Hornet-UB [#kernelpartition_too_small]_ -- ALFA Network Tube2H [#kernelpartition_too_small]_ -- ALFA Network N2 [#kernelpartition_too_small]_ -- ALFA Network N5 [#kernelpartition_too_small]_ +- ALFA Network Hornet-UB [#kernelpartition_too_small]_ +- ALFA Network Tube2H [#kernelpartition_too_small]_ +- ALFA Network N2 [#kernelpartition_too_small]_ +- ALFA Network N5 [#kernelpartition_too_small]_ .. [#kernelpartition_too_small] The kernel partition on this device is too small to build a working image. @@ -162,8 +162,8 @@ Site changes site.mk ~~~~~~~ -- The ``GLUON_WLAN_MESH`` variable can be dropped, as 802.11s is - the only supported wireless transport from now on. +- The ``GLUON_WLAN_MESH`` variable can be dropped, as 802.11s is + the only supported wireless transport from now on. Internals --------- @@ -206,13 +206,13 @@ Known issues * The integration of the BATMAN_V routing algorithm is incomplete. - - | Mesh neighbors don't appear on the status page. (`#1726 `_) - | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput - | metric. + - | Mesh neighbors don't appear on the status page. (`#1726 `_) + | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput + | metric. - - | Throughput values are not correctly acquired for different interface types. - | (`#1728 `_) - | This affects virtual interface types like bridges and VXLAN. + - | Throughput values are not correctly acquired for different interface types. + | (`#1728 `_) + | This affects virtual interface types like bridges and VXLAN. * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 `_) diff --git a/docs/user/getting_started.rst b/docs/user/getting_started.rst index 5d8d6aa2..a7b9d0cb 100644 --- a/docs/user/getting_started.rst +++ b/docs/user/getting_started.rst @@ -44,7 +44,7 @@ We also provide a container environment that already tracks all these dependenci :: - ./scripts/container.sh + ./scripts/container.sh Building the images ------------------- @@ -54,31 +54,31 @@ version you'd like to checkout, e.g. *v2021.1*. :: - git clone https://github.com/freifunk-gluon/gluon.git gluon -b RELEASE + git clone https://github.com/freifunk-gluon/gluon.git gluon -b RELEASE This command will create a directory named *gluon/*. It might also tell a scary message about being in a *detached state*. **Don't panic!** Everything's fine. Now, enter the freshly created directory:: - cd gluon + cd gluon It's time to add (or create) your site configuration. If you already have a site repository, just clone it:: - git clone https://github.com/freifunk-alpha-centauri/site-ffac.git site + git clone https://github.com/freifunk-alpha-centauri/site-ffac.git site If you want to build a new site, create a new git repository *site/*:: - mkdir site - cd site - git init + mkdir site + cd site + git init Copy *site.conf*, *site.mk* and *i18n* from *docs/site-example*:: - cp ../docs/site-example/site.conf . - cp ../docs/site-example/site.mk . - cp -r ../docs/site-example/i18n . + cp ../docs/site-example/site.conf . + cp ../docs/site-example/site.mk . + cp -r ../docs/site-example/i18n . Edit these files as you see fit and commit them into the site repository. Extensive documentation about the site configuration can be found at: @@ -88,9 +88,9 @@ to the Gluon main repository should be avoided, as it will make updates more com Next go back to the top-level Gluon directory and build Gluon:: - cd .. - make update # Get other repositories used by Gluon - make GLUON_TARGET=ath79-generic # Build Gluon + cd .. + make update # Get other repositories used by Gluon + make GLUON_TARGET=ath79-generic # Build Gluon In case of errors read the messages carefully and try to fix the stated issues (e.g. install missing tools not available or look for Troubleshooting_ in the wiki. @@ -102,9 +102,9 @@ To see a complete list of supported targets, call ``make`` without setting ``GLU To build all targets use a loop like this:: - for TARGET in $(make list-targets); do - make GLUON_TARGET=$TARGET - done + for TARGET in $(make list-targets); do + make GLUON_TARGET=$TARGET + done You should generally reserve 5GB of disk space and additionally about 10GB for each `GLUON_TARGET`. @@ -117,7 +117,7 @@ system. of multiple copies of the same image. If your webserver's configuration prohibits following symlinks, you can use the following command to resolve these links while copying the images:: - cp -rL output/images /var/www + cp -rL output/images /var/www The directory `output/debug` contains a compressed kernel image for each architecture. @@ -130,14 +130,14 @@ Cleaning the build tree There are two levels of `make clean`:: - make clean GLUON_TARGET=ath79-generic + make clean GLUON_TARGET=ath79-generic will ensure all packages are rebuilt for a single target. This is usually not necessary, but may fix certain kinds of build failures. :: - make dirclean + make dirclean will clean the entire tree, so the toolchain will be rebuilt as well, which will take a while. diff --git a/docs/user/site.rst b/docs/user/site.rst index a3d221c4..e018bf16 100644 --- a/docs/user/site.rst +++ b/docs/user/site.rst @@ -12,543 +12,536 @@ Configuration The ``site.conf`` is a lua dictionary with the following defined keys. hostname_prefix - A string which shall prefix the default hostname of a device. + A string which shall prefix the default hostname of a device. site_name - The name of your community. + The name of your community. site_code - The code of your community. It is good practice to use the TLD of - your community here. + The code of your community. It is good practice to use the TLD of + your community here. domain_seed - 32 bytes of random data, encoded in hexadecimal, used to seed other random - values specific to the mesh domain. It must be the same for all nodes of one - mesh, but should be different for firmware that is not supposed to mesh with - each other. + 32 bytes of random data, encoded in hexadecimal, used to seed other random + values specific to the mesh domain. It must be the same for all nodes of one + mesh, but should be different for firmware that is not supposed to mesh with + each other. - The recommended way to generate a value for a new site is: - :: + The recommended way to generate a value for a new site is:: - echo $(hexdump -v -n 32 -e '1/1 "%02x"' `. + This NTP servers must be reachable via IPv6 from the nodes. If you don't want to set an IPv6 address + explicitly, but use a hostname (which is recommended), see also the :ref:`FAQ `. opkg \: optional - ``opkg`` package manager configuration. + ``opkg`` package manager configuration. - There are two optional fields in the ``opkg`` section: + There are two optional fields in the ``opkg`` section: - - ``openwrt`` overrides the default OpenWrt repository URL. The default URL would - correspond to ``http://downloads.openwrt.org/snapshots/packages/%A`` - and usually doesn't need to be changed when nodes are expected to have IPv6 - internet connectivity. - - ``extra`` specifies a table of additional repositories (with arbitrary keys) + - ``openwrt`` overrides the default OpenWrt repository URL. The default URL would + correspond to ``http://downloads.openwrt.org/snapshots/packages/%A`` + and usually doesn't need to be changed when nodes are expected to have IPv6 + internet connectivity. + - ``extra`` specifies a table of additional repositories (with arbitrary keys) - :: + :: - opkg = { - openwrt = 'http://opkg.services.ffac/openwrt/snapshots/packages/%A', - extra = { - gluon = 'http://opkg.services.ffac/modules/gluon-%GS-%GR/%S', - }, - } + opkg = { + openwrt = 'http://opkg.services.ffac/openwrt/snapshots/packages/%A', + extra = { + gluon = 'http://opkg.services.ffac/modules/gluon-%GS-%GR/%S', + }, + } - There are various patterns which can be used in the URLs: + There are various patterns which can be used in the URLs: - - ``%d`` is replaced by the OpenWrt distribution name ("openwrt") - - ``%v`` is replaced by the OpenWrt version number (e.g. "17.01") - - ``%S`` is replaced by the target board (e.g. "ath79/generic") - - ``%A`` is replaced by the target architecture (e.g. "mips_24kc") - - ``%GS`` is replaced by the Gluon site code (as specified in ``site.conf``) - - ``%GV`` is replaced by the Gluon version - - ``%GR`` is replaced by the Gluon release (as specified in ``site.mk``) + - ``%d`` is replaced by the OpenWrt distribution name ("openwrt") + - ``%v`` is replaced by the OpenWrt version number (e.g. "17.01") + - ``%S`` is replaced by the target board (e.g. "ath79/generic") + - ``%A`` is replaced by the target architecture (e.g. "mips_24kc") + - ``%GS`` is replaced by the Gluon site code (as specified in ``site.conf``) + - ``%GV`` is replaced by the Gluon version + - ``%GR`` is replaced by the Gluon release (as specified in ``site.mk``) regdom \: optional - The wireless regulatory domain responsible for your area, e.g.: - :: + The wireless regulatory domain responsible for your area, e.g. :: - regdom = 'DE' + regdom = 'DE' - Setting ``regdom`` is mandatory if ``wifi24`` or ``wifi5`` is defined. + Setting ``regdom`` is mandatory if ``wifi24`` or ``wifi5`` is defined. wifi24 \: optional - WLAN configuration for 2.4 GHz devices. - ``channel`` must be set to a valid wireless channel for your radio. - ``beacon_interval`` can be specified to set a custom beacon interval in - time units (TU). A time unit is equivalent to 1024 µs. - If not set, the default value of 100 TU (=102.4 ms) is used. + WLAN configuration for 2.4 GHz devices. + ``channel`` must be set to a valid wireless channel for your radio. + ``beacon_interval`` can be specified to set a custom beacon interval in + time units (TU). A time unit is equivalent to 1024 µs. + If not set, the default value of 100 TU (=102.4 ms) is used. + There are currently two interface types available. You may choose to + configure any subset of them: - There are currently two interface types available. You may choose to - configure any subset of them: + - ``ap`` creates a master interface where clients may connect + - ``mesh`` creates an 802.11s mesh interface with forwarding disabled - - ``ap`` creates a master interface where clients may connect - - ``mesh`` creates an 802.11s mesh interface with forwarding disabled + Each interface may be disabled by setting ``disabled`` to ``true``. + This will only affect new installations. + Upgrades will not change the disabled state. - Each interface may be disabled by setting ``disabled`` to ``true``. - This will only affect new installations. - Upgrades will not change the disabled state. + ``ap`` holds the client network configuration. + To create an unencrypted client network, a string named ``ssid`` which sets the + interface's ESSID is required. This is the wireless network clients connect to. + For an OWE secured network, the ``owe_ssid`` string has to be set. It sets the + SSID for the opportunistically encrypted wireless network, to which compatible + clients can connect to. + For OWE to work, the ``wireless-encryption-wpa3`` has to be enabled (usually by + adding it to ``GLUON_FEATURES_standard``) in your ``site.mk``. + To utilize the OWE transition mode, ``owe_transition_mode`` has to be set to true. + When ``owe_transition_mode`` is enabled, the OWE secured SSID will be hidden. + Compatible devices will automatically connect to the OWE secured SSID when selecting + the open SSID. + Note that for the transition mode to work, both ``ssid`` as well as ``owe_ssid`` + have to be enabled. Also, some devices with a broken implementation might not be able + to connect with a transition-mode enabled network. - ``ap`` holds the client network configuration. - To create an unencrypted client network, a string named ``ssid`` which sets the - interface's ESSID is required. This is the wireless network clients connect to. - For an OWE secured network, the ``owe_ssid`` string has to be set. It sets the - SSID for the opportunistically encrypted wireless network, to which compatible - clients can connect to. - For OWE to work, the ``wireless-encryption-wpa3`` has to be enabled (usually by - adding it to ``GLUON_FEATURES_standard``) in your ``site.mk``. - To utilize the OWE transition mode, ``owe_transition_mode`` has to be set to true. - When ``owe_transition_mode`` is enabled, the OWE secured SSID will be hidden. - Compatible devices will automatically connect to the OWE secured SSID when selecting - the open SSID. - Note that for the transition mode to work, both ``ssid`` as well as ``owe_ssid`` - have to be enabled. Also, some devices with a broken implementation might not be able - to connect with a transition-mode enabled network. + ``mesh`` requires a single parameter, a string, named ``id`` which sets the + mesh id, also visible as an open WiFi in some network managers. Usually you + don't want users to connect to this mesh-SSID, so use a cryptic id that no + one will accidentally mistake for the client WiFi. - ``mesh`` requires a single parameter, a string, named ``id`` which sets the - mesh id, also visible as an open WiFi in some network managers. Usually you - don't want users to connect to this mesh-SSID, so use a cryptic id that no - one will accidentally mistake for the client WiFi. + ``mesh`` also accepts an optional ``mcast_rate`` (kbit/s) parameter for + setting the multicast bitrate. Increasing the default value of 1000 to something + like 12000 is recommended. - ``mesh`` also accepts an optional ``mcast_rate`` (kbit/s) parameter for - setting the multicast bitrate. Increasing the default value of 1000 to something - like 12000 is recommended. - :: + :: - wifi24 = { - channel = 11, - ap = { - ssid = 'alpha-centauri.freifunk.net', - owe_ssid = 'owe.alpha-centauri.freifunk.net', - owe_transition_mode = true, - }, - mesh = { - id = 'ueH3uXjdp', - mcast_rate = 12000, - }, - }, + wifi24 = { + channel = 11, + ap = { + ssid = 'alpha-centauri.freifunk.net', + owe_ssid = 'owe.alpha-centauri.freifunk.net', + owe_transition_mode = true, + }, + mesh = { + id = 'ueH3uXjdp', + mcast_rate = 12000, + }, + }, .. _user-site-wifi5: wifi5 \: optional - Same as `wifi24` but for the 5 GHz radio. + Same as `wifi24` but for the 5 GHz radio. - Additionally a range of channels that are safe to use outsides on the 5 GHz band can - be set up through ``outdoor_chanlist``, which allows for a space-separated list of - channels and channel ranges, separated by a hyphen. - When set this offers the outdoor mode flag for 5 GHz radios in the config mode which - reconfigures the AP to select its channel from outdoor chanlist, while respecting - regulatory specifications, and disables mesh on that radio. - The ``outdoors`` option in turn allows to configure when outdoor mode will be enabled. - When set to ``true`` all 5 GHz radios will use outdoor channels, while on ``false`` - the outdoor mode will be completely disabled. The default setting is ``'preset'``, - which will enable outdoor mode automatically on outdoor-capable devices. + Additionally a range of channels that are safe to use outsides on the 5 GHz band can + be set up through ``outdoor_chanlist``, which allows for a space-separated list of + channels and channel ranges, separated by a hyphen. + When set this offers the outdoor mode flag for 5 GHz radios in the config mode which + reconfigures the AP to select its channel from outdoor chanlist, while respecting + regulatory specifications, and disables mesh on that radio. + The ``outdoors`` option in turn allows to configure when outdoor mode will be enabled. + When set to ``true`` all 5 GHz radios will use outdoor channels, while on ``false`` + the outdoor mode will be completely disabled. The default setting is ``'preset'``, + which will enable outdoor mode automatically on outdoor-capable devices. - It can be beneficial to look up the WLAN channels that are used by `weather radars`_ - when constructing ``outdoor_chanlist`` to try and minimize the impact of DFS events. + It can be beneficial to look up the WLAN channels that are used by `weather radars`_ + when constructing ``outdoor_chanlist`` to try and minimize the impact of DFS events. - .. _weather radars: https://homepage.univie.ac.at/albert.rafetseder/RADARs/help.html + .. _weather radars: https://homepage.univie.ac.at/albert.rafetseder/RADARs/help.html - :: + :: - wifi5 = { - channel = 44, - outdoor_chanlist = "100-140", + wifi5 = { + channel = 44, + outdoor_chanlist = "100-140", - [...] - }, + [...] + }, next_node \: package - Configuration of the local node feature of Gluon - :: + Configuration of the local node feature of Gluon - next_node = { - name = { 'nextnode.location.community.example.org', 'nextnode', 'nn' }, - ip4 = '10.23.42.1', - ip6 = 'fdca:ffee:babe:1::1', - mac = '16:41:95:40:f7:dc' - } + :: - All values of this section are optional. If the IPv4 or IPv6 address is - omitted, there will be no IPv4 or IPv6 anycast address. The MAC address - defaults to ``16:41:95:40:f7:dc``; this value usually doesn't need to be - changed, but it can be adjusted to match existing deployments that use a - different value. + next_node = { + name = { 'nextnode.location.community.example.org', 'nextnode', 'nn' }, + ip4 = '10.23.42.1', + ip6 = 'fdca:ffee:babe:1::1', + mac = '16:41:95:40:f7:dc' + } - When the nodes' next-node address is used as a DNS resolver by clients - (by passing it via DHCP or router advertisements), it may be useful to - allow resolving a next-node hostname without referring to an upstream DNS - server (e.g. to allow reaching the node using such a hostname via HTTP or SSH - in isolated mesh segments). This is possible by providing one or more names - in the ``name`` field. + All values of this section are optional. If the IPv4 or IPv6 address is + omitted, there will be no IPv4 or IPv6 anycast address. The MAC address + defaults to ``16:41:95:40:f7:dc``; this value usually doesn't need to be + changed, but it can be adjusted to match existing deployments that use a + different value. + + When the nodes' next-node address is used as a DNS resolver by clients + (by passing it via DHCP or router advertisements), it may be useful to + allow resolving a next-node hostname without referring to an upstream DNS + server (e.g. to allow reaching the node using such a hostname via HTTP or SSH + in isolated mesh segments). This is possible by providing one or more names + in the ``name`` field. .. _user-site-mesh: mesh - Configuration of general mesh functionality. + Configuration of general mesh functionality. - To avoid inter-mesh links, Gluon can encapsulate the mesh protocol in VXLAN - for Mesh-on-LAN/WAN. It is recommended to set *mesh.vxlan* to ``true`` to - enable VXLAN in new setups. Setting it to ``false`` disables this - encapsulation to allow meshing with other nodes that don't support VXLAN - (Gluon 2017.1.x and older). In multi-domain setups, *mesh.vxlan* is optional - and defaults to ``true``. + To avoid inter-mesh links, Gluon can encapsulate the mesh protocol in VXLAN + for Mesh-on-LAN/WAN. It is recommended to set *mesh.vxlan* to ``true`` to + enable VXLAN in new setups. Setting it to ``false`` disables this + encapsulation to allow meshing with other nodes that don't support VXLAN + (Gluon 2017.1.x and older). In multi-domain setups, *mesh.vxlan* is optional + and defaults to ``true``. - Gluon generally segments layer-2 meshes so that each node becomes IGMP/MLD - querier for its own local clients. This is necessary for reliable multicast - snooping. The segmentation is realized by preventing IGMP/MLD queries from - passing through the mesh. See also - :ref:`gluon-mesh-batman-adv ` for details. + Gluon generally segments layer-2 meshes so that each node becomes IGMP/MLD + querier for its own local clients. This is necessary for reliable multicast + snooping. The segmentation is realized by preventing IGMP/MLD queries from + passing through the mesh. See also + :ref:`gluon-mesh-batman-adv ` for details. - By default, not only queries are filtered, but also membership report and - leave packets, as they add to the background noise of the mesh. As a - consequence, snooping switches outside the mesh that are connected to a - Gluon node need to be configured to forward all multicast traffic towards - the mesh; this is usually not a problem, as such setups are unusual. If - you run a special-purpose mesh that requires membership reports to be - working, this filtering can be disabled by setting the - optional *filter_membership_reports* value to ``false``. + By default, not only queries are filtered, but also membership report and + leave packets, as they add to the background noise of the mesh. As a + consequence, snooping switches outside the mesh that are connected to a + Gluon node need to be configured to forward all multicast traffic towards + the mesh; this is usually not a problem, as such setups are unusual. If + you run a special-purpose mesh that requires membership reports to be + working, this filtering can be disabled by setting the + optional *filter_membership_reports* value to ``false``. - In addition, options specific to the batman-adv routing protocol can be set - in the *batman_adv* section: + In addition, options specific to the batman-adv routing protocol can be set + in the *batman_adv* section: - The mandatory value *routing_algo* selects the batman-adv protocol variant. - The following values are supported: + The mandatory value *routing_algo* selects the batman-adv protocol variant. + The following values are supported: - - ``BATMAN_IV`` - - ``BATMAN_V`` + - ``BATMAN_IV`` + - ``BATMAN_V`` - The optional value *gw_sel_class* sets the gateway selection class, the - default is ``20`` for B.A.T.M.A.N. IV and ``5000`` kbit/s for B.A.T.M.A.N. V. + The optional value *gw_sel_class* sets the gateway selection class, the + default is ``20`` for B.A.T.M.A.N. IV and ``5000`` kbit/s for B.A.T.M.A.N. V. - - **B.A.T.M.A.N. IV:** with the value ``20`` the gateway is selected based - on the link quality (TQ) only; with class ``1`` it is calculated from - both, the TQ and the announced bandwidth. - - **B.A.T.M.A.N. V:** with the value ``1500`` the gateway is selected if the - throughput is at least 1500 kbit/s faster than the throughput of the - currently selected gateway. + - **B.A.T.M.A.N. IV:** with the value ``20`` the gateway is selected based + on the link quality (TQ) only; with class ``1`` it is calculated from + both, the TQ and the announced bandwidth. + - **B.A.T.M.A.N. V:** with the value ``1500`` the gateway is selected if the + throughput is at least 1500 kbit/s faster than the throughput of the + currently selected gateway. - For details on determining the threshold, when to switch to a new gateway, - see `batctl manpage`_, section "gw_mode". + For details on determining the threshold, when to switch to a new gateway, + see `batctl manpage`_, section "gw_mode". - .. _batctl manpage: https://www.open-mesh.org/projects/batman-adv/wiki/Gateways + .. _batctl manpage: https://www.open-mesh.org/projects/batman-adv/wiki/Gateways - :: + :: - mesh = { - vxlan = true, - filter_membership_reports = false, - batman_adv = { - routing_algo = 'BATMAN_IV', - gw_sel_class = 1, - }, - } + mesh = { + vxlan = true, + filter_membership_reports = false, + batman_adv = { + routing_algo = 'BATMAN_IV', + gw_sel_class = 1, + }, + } mesh_vpn - Remote server setup for the mesh VPN. + Remote server setup for the mesh VPN. - The `enabled` option can be set to true to enable the VPN by default. `mtu` - defines the MTU of the VPN interface, determining a proper MTU value is described - in the :ref:`FAQ `. + The `enabled` option can be set to true to enable the VPN by default. `mtu` + defines the MTU of the VPN interface, determining a proper MTU value is described + in the :ref:`FAQ `. - By default the public key of a node's VPN daemon is not added to announced respondd - data; this prevents malicious ISPs from correlating VPN sessions with specific mesh - nodes via public respondd data. If this is of no concern in your threat model, - this behaviour can be disabled (and thus announcing the public key be enabled) by - setting `pubkey_privacy` to `false`. At the moment, this option only affects fastd. + By default the public key of a node's VPN daemon is not added to announced respondd + data; this prevents malicious ISPs from correlating VPN sessions with specific mesh + nodes via public respondd data. If this is of no concern in your threat model, + this behaviour can be disabled (and thus announcing the public key be enabled) by + setting `pubkey_privacy` to `false`. At the moment, this option only affects fastd. - The `fastd` section configures settings specific to the *fastd* VPN - implementation. + The `fastd` section configures settings specific to the *fastd* VPN + implementation. - If `configurable` is set to `false` or unset, the method list will be replaced on updates - with the list from the site configuration. Setting `configurable` to `true` will allow the user to - add the method ``null`` to the beginning of the method list or remove ``null`` from it, - and make this change survive updates. Setting `configurable` is necessary for the - package `gluon-web-mesh-vpn-fastd`, which adds a UI for this configuration. + If `configurable` is set to `false` or unset, the method list will be replaced on updates + with the list from the site configuration. Setting `configurable` to `true` will allow the user to + add the method ``null`` to the beginning of the method list or remove ``null`` from it, + and make this change survive updates. Setting `configurable` is necessary for the + package `gluon-web-mesh-vpn-fastd`, which adds a UI for this configuration. - In any case, the ``null`` method should always be the first method in the list - if it is supported at all. You should only set `configurable` to `true` if the - configured peers support both the ``null`` method and methods with encryption. + In any case, the ``null`` method should always be the first method in the list + if it is supported at all. You should only set `configurable` to `true` if the + configured peers support both the ``null`` method and methods with encryption. - You can set syslog_level from verbose (default) to warn to reduce syslog output. + You can set syslog_level from verbose (default) to warn to reduce syslog output. - fastd allows to configure a tree of peer groups and peers. By default, the - list of groups and peers configured in the *fastd* UCI config is completely - replaced by the list from site.conf on upgrades. To allow custom modifications - to the peer list, removal and modification of peers can be prevented by - setting the *preserve* option of a peer to ``1`` in UCI. + fastd allows to configure a tree of peer groups and peers. By default, the + list of groups and peers configured in the *fastd* UCI config is completely + replaced by the list from site.conf on upgrades. To allow custom modifications + to the peer list, removal and modification of peers can be prevented by + setting the *preserve* option of a peer to ``1`` in UCI. - The `tunneldigger` section is used to define the *tunneldigger* broker list. + The `tunneldigger` section is used to define the *tunneldigger* broker list. - **Note:** It doesn't make sense to include both `fastd` and `tunneldigger` - sections in the same configuration file, as only one of the packages *gluon-mesh-vpn-fastd* - and *gluon-mesh-vpn-tunneldigger* should be installed with the current - implementation. + **Note:** It doesn't make sense to include both `fastd` and `tunneldigger` + sections in the same configuration file, as only one of the packages *gluon-mesh-vpn-fastd* + and *gluon-mesh-vpn-tunneldigger* should be installed with the current + implementation. - **Note:** It may be interesting to include the package *gluon-iptables-clamp-mss-to-pmtu* - in the build when using *gluon-mesh-babel* to work around ICMP blackholes on the internet. + **Note:** It may be interesting to include the package *gluon-iptables-clamp-mss-to-pmtu* + in the build when using *gluon-mesh-babel* to work around ICMP blackholes on the internet. - :: + :: - mesh_vpn = { - -- enabled = true, - mtu = 1312, - -- pubkey_privacy = true, + mesh_vpn = { + -- enabled = true, + mtu = 1312, + -- pubkey_privacy = true, - fastd = { - methods = {'salsa2012+umac'}, - -- configurable = true, - -- syslog_level = 'warn', - groups = { - backbone = { - -- Limit number of connected peers from this group - limit = 1, - peers = { - peer1 = { - key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', - -- Having multiple domains prevents SPOF in freifunk.net - remotes = { - 'ipv4 "vpn1.alpha-centauri.freifunk.net" port 10000', - 'ipv4 "vpn1.alpha-centauri-freifunk.de" port 10000', - }, - }, - peer2 = { - key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', - -- You can also omit the ipv4 to allow both connection via ipv4 and ipv6 - remotes = {'"vpn2.alpha-centauri.freifunk.net" port 10000'}, - }, - peer3 = { - key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', - -- In addition to domains you can also add ip addresses, which provides - -- resilience in case of dns outages - remotes = { - '"vpn3.alpha-centauri.freifunk.net" port 10000', - '[2001:db8::3:1]:10000', - '192.0.2.3:10000', - }, + fastd = { + methods = {'salsa2012+umac'}, + -- configurable = true, + -- syslog_level = 'warn', + groups = { + backbone = { + -- Limit number of connected peers from this group + limit = 1, + peers = { + peer1 = { + key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', + -- Having multiple domains prevents SPOF in freifunk.net + remotes = { + 'ipv4 "vpn1.alpha-centauri.freifunk.net" port 10000', + 'ipv4 "vpn1.alpha-centauri-freifunk.de" port 10000', + }, + }, + peer2 = { + key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', + -- You can also omit the ipv4 to allow both connection via ipv4 and ipv6 + remotes = {'"vpn2.alpha-centauri.freifunk.net" port 10000'}, + }, + peer3 = { + key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', + -- In addition to domains you can also add ip addresses, which provides + -- resilience in case of dns outages + remotes = { + '"vpn3.alpha-centauri.freifunk.net" port 10000', + '[2001:db8::3:1]:10000', + '192.0.2.3:10000', }, }, - -- Optional: nested peer groups - -- groups = { - -- lowend_backbone = { - -- limit = 1, - -- peers = ... - -- }, - -- }, }, - -- Optional: additional peer groups, possibly with other limits - -- peertopeer = { - -- limit = 10, - -- peers = { ... }, + -- Optional: nested peer groups + -- groups = { + -- lowend_backbone = { + -- limit = 1, + -- peers = ... + -- }, -- }, }, + -- Optional: additional peer groups, possibly with other limits + -- peertopeer = { + -- limit = 10, + -- peers = { ... }, + -- }, }, + }, - tunneldigger = { - brokers = {'vpn1.alpha-centauri.freifunk.net'} - }, + tunneldigger = { + brokers = {'vpn1.alpha-centauri.freifunk.net'} + }, - bandwidth_limit = { - -- The bandwidth limit can be enabled by default here. - enabled = false, + bandwidth_limit = { + -- The bandwidth limit can be enabled by default here. + enabled = false, - -- Default upload limit (kbit/s). - egress = 200, + -- Default upload limit (kbit/s). + egress = 200, - -- Default download limit (kbit/s). - ingress = 3000, - }, - } + -- Default download limit (kbit/s). + ingress = 3000, + }, + } mesh_on_wan \: optional - Enables the mesh on the WAN port (``true`` or ``false``). - :: + Enables the mesh on the WAN port (``true`` or ``false``). + :: - mesh_on_wan = true, + mesh_on_wan = true, mesh_on_lan \: optional - Enables the mesh on the LAN port (``true`` or ``false``). - :: + Enables the mesh on the LAN port (``true`` or ``false``). + :: - mesh_on_lan = true, + mesh_on_lan = true, poe_passthrough \: optional - Enable PoE passthrough by default on hardware with such a feature. + Enable PoE passthrough by default on hardware with such a feature. autoupdater \: package - Configuration for the autoupdater feature of Gluon. + Configuration for the autoupdater feature of Gluon. - Specifying a default branch in *site.conf* is optional. See - :doc:`../features/autoupdater` for information how to change the behaviour - of the autoupdater during image build. + Specifying a default branch in *site.conf* is optional. See + :doc:`../features/autoupdater` for information how to change the behaviour + of the autoupdater during image build. - The mirrors are checked in random order until the manifest could be downloaded - successfully or all mirrors have been tried. - :: + The mirrors are checked in random order until the manifest could be downloaded + successfully or all mirrors have been tried. + :: - autoupdater = { - branch = 'stable', -- optional - branches = { - stable = { - name = 'stable', - mirrors = { - 'http://[fdca:ffee:babe:1::fec1]/firmware/stable/sysupgrade/', - 'http://autoupdate.alpha-centauri.freifunk.net/firmware/stable/sysupgrade/', - }, - -- Number of good signatures required - good_signatures = 2, - pubkeys = { - 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', -- someguy - 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', -- someother - } + autoupdater = { + branch = 'stable', -- optional + branches = { + stable = { + name = 'stable', + mirrors = { + 'http://[fdca:ffee:babe:1::fec1]/firmware/stable/sysupgrade/', + 'http://autoupdate.alpha-centauri.freifunk.net/firmware/stable/sysupgrade/', + }, + -- Number of good signatures required + good_signatures = 2, + pubkeys = { + 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', -- someguy + 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', -- someother } } } + } - All configured mirrors must be reachable from the nodes via IPv6. If you don't want to set an IPv6 address - explicitly, but use a hostname (which is recommended), see also the :ref:`FAQ `. + All configured mirrors must be reachable from the nodes via IPv6. If you don't want to set an IPv6 address + explicitly, but use a hostname (which is recommended), see also the :ref:`FAQ `. .. _user-site-config_mode: config_mode \: optional - Additional configuration for the configuration web interface. All values are - optional. + Additional configuration for the configuration web interface. All values are + optional. - When no hostname is specified, a default hostname based on the *hostname_prefix* - and the node's primary MAC address is assigned. Manually setting a hostname - can be enforced by setting *hostname.optional* to *false*. + When no hostname is specified, a default hostname based on the *hostname_prefix* + and the node's primary MAC address is assigned. Manually setting a hostname + can be enforced by setting *hostname.optional* to *false*. - To not prefill the hostname-field in config-mode with the default hostname, - set *hostname.prefill* to *false*. + To not prefill the hostname-field in config-mode with the default hostname, + set *hostname.prefill* to *false*. - By default, no altitude field is shown by the *gluon-config-mode-geo-location* - package. Set *geo_location.show_altitude* to *true* if you want the altitude - field to be visible. + By default, no altitude field is shown by the *gluon-config-mode-geo-location* + package. Set *geo_location.show_altitude* to *true* if you want the altitude + field to be visible. - The *geo_location.osm* section is only relevant when the *gluon-config-mode-geo-location-osm* - package is used. The *center.lon* and *center.lat* values are mandatory in this case and - define the default center of the map when no position has been picked yet. The *zoom* level - defaults to 12 in this case. + The *geo_location.osm* section is only relevant when the *gluon-config-mode-geo-location-osm* + package is used. The *center.lon* and *center.lat* values are mandatory in this case and + define the default center of the map when no position has been picked yet. The *zoom* level + defaults to 12 in this case. - *openlayers_url* allows to override the base URL of the - *build/ol.js* and *css/ol.css* files (the default is - ``https://cdn.rawgit.com/openlayers/openlayers.github.io/master/en/v5.2.0``). - It is also possible to replace the default tile layer (which is OpenStreetMap) - with a custom one using the *tile_layer* section. Only XYZ layers are supported - at this point. + *openlayers_url* allows to override the base URL of the + *build/ol.js* and *css/ol.css* files (the default is + ``https://cdn.rawgit.com/openlayers/openlayers.github.io/master/en/v5.2.0``). + It is also possible to replace the default tile layer (which is OpenStreetMap) + with a custom one using the *tile_layer* section. Only XYZ layers are supported + at this point. - The remote login page only shows SSH key configuration by default. A - password form can be displayed by setting *remote_login.show_password_form* - to true; in this case, *remote_login.min_password_length* defines the - minimum password length. - :: + The remote login page only shows SSH key configuration by default. A + password form can be displayed by setting *remote_login.show_password_form* + to true; in this case, *remote_login.min_password_length* defines the + minimum password length. + :: - config_mode = { - hostname = { - optional = false, - prefill = true, - }, - geo_location = { - show_altitude = true, - osm = { - center = { - lat = 52.951947558, - lon = 8.744238281, - }, - zoom = 13, - -- openlayers_url = 'http://ffac.example.org/openlayer', - -- tile_layer = { - -- type = 'XYZ', - -- url = 'https://{a-c}.tile.openstreetmap.org/{z}/{x}/{y}.png', - -- attributions = '© OpenStreetMap contributors.', - -- }, - }, - }, - remote_login = { - show_password_form = true, - min_password_length = 10, + config_mode = { + hostname = { + optional = false, + prefill = true, + }, + geo_location = { + show_altitude = true, + osm = { + center = { + lat = 52.951947558, + lon = 8.744238281, }, + zoom = 13, + -- openlayers_url = 'http://ffac.example.org/openlayer', + -- tile_layer = { + -- type = 'XYZ', + -- url = 'https://{a-c}.tile.openstreetmap.org/{z}/{x}/{y}.png', + -- attributions = '© OpenStreetMap contributors.', + -- }, }, + }, + remote_login = { + show_password_form = true, + min_password_length = 10, + }, + }, roles \: optional - Optional role definitions. Nodes will announce their role inside the mesh. - This will allow in the backend to distinguish between normal, backbone and - service nodes or even gateways (if they advertise that role). It is up to - the community which roles to define. See the section below as an example. - ``default`` takes the default role which is set initially. This value should be - part of ``list``. If you want node owners to change the role via config mode add - the package ``gluon-web-node-role`` to ``site.mk``. + Optional role definitions. Nodes will announce their role inside the mesh. + This will allow in the backend to distinguish between normal, backbone and + service nodes or even gateways (if they advertise that role). It is up to + the community which roles to define. See the section below as an example. + ``default`` takes the default role which is set initially. This value should be + part of ``list``. If you want node owners to change the role via config mode add + the package ``gluon-web-node-role`` to ``site.mk``. - The strings to display in the web interface are configured per language in the - ``i18n/en.po``, ``i18n/de.po``, etc. files of the site repository using message IDs like - ``gluon-web-node-role:role:node`` and ``gluon-web-node-role:role:backbone``. - :: + The strings to display in the web interface are configured per language in the + ``i18n/en.po``, ``i18n/de.po``, etc. files of the site repository using message IDs like + ``gluon-web-node-role:role:node`` and ``gluon-web-node-role:role:backbone``. + :: - roles = { - default = 'node', - list = { - 'node', - 'test', - 'backbone', - 'service', - }, + roles = { + default = 'node', + list = { + 'node', + 'test', + 'backbone', + 'service', }, + }, setup_mode \: package - Allows skipping setup mode (config mode) at first boot when attribute - ``skip`` is set to ``true``. This is optional and may be left out. - :: + Allows skipping setup mode (config mode) at first boot when attribute + ``skip`` is set to ``true``. This is optional and may be left out. + :: - setup_mode = { - skip = true, - }, + setup_mode = { + skip = true, + }, .. _user-site-build-configuration: @@ -559,59 +552,59 @@ The ``site.mk`` is a Makefile which defines various values involved in the build process of Gluon. GLUON_DEPRECATED - Controls whether images for deprecated devices should be built. The following - values are supported: + Controls whether images for deprecated devices should be built. The following + values are supported: - - ``0``: Do not build any images for deprecated devices. - - ``upgrade``: Only build sysupgrade images for deprecated devices. - - ``full``: Build both sysupgrade and factory images for deprecated devices. + - ``0``: Do not build any images for deprecated devices. + - ``upgrade``: Only build sysupgrade images for deprecated devices. + - ``full``: Build both sysupgrade and factory images for deprecated devices. - Usually, devices are deprecated because their flash size is insufficient to - support future Gluon versions. The recommended setting is ``0`` for new sites, - and ``upgrade`` for existing configurations (where upgrades for existing - deployments of low-flash devices are required). + Usually, devices are deprecated because their flash size is insufficient to + support future Gluon versions. The recommended setting is ``0`` for new sites, + and ``upgrade`` for existing configurations (where upgrades for existing + deployments of low-flash devices are required). GLUON_FEATURES - Defines a list of features to include. Depending on the device, the feature list - defined from this value is combined with the feature list for either the standard - or the tiny device-class. The resulting feature list is used to generate the default - package set. + Defines a list of features to include. Depending on the device, the feature list + defined from this value is combined with the feature list for either the standard + or the tiny device-class. The resulting feature list is used to generate the default + package set. GLUON_FEATURES_standard - Defines a list of additional features to include or exclude for devices of - the standard device-class. + Defines a list of additional features to include or exclude for devices of + the standard device-class. GLUON_FEATURES_tiny - Defines a list of additional features to include or exclude for devices of - the tiny device-class. + Defines a list of additional features to include or exclude for devices of + the tiny device-class. GLUON_SITE_PACKAGES - Defines a list of packages which should be installed in addition to the - default package set. It is also possible to remove packages from the - default set by prepending a minus sign to the package name. + Defines a list of packages which should be installed in addition to the + default package set. It is also possible to remove packages from the + default set by prepending a minus sign to the package name. GLUON_SITE_PACKAGES_standard - Defines a list of additional packages to include or exclude for devices of - the standard device-class. + Defines a list of additional packages to include or exclude for devices of + the standard device-class. GLUON_SITE_PACKAGES_tiny - Defines a list of additional packages to include or exclude for devices of - the tiny device-class. + Defines a list of additional packages to include or exclude for devices of + the tiny device-class. GLUON_RELEASE - The current release version Gluon should use. + The current release version Gluon should use. GLUON_PRIORITY - The default priority for the generated manifests (see the autoupdater documentation - for more information). + The default priority for the generated manifests (see the autoupdater documentation + for more information). GLUON_REGION - Region code to build into images where necessary. Valid values are the empty string, - ``us`` and ``eu``. + Region code to build into images where necessary. Valid values are the empty string, + ``us`` and ``eu``. GLUON_LANGS - List of languages (as two-letter-codes) to be included in the web interface. Should always contain - ``en``. + List of languages (as two-letter-codes) to be included in the web interface. Should always contain + ``en``. .. _user-site-feature-flags: @@ -689,31 +682,31 @@ The community-defined texts in the config mode are configured in PO files in the of the site configuration. The message IDs currently defined are: gluon-config-mode:welcome - Welcome text on the top of the config wizard page. + Welcome text on the top of the config wizard page. gluon-config-mode:pubkey - Information about the public VPN key on the reboot page. + Information about the public VPN key on the reboot page. gluon-config-mode:novpn - Information shown on the reboot page, if the mesh VPN was not selected. + Information shown on the reboot page, if the mesh VPN was not selected. gluon-config-mode:contact-help - Description for the usage of the ``contact`` field + Description for the usage of the ``contact`` field gluon-config-mode:contact-note - Note shown (in small font) below the ``contact`` field + Note shown (in small font) below the ``contact`` field gluon-config-mode:hostname-help - Description for the usage of the ``hostname`` field + Description for the usage of the ``hostname`` field gluon-config-mode:geo-location-help - Description for the usage of the longitude/latitude fields (and altitude, if shown) + Description for the usage of the longitude/latitude fields (and altitude, if shown) gluon-config-mode:altitude-label - Label for the ``altitude`` field + Label for the ``altitude`` field gluon-config-mode:reboot - General information shown on the reboot page. + General information shown on the reboot page. There is a POT file in the site example directory which can be used to create templates for the language files. The command ``msginit -l en -i ../../docs/site-example/i18n/gluon-site.pot`` @@ -722,12 +715,12 @@ utilities are installed. .. note:: - An empty ``msgstr``, as is the default after running ``msginit``, leads to - the ``msgid`` being printed as-is. It does *not* hide the whole text, as - might be expected. + An empty ``msgstr``, as is the default after running ``msginit``, leads to + the ``msgid`` being printed as-is. It does *not* hide the whole text, as + might be expected. - Depending on the context, you might be able to use comments like - ```` as translations to effectively hide the text. + Depending on the context, you might be able to use comments like + ```` as translations to effectively hide the text. Site modules ------------ @@ -742,21 +735,21 @@ tree, with the important different that the list of feeds must be assigned to the variable ``GLUON_SITE_FEEDS``. Multiple feed names must be separated by spaces, for example:: - GLUON_SITE_FEEDS='foo bar' + GLUON_SITE_FEEDS='foo bar' The feed names may only contain alphanumerical characters, underscores and slashes. For each of the feeds, the following variables are used to specify how to update the feed: PACKAGES_${feed}_REPO - The URL of the git repository to clone (usually ``git://`` or ``http(s)://``) + The URL of the git repository to clone (usually ``git://`` or ``http(s)://``) PACKAGES_${feed}_COMMIT - The commit ID of the repository to use + The commit ID of the repository to use PACKAGES_${feed}_BRANCH - Optional: The branch of the repository the given commit ID can be found in. - Defaults to the default branch of the repository (usually ``master``) + Optional: The branch of the repository the given commit ID can be found in. + Defaults to the default branch of the repository (usually ``master``) These variables are always all uppercase, so for an entry ``foo`` in GLUON_SITE_FEEDS, the corresponding configuration variables would be ``PACKAGES_FOO_REPO``, From ac3ac29158864b46430354eb1be550f0b59e63c4 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Fri, 24 Dec 2021 14:18:16 +0100 Subject: [PATCH 22/70] docs: minor grammer/wording fixes --- docs/features/multidomain.rst | 2 +- docs/user/site.rst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/features/multidomain.rst b/docs/features/multidomain.rst index 91dd7bcf..80cae0de 100644 --- a/docs/features/multidomain.rst +++ b/docs/features/multidomain.rst @@ -188,7 +188,7 @@ domain.conf only variables - ``true``, ``false`` - ``{ 'foo', 'bar' }`` -- Because each domain is considered as an own layer 2 network, these +- Because each domain is considered a separate layer 2 network, these values should be different in each domain: - next_node.ip4 diff --git a/docs/user/site.rst b/docs/user/site.rst index e018bf16..bd2f9c3c 100644 --- a/docs/user/site.rst +++ b/docs/user/site.rst @@ -68,7 +68,7 @@ ntp_servers ntp_servers = {'1.ntp.services.ffac','2.ntp.services.ffac'} - This NTP servers must be reachable via IPv6 from the nodes. If you don't want to set an IPv6 address + These NTP servers must be reachable via IPv6 from the nodes. If you don't want to set an IPv6 address explicitly, but use a hostname (which is recommended), see also the :ref:`FAQ `. opkg \: optional From 543039d190bfd74515b94187bdca5bbe52891488 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Fri, 24 Dec 2021 14:22:20 +0100 Subject: [PATCH 23/70] docs: remove obsolete workaround for paragraphs in nested lists With older versions of the RTD theme, paragraphs in nested lists would lead to inconsistent spacing. This has been fixed, so we can remove our workaround to use line blocks instead of paragraphs. --- docs/releases/v2019.1.1.rst | 14 ++++++++------ docs/releases/v2019.1.2.rst | 14 ++++++++------ docs/releases/v2019.1.3.rst | 14 ++++++++------ docs/releases/v2019.1.rst | 14 ++++++++------ docs/releases/v2020.1.1.rst | 14 ++++++++------ docs/releases/v2020.1.2.rst | 14 ++++++++------ docs/releases/v2020.1.3.rst | 14 ++++++++------ docs/releases/v2020.1.rst | 14 ++++++++------ 8 files changed, 64 insertions(+), 48 deletions(-) diff --git a/docs/releases/v2019.1.1.rst b/docs/releases/v2019.1.1.rst index 2e173d7a..024d5ad6 100644 --- a/docs/releases/v2019.1.1.rst +++ b/docs/releases/v2019.1.1.rst @@ -30,13 +30,15 @@ Known issues * The integration of the BATMAN_V routing algorithm is incomplete. - - | Mesh neighbors don't appear on the status page. (`#1726 `_) - | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput - | metric. + - Mesh neighbors don't appear on the status page. (`#1726 `_) - - | Throughput values are not correctly acquired for different interface types. - | (`#1728 `_) - | This affects virtual interface types like bridges and VXLAN. + Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput + metric. + + - Throughput values are not correctly acquired for different interface types. + (`#1728 `_) + + This affects virtual interface types like bridges and VXLAN. * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 `_) diff --git a/docs/releases/v2019.1.2.rst b/docs/releases/v2019.1.2.rst index 7231b4ef..7ee0de32 100644 --- a/docs/releases/v2019.1.2.rst +++ b/docs/releases/v2019.1.2.rst @@ -26,13 +26,15 @@ Known issues * The integration of the BATMAN_V routing algorithm is incomplete. - - | Mesh neighbors don't appear on the status page. (`#1726 `_) - | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput - | metric. + - Mesh neighbors don't appear on the status page. (`#1726 `_) - - | Throughput values are not correctly acquired for different interface types. - | (`#1728 `_) - | This affects virtual interface types like bridges and VXLAN. + Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput + metric. + + - Throughput values are not correctly acquired for different interface types. + (`#1728 `_) + + This affects virtual interface types like bridges and VXLAN. * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 `_) diff --git a/docs/releases/v2019.1.3.rst b/docs/releases/v2019.1.3.rst index aab21693..7a78dfb2 100644 --- a/docs/releases/v2019.1.3.rst +++ b/docs/releases/v2019.1.3.rst @@ -36,13 +36,15 @@ Known issues * The integration of the BATMAN_V routing algorithm is incomplete. - - | Mesh neighbors don't appear on the status page. (`#1726 `_) - | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput - | metric. + - Mesh neighbors don't appear on the status page. (`#1726 `_) - - | Throughput values are not correctly acquired for different interface types. - | (`#1728 `_) - | This affects virtual interface types like bridges and VXLAN. + Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput + metric. + + - Throughput values are not correctly acquired for different interface types. + (`#1728 `_) + + This affects virtual interface types like bridges and VXLAN. * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 `_) diff --git a/docs/releases/v2019.1.rst b/docs/releases/v2019.1.rst index 6632b119..43f5c3e7 100644 --- a/docs/releases/v2019.1.rst +++ b/docs/releases/v2019.1.rst @@ -253,13 +253,15 @@ Known issues * The integration of the BATMAN_V routing algorithm is incomplete. - - | Mesh neighbors don't appear on the status page. (`#1726 `_) - | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput - | metric. + - Mesh neighbors don't appear on the status page. (`#1726 `_) - - | Throughput values are not correctly acquired for different interface types. - | (`#1728 `_) - | This affects virtual interface types like bridges and VXLAN. + Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput + metric. + + - Throughput values are not correctly acquired for different interface types. + (`#1728 `_) + + This affects virtual interface types like bridges and VXLAN. * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 `_) diff --git a/docs/releases/v2020.1.1.rst b/docs/releases/v2020.1.1.rst index c7841531..e165863f 100644 --- a/docs/releases/v2020.1.1.rst +++ b/docs/releases/v2020.1.1.rst @@ -25,13 +25,15 @@ Known issues - The integration of the BATMAN_V routing algorithm is incomplete. - - | Mesh neighbors don't appear on the status page. (`#1726 `_) - | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput - | metric. + - Mesh neighbors don't appear on the status page. (`#1726 `_) - - | Throughput values are not correctly acquired for different interface types. - | (`#1728 `_) - | This affects virtual interface types like bridges and VXLAN. + Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput + metric. + + - Throughput values are not correctly acquired for different interface types. + (`#1728 `_) + + This affects virtual interface types like bridges and VXLAN. - Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 `_) diff --git a/docs/releases/v2020.1.2.rst b/docs/releases/v2020.1.2.rst index 4bc7c800..378917ea 100644 --- a/docs/releases/v2020.1.2.rst +++ b/docs/releases/v2020.1.2.rst @@ -50,13 +50,15 @@ Known issues - The integration of the BATMAN_V routing algorithm is incomplete. - - | Mesh neighbors don't appear on the status page. (`#1726 `_) - | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput - | metric. + - Mesh neighbors don't appear on the status page. (`#1726 `_) - - | Throughput values are not correctly acquired for different interface types. - | (`#1728 `_) - | This affects virtual interface types like bridges and VXLAN. + Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput + metric. + + - Throughput values are not correctly acquired for different interface types. + (`#1728 `_) + + This affects virtual interface types like bridges and VXLAN. - Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 `_) diff --git a/docs/releases/v2020.1.3.rst b/docs/releases/v2020.1.3.rst index 7b82b433..7a9f5d8e 100644 --- a/docs/releases/v2020.1.3.rst +++ b/docs/releases/v2020.1.3.rst @@ -30,13 +30,15 @@ Known issues - The integration of the BATMAN_V routing algorithm is incomplete. - - | Mesh neighbors don't appear on the status page. (`#1726 `_) - | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput - | metric. + - Mesh neighbors don't appear on the status page. (`#1726 `_) - - | Throughput values are not correctly acquired for different interface types. - | (`#1728 `_) - | This affects virtual interface types like bridges and VXLAN. + Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput + metric. + + - Throughput values are not correctly acquired for different interface types. + (`#1728 `_) + + This affects virtual interface types like bridges and VXLAN. - Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 `_) diff --git a/docs/releases/v2020.1.rst b/docs/releases/v2020.1.rst index 8dd23630..bebd07c4 100644 --- a/docs/releases/v2020.1.rst +++ b/docs/releases/v2020.1.rst @@ -206,13 +206,15 @@ Known issues * The integration of the BATMAN_V routing algorithm is incomplete. - - | Mesh neighbors don't appear on the status page. (`#1726 `_) - | Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput - | metric. + - Mesh neighbors don't appear on the status page. (`#1726 `_) - - | Throughput values are not correctly acquired for different interface types. - | (`#1728 `_) - | This affects virtual interface types like bridges and VXLAN. + Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput + metric. + + - Throughput values are not correctly acquired for different interface types. + (`#1728 `_) + + This affects virtual interface types like bridges and VXLAN. * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 `_) From 4019293e85ed28dca3d75ff5a7042e7e5056a478 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sat, 25 Dec 2021 11:42:57 +0100 Subject: [PATCH 24/70] gluon-respondd: remove obsolete migration from upgrade script (#2350) announced was renamed to respondd in 2016. Let's remove the obsolete migration code. --- .../luasrc/lib/gluon/upgrade/400-respondd-firewall | 2 -- 1 file changed, 2 deletions(-) diff --git a/package/gluon-respondd/luasrc/lib/gluon/upgrade/400-respondd-firewall b/package/gluon-respondd/luasrc/lib/gluon/upgrade/400-respondd-firewall index a9d0b43b..74a2e11b 100755 --- a/package/gluon-respondd/luasrc/lib/gluon/upgrade/400-respondd-firewall +++ b/package/gluon-respondd/luasrc/lib/gluon/upgrade/400-respondd-firewall @@ -3,8 +3,6 @@ local uci = require('simple-uci').cursor() local site = require('gluon.site') -uci:delete('firewall', 'wan_announced') - -- Allow respondd port on WAN to allow resolving neighbours over mesh-on-wan uci:section('firewall', 'rule', 'wan_respondd', { name = 'wan_respondd', From 48d00abe4ff1a76deb6dbdc8cf504e8d5b89dee9 Mon Sep 17 00:00:00 2001 From: Tom Herbers Date: Thu, 30 Dec 2021 23:51:40 +0100 Subject: [PATCH 25/70] README.md: add link to Matrix room (#2354) Co-authored-by: David Bauer --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index d04d8096..647f0e58 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ If you're new to Gluon and ready to get your feet wet, have a look at the Gluon's developers frequent an IRC chatroom at [#gluon](ircs://irc.hackint.org/#gluon) on [hackint](https://hackint.org/). There is also a [webchat](https://webirc.hackint.org/#irc://irc.hackint.org/#gluon) -that allows for uncomplicated access from within your browser. +that allows for uncomplicated access from within your browser. This channel is also available as a bridged Matrix Room at [#gluon:hackint.org](https://matrix.to/#/#gluon:hackint.org). ## Issues & Feature requests From efb4a4f6376600664220af2c90aaa8981e0258ec Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Fri, 31 Dec 2021 02:48:20 +0100 Subject: [PATCH 26/70] docs: user/getting_started: add a footnote regarding `make update` Add some explanation when `make update` needs to be run again. --- docs/dev/basics.rst | 1 + docs/user/getting_started.rst | 14 ++++++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/docs/dev/basics.rst b/docs/dev/basics.rst index 8608567e..27ba23d3 100644 --- a/docs/dev/basics.rst +++ b/docs/dev/basics.rst @@ -23,6 +23,7 @@ webbrowser. You're welcome to join us! .. _hackint: https://hackint.org/ .. _webchat: https://webirc.hackint.org/#irc://irc.hackint.org/#gluon +.. _working-with-repositories: Working with repositories ------------------------- diff --git a/docs/user/getting_started.rst b/docs/user/getting_started.rst index a7b9d0cb..01e01b54 100644 --- a/docs/user/getting_started.rst +++ b/docs/user/getting_started.rst @@ -86,10 +86,10 @@ Extensive documentation about the site configuration can be found at: site directory should always be a git repository by itself; committing site-specific files to the Gluon main repository should be avoided, as it will make updates more complicated. -Next go back to the top-level Gluon directory and build Gluon:: +Next go back to the top-level Gluon directory and build Gluon\ [#make_update]_:: cd .. - make update # Get other repositories used by Gluon + make update # Get other repositories used by Gluon make GLUON_TARGET=ath79-generic # Build Gluon In case of errors read the messages carefully and try to fix the stated issues @@ -125,6 +125,16 @@ These can be used for debugging and should be stored along with the images to allow debugging of kernel problems on devices in the field. See :ref:`Debugging ` for more information. +.. rubric:: Footnotes + +.. [#make_update] ``make update`` only needs to be called again after updating the + Gluon repository (using ``git pull`` or similar) or after changing branches, + not for each build. Running it more often than necessary is undesirable, as + the update will take some time, and may undo manual modifications of the + external repositories while developing on Gluon. + + See :ref:`working-with-repositories` for more information. + Cleaning the build tree ....................... From fb231959da4674fad43c19c655cd8f1aa7425da0 Mon Sep 17 00:00:00 2001 From: David Bauer Date: Fri, 31 Dec 2021 03:18:03 +0100 Subject: [PATCH 27/70] modules: update openwrt 4dddb7ca36 tcpdump: libpcap: Remove http://www.us.tcpdump.org mirror 47a5b9744b linux-firmware: amd: consolidate amd's linux-firmware entries 6003752394 linux-firmware: Update to version 20211216 7306b9e810 linux-firmware: update to 20210511 d0b0ebf966 linux-firmware: update to version 20210315 and trim down broadcom FW 209c77e90f linux-firmware: ath10k: add support for Qualcomm Atheros QCA9377 2ed471a12a firmware: intel-microcode: update to 20210608 a20e9474df cypress-nvram: fix firmware is not exist for raspberry pi compute 4 dbe2a6343f base-files: fix service_running check e81dd8a10a base-files: upgrade: fix efi partitions size calculation 8166bbf680 ccache: update to 4.2.1 5e2a2b086c mvebu: Turris Omnia: use SFP module, if present 24e564d327 mvebu: backport Turris Omnia DTS changes to 5.4 32c74552b2 kernel: bump 5.4 to 5.4.168 a8ad881b83 apm821xx: fix WD MyBook Live DUO USB-Port d655eea053 hostapd: only attempt to set qos map if supported by the driver --- modules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules b/modules index d73df63c..241372b7 100644 --- a/modules +++ b/modules @@ -2,7 +2,7 @@ GLUON_FEEDS='packages routing gluon' OPENWRT_REPO=https://github.com/openwrt/openwrt.git OPENWRT_BRANCH=openwrt-21.02 -OPENWRT_COMMIT=e1b79b1dc39febcfb8eb9a32123abb64b10b5524 +OPENWRT_COMMIT=4dddb7ca3669e93d4da2b1ca43b8bc22bd007e48 PACKAGES_PACKAGES_REPO=https://github.com/openwrt/packages.git PACKAGES_PACKAGES_BRANCH=openwrt-21.02 From 904c51527a97112b3fadb76a911052226cdef89b Mon Sep 17 00:00:00 2001 From: David Bauer Date: Fri, 31 Dec 2021 03:18:13 +0100 Subject: [PATCH 28/70] modules: update packages 7a15a271a mwan3: fix mwan3 flush conntrack table call 2f52958e0 golang: Update to 1.17.5, add patch f7973fc7a adguardhome: update to 0.107.0 d5ce7603d xray-core: Update to 1.5.2 60419af87 xray-core: Update to 1.5.1 c8b6cffcd yq: Update to 4.16.2 a21e79094 adblock: 4.1.3-4 --- modules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules b/modules index 241372b7..a73c626f 100644 --- a/modules +++ b/modules @@ -6,7 +6,7 @@ OPENWRT_COMMIT=4dddb7ca3669e93d4da2b1ca43b8bc22bd007e48 PACKAGES_PACKAGES_REPO=https://github.com/openwrt/packages.git PACKAGES_PACKAGES_BRANCH=openwrt-21.02 -PACKAGES_PACKAGES_COMMIT=a8775271236e9c6d7a6cce040a78a235c6c73d40 +PACKAGES_PACKAGES_COMMIT=ab94e0709a9c796d34d723ddba44380f7b3d8698 PACKAGES_ROUTING_REPO=https://github.com/openwrt/routing.git PACKAGES_ROUTING_BRANCH=openwrt-21.02 From cd7da8472e451b12adc05c5bafce2337ada6dcb5 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Fri, 31 Dec 2021 13:46:41 +0100 Subject: [PATCH 29/70] x86: fix indentation of package lists --- targets/x86-64 | 6 +++--- targets/x86-generic | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/targets/x86-64 b/targets/x86-64 index 1ab9938d..8899f851 100644 --- a/targets/x86-64 +++ b/targets/x86-64 @@ -1,9 +1,9 @@ include 'x86.inc' packages { - 'kmod-gpio-nct5104d', - 'kmod-leds-gpio', - 'kmod-pcengines-apuv2', + 'kmod-gpio-nct5104d', + 'kmod-leds-gpio', + 'kmod-pcengines-apuv2', } device('x86-64', 'generic') diff --git a/targets/x86-generic b/targets/x86-generic index 0e6d2b39..856d4a40 100644 --- a/targets/x86-generic +++ b/targets/x86-generic @@ -1,9 +1,9 @@ include 'x86.inc' packages { - 'kmod-gpio-nct5104d', - 'kmod-leds-gpio', - 'kmod-pcengines-apuv2', + 'kmod-gpio-nct5104d', + 'kmod-leds-gpio', + 'kmod-pcengines-apuv2', } device('x86-generic', 'generic', { From cc174ad1d0943c933e76596b1078c047ce71fd04 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Fri, 31 Dec 2021 12:33:21 +0100 Subject: [PATCH 30/70] x86: copy separate kernel and rootfs images to "other" directory For regular use, a full disk image is always recommended, as it is required to support sysupgrades. During development or for automated tests, separate images for the kernel and rootfs may be useful to pass additional kernel cmdline or use nfsroot/virtiofs. The rootfs is only available as a (squashfs) filesystem image, not as a TAR archive (the TAR archive in OpenWrt's bin directory does not contain DEVICE_PACKAGES, so it is missing most of Gluon's packages). --- targets/x86-64 | 7 ++++++- targets/x86-generic | 4 ++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/targets/x86-64 b/targets/x86-64 index 8899f851..288e3d50 100644 --- a/targets/x86-64 +++ b/targets/x86-64 @@ -6,4 +6,9 @@ packages { 'kmod-pcengines-apuv2', } -device('x86-64', 'generic') +device('x86-64', 'generic', { + extra_images = { + {'-kernel', '-kernel', '.bin'}, + {'-squashfs-rootfs', '-rootfs', '.img.gz'}, + }, +}) diff --git a/targets/x86-generic b/targets/x86-generic index 856d4a40..bee0bd95 100644 --- a/targets/x86-generic +++ b/targets/x86-generic @@ -7,6 +7,10 @@ packages { } device('x86-generic', 'generic', { + extra_images = { + {'-kernel', '-kernel', '.bin'}, + {'-squashfs-rootfs', '-rootfs', '.img.gz'}, + }, manifest_aliases = { 'x86-kvm', 'x86-xen_domu', From a0fae1f827c948183f099e9b51972fed67c29855 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Fri, 31 Dec 2021 14:36:30 +0100 Subject: [PATCH 31/70] scripts: target_lib: remove obsolete non-device image handlers All our targets use the OpenWrt device abstraction. Since commit 6ba58c9b17c90e41b521d796ab76e5723ee017170 ("generic: force per-device RootFS") building non-device targets is not possible anymore, so we can remove these obsolete handlers. --- scripts/target_lib.lua | 41 ----------------------------------------- 1 file changed, 41 deletions(-) diff --git a/scripts/target_lib.lua b/scripts/target_lib.lua index 36a6ee91..1c2395e6 100644 --- a/scripts/target_lib.lua +++ b/scripts/target_lib.lua @@ -267,47 +267,6 @@ function F.device(image, name, options) end end -function F.factory_image(image, name, ext, options) - options = merge(default_options, options) - - if not want_device(image, options) then - return - end - - if options.deprecated and not full_deprecated then - return - end - - add_image { - image = image, - name = name, - subdir = 'factory', - in_suffix = '', - out_suffix = '', - extension = ext, - aliases = options.aliases, - } -end - -function F.sysupgrade_image(image, name, ext, options) - options = merge(default_options, options) - - if not want_device(image, options) then - return - end - - add_image { - image = image, - name = name, - subdir = 'sysupgrade', - in_suffix = '', - out_suffix = '-sysupgrade', - extension = ext, - aliases = options.aliases, - manifest_aliases = options.manifest_aliases, - } -end - function F.defaults(options) default_options = merge(default_options, options) end From adda31717660ef0acbe51f6bc79b7635bc6f7ec0 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Fri, 31 Dec 2021 14:44:47 +0100 Subject: [PATCH 32/70] build: set GLUON_DEPRECATED = 0 by default We currently don't have any deprecated devices, so it doesn't make much sense to force every site to specify this variable. Make it default to 0 instead. --- Makefile | 2 +- docs/multidomain-site-example/site.mk | 3 --- docs/site-example/site.mk | 3 --- docs/user/getting_started.rst | 2 +- docs/user/site.rst | 2 +- 5 files changed, 3 insertions(+), 9 deletions(-) diff --git a/Makefile b/Makefile index c25f82f5..e3aa596f 100644 --- a/Makefile +++ b/Makefile @@ -27,7 +27,7 @@ include $(GLUON_SITEDIR)/site.mk GLUON_RELEASE ?= $(error GLUON_RELEASE not set. GLUON_RELEASE can be set in site.mk or on the command line) -GLUON_DEPRECATED ?= $(error GLUON_DEPRECATED not set. Please consult the documentation) +GLUON_DEPRECATED ?= 0 ifneq ($(GLUON_BRANCH),) $(warning *** Warning: GLUON_BRANCH has been deprecated, please set GLUON_AUTOUPDATER_BRANCH and GLUON_AUTOUPDATER_ENABLED instead.) diff --git a/docs/multidomain-site-example/site.mk b/docs/multidomain-site-example/site.mk index df282a53..64ce6fa1 100644 --- a/docs/multidomain-site-example/site.mk +++ b/docs/multidomain-site-example/site.mk @@ -58,6 +58,3 @@ GLUON_REGION ?= eu # Languages to include GLUON_LANGS ?= en de - -# Do not build images for deprecated devices -GLUON_DEPRECATED ?= 0 diff --git a/docs/site-example/site.mk b/docs/site-example/site.mk index cff17523..30671b18 100644 --- a/docs/site-example/site.mk +++ b/docs/site-example/site.mk @@ -55,6 +55,3 @@ GLUON_REGION ?= eu # Languages to include GLUON_LANGS ?= en de - -# Do not build images for deprecated devices -GLUON_DEPRECATED ?= 0 diff --git a/docs/user/getting_started.rst b/docs/user/getting_started.rst index 01e01b54..57ffe83b 100644 --- a/docs/user/getting_started.rst +++ b/docs/user/getting_started.rst @@ -213,7 +213,7 @@ GLUON_DEPRECATED Usually, devices are deprecated because their flash size is insufficient to support future Gluon versions. The recommended setting is ``0`` for new sites, and ``upgrade`` for existing configurations (where upgrades for existing - deployments of low-flash devices are required). + deployments of low-flash devices are required). Defaults to ``0``. GLUON_LANGS Space-separated list of languages to include for the config mode/advanced settings. Defaults to ``en``. diff --git a/docs/user/site.rst b/docs/user/site.rst index bd2f9c3c..28297e38 100644 --- a/docs/user/site.rst +++ b/docs/user/site.rst @@ -562,7 +562,7 @@ GLUON_DEPRECATED Usually, devices are deprecated because their flash size is insufficient to support future Gluon versions. The recommended setting is ``0`` for new sites, and ``upgrade`` for existing configurations (where upgrades for existing - deployments of low-flash devices are required). + deployments of low-flash devices are required). Defaults to ``0``. GLUON_FEATURES Defines a list of features to include. Depending on the device, the feature list From 16bf5e3e5d02b43aa3158715c8cb1590b05be04b Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Wed, 29 Dec 2021 22:59:42 +0100 Subject: [PATCH 33/70] gluon-core: remove obsolete sysconfig.gluon_version handling The file /lib/gluon/version/core hasn't existed since early 2014, so this whole script is obsolete. --- .../gluon-core/luasrc/lib/gluon/upgrade/001-upgrade | 10 ---------- 1 file changed, 10 deletions(-) delete mode 100755 package/gluon-core/luasrc/lib/gluon/upgrade/001-upgrade diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/001-upgrade b/package/gluon-core/luasrc/lib/gluon/upgrade/001-upgrade deleted file mode 100755 index f4897d18..00000000 --- a/package/gluon-core/luasrc/lib/gluon/upgrade/001-upgrade +++ /dev/null @@ -1,10 +0,0 @@ -#!/usr/bin/lua - -local sysconfig = require 'gluon.sysconfig' -local unistd = require 'posix.unistd' - - -if unistd.access('/lib/gluon/version/core') and not sysconfig.gluon_version then - -- This isn't an initial upgrade, so set gluon_version - sysconfig.gluon_version = '' -end From bae14abca4b4aa41a4eab6fb22f42fdb9deb39f1 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Fri, 31 Dec 2021 22:10:54 +0100 Subject: [PATCH 34/70] gluon-core: remove obsolete proto 'batadv' -> 'gluon_mesh' migration More migration code from 2016. --- .../lib/gluon/upgrade/800-migrate-batadv | 24 ------------------- 1 file changed, 24 deletions(-) delete mode 100755 package/gluon-core/luasrc/lib/gluon/upgrade/800-migrate-batadv diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/800-migrate-batadv b/package/gluon-core/luasrc/lib/gluon/upgrade/800-migrate-batadv deleted file mode 100755 index ddd03c0a..00000000 --- a/package/gluon-core/luasrc/lib/gluon/upgrade/800-migrate-batadv +++ /dev/null @@ -1,24 +0,0 @@ -#!/usr/bin/lua - -local uci = require('simple-uci').cursor() - -local function migrate_iface(iface) - if iface.proto ~= 'batadv' or iface.mesh ~= 'bat0' then - return - end - - local s = iface['.name'] - - uci:set('network', s, 'proto', 'gluon_mesh') - uci:set('network', s, 'fixed_mtu', true) - - if iface.mesh_no_rebroadcast then - uci:set('network', s, 'transitive', iface.mesh_no_rebroadcast) - end - - uci:delete('network', s, 'mesh') - uci:delete('network', s, 'mesh_no_rebroadcast') -end - -uci:foreach('network', 'interface', migrate_iface) -uci:save('network') From 5b40265ff2314e7bb369bdd987e9d1568b6ac165 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Fri, 31 Dec 2021 23:16:15 +0100 Subject: [PATCH 35/70] gluon-mesh-batman-adv: remove obsolete migration code --- .../luasrc/lib/gluon/upgrade/310-gluon-mesh-batman-adv-mesh | 6 +----- .../gluon/upgrade/320-gluon-mesh-batman-adv-client-bridge | 6 ------ 2 files changed, 1 insertion(+), 11 deletions(-) diff --git a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/310-gluon-mesh-batman-adv-mesh b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/310-gluon-mesh-batman-adv-mesh index 9ba1289f..40943207 100755 --- a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/310-gluon-mesh-batman-adv-mesh +++ b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/310-gluon-mesh-batman-adv-mesh @@ -6,14 +6,10 @@ local util = require 'gluon.util' local uci = require('simple-uci').cursor() -local gw_mode = uci:get('network', 'gluon_bat0', 'gw_mode') or uci:get('network', 'bat0', 'gw_mode') or 'client' - -uci:delete('batman-adv-legacy', 'bat0') -uci:save('batman-adv-legacy') - uci:delete('batman-adv', 'bat0') uci:save('batman-adv') +local gw_mode = uci:get('network', 'gluon_bat0', 'gw_mode') or 'client' uci:delete('network', 'gluon_bat0') uci:section('network', 'interface', 'gluon_bat0', { proto = 'gluon_bat0', diff --git a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/320-gluon-mesh-batman-adv-client-bridge b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/320-gluon-mesh-batman-adv-client-bridge index 2f113ece..fc14a6e6 100755 --- a/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/320-gluon-mesh-batman-adv-client-bridge +++ b/package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/320-gluon-mesh-batman-adv-client-bridge @@ -21,10 +21,6 @@ uci:section('network', 'interface', 'client', { query_response_interval = 500, }) -uci:delete('network', 'client_lan') - -uci:delete('network', 'local_node_route') - uci:delete('network', 'local_node_route6') uci:section('network', 'route6', 'local_node_route6', { interface = 'client', @@ -42,6 +38,4 @@ networks = uci:get_list('firewall', 'drop', 'network') util.remove_from_set(networks, 'client') uci:set_list('firewall', 'drop', 'network', networks) -uci:delete('firewall', 'local_node_dns') - uci:save('firewall') From 971291290458f6c227081085d7eb68799c765fa4 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Fri, 31 Dec 2021 23:22:14 +0100 Subject: [PATCH 36/70] gluon-l3roamd: remove obsolete migration code --- .../luasrc/lib/gluon/upgrade/380-gluon-l3roamd-route | 7 ------- 1 file changed, 7 deletions(-) delete mode 100755 package/gluon-l3roamd/luasrc/lib/gluon/upgrade/380-gluon-l3roamd-route diff --git a/package/gluon-l3roamd/luasrc/lib/gluon/upgrade/380-gluon-l3roamd-route b/package/gluon-l3roamd/luasrc/lib/gluon/upgrade/380-gluon-l3roamd-route deleted file mode 100755 index d425252c..00000000 --- a/package/gluon-l3roamd/luasrc/lib/gluon/upgrade/380-gluon-l3roamd-route +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/lua -local uci = require('simple-uci').cursor() - -uci:delete('network', 'l3roam') -uci:delete('network', 'l3roamd_client') - -uci:save('network') From 97ef7889c660579f1b6676a6e04d88868e0db7ad Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sat, 1 Jan 2022 01:45:52 +0100 Subject: [PATCH 37/70] gluon-core: remove more obsolete migrations --- package/gluon-core/luasrc/lib/gluon/upgrade/210-interface-wan | 4 ---- package/gluon-core/luasrc/lib/gluon/upgrade/220-interface-lan | 4 ---- 2 files changed, 8 deletions(-) diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/210-interface-wan b/package/gluon-core/luasrc/lib/gluon/upgrade/210-interface-wan index 051b213e..cf6eff71 100755 --- a/package/gluon-core/luasrc/lib/gluon/upgrade/210-interface-wan +++ b/package/gluon-core/luasrc/lib/gluon/upgrade/210-interface-wan @@ -22,8 +22,4 @@ if uci:get('network', 'mesh_wan', 'transitive') == nil then uci:set('network', 'mesh_wan', 'transitive', true) end -uci:delete('network', 'mesh_wan', 'auto') -uci:delete('network', 'mesh_wan', 'fixed_mtu') -uci:delete('network', 'mesh_wan', 'legacy') - uci:save('network') diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/220-interface-lan b/package/gluon-core/luasrc/lib/gluon/upgrade/220-interface-lan index 19ccfb49..55586435 100755 --- a/package/gluon-core/luasrc/lib/gluon/upgrade/220-interface-lan +++ b/package/gluon-core/luasrc/lib/gluon/upgrade/220-interface-lan @@ -50,8 +50,4 @@ if uci:get('network', 'mesh_lan', 'transitive') == nil then uci:set('network', 'mesh_lan', 'transitive', true) end -uci:delete('network', 'mesh_lan', 'auto') -uci:delete('network', 'mesh_lan', 'fixed_mtu') -uci:delete('network', 'mesh_lan', 'legacy') - uci:save('network') From eaac48e20def7295c20cd2b287016e98cf6fdc28 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sat, 1 Jan 2022 01:46:19 +0100 Subject: [PATCH 38/70] gluon-mesh-vpn-fastd: remove obsolete migration --- .../luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd | 1 - 1 file changed, 1 deletion(-) diff --git a/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd b/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd index b59ef2c7..4d56be2a 100755 --- a/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd +++ b/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd @@ -46,7 +46,6 @@ uci:section('fastd', 'fastd', 'mesh_vpn', { packet_mark = 1, status_socket = '/var/run/fastd.mesh_vpn.socket', }) -uci:delete('fastd', 'mesh_vpn', 'user') -- Collect list of groups that have peers with 'preserve' flag From 17731ae8fdf47012b5d2efcb8823f94474411315 Mon Sep 17 00:00:00 2001 From: Tom Herbers Date: Sat, 1 Jan 2022 19:20:41 +0100 Subject: [PATCH 39/70] scripts/container.sh: allow for empty Branch Names and git errors (#2363) Resolves #2362 --- scripts/container.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/container.sh b/scripts/container.sh index c18bf322..072d2ec1 100755 --- a/scripts/container.sh +++ b/scripts/container.sh @@ -6,8 +6,8 @@ set -euo pipefail cd "$(dirname "$0")/.." # normalize branch name to reflect a valid image name -BRANCH=$(git branch --show-current | sed 's/[^a-z0-9-]/_/ig') -TAG=gluon:${BRANCH} +BRANCH=$(git branch --show-current 2>/dev/null | sed 's/[^a-z0-9-]/_/ig') +TAG="gluon:${BRANCH:-latest}" if [ "$(command -v podman)" ] then From 24682a3197621b4a48b166853a5edfb9a853866c Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Mon, 3 Jan 2022 03:13:50 +0100 Subject: [PATCH 40/70] contrib: push_pkg: fix lint issues with shellcheck 0.7.1 0.7.1 complains about unescaped backslashes in double quotes (which are intepreted by printf in the two affected places). While the warning was retired with shellcheck 0.7.2, it seems like a good idea to fix it anyways. --- contrib/push_pkg.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/contrib/push_pkg.sh b/contrib/push_pkg.sh index 4b9fe740..c12a02e6 100755 --- a/contrib/push_pkg.sh +++ b/contrib/push_pkg.sh @@ -48,7 +48,7 @@ shift $(( OPTIND - 1 )) if [ "$build_only" -eq 0 ]; then remote_info=$(ssh -p "${ssh_port}" "root@${ssh_host}" ' source /etc/os-release - printf "%s\t%s\n" "$OPENWRT_BOARD" "$OPENWRT_ARCH" + printf "%s\\t%s\\n" "$OPENWRT_BOARD" "$OPENWRT_ARCH" ') REMOTE_OPENWRT_BOARD="$(echo "$remote_info" | cut -f 1)" REMOTE_OPENWRT_ARCH="$(echo "$remote_info" | cut -f 2)" @@ -92,7 +92,7 @@ while [ $# -gt 0 ]; do opkg_packages="$(make TOPDIR="${topdir}" -C "${pkgdir}" DUMP=1 | awk '/^Package: / { print $2 }')" search_package() { - find "$2" -name "$1_*.ipk" -printf "%f\n" + find "$2" -name "$1_*.ipk" -printf '%f\n' } make TOPDIR="${topdir}" -C "${pkgdir}" clean From f32c68360166d2d26386bc70f1aa0bf005e19a4a Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Mon, 3 Jan 2022 03:22:01 +0100 Subject: [PATCH 41/70] scripts: lint-sh: ignore warnings about POSIX sh compatiblity The following features are available in Busybox ash, so we don't need to warn about them for runtime scripts: - local keyword - echo -n / -e - String indexing These warnings are new in shellcheck 0.7.2, which would otherwise fail for various scripts. --- scripts/lint-sh.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/lint-sh.sh b/scripts/lint-sh.sh index 71ce5463..96335c7a 100755 --- a/scripts/lint-sh.sh +++ b/scripts/lint-sh.sh @@ -17,7 +17,7 @@ find package -type f | while read -r file; do is_scriptfile "$file" || continue echo "Checking $file" - shellcheck -f gcc -x -s sh -e SC2039,SC1091,SC2155,SC2034 "$file" + shellcheck -f gcc -x -s sh -e SC2039,SC1091,SC2155,SC2034,SC3043,SC3037,SC3057 "$file" done find scripts -type f | while read -r file; do From 7427ba2280ac1da1e8459e05ab100544190f7b28 Mon Sep 17 00:00:00 2001 From: "J. Burfeind" Date: Fri, 7 Jan 2022 21:35:15 +0100 Subject: [PATCH 42/70] gluon-status-page: split bwlimit into two lines (#2371) Fixes: 1cb0fc84fc24 ("gluon-status-page: swap bandwidth limits (#2304)") Resolves #2370 --- .../files/lib/gluon/status-page/view/status-page.html | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/package/gluon-status-page/files/lib/gluon/status-page/view/status-page.html b/package/gluon-status-page/files/lib/gluon/status-page/view/status-page.html index 73029d1d..6957599f 100644 --- a/package/gluon-status-page/files/lib/gluon/status-page/view/status-page.html +++ b/package/gluon-status-page/files/lib/gluon/status-page/view/status-page.html @@ -168,10 +168,10 @@
<%:Bandwidth limit%>
<% if nodeinfo.network.mesh_vpn.bandwidth_limit.ingress then -%> - ▼ <%| formatBits(nodeinfo.network.mesh_vpn.bandwidth_limit.ingress*1000) %>/s <%:downstream%> + ▼ <%| formatBits(nodeinfo.network.mesh_vpn.bandwidth_limit.ingress*1000) %>/s <%:downstream%>
<%- end %> <% if nodeinfo.network.mesh_vpn.bandwidth_limit.egress then -%> - ▲ <%| formatBits(nodeinfo.network.mesh_vpn.bandwidth_limit.egress*1000) %>/s <%:upstream%>
+ ▲ <%| formatBits(nodeinfo.network.mesh_vpn.bandwidth_limit.egress*1000) %>/s <%:upstream%> <%- end %>
<%- end %> From 816d2796bee1ee101a06c773c7ceb65580dc822a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= Date: Wed, 12 Jan 2022 01:31:58 +0100 Subject: [PATCH 43/70] gluon-core: add gluon info binary This copies the code from web-admin and uses it to create a neat cli-accessible summary about a node This could also be extended or possibly have all the data the status page has Co-Authored-By: Matthias Schiffer --- package/gluon-core/luasrc/usr/bin/gluon-info | 38 ++++++++++++++++++++ 1 file changed, 38 insertions(+) create mode 100755 package/gluon-core/luasrc/usr/bin/gluon-info diff --git a/package/gluon-core/luasrc/usr/bin/gluon-info b/package/gluon-core/luasrc/usr/bin/gluon-info new file mode 100755 index 00000000..8cee2895 --- /dev/null +++ b/package/gluon-core/luasrc/usr/bin/gluon-info @@ -0,0 +1,38 @@ +#!/usr/bin/lua + +local uci = require('simple-uci').cursor() +local pretty_hostname = require 'pretty_hostname' + +local site = require 'gluon.site' +local sysconfig = require 'gluon.sysconfig' +local platform = require 'gluon.platform' +local util = require 'gluon.util' +local has_vpn, vpn = pcall(require, 'gluon.mesh-vpn') + +local pubkey +if has_vpn and vpn.enabled() then + local _, active_vpn = vpn.get_active_provider() + + if active_vpn ~= nil then + pubkey = active_vpn.public_key() + end +end + +local values = { + { 'Hostname', pretty_hostname.get(uci) }, + { 'MAC address', sysconfig.primary_mac }, + { 'Hardware model', platform.get_model() }, + { 'Gluon version' .. " / " .. 'Site version', util.trim(util.readfile('/lib/gluon/gluon-version')) + .. " / " .. util.trim(util.readfile('/lib/gluon/site-version')) }, + { 'Firmware release', util.trim(util.readfile('/lib/gluon/release')) }, + { 'Site', site.site_name() }, + { 'Public VPN key', pubkey or 'n/a' }, +} + +local padTo = 24 + +for _, info in ipairs(values) do + local labelLen = string.len(info[1]) + 1 + + print(info[1] .. ':' .. string.rep(' ', padTo - labelLen), info[2]) +end From 08a8ef0bcd1216188318984e0f7991ba3f61f0d0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= Date: Wed, 12 Jan 2022 01:33:28 +0100 Subject: [PATCH 44/70] gluon-web-admin: remove pubkey empty string workarround Co-Authored-By: Matthias Schiffer --- .../files/lib/gluon/config-mode/view/admin/info.html | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/package/gluon-web-admin/files/lib/gluon/config-mode/view/admin/info.html b/package/gluon-web-admin/files/lib/gluon/config-mode/view/admin/info.html index 87c1179e..7e2c9e2d 100644 --- a/package/gluon-web-admin/files/lib/gluon/config-mode/view/admin/info.html +++ b/package/gluon-web-admin/files/lib/gluon/config-mode/view/admin/info.html @@ -18,17 +18,13 @@ if active_vpn ~= nil then pubkey = active_vpn.public_key() end - - if pubkey == '' then - pubkey = nil - end end local values = { { _('Hostname'), pretty_hostname.get(uci) }, { _('MAC address'), sysconfig.primary_mac }, { _('Hardware model'), platform.get_model() }, - { _('Gluon version') .. " / " .. _('Site version'), util.trim(util.readfile('/lib/gluon/gluon-version')) + { _('Gluon version') .. " / " .. _('Site version'), util.trim(util.readfile('/lib/gluon/gluon-version')) .. " / " .. util.trim(util.readfile('/lib/gluon/site-version')) }, { _('Firmware release'), util.trim(util.readfile('/lib/gluon/release')) }, { _('Site'), site.site_name() }, From 78ca654c5cd394fcd1fdbb27bd7a3b2eb4ce1432 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= Date: Wed, 12 Jan 2022 01:35:02 +0100 Subject: [PATCH 45/70] gluon-mesh-vpn-fastd: fix empty string key Co-Authored-By: Matthias Schiffer --- .../luasrc/usr/lib/lua/gluon/mesh-vpn/provider/fastd.lua | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/package/gluon-mesh-vpn-fastd/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/fastd.lua b/package/gluon-mesh-vpn-fastd/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/fastd.lua index 1d628dc7..bcc6b5e1 100644 --- a/package/gluon-mesh-vpn-fastd/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/fastd.lua +++ b/package/gluon-mesh-vpn-fastd/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/fastd.lua @@ -7,7 +7,13 @@ local vpn_core = require 'gluon.mesh-vpn' local M = {} function M.public_key() - return util.trim(util.exec('/etc/init.d/fastd show_key mesh_vpn')) + local key = util.trim(util.exec('/etc/init.d/fastd show_key mesh_vpn')) + + if key == '' then + key = nil + end + + return key end function M.enable(val) From a8d6a99f5b9aa4ce72d9fb1b415727827a3e994b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Maciej=20Kr=C3=BCger?= Date: Wed, 12 Jan 2022 01:36:03 +0100 Subject: [PATCH 46/70] gluon-mesh-vpn-wireguard: fix empty string key Co-Authored-By: Matthias Schiffer --- package/gluon-core/luasrc/usr/bin/gluon-info | 4 ++-- .../usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua | 8 +++++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/package/gluon-core/luasrc/usr/bin/gluon-info b/package/gluon-core/luasrc/usr/bin/gluon-info index 8cee2895..c25018d1 100755 --- a/package/gluon-core/luasrc/usr/bin/gluon-info +++ b/package/gluon-core/luasrc/usr/bin/gluon-info @@ -22,8 +22,8 @@ local values = { { 'Hostname', pretty_hostname.get(uci) }, { 'MAC address', sysconfig.primary_mac }, { 'Hardware model', platform.get_model() }, - { 'Gluon version' .. " / " .. 'Site version', util.trim(util.readfile('/lib/gluon/gluon-version')) - .. " / " .. util.trim(util.readfile('/lib/gluon/site-version')) }, + { 'Gluon version / Site version', util.trim(util.readfile('/lib/gluon/gluon-version')) + .. ' / ' .. util.trim(util.readfile('/lib/gluon/site-version')) }, { 'Firmware release', util.trim(util.readfile('/lib/gluon/release')) }, { 'Site', site.site_name() }, { 'Public VPN key', pubkey or 'n/a' }, diff --git a/package/gluon-mesh-vpn-wireguard/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua b/package/gluon-mesh-vpn-wireguard/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua index 5065e217..b531b80e 100644 --- a/package/gluon-mesh-vpn-wireguard/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua +++ b/package/gluon-mesh-vpn-wireguard/luasrc/usr/lib/lua/gluon/mesh-vpn/provider/wireguard.lua @@ -7,7 +7,13 @@ local vpn_core = require 'gluon.mesh-vpn' local M = {} function M.public_key() - return util.trim(util.exec("/lib/gluon/mesh-vpn/wireguard_pubkey.sh")) + local key = util.trim(util.exec("/lib/gluon/mesh-vpn/wireguard_pubkey.sh")) + + if key == '' then + key = nil + end + + return key end function M.enable(val) From 55e95dd49bd12645234fd5f2f77747854dd82236 Mon Sep 17 00:00:00 2001 From: Luflosi Date: Fri, 14 Jan 2022 23:20:22 +0100 Subject: [PATCH 47/70] ath79-generic: add support for TP-Link Archer A7 v5 (#2374) --- docs/user/supported_devices.rst | 1 + package/gluon-core/luasrc/lib/gluon/upgrade/010-primary-mac | 1 + targets/ath79-generic | 4 ++++ 3 files changed, 6 insertions(+) diff --git a/docs/user/supported_devices.rst b/docs/user/supported_devices.rst index 8d7377f9..f80b1ef3 100644 --- a/docs/user/supported_devices.rst +++ b/docs/user/supported_devices.rst @@ -44,6 +44,7 @@ ath79-generic * TP-Link + - Archer A7 (v5) - Archer C6 (v2) - CPE220 (v3.0) - CPE510 (v2.0) diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/010-primary-mac b/package/gluon-core/luasrc/lib/gluon/upgrade/010-primary-mac index 6331211c..58c0fc06 100755 --- a/package/gluon-core/luasrc/lib/gluon/upgrade/010-primary-mac +++ b/package/gluon-core/luasrc/lib/gluon/upgrade/010-primary-mac @@ -74,6 +74,7 @@ local primary_addrs = { {'ath79', 'generic', { 'glinet,gl-ar750s-nor', 'ocedo,raccoon', + 'tplink,archer-a7-v5', 'tplink,archer-c2-v3', 'tplink,archer-d50-v1', }}, diff --git a/targets/ath79-generic b/targets/ath79-generic index 680c9f81..cd005100 100644 --- a/targets/ath79-generic +++ b/targets/ath79-generic @@ -103,6 +103,10 @@ device('siemens-ws-ap3610', 'siemens_ws-ap3610', { -- TP-Link +device('tp-link-archer-a7-v5', 'tplink_archer-a7-v5', { + packages = ATH10K_PACKAGES_QCA9880, +}) + device('tp-link-archer-c2-v3', 'tplink_archer-c2-v3', { packages = ATH10K_PACKAGES_QCA9887, class = 'tiny', From da6965c3915c46a12c39ba097f26388ad1b90ecf Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Thu, 20 Jan 2022 12:44:18 +0100 Subject: [PATCH 48/70] modules: update openwrt 1472a8fa42 procd: update to git HEAD 015f170fe6 procd: update to git HEAD cd5ba0cfbb ustream-ssl: variants conflict with each other 6eced97ce4 lantiq: flag FritzBox 7360 family buttons active-low b59f3b08b4 firmware-utils: tplink-safeloader: fix Archer A7v5 factory flashing from vendor fw > v1.1.x 43d105ec2a kernel: bump 5.4 to 5.4.171 1db847488d ath79: rb912: fix pll init issues 6ced8cad8e kernel: backport workaround for Realtek RTL8672 and RTL9601C chips 77ee281a3e kernel: add kmod-ledtrig-pattern aa2de44cdd kernel: fix AutoLoad parameter for uleds module bc37a699e5 kernel: add kmod-leds-uleds 96b5962704 mvebu: remove patch that was applied into linux stable 5beaa75d94 openssl: bump to 1.1.1m 93842b20dc bcm4908: include ATF in bootfs images 18b10db2f1 arm-trusted-firmware-bcm63xx: add ATF for Broadcom devices 739e359241 kernel: backport support for multicolor & RGB LEDs to 5.4 608c7dccf2 bcm4908: sysupgrade: add pkgtb format support b6ed2641df busybox: backport dd support for iflag=count_bytes 7e4485fd5b bcm4908: add uboot-envtools to default packages 4cd5d11fa3 bcm4908: add fdt-utils to default packages 1d4a28d5e1 dtc: support printing binary data with fdtget ce5d0378bf dtc: import package for dtc & fdt from packages feed 6292d1e354 bcm4908: sysupgrade: refactor handling different firmware formats a00854040d ipq40xx: specify FritzBox 7530 LAN port label numbers 27225e3538 kernel: ath10k: provide a build variant for small RAM devices 104774c3b0 mvebu: puzzle: wan LED and fix default network 47d82f0710 mvebu: enable Aquantia phy driver for Puzzle devices 164ed6069c mvebu: add id for AQR112 Ethernet phy variants daf4301071 mvebu: import patch enabling AQR113 PHY ee5750043c mvebu: import patch enabling AQR112 and AQR412 PHY a03840a1a9 mvebu: puzzle-m901: add LEDs, fan and reset button 280bb7c10c mvebu: puzzle-m902: add GPIO reset button 1e5df4d550 mvebu: puzzle-mcu: improve led driver 99a1e88297 mvebu: puzzle-m902: add driver for MCU driving LEDs, fan and buzzer 3b14ddf8d2 build: fix opkg install step for large package selection --- modules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules b/modules index a73c626f..9779d356 100644 --- a/modules +++ b/modules @@ -2,7 +2,7 @@ GLUON_FEEDS='packages routing gluon' OPENWRT_REPO=https://github.com/openwrt/openwrt.git OPENWRT_BRANCH=openwrt-21.02 -OPENWRT_COMMIT=4dddb7ca3669e93d4da2b1ca43b8bc22bd007e48 +OPENWRT_COMMIT=1472a8fa4253c0aed5053adffe59463ceb94f139 PACKAGES_PACKAGES_REPO=https://github.com/openwrt/packages.git PACKAGES_PACKAGES_BRANCH=openwrt-21.02 From 61490570724ceb6d004eb41340cee8ec377abd62 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Thu, 20 Jan 2022 12:44:24 +0100 Subject: [PATCH 49/70] modules: update packages 444b64e36 cryptsetup: update to version 2.4.3 a259a4aaa git: update to version 2.34.1 0cdffbaf9 crowdsec: update from upstream latest release 1.2.3 031fbb16a smcroute: update to 2.5.5 fcf163335 smcroute: update to 2.5.4 c7470d1d8 wg-installer: switch to ubus call for olsrd hotplug 8c3ce87fd wg-installer: rework iproute2 commands 3f88edfa5 2to3: add package host tool bb09bc37b CI: fix runtime testing for non master branch bbd3d70cd i2pd: Update to 2.40.0 and update package sources 19d32003c i2pd: remove unneeded functions.sh 8d150985c i2pd: Update to 2.38.0 5ee9fb98d i2pd: update to 2.36 d0bb48741 mariadb: Add sudo dependency f4d8f9c98 mariadb: Check and fix datadir owner issues during upgrade 7a3f41af4 mariadb: update to version 10.4.22 d3e6dc51e mg: bump to 7.0 15b41a675 zerotier: add configuration reload trigger 2bca94d83 netdata: Update init script to use -D rather than -nd c7fef6db5 atlas-probe: update to version 2.4.1 98c1fe435 atlas-sw-probe: update to version 5040 1a40e3c89 crowdsec-firewall-bouncer: update to 0.0.21 432140a36 crowdsec: update to 1.2.2 b5443ccdf apache: fixup apxs 19451ec86 apache: security bump to 2.4.51 6fe1b64e7 wg-installer: fix shell typo f21f39cfd wg-installer: allow defining link costs for hotplugs 995251746 wg-installer: private key as parameter 652ebf1a3 wg-installer: generate new keys for every connection 5f517cc58 golang: Update to 1.17.6 92e357ebd wg-installer: fix using symlinks for conf files caa72e5c5 fail2ban: fix 2to3 error b3764db33 wg-installer: fix cleanup script 1e179f92a haveged: update to 1.9.17 d36455277 wg-installer: fix get_usage function 49f898044 wg-installer: delete old interfaces 335ad2a4d wg-installer: fix dependencies f2745c85a wg-installer: fix typo in cleanup function 1de352b60 wg-installer: fix ipv4 meshing via olsr efb5bdf07 wg-installer: add link-local to client interface bf1c780af wg-installer: add cleanup script 032d0157c wg-installer: add ipv4 support 33d6705d2 getdns: remove maintainer b1dfbf975 getdns: bump to 1.7.0 f755690b0 wg-installer: add hotplug script for olsr 85b6d750d radicale2: Update to 2.1.12 2415cbb9b radicale: Update to 1.1.7 4e1bfe4e9 inadyn: update to 2.9.1 --- modules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules b/modules index 9779d356..2b79ada8 100644 --- a/modules +++ b/modules @@ -6,7 +6,7 @@ OPENWRT_COMMIT=1472a8fa4253c0aed5053adffe59463ceb94f139 PACKAGES_PACKAGES_REPO=https://github.com/openwrt/packages.git PACKAGES_PACKAGES_BRANCH=openwrt-21.02 -PACKAGES_PACKAGES_COMMIT=ab94e0709a9c796d34d723ddba44380f7b3d8698 +PACKAGES_PACKAGES_COMMIT=444b64e36cfb9d1dbbb6733bd713aacd2f91a821 PACKAGES_ROUTING_REPO=https://github.com/openwrt/routing.git PACKAGES_ROUTING_BRANCH=openwrt-21.02 From afc9d6b23592bcb1b04dab903ccf622b819c1806 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Thu, 20 Jan 2022 12:44:26 +0100 Subject: [PATCH 50/70] modules: update routing c2e138d olsrd: add ubus ipc integration to olsrd 7d07ef9 CI: fix runtime testing for non master branch 61cd00c naywatch: introduce kick-count 440e7af naywatch: fix mode without watchdog c8b613e olsrd: fix meshing via wireguard tunnels --- modules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules b/modules index 2b79ada8..d5886b52 100644 --- a/modules +++ b/modules @@ -10,7 +10,7 @@ PACKAGES_PACKAGES_COMMIT=444b64e36cfb9d1dbbb6733bd713aacd2f91a821 PACKAGES_ROUTING_REPO=https://github.com/openwrt/routing.git PACKAGES_ROUTING_BRANCH=openwrt-21.02 -PACKAGES_ROUTING_COMMIT=a85b7c7ea865e0e11ffaa2f7b08ed3e52624f07c +PACKAGES_ROUTING_COMMIT=c2e138d49fa4796ab03f0eadb7b4d37aac75498a PACKAGES_GLUON_REPO=https://github.com/freifunk-gluon/packages.git PACKAGES_GLUON_COMMIT=52d7ac4aea7dc17c639c96ad9e179137ca66e614 From 5e1d46e2b7736572c36e4cc5c39e726bc0e86039 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Thu, 20 Jan 2022 12:44:27 +0100 Subject: [PATCH 51/70] modules: update gluon 5bca036 pretty-hostname: instantly apply hostname a85fa33 treewide: change Github URLs from git:// to https:// (#252) --- modules | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules b/modules index d5886b52..20b22b3c 100644 --- a/modules +++ b/modules @@ -13,4 +13,4 @@ PACKAGES_ROUTING_BRANCH=openwrt-21.02 PACKAGES_ROUTING_COMMIT=c2e138d49fa4796ab03f0eadb7b4d37aac75498a PACKAGES_GLUON_REPO=https://github.com/freifunk-gluon/packages.git -PACKAGES_GLUON_COMMIT=52d7ac4aea7dc17c639c96ad9e179137ca66e614 +PACKAGES_GLUON_COMMIT=308166e3c6b2d571606dd1dbfadd2bb8e31d8f90 From 0db3c58329ec17ee09ab2abe1b821c55369512a4 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sun, 23 Jan 2022 11:36:08 +0100 Subject: [PATCH 52/70] modules: update OpenWrt base 97b95ef8b918 uci: update to the latest master Replace the downstream UCI patch with a proper OpenWrt 21.02 backport. --- modules | 2 +- ...li-add-option-for-changing-save-path.patch | 83 ------------------- ...ols-allow-generating-private_key-v3.patch} | 0 3 files changed, 1 insertion(+), 84 deletions(-) delete mode 100644 patches/openwrt/0005-package-uci-backport-cli-add-option-for-changing-save-path.patch rename patches/openwrt/{0006-wireguard-tools-allow-generating-private_key-v3.patch => 0005-wireguard-tools-allow-generating-private_key-v3.patch} (100%) diff --git a/modules b/modules index 20b22b3c..5654db74 100644 --- a/modules +++ b/modules @@ -2,7 +2,7 @@ GLUON_FEEDS='packages routing gluon' OPENWRT_REPO=https://github.com/openwrt/openwrt.git OPENWRT_BRANCH=openwrt-21.02 -OPENWRT_COMMIT=1472a8fa4253c0aed5053adffe59463ceb94f139 +OPENWRT_COMMIT=97b95ef8b9186518cda6f2d3cec8a01860fae2e7 PACKAGES_PACKAGES_REPO=https://github.com/openwrt/packages.git PACKAGES_PACKAGES_BRANCH=openwrt-21.02 diff --git a/patches/openwrt/0005-package-uci-backport-cli-add-option-for-changing-save-path.patch b/patches/openwrt/0005-package-uci-backport-cli-add-option-for-changing-save-path.patch deleted file mode 100644 index a3f4f92a..00000000 --- a/patches/openwrt/0005-package-uci-backport-cli-add-option-for-changing-save-path.patch +++ /dev/null @@ -1,83 +0,0 @@ -From: Leonardo Mörlein -Date: Sat, 16 Jan 2021 23:11:01 +0100 -Subject: package/uci: backport: "cli: add option for changing save path" - -This is a backport of - -https://git.openwrt.org/?p=project/uci.git;a=commit;h=4b3db1179747b6a6779029407984bacef851325c - -diff --git a/package/system/uci/Makefile b/package/system/uci/Makefile -index 75fc1bdfad0694aac99830b9b0cc87b42ea16e7d..924d5bb4824f567888e2ffd2954429af8f4fd504 100644 ---- a/package/system/uci/Makefile -+++ b/package/system/uci/Makefile -@@ -9,7 +9,7 @@ - include $(TOPDIR)/rules.mk - - PKG_NAME:=uci --PKG_RELEASE:=5 -+PKG_RELEASE:=6 - - PKG_SOURCE_URL=$(PROJECT_GIT)/project/uci.git - PKG_SOURCE_PROTO:=git -diff --git a/package/system/uci/patches/0001-cli-add-option-for-changin-save-path.patch b/package/system/uci/patches/0001-cli-add-option-for-changin-save-path.patch -new file mode 100644 -index 0000000000000000000000000000000000000000..377aec41fe6928aa26bccdde9fd77576d57ec4ed ---- /dev/null -+++ b/package/system/uci/patches/0001-cli-add-option-for-changin-save-path.patch -@@ -0,0 +1,56 @@ -+From: Rafał Miłecki -+Date: Mon, 12 Apr 2021 14:05:52 +0000 (+0200) -+Subject: cli: add option for changing save path -+X-Git-Url: http://git.openwrt.org/?p=project%2Fuci.git;a=commitdiff_plain;h=4b3db1179747b6a6779029407984bacef851325c;hp=52bbc99f69ea6f67b6fe264f424dac91bde5016c -+ -+cli: add option for changing save path -+ -+Save path is a directory where config change (delta) files are stored. -+Having a custom individual save dir can be used to prevent two (or more) -+"uci" cli callers (e.g. bash scripts) from commiting each other changes. -+ -+In the following example: -+ -+App0 App1 -+---- ---- -+uci set system.@system[0].timezone=UTC -+ uci set system.@system[0].hostname=OpenWrt -+ uci commit system -+ -+App1 would unintentionally commit changes made by App0. This can be -+avoided by at least 1 "uci" cli user specifying a custom -t option. -+ -+Signed-off-by: Rafał Miłecki -+--- -+ -+diff --git a/cli.c b/cli.c -+index 267437d..2fce39d 100644 -+--- a/cli.c -++++ b/cli.c -+@@ -167,6 +167,7 @@ static void uci_usage(void) -+ "\t-N don't name unnamed sections\n" -+ "\t-p add a search path for config change files\n" -+ "\t-P add a search path for config change files and use as default\n" -++ "\t-t set save path for config change files\n" -+ "\t-q quiet mode (don't print error messages)\n" -+ "\t-s force strict mode (stop on parser errors, default)\n" -+ "\t-S disable strict mode\n" -+@@ -706,7 +707,7 @@ int main(int argc, char **argv) -+ return 1; -+ } -+ -+- while((c = getopt(argc, argv, "c:d:f:LmnNp:P:sSqX")) != -1) { -++ while((c = getopt(argc, argv, "c:d:f:LmnNp:P:qsSt:X")) != -1) { -+ switch(c) { -+ case 'c': -+ uci_set_confdir(ctx, optarg); -+@@ -754,6 +755,9 @@ int main(int argc, char **argv) -+ case 'q': -+ flags |= CLI_FLAG_QUIET; -+ break; -++ case 't': -++ uci_set_savedir(ctx, optarg); -++ break; -+ case 'X': -+ flags &= ~CLI_FLAG_SHOW_EXT; -+ break; diff --git a/patches/openwrt/0006-wireguard-tools-allow-generating-private_key-v3.patch b/patches/openwrt/0005-wireguard-tools-allow-generating-private_key-v3.patch similarity index 100% rename from patches/openwrt/0006-wireguard-tools-allow-generating-private_key-v3.patch rename to patches/openwrt/0005-wireguard-tools-allow-generating-private_key-v3.patch From 1e50966b84382be2d3d8addeb5025f282ccd39af Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sun, 23 Jan 2022 10:56:11 +0100 Subject: [PATCH 53/70] kernel: drop obsolete ebtables patches We are on Linux 5.4, so these patches for Linux 4.14 don't do anything. --- ...d-support-for-ICMP-IGMP-type-matches.patch | 240 ------------------ ...ols-allow-generating-private_key-v3.patch} | 0 2 files changed, 240 deletions(-) delete mode 100644 patches/openwrt/0004-kernel-ebtables-add-support-for-ICMP-IGMP-type-matches.patch rename patches/openwrt/{0005-wireguard-tools-allow-generating-private_key-v3.patch => 0004-wireguard-tools-allow-generating-private_key-v3.patch} (100%) diff --git a/patches/openwrt/0004-kernel-ebtables-add-support-for-ICMP-IGMP-type-matches.patch b/patches/openwrt/0004-kernel-ebtables-add-support-for-ICMP-IGMP-type-matches.patch deleted file mode 100644 index 37698460..00000000 --- a/patches/openwrt/0004-kernel-ebtables-add-support-for-ICMP-IGMP-type-matches.patch +++ /dev/null @@ -1,240 +0,0 @@ -From: Matthias Schiffer -Date: Thu, 12 Apr 2018 07:50:02 +0200 -Subject: kernel: ebtables: add support for ICMP/IGMP type matches - -Signed-off-by: Matthias Schiffer - -diff --git a/target/linux/generic/backport-4.14/096-0001-ebtables-add-support-for-matching-ICMP-type-and-code.patch b/target/linux/generic/backport-4.14/096-0001-ebtables-add-support-for-matching-ICMP-type-and-code.patch -new file mode 100644 -index 0000000000000000000000000000000000000000..fe9c479338a7b597be649c761c70a63085b51c5f ---- /dev/null -+++ b/target/linux/generic/backport-4.14/096-0001-ebtables-add-support-for-matching-ICMP-type-and-code.patch -@@ -0,0 +1,134 @@ -+From: Matthias Schiffer -+Date: Sat, 3 Mar 2018 11:55:21 +0100 -+Subject: [PATCH 1/2] ebtables: add support for matching ICMP type and code -+ -+We already have ICMPv6 type/code matches. This adds support for IPv4 ICMP -+matches in the same way. -+ -+Signed-off-by: Matthias Schiffer -+--- -+ include/uapi/linux/netfilter_bridge/ebt_ip.h | 13 +++++++-- -+ net/bridge/netfilter/ebt_ip.c | 43 +++++++++++++++++++++------- -+ 2 files changed, 43 insertions(+), 13 deletions(-) -+ -+--- a/include/uapi/linux/netfilter_bridge/ebt_ip.h -++++ b/include/uapi/linux/netfilter_bridge/ebt_ip.h -+@@ -24,8 +24,9 @@ -+ #define EBT_IP_PROTO 0x08 -+ #define EBT_IP_SPORT 0x10 -+ #define EBT_IP_DPORT 0x20 -++#define EBT_IP_ICMP 0x40 -+ #define EBT_IP_MASK (EBT_IP_SOURCE | EBT_IP_DEST | EBT_IP_TOS | EBT_IP_PROTO |\ -+- EBT_IP_SPORT | EBT_IP_DPORT ) -++ EBT_IP_SPORT | EBT_IP_DPORT | EBT_IP_ICMP) -+ #define EBT_IP_MATCH "ip" -+ -+ /* the same values are used for the invflags */ -+@@ -38,8 +39,14 @@ struct ebt_ip_info { -+ __u8 protocol; -+ __u8 bitmask; -+ __u8 invflags; -+- __u16 sport[2]; -+- __u16 dport[2]; -++ union { -++ __u16 sport[2]; -++ __u8 icmp_type[2]; -++ }; -++ union { -++ __u16 dport[2]; -++ __u8 icmp_code[2]; -++ }; -+ }; -+ -+ #endif -+--- a/net/bridge/netfilter/ebt_ip.c -++++ b/net/bridge/netfilter/ebt_ip.c -+@@ -19,9 +19,15 @@ -+ #include -+ #include -+ -+-struct tcpudphdr { -+- __be16 src; -+- __be16 dst; -++union pkthdr { -++ struct { -++ __be16 src; -++ __be16 dst; -++ } tcpudphdr; -++ struct { -++ u8 type; -++ u8 code; -++ } icmphdr; -+ }; -+ -+ static bool -+@@ -30,8 +36,8 @@ ebt_ip_mt(const struct sk_buff *skb, str -+ const struct ebt_ip_info *info = par->matchinfo; -+ const struct iphdr *ih; -+ struct iphdr _iph; -+- const struct tcpudphdr *pptr; -+- struct tcpudphdr _ports; -++ const union pkthdr *pptr; -++ union pkthdr _pkthdr; -+ -+ ih = skb_header_pointer(skb, 0, sizeof(_iph), &_iph); -+ if (ih == NULL) -+@@ -50,29 +56,38 @@ ebt_ip_mt(const struct sk_buff *skb, str -+ if (info->bitmask & EBT_IP_PROTO) { -+ if (NF_INVF(info, EBT_IP_PROTO, info->protocol != ih->protocol)) -+ return false; -+- if (!(info->bitmask & EBT_IP_DPORT) && -+- !(info->bitmask & EBT_IP_SPORT)) -++ if (!(info->bitmask & (EBT_IP_DPORT | EBT_IP_SPORT | -++ EBT_IP_ICMP))) -+ return true; -+ if (ntohs(ih->frag_off) & IP_OFFSET) -+ return false; -++ -++ /* min icmp headersize is 4, so sizeof(_pkthdr) is ok. */ -+ pptr = skb_header_pointer(skb, ih->ihl*4, -+- sizeof(_ports), &_ports); -++ sizeof(_pkthdr), &_pkthdr); -+ if (pptr == NULL) -+ return false; -+ if (info->bitmask & EBT_IP_DPORT) { -+- u32 dst = ntohs(pptr->dst); -++ u32 dst = ntohs(pptr->tcpudphdr.dst); -+ if (NF_INVF(info, EBT_IP_DPORT, -+ dst < info->dport[0] || -+ dst > info->dport[1])) -+ return false; -+ } -+ if (info->bitmask & EBT_IP_SPORT) { -+- u32 src = ntohs(pptr->src); -++ u32 src = ntohs(pptr->tcpudphdr.src); -+ if (NF_INVF(info, EBT_IP_SPORT, -+ src < info->sport[0] || -+ src > info->sport[1])) -+ return false; -+ } -++ if ((info->bitmask & EBT_IP_ICMP) && -++ NF_INVF(info, EBT_IP_ICMP, -++ pptr->icmphdr.type < info->icmp_type[0] || -++ pptr->icmphdr.type > info->icmp_type[1] || -++ pptr->icmphdr.code < info->icmp_code[0] || -++ pptr->icmphdr.code > info->icmp_code[1])) -++ return false; -+ } -+ return true; -+ } -+@@ -101,6 +116,14 @@ static int ebt_ip_mt_check(const struct -+ return -EINVAL; -+ if (info->bitmask & EBT_IP_SPORT && info->sport[0] > info->sport[1]) -+ return -EINVAL; -++ if (info->bitmask & EBT_IP_ICMP) { -++ if ((info->invflags & EBT_IP_PROTO) || -++ info->protocol != IPPROTO_ICMP) -++ return -EINVAL; -++ if (info->icmp_type[0] > info->icmp_type[1] || -++ info->icmp_code[0] > info->icmp_code[1]) -++ return -EINVAL; -++ } -+ return 0; -+ } -+ -diff --git a/target/linux/generic/backport-4.14/096-0002-ebtables-add-support-for-matching-IGMP-type.patch b/target/linux/generic/backport-4.14/096-0002-ebtables-add-support-for-matching-IGMP-type.patch -new file mode 100644 -index 0000000000000000000000000000000000000000..4c8144834d87c58ff90363cdc2f2933194e54fdc ---- /dev/null -+++ b/target/linux/generic/backport-4.14/096-0002-ebtables-add-support-for-matching-IGMP-type.patch -@@ -0,0 +1,88 @@ -+From: Matthias Schiffer -+Date: Sat, 3 Mar 2018 12:02:21 +0100 -+Subject: [PATCH 2/2] ebtables: add support for matching IGMP type -+ -+We already have ICMPv6 type/code matches (which can be used to distinguish -+different types of MLD packets). Add support for IPv4 IGMP matches in the -+same way. -+ -+Signed-off-by: Matthias Schiffer -+--- -+ include/uapi/linux/netfilter_bridge/ebt_ip.h | 4 +++- -+ net/bridge/netfilter/ebt_ip.c | 19 +++++++++++++++++-- -+ 2 files changed, 20 insertions(+), 3 deletions(-) -+ -+--- a/include/uapi/linux/netfilter_bridge/ebt_ip.h -++++ b/include/uapi/linux/netfilter_bridge/ebt_ip.h -+@@ -25,8 +25,9 @@ -+ #define EBT_IP_SPORT 0x10 -+ #define EBT_IP_DPORT 0x20 -+ #define EBT_IP_ICMP 0x40 -++#define EBT_IP_IGMP 0x80 -+ #define EBT_IP_MASK (EBT_IP_SOURCE | EBT_IP_DEST | EBT_IP_TOS | EBT_IP_PROTO |\ -+- EBT_IP_SPORT | EBT_IP_DPORT | EBT_IP_ICMP) -++ EBT_IP_SPORT | EBT_IP_DPORT | EBT_IP_ICMP | EBT_IP_IGMP) -+ #define EBT_IP_MATCH "ip" -+ -+ /* the same values are used for the invflags */ -+@@ -42,6 +43,7 @@ struct ebt_ip_info { -+ union { -+ __u16 sport[2]; -+ __u8 icmp_type[2]; -++ __u8 igmp_type[2]; -+ }; -+ union { -+ __u16 dport[2]; -+--- a/net/bridge/netfilter/ebt_ip.c -++++ b/net/bridge/netfilter/ebt_ip.c -+@@ -28,6 +28,9 @@ union pkthdr { -+ u8 type; -+ u8 code; -+ } icmphdr; -++ struct { -++ u8 type; -++ } igmphdr; -+ }; -+ -+ static bool -+@@ -57,12 +60,12 @@ ebt_ip_mt(const struct sk_buff *skb, str -+ if (NF_INVF(info, EBT_IP_PROTO, info->protocol != ih->protocol)) -+ return false; -+ if (!(info->bitmask & (EBT_IP_DPORT | EBT_IP_SPORT | -+- EBT_IP_ICMP))) -++ EBT_IP_ICMP | EBT_IP_IGMP))) -+ return true; -+ if (ntohs(ih->frag_off) & IP_OFFSET) -+ return false; -+ -+- /* min icmp headersize is 4, so sizeof(_pkthdr) is ok. */ -++ /* min icmp/igmp headersize is 4, so sizeof(_pkthdr) is ok. */ -+ pptr = skb_header_pointer(skb, ih->ihl*4, -+ sizeof(_pkthdr), &_pkthdr); -+ if (pptr == NULL) -+@@ -88,6 +91,11 @@ ebt_ip_mt(const struct sk_buff *skb, str -+ pptr->icmphdr.code < info->icmp_code[0] || -+ pptr->icmphdr.code > info->icmp_code[1])) -+ return false; -++ if ((info->bitmask & EBT_IP_IGMP) && -++ NF_INVF(info, EBT_IP_IGMP, -++ pptr->igmphdr.type < info->igmp_type[0] || -++ pptr->igmphdr.type > info->igmp_type[1])) -++ return false; -+ } -+ return true; -+ } -+@@ -124,6 +132,13 @@ static int ebt_ip_mt_check(const struct -+ info->icmp_code[0] > info->icmp_code[1]) -+ return -EINVAL; -+ } -++ if (info->bitmask & EBT_IP_IGMP) { -++ if ((info->invflags & EBT_IP_PROTO) || -++ info->protocol != IPPROTO_IGMP) -++ return -EINVAL; -++ if (info->igmp_type[0] > info->igmp_type[1]) -++ return -EINVAL; -++ } -+ return 0; -+ } -+ diff --git a/patches/openwrt/0005-wireguard-tools-allow-generating-private_key-v3.patch b/patches/openwrt/0004-wireguard-tools-allow-generating-private_key-v3.patch similarity index 100% rename from patches/openwrt/0005-wireguard-tools-allow-generating-private_key-v3.patch rename to patches/openwrt/0004-wireguard-tools-allow-generating-private_key-v3.patch From c0afb9cc397e1199e50417bc8766dede23d52150 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Mon, 3 Jan 2022 02:41:33 +0100 Subject: [PATCH 54/70] contrib: lsupgrade: do not search the OpenWrt "packages" feed Iterating over all the package directories in the OpenWrt feed takes a while, even though it doesn't contain any upgrade scripts. Skip the whole directory. --- contrib/lsupgrade.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/lsupgrade.sh b/contrib/lsupgrade.sh index f8e28f9a..25d10415 100755 --- a/contrib/lsupgrade.sh +++ b/contrib/lsupgrade.sh @@ -28,7 +28,7 @@ fi pushd "$(dirname "$0")/.." >/dev/null -find ./package packages -name Makefile | while read -r makefile; do +find ./package packages -name Makefile | grep -v '^packages/packages/' | while read -r makefile; do dir="$(dirname "$makefile")" pushd "$dir" >/dev/null From c7e38fdc2c29672944ccd00b504ddd86c00bfa41 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Mon, 3 Jan 2022 02:46:05 +0100 Subject: [PATCH 55/70] contrib: lsupgrade: optimize output - Use printf instead of echo for better portability - Print whole path without reordering components - Deduplicate code --- contrib/lsupgrade.sh | 11 +++++------ 1 file changed, 5 insertions(+), 6 deletions(-) diff --git a/contrib/lsupgrade.sh b/contrib/lsupgrade.sh index 25d10415..284fe44b 100755 --- a/contrib/lsupgrade.sh +++ b/contrib/lsupgrade.sh @@ -37,13 +37,12 @@ find ./package packages -name Makefile | grep -v '^packages/packages/' | while r dirname="$(dirname "$dir" | cut -d/ -f 3-)" package="$(basename "$dir")" - for file in "${SUFFIX1}"/*; do - echo "${GREEN}$(basename "${file}")${RESET}" "(${BLUE}${repo}${RESET}/${dirname}${dirname:+/}${RED}${package}${RESET}/${SUFFIX1})" - done - for file in "${SUFFIX2}"/*; do - echo "${GREEN}$(basename "${file}")${RESET}" "(${BLUE}${repo}${RESET}/${dirname}${dirname:+/}${RED}${package}${RESET}/${SUFFIX2})" + for file in "${SUFFIX1}"/* "${SUFFIX2}"/*; do + basename="$(basename "${file}")" + suffix="$(dirname "${file}")" + printf "%s\t%s\n" "${basename}" "${BLUE}${repo}${RESET}/${dirname}${dirname:+/}${RED}${package}${RESET}/${suffix}/${GREEN}${basename}${RESET}" done popd >/dev/null -done | sort +done | sort | cut -f2- popd >/dev/null From 84f4c164f46725da4d2355fc3186acdc9b08449c Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sun, 2 Jan 2022 22:23:46 +0100 Subject: [PATCH 56/70] gluon-setup-mode: remove obsolete migration --- .../lib/gluon/upgrade/310-setup-mode-migrate | 14 -------------- 1 file changed, 14 deletions(-) delete mode 100755 package/gluon-setup-mode/luasrc/lib/gluon/upgrade/310-setup-mode-migrate diff --git a/package/gluon-setup-mode/luasrc/lib/gluon/upgrade/310-setup-mode-migrate b/package/gluon-setup-mode/luasrc/lib/gluon/upgrade/310-setup-mode-migrate deleted file mode 100755 index ecaa07f9..00000000 --- a/package/gluon-setup-mode/luasrc/lib/gluon/upgrade/310-setup-mode-migrate +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/lua - -local uci = require('simple-uci').cursor() - - -local old = uci:get_first('gluon-config-mode', 'wizard', 'configured') -if old == '1' then - local setup_mode = uci:get_first('gluon-setup-mode', 'setup_mode') - uci:set('gluon-setup-mode', setup_mode, 'configured', true) - - uci:save('gluon-setup-mode') -end - -os.remove('/etc/config/gluon-config-mode') From c530070e962e4bae2bc58e51e0556a866d473908 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sun, 2 Jan 2022 22:28:08 +0100 Subject: [PATCH 57/70] gluon-mesh-vpn-tunneldigger: remove obsolete migration --- .../lib/gluon/upgrade/400-mesh-vpn-tunneldigger | 15 --------------- 1 file changed, 15 deletions(-) diff --git a/package/gluon-mesh-vpn-tunneldigger/luasrc/lib/gluon/upgrade/400-mesh-vpn-tunneldigger b/package/gluon-mesh-vpn-tunneldigger/luasrc/lib/gluon/upgrade/400-mesh-vpn-tunneldigger index b37bb476..9888d87e 100755 --- a/package/gluon-mesh-vpn-tunneldigger/luasrc/lib/gluon/upgrade/400-mesh-vpn-tunneldigger +++ b/package/gluon-mesh-vpn-tunneldigger/luasrc/lib/gluon/upgrade/400-mesh-vpn-tunneldigger @@ -7,22 +7,7 @@ local vpn_core = require 'gluon.mesh-vpn' local uci = require('simple-uci').cursor() -local enabled - --- Delete old broker config section (remove in 2019) -if not uci:get('tunneldigger', 'mesh_vpn') then - if uci:get_first('tunneldigger', 'broker', 'interface') == 'mesh-vpn' then - enabled = uci:get_first('tunneldigger', 'broker', 'enabled') - end - - -- In the usual case (no migration from old tunneldigger package), the - -- enabled state is set in the 500-mesh-vpn script - - uci:delete_all('tunneldigger', 'broker') -end - uci:section('tunneldigger', 'broker', 'mesh_vpn', { - enabled = enabled, uuid = util.node_id(), interface = vpn_core.get_interface(), bind_interface = 'br-wan', From 225e8692bd7b1916aabd2ad633289b8094ab2d28 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sun, 2 Jan 2022 22:29:51 +0100 Subject: [PATCH 58/70] gluon-radvd: remove obsolete migration --- .../luasrc/lib/gluon/upgrade/500-radvd-remove-user | 5 ----- 1 file changed, 5 deletions(-) delete mode 100755 package/gluon-radvd/luasrc/lib/gluon/upgrade/500-radvd-remove-user diff --git a/package/gluon-radvd/luasrc/lib/gluon/upgrade/500-radvd-remove-user b/package/gluon-radvd/luasrc/lib/gluon/upgrade/500-radvd-remove-user deleted file mode 100755 index 036406af..00000000 --- a/package/gluon-radvd/luasrc/lib/gluon/upgrade/500-radvd-remove-user +++ /dev/null @@ -1,5 +0,0 @@ -#!/usr/bin/lua - -local users = require 'gluon.users' - -users.remove_user('gluon-radvd') From d8f6ed2406ba061faa50ae005879c59f750dd322 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sun, 2 Jan 2022 22:20:01 +0100 Subject: [PATCH 59/70] gluon-node-info: remove obsolete migration/fixup --- .../gluon/upgrade/520-node-info-whitespace-fix | 15 --------------- 1 file changed, 15 deletions(-) delete mode 100755 package/gluon-node-info/luasrc/lib/gluon/upgrade/520-node-info-whitespace-fix diff --git a/package/gluon-node-info/luasrc/lib/gluon/upgrade/520-node-info-whitespace-fix b/package/gluon-node-info/luasrc/lib/gluon/upgrade/520-node-info-whitespace-fix deleted file mode 100755 index 62cd4beb..00000000 --- a/package/gluon-node-info/luasrc/lib/gluon/upgrade/520-node-info-whitespace-fix +++ /dev/null @@ -1,15 +0,0 @@ -#!/usr/bin/lua -local uci = require('simple-uci').cursor() -local util = require 'gluon.util' - -local sname = uci:get_first('gluon-node-info', 'location') -if sname then - local options = {'longitude', 'latitude', 'altitude'} - for _, option in ipairs(options) do - local value = uci:get('gluon-node-info', sname, option) - if value then - uci:set('gluon-node-info', sname, option, util.trim(value)) - end - end - uci:save('gluon-node-info') -end From b68a07e9303840bb26763fd7b3c44dbcebc7b1ea Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Sat, 1 Jan 2022 23:06:03 +0100 Subject: [PATCH 60/70] gluon-mesh-vpn-fastd: merge secret generation setup into main upgrade script There wasn't really a reason to have a separate script to set a single value. In addition, the old script was using the identifier 'c' instead of 'uci' for the UCI cursor. Following the convention of the other scripts is helpful so it is easy to grep for all uses of a certain config file/ option. --- .../luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd | 6 ++++++ .../gluon/upgrade/410-mesh-vpn-fastd-generate-secret | 12 ------------ 2 files changed, 6 insertions(+), 12 deletions(-) delete mode 100755 package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/410-mesh-vpn-fastd-generate-secret diff --git a/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd b/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd index 4d56be2a..5fed1e8c 100755 --- a/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd +++ b/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/400-mesh-vpn-fastd @@ -9,6 +9,11 @@ local uci = require('simple-uci').cursor() local syslog_level = uci:get('fastd', 'mesh_vpn', 'syslog_level') or 'verbose' +local secret = uci:get('fastd', 'mesh_vpn', 'secret') +if not secret or not secret:match(('%x'):rep(64)) then + secret = 'generate' +end + local methods if site.mesh_vpn.fastd.configurable(false) then @@ -38,6 +43,7 @@ end uci:section('fastd', 'fastd', 'mesh_vpn', { group = 'gluon-mesh-vpn', syslog_level = syslog_level, + secret = secret, interface = vpn_core.get_interface(), mode = 'tap', mtu = site.mesh_vpn.mtu(), diff --git a/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/410-mesh-vpn-fastd-generate-secret b/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/410-mesh-vpn-fastd-generate-secret deleted file mode 100755 index f43e8b1f..00000000 --- a/package/gluon-mesh-vpn-fastd/luasrc/lib/gluon/upgrade/410-mesh-vpn-fastd-generate-secret +++ /dev/null @@ -1,12 +0,0 @@ -#!/usr/bin/lua - -local uci = require 'simple-uci' - -local c = uci.cursor() - -local secret = c:get("fastd", "mesh_vpn", "secret") - -if not secret or not secret:match(("%x"):rep(64)) then - c:set("fastd", "mesh_vpn", "secret", "generate") - c:save("fastd") -end From 12127813c556d4ad1df69495a1184fd71a3275c4 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Wed, 5 Jan 2022 18:41:05 +0100 Subject: [PATCH 61/70] gluon-core: move preserve_channels setting to /etc/config/gluon /etc/config/gluon-core is used for nothing else. As /etc/config/gluon uses a named wireless section, also change the get_first() to get(). --- package/gluon-core/luasrc/usr/lib/lua/gluon/wireless.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/gluon-core/luasrc/usr/lib/lua/gluon/wireless.lua b/package/gluon-core/luasrc/usr/lib/lua/gluon/wireless.lua index 3e0696aa..62fe3228 100644 --- a/package/gluon-core/luasrc/usr/lib/lua/gluon/wireless.lua +++ b/package/gluon-core/luasrc/usr/lib/lua/gluon/wireless.lua @@ -123,7 +123,7 @@ function M.foreach_radio(uci, f) end function M.preserve_channels(uci) - return uci:get_first('gluon-core', 'wireless', 'preserve_channels') + return uci:get('gluon', 'wireless', 'preserve_channels') end function M.device_supports_wpa3() From 578daf5f87d3d12d53611fc66d7565425f2a47d8 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Wed, 5 Jan 2022 18:42:52 +0100 Subject: [PATCH 62/70] gluon-core: remove obsolete config file --- package/gluon-core/Makefile | 1 - package/gluon-core/files/etc/config/gluon-core | 1 - 2 files changed, 2 deletions(-) delete mode 100644 package/gluon-core/files/etc/config/gluon-core diff --git a/package/gluon-core/Makefile b/package/gluon-core/Makefile index c56b78bb..93b2d599 100644 --- a/package/gluon-core/Makefile +++ b/package/gluon-core/Makefile @@ -31,7 +31,6 @@ endef define Package/gluon-core/conffiles /etc/config/gluon -/etc/config/gluon-core endef define Package/gluon-core/install diff --git a/package/gluon-core/files/etc/config/gluon-core b/package/gluon-core/files/etc/config/gluon-core deleted file mode 100644 index 9787ccc9..00000000 --- a/package/gluon-core/files/etc/config/gluon-core +++ /dev/null @@ -1 +0,0 @@ -config wireless From 3ea770db73799c82ab98a2413b1c6b39f94e9278 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Fri, 28 Jan 2022 19:45:34 +0100 Subject: [PATCH 63/70] ath79-generic: swap interfaces on TP-Link WBS210 v2 (#2385) Swap the interfaces so than the PoE input port LAN0 is used for WAN and config mode, and LAN1 becomes LAN. To this end, the code previously used for ar71xx and removed in commit 9fdc57c175b4 ("treewide: drop ar71xx platform specific code") is reintroduced. Fixes #2384 --- package/gluon-core/luasrc/lib/gluon/upgrade/020-interfaces | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/package/gluon-core/luasrc/lib/gluon/upgrade/020-interfaces b/package/gluon-core/luasrc/lib/gluon/upgrade/020-interfaces index d2814968..6371cc61 100755 --- a/package/gluon-core/luasrc/lib/gluon/upgrade/020-interfaces +++ b/package/gluon-core/luasrc/lib/gluon/upgrade/020-interfaces @@ -50,7 +50,11 @@ end local lan_ifname = iface_exists(lan_interfaces) local wan_ifname = iface_exists(wan_interfaces) -if platform.match('lantiq') then +if platform.match('ath79', 'generic', { + 'tplink,wbs210-v2', +}) then + lan_ifname, wan_ifname = wan_ifname, lan_ifname +elseif platform.match('lantiq') then local switch_data = board_data.switch or {} local switch0_data = switch_data.switch0 or {} local roles_data = switch0_data.roles or {} From 139c56073a5bd311f0e34bbf0e1568314f832112 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Mon, 31 Jan 2022 18:44:35 +0100 Subject: [PATCH 64/70] workflows: add backports action By applying a label `backport ` the action will automatically try to cherry-pick the change to the target branch after the pull request was successfully merged. --- .github/workflows/backport.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 .github/workflows/backport.yml diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml new file mode 100644 index 00000000..ec3e5db8 --- /dev/null +++ b/.github/workflows/backport.yml @@ -0,0 +1,21 @@ +name: Backport +on: + pull_request_target: + types: [closed, labeled] +jobs: + backport: + name: Backport Pull Request + if: github.repository_owner == 'freifunk-gluon' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name)) + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + with: + ref: ${{ github.event.pull_request.head.sha }} + - name: Create backport PRs + uses: zeebe-io/backport-action@v0.0.7 + with: + # Config README: https://github.com/zeebe-io/backport-action#backport-action + github_token: ${{ secrets.GITHUB_TOKEN }} + github_workspace: ${{ github.workspace }} + pull_description: |- + Automatic backport to `${target_branch}`, triggered by a label in #${pull_number}. From c75d90d9abc61fbe449897411c7d3e5792f7a2c9 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Tue, 25 Jan 2022 22:14:28 +0100 Subject: [PATCH 65/70] workflows: lint: switch from `apt` to `apt-get -y`, add update Using apt in scripts is discouraged. Also add an update to hopefully fix the lua-check installation failure in CI. --- .github/workflows/lint.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index ebc5817e..b18c02a5 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -10,7 +10,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: Install Dependencies - run: sudo apt install lua-check + run: sudo apt-get -y update && sudo apt-get -y install lua-check - name: Install example site run: ln -s ./docs/site-example ./site - name: Lint Lua code @@ -22,7 +22,7 @@ jobs: steps: - uses: actions/checkout@v2 - name: Install Dependencies - run: sudo apt install shellcheck + run: sudo apt-get -y update && sudo apt-get -y install shellcheck - name: Install example site run: ln -s ./docs/site-example ./site - name: Lint shell code From 94519cfc56dab7258f98ca0e77078f15cabaf3df Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Tue, 25 Jan 2022 20:10:55 +0100 Subject: [PATCH 66/70] gluon-web-*: remove unused "token" form value This was a remnant of LuCI that was never used in gluon-web. --- .../files/lib/gluon/config-mode/view/admin/upgrade.html | 1 - .../files/lib/gluon/config-mode/view/admin/upgrade_confirm.html | 2 -- .../gluon-web-model/files/lib/gluon/web/view/model/form.html | 1 - 3 files changed, 4 deletions(-) diff --git a/package/gluon-web-admin/files/lib/gluon/config-mode/view/admin/upgrade.html b/package/gluon-web-admin/files/lib/gluon/config-mode/view/admin/upgrade.html index 31555f16..7778be4a 100644 --- a/package/gluon-web-admin/files/lib/gluon/config-mode/view/admin/upgrade.html +++ b/package/gluon-web-admin/files/lib/gluon/config-mode/view/admin/upgrade.html @@ -44,7 +44,6 @@ $Id$
-
diff --git a/package/gluon-web-admin/files/lib/gluon/config-mode/view/admin/upgrade_confirm.html b/package/gluon-web-admin/files/lib/gluon/config-mode/view/admin/upgrade_confirm.html index 92c25a63..9733132f 100644 --- a/package/gluon-web-admin/files/lib/gluon/config-mode/view/admin/upgrade_confirm.html +++ b/package/gluon-web-admin/files/lib/gluon/config-mode/view/admin/upgrade_confirm.html @@ -49,13 +49,11 @@ You may obtain a copy of the License at
" /> -
" /> -
diff --git a/package/gluon-web-model/files/lib/gluon/web/view/model/form.html b/package/gluon-web-model/files/lib/gluon/web/view/model/form.html index 06270be3..d222dde2 100644 --- a/package/gluon-web-model/files/lib/gluon/web/view/model/form.html +++ b/package/gluon-web-model/files/lib/gluon/web/view/model/form.html @@ -1,5 +1,4 @@
-
From de43b306d4423e828c34a2eac642b57fdbcd8561 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Tue, 1 Feb 2022 23:26:30 +0100 Subject: [PATCH 67/70] gluon-web: add CRLF to text/plain Internal Server Error output Having a trailing newline is nice when viewing the returned data in a terminal. --- package/gluon-web/luasrc/usr/lib/lua/gluon/web/dispatcher.lua | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package/gluon-web/luasrc/usr/lib/lua/gluon/web/dispatcher.lua b/package/gluon-web/luasrc/usr/lib/lua/gluon/web/dispatcher.lua index 42dc47d1..336b2832 100644 --- a/package/gluon-web/luasrc/usr/lib/lua/gluon/web/dispatcher.lua +++ b/package/gluon-web/luasrc/usr/lib/lua/gluon/web/dispatcher.lua @@ -208,6 +208,6 @@ return function(config, http) if not ok then http:status(500, "Internal Server Error") http:prepare_content("text/plain") - http:write(err) + http:write(err .. "\r\n") end end From f3960eeb471e745d1dfedc87ee82c42809ce83e1 Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Tue, 25 Jan 2022 20:56:00 +0100 Subject: [PATCH 68/70] gluon-web: improve error handling of parse_message_body() Actually raise an error and turn it into an HTTP 400 return code when something goes wrong, rather than ignoring the error. We also improve the conditions under which errors are thrown before pump() is called: We don't need to check for the multipart/form-data content-type twice, and a POST without this content-type is now always an error. --- .../usr/lib/lua/gluon/web/dispatcher.lua | 10 ++++++-- .../usr/lib/lua/gluon/web/http/protocol.lua | 23 +++++++------------ 2 files changed, 16 insertions(+), 17 deletions(-) diff --git a/package/gluon-web/luasrc/usr/lib/lua/gluon/web/dispatcher.lua b/package/gluon-web/luasrc/usr/lib/lua/gluon/web/dispatcher.lua index 336b2832..d2a6b500 100644 --- a/package/gluon-web/luasrc/usr/lib/lua/gluon/web/dispatcher.lua +++ b/package/gluon-web/luasrc/usr/lib/lua/gluon/web/dispatcher.lua @@ -184,9 +184,15 @@ local function dispatch(config, http, request) return end - http:parse_input(node.filehandler) + local ok, err = pcall(http.parse_input, http, node.filehandler) + if not ok then + http:status(400, "Bad request") + http:prepare_content("text/plain") + http:write(err .. "\r\n") + return + end - local ok, err = pcall(node.target) + ok, err = pcall(node.target) if not ok then http:status(500, "Internal Server Error") renderer.render_layout("error/500", { diff --git a/package/gluon-web/luasrc/usr/lib/lua/gluon/web/http/protocol.lua b/package/gluon-web/luasrc/usr/lib/lua/gluon/web/http/protocol.lua index 8d070d95..62b60bdc 100644 --- a/package/gluon-web/luasrc/usr/lib/lua/gluon/web/http/protocol.lua +++ b/package/gluon-web/luasrc/usr/lib/lua/gluon/web/http/protocol.lua @@ -108,16 +108,11 @@ end -- o String value containing a chunk of the file data -- o Boolean which indicates whether the current chunk is the last one (eof) local function mimedecode_message_body(src, msg, filecb) - - if msg and msg.env.CONTENT_TYPE then - msg.mime_boundary = msg.env.CONTENT_TYPE:match("^multipart/form%-data; boundary=(.+)$") + local mime_boundary = (msg.env.CONTENT_TYPE or ''):match("^multipart/form%-data; boundary=(.+)$") + if not mime_boundary then + error("Invalid Content-Type found") end - if not msg.mime_boundary then - return nil, "Invalid Content-Type found" - end - - local tlen = 0 local inhdr = false local field = nil @@ -188,10 +183,10 @@ local function mimedecode_message_body(src, msg, filecb) local spos, epos, found repeat - spos, epos = data:find("\r\n--" .. msg.mime_boundary .. "\r\n", 1, true) + spos, epos = data:find("\r\n--" .. mime_boundary .. "\r\n", 1, true) if not spos then - spos, epos = data:find("\r\n--" .. msg.mime_boundary .. "--\r\n", 1, true) + spos, epos = data:find("\r\n--" .. mime_boundary .. "--\r\n", 1, true) end @@ -250,20 +245,18 @@ local function mimedecode_message_body(src, msg, filecb) return true end - return pump(src, snk) + assert(pump(src, snk)) end -- This function will examine the Content-Type within the given message object -- to select the appropriate content decoder. -- Currently only the multipart/form-data mime type is supported. function M.parse_message_body(src, msg, filecb) - if not (msg.env.REQUEST_METHOD == "POST" and msg.env.CONTENT_TYPE) then + if msg.env.REQUEST_METHOD ~= "POST" then return end - if msg.env.CONTENT_TYPE:match("^multipart/form%-data") then - return mimedecode_message_body(src, msg, filecb) - end + mimedecode_message_body(src, msg, filecb) end return M From a83466be6eaad0bfd4d92ffae3dd415a3adbbb9c Mon Sep 17 00:00:00 2001 From: Matthias Schiffer Date: Tue, 25 Jan 2022 21:52:02 +0100 Subject: [PATCH 69/70] gluon-web: prohibit cross-origin POST As gluon-web uses standard multipart/form-data requests, browsers don't enforce any cross-origin restrictions. To prevent malicious injection of POST requests into the config mode, match the Origin header against the Host header of the request. --- .../usr/lib/lua/gluon/web/http/protocol.lua | 43 +++++++++++++++++++ 1 file changed, 43 insertions(+) diff --git a/package/gluon-web/luasrc/usr/lib/lua/gluon/web/http/protocol.lua b/package/gluon-web/luasrc/usr/lib/lua/gluon/web/http/protocol.lua index 62b60bdc..5f56fa1b 100644 --- a/package/gluon-web/luasrc/usr/lib/lua/gluon/web/http/protocol.lua +++ b/package/gluon-web/luasrc/usr/lib/lua/gluon/web/http/protocol.lua @@ -248,6 +248,47 @@ local function mimedecode_message_body(src, msg, filecb) assert(pump(src, snk)) end +local function check_post_origin(msg) + local default_port = '80' + local request_scheme = 'http' + if msg.env.HTTPS then + default_port = '443' + request_scheme = 'https' + end + + local request_host = msg.env.HTTP_HOST + if not request_host then + error('POST request without Host header') + end + if not request_host:match(':[0-9]+$') then + request_host = request_host .. ':' .. default_port + end + + local origin = msg.env.HTTP_ORIGIN + if not origin then + error('POST request without Origin header') + end + local origin_scheme, origin_host = origin:match('^([^:]*)://(.*)$') + if not origin_host then + error('POST request with invalid Origin header') + end + if not origin_host:match(':[0-9]+$') then + local origin_port + if origin_scheme == 'http' then + origin_port = '80' + elseif origin_scheme == 'https' then + origin_port = '443' + else + error('POST request with invalid Origin header') + end + origin_host = origin_host .. ':' .. origin_port + end + + if request_scheme ~= origin_scheme or request_host ~= origin_host then + error('Invalid cross-origin POST') + end +end + -- This function will examine the Content-Type within the given message object -- to select the appropriate content decoder. -- Currently only the multipart/form-data mime type is supported. @@ -256,6 +297,8 @@ function M.parse_message_body(src, msg, filecb) return end + check_post_origin(msg) + mimedecode_message_body(src, msg, filecb) end From 545d1cbb11c297d86cf305856c91bfbb5ed6da81 Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Fri, 11 Feb 2022 21:40:22 +0100 Subject: [PATCH 70/70] patches: build perl single-threaded (#2392) Prevents spurious build failures. --- ...t-build-in-parallel-and-bump-release.patch | 24 +++++++++++++++++++ 1 file changed, 24 insertions(+) create mode 100644 patches/packages/packages/0001-perl-don-t-build-in-parallel-and-bump-release.patch diff --git a/patches/packages/packages/0001-perl-don-t-build-in-parallel-and-bump-release.patch b/patches/packages/packages/0001-perl-don-t-build-in-parallel-and-bump-release.patch new file mode 100644 index 00000000..52eeb6c9 --- /dev/null +++ b/patches/packages/packages/0001-perl-don-t-build-in-parallel-and-bump-release.patch @@ -0,0 +1,24 @@ +From: Martin Weinelt +Date: Tue, 8 Feb 2022 21:09:20 +0100 +Subject: perl: don't build in parallel and bump release + +Parallel builds cause spurious build failures with high core counts. + +https://github.com/openwrt/packages/issues/8238 +https://github.com/openwrt/packages/pull/17274 + +diff --git a/lang/perl/Makefile b/lang/perl/Makefile +index 443164f0a4a6a1c9fa189bf9c3c033d70db30ca0..121a3bfe653f46ecac7d10b1f3ae480fcd02f155 100644 +--- a/lang/perl/Makefile ++++ b/lang/perl/Makefile +@@ -34,8 +34,8 @@ PKG_BUILD_DIR:=$(BUILD_DIR)/perl/$(PKG_NAME)-$(PKG_VERSION) + HOST_BUILD_DIR:=$(BUILD_DIR_HOST)/perl/$(PKG_NAME)-$(PKG_VERSION) + PKG_INSTALL:=1 + PKG_BUILD_DEPENDS:=perl/host +-PKG_BUILD_PARALLEL:=1 +-HOST_BUILD_PARALLEL:=1 ++PKG_BUILD_PARALLEL:=0 ++HOST_BUILD_PARALLEL:=0 + + # Variables used during configuration/build + HOST_PERL_PREFIX:=$(STAGING_DIR_HOSTPKG)/usr