Merge branch 'v2018.1.x' of https://github.com/freifunk-gluon/gluon

2018-08-14 16:38:42 +02:00 · 2018-08-14 16:38:42 +02:00 · d33760b8b0
commit d33760b8b0
parent fb09a27a66 6a3d5554c1
818 changed files with 36297 additions and 21871 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,7 +1,6 @@
 *~
-/build
+/lede
 /output
 /site
-/openwrt
+/tmp
 /packages
 /modules.local
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -46,24 +46,8 @@ fix some bug, detail in the remaining commit message exactly how it could be
 triggered and what you did to fix it. If in question, have a glance at the
 existing commit messages to get the idea.
 Squash commits
 --------------
 Most changes are trivial enough to fit in one single commit in order to not
 clutter the history. While developing a new feature, you are free to use
 multiple commits, but if your feature is to be merged, reduce the number of
 commits to a minimum. Even huge feature introductions like the 802.11s mesh
 (commit [2a93c58]) fit into a single commit.
 If you developed your change in multiple smaller commits, you can easily
 [squash] those before opening the pull request. While discussing, it is okay to
 do your changes using `git commit --amend` and force-push them to your head of
 the pull request. This way, your change always consists of only one commit and
 can be merged in the instant everybody is content with the whole thing.
 [packages]: http://gluon.readthedocs.org/en/latest/user/site.html#packages
 [#gluon]: https://webirc.hackint.org/#gluon
 [mailing list]: mailto:gluon@luebeck.freifunk.net
 [list of rejected features]: https://github.com/freifunk-gluon/gluon/issues?q=label%3Arejected
 [2a93c58]: https://github.com/freifunk-gluon/gluon/commit/2a93c580428d10724116b0d2d1238e2745715a14
 [squash]: https://www.git-scm.com/book/en/v2/Git-Tools-Rewriting-History#Squashing-Commits
--- a/10
+++ b/10
@ -1,7 +1,7 @@
 The code of Project Gluon may be distributed under the following terms, unless
 noted otherwise in individual files or subtrees.
-Copyright (c) 2013, Project Gluon
+Copyright (c) 2013-2017, Project Gluon
 All rights reserved.
 Redistribution and use in source and binary forms, with or without
@ -25,10 +25,10 @@ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-OpenWrt is licensed under the terms of the GNU General Public License Version 2,
+LEDE and OpenWrt are licensed under the terms of the GNU General Public License
-which can be found under openwrt/LICENSE after the openwrt submodule has been
+Version 2, which can be found at lede/LICENSE after the lede repository has been
-obtained. This applies to the following submodules:
+obtained. This applies to the following repositories:
- * openwrt
+ * lede
 * packages/openwrt
 * packages/routing
 * packages/luci
--- a/585
+++ b/585
@ -4,489 +4,180 @@ LC_ALL:=C
 LANG:=C
 export LC_ALL LANG
 export SHELL:=/usr/bin/env bash
-GLUONPATH ?= $(PATH)
+# initialize (possibly already user set) directory variables
-export GLUONPATH := $(GLUONPATH)
+GLUON_SITEDIR ?= site
 GLUON_TMPDIR ?= tmp
 GLUON_OUTPUTDIR ?= output
-empty:=
+GLUON_IMAGEDIR ?= $(GLUON_OUTPUTDIR)/images
-space:= $(empty) $(empty)
+GLUON_PACKAGEDIR ?= $(GLUON_OUTPUTDIR)/packages
-GLUONMAKE_EARLY = PATH=$(GLUONPATH) $(SUBMAKE) -C $(GLUON_ORIGOPENWRTDIR) -f $(GLUONDIR)/Makefile GLUON_TOOLS=0 QUILT=
+# check for spaces & resolve possibly relative paths
-GLUONMAKE = PATH=$(GLUONPATH) $(SUBMAKE) -C $(GLUON_OPENWRTDIR) -f $(GLUONDIR)/Makefile
+define mkabspath
 ifneq (1,$(words [$($(1))]))
  $$(error $(1) must not contain spaces)
 endif
 override $(1) := $(abspath $($(1)))
 endef
-ifneq ($(OPENWRT_BUILD),1)
+$(eval $(call mkabspath,GLUON_SITEDIR))
 $(eval $(call mkabspath,GLUON_TMPDIR))
 $(eval $(call mkabspath,GLUON_OUTPUTDIR))
 $(eval $(call mkabspath,GLUON_IMAGEDIR))
 $(eval $(call mkabspath,GLUON_PACKAGEDIR))
-GLUONDIR:=${CURDIR}
+export GLUON_TMPDIR GLUON_IMAGEDIR GLUON_PACKAGEDIR DEVICES
 include $(GLUONDIR)/include/gluon.mk
-TOPDIR:=$(GLUON_ORIGOPENWRTDIR)
+$(GLUON_SITEDIR)/site.mk:
-export TOPDIR
+	$(error No site configuration was found. Please check out a site configuration to $(GLUON_SITEDIR))
 include $(GLUON_SITEDIR)/site.mk
 GLUON_RELEASE ?= $(error GLUON_RELEASE not set. GLUON_RELEASE can be set in site.mk or on the command line)
 GLUON_MULTIDOMAIN ?= 0
 GLUON_WLAN_MESH ?= 11s
 GLUON_DEBUG ?= 0
 export GLUON_RELEASE GLUON_REGION GLUON_MULTIDOMAIN GLUON_WLAN_MESH GLUON_DEBUG
 show-release:
 	@echo '$(GLUON_RELEASE)'
 update: FORCE
-	$(GLUONDIR)/scripts/update.sh
+	@GLUON_SITEDIR='$(GLUON_SITEDIR)' scripts/update.sh
-	$(GLUONDIR)/scripts/patch.sh
+	@GLUON_SITEDIR='$(GLUON_SITEDIR)' scripts/patch.sh
 	@GLUON_SITEDIR='$(GLUON_SITEDIR)' scripts/feeds.sh
 update-patches: FORCE
-	$(GLUONDIR)/scripts/update.sh
+	@GLUON_SITEDIR='$(GLUON_SITEDIR)' scripts/update.sh
-	$(GLUONDIR)/scripts/update-patches.sh
+	@GLUON_SITEDIR='$(GLUON_SITEDIR)' scripts/update-patches.sh
-	$(GLUONDIR)/scripts/patch.sh
+	@GLUON_SITEDIR='$(GLUON_SITEDIR)' scripts/patch.sh
-include $(TOPDIR)/include/host.mk
+update-feeds: FORCE
-
+	@GLUON_SITEDIR='$(GLUON_SITEDIR)' scripts/feeds.sh
 _SINGLE=export MAKEFLAGS=$(space);
 override OPENWRT_BUILD=1
 override GLUON_TOOLS=1
 GREP_OPTIONS=
 export OPENWRT_BUILD GLUON_TOOLS GREP_OPTIONS
 -include $(TOPDIR)/include/debug.mk
 -include $(TOPDIR)/include/depends.mk
 include $(GLUONDIR)/include/toplevel.mk
-include $(GLUONDIR)/targets/targets.mk
+GLUON_TARGETS :=
 define GluonTarget
 gluon_target := $(1)$$(if $(2),-$(2))
 GLUON_TARGETS += $$(gluon_target)
 GLUON_TARGET_$$(gluon_target)_BOARD := $(1)
 GLUON_TARGET_$$(gluon_target)_SUBTARGET := $(if $(3),$(3),$(2))
 endef
 include targets/targets.mk
-CheckTarget := [ -n '$(GLUON_TARGET)' -a -n '$(GLUON_TARGET_$(GLUON_TARGET)_BOARD)' ] \
+LEDEMAKE = $(MAKE) -C lede
-	|| (echo -e 'Please set GLUON_TARGET to a valid target. Gluon supports the following targets:$(subst $(space),\n * ,$(GLUON_TARGETS))'; false)
+
 BOARD := $(GLUON_TARGET_$(GLUON_TARGET)_BOARD)
 SUBTARGET := $(GLUON_TARGET_$(GLUON_TARGET)_SUBTARGET)
 GLUON_CONFIG_VARS := \
 	GLUON_SITEDIR='$(GLUON_SITEDIR)' \
 	GLUON_RELEASE='$(GLUON_RELEASE)' \
 	GLUON_BRANCH='$(GLUON_BRANCH)' \
 	GLUON_LANGS='$(GLUON_LANGS)' \
 	BOARD='$(BOARD)' \
 	SUBTARGET='$(SUBTARGET)'
 LEDE_TARGET := $(BOARD)$(if $(SUBTARGET),-$(SUBTARGET))
 export LEDE_TARGET
-CheckExternal := test -d $(GLUON_ORIGOPENWRTDIR) || (echo 'You don'"'"'t seem to have obtained the external repositories needed by Gluon; please call `make update` first!'; false)
+CheckTarget := [ '$(LEDE_TARGET)' ] \
 	|| (echo 'Please set GLUON_TARGET to a valid target. Gluon supports the following targets:'; $(foreach target,$(GLUON_TARGETS),echo ' * $(target)';) false)
 CheckExternal := test -d lede || (echo 'You don'"'"'t seem to have obtained the external repositories needed by Gluon; please call `make update` first!'; false)
 define CheckSite
 	@GLUON_SITEDIR='$(GLUON_SITEDIR)' GLUON_SITE_CONFIG='$(1).conf' $(LUA) scripts/site_config.lua \
 		|| (echo 'Your site configuration ($(1).conf) did not pass validation.'; false)
 endef
 list-targets: FORCE
 	@$(foreach target,$(GLUON_TARGETS),echo '$(target)';)
-create-key: FORCE
+GLUON_FEATURE_PACKAGES := $(shell scripts/features.sh '$(GLUON_FEATURES)' || echo '__ERROR__')
-	@$(CheckExternal)
+ifneq ($(filter __ERROR__,$(GLUON_FEATURE_PACKAGES)),)
-	+@$(GLUONMAKE_EARLY) create-key
+$(error Error while evaluating GLUON_FEATURES)
 endif
-prepare-target: FORCE
+
 GLUON_PACKAGES :=
 define merge_packages
  $(foreach pkg,$(1),
    GLUON_PACKAGES := $$(strip $$(filter-out -$$(patsubst -%,%,$(pkg)) $$(patsubst -%,%,$(pkg)),$$(GLUON_PACKAGES)) $(pkg))
  )
 endef
 $(eval $(call merge_packages,$(GLUON_FEATURE_PACKAGES) $(GLUON_SITE_PACKAGES)))
 config: FORCE
 	@$(CheckExternal)
 	@$(CheckTarget)
-	+@$(GLUONMAKE_EARLY) prepare-target
+
 	@$(GLUON_CONFIG_VARS) \
 		scripts/target_config.sh '$(GLUON_TARGET)' '$(GLUON_PACKAGES)' \
 		> lede/.config
 	+@$(LEDEMAKE) defconfig
 	@$(GLUON_CONFIG_VARS) \
 		scripts/target_config_check.sh '$(GLUON_TARGET)' '$(GLUON_PACKAGES)'
 LUA := lede/staging_dir/hostpkg/bin/lua
 $(LUA):
 	@$(CheckExternal)
 	+@[ -e lede/.config ] || $(LEDEMAKE) defconfig
 	+@$(LEDEMAKE) tools/install
 	+@$(LEDEMAKE) package/lua/host/install
 prepare-target: config $(LUA) ;
 all: prepare-target
-	+@$(GLUONMAKE) build-key
+	$(foreach conf,site $(patsubst $(GLUON_SITEDIR)/%.conf,%,$(wildcard $(GLUON_SITEDIR)/domains/*.conf)),$(call CheckSite,$(conf)))
 	+@$(GLUONMAKE) prepare
 	+@$(GLUONMAKE) images
 	+@$(GLUONMAKE) modules
-prepare: prepare-target
+	@scripts/clean_output.sh
-	+@$(GLUONMAKE) build-key
+	+@$(LEDEMAKE)
-	+@$(GLUONMAKE) $@
+	@GLUON_SITEDIR='$(GLUON_SITEDIR)' scripts/copy_output.sh '$(GLUON_TARGET)'
-clean download images modules: FORCE
+clean download: config
-	@$(CheckExternal)
+	+@$(LEDEMAKE) $@
 	@$(CheckTarget)
 	+@$(GLUONMAKE_EARLY) maybe-prepare-target
 	+@$(GLUONMAKE) build-key
 	+@$(GLUONMAKE) $@
-toolchain/% package/% target/% image/%: FORCE
+dirclean: FORCE
-	@$(CheckExternal)
+	+@[ -e lede/.config ] || $(LEDEMAKE) defconfig
-	@$(CheckTarget)
+	+@$(LEDEMAKE) dirclean
-	+@$(GLUONMAKE_EARLY) maybe-prepare-target
+	@rm -rf $(GLUON_TMPDIR) $(GLUON_OUTPUTDIR)
 	+@$(GLUONMAKE) build-key
 	+@$(GLUONMAKE) $@
-manifest: FORCE
+manifest: $(LUA) FORCE
-	@[ -n '$(GLUON_BRANCH)' ] || (echo 'Please set GLUON_BRANCH to create a manifest.'; false)
+	@[ '$(GLUON_BRANCH)' ] || (echo 'Please set GLUON_BRANCH to create a manifest.'; false)
 	@echo '$(GLUON_PRIORITY)' | grep -qE '^([0-9]*\.)?[0-9]+$$' || (echo 'Please specify a numeric value for GLUON_PRIORITY to create a manifest.'; false)
 	@$(CheckExternal)
-	( \
+	@( \
 		echo 'BRANCH=$(GLUON_BRANCH)' && \
-		echo 'DATE=$(shell $(GLUON_ORIGOPENWRTDIR)/staging_dir/host/bin/lua $(GLUONDIR)/scripts/rfc3339date.lua)' && \
+		echo "DATE=$$($(LUA) scripts/rfc3339date.lua)" && \
 		echo 'PRIORITY=$(GLUON_PRIORITY)' && \
-		echo \
+		echo && \
-	) > $(GLUON_BUILDDIR)/$(GLUON_BRANCH).manifest.tmp
+		$(foreach GLUON_TARGET,$(GLUON_TARGETS), \
-
+			GLUON_SITEDIR='$(GLUON_SITEDIR)' scripts/generate_manifest.sh '$(GLUON_TARGET)' && \
 	+($(foreach GLUON_TARGET,$(GLUON_TARGETS), \
 		( [ ! -e $(BOARD_BUILDDIR)/prepared ] || ( $(GLUONMAKE) manifest GLUON_TARGET='$(GLUON_TARGET)' V=s$(OPENWRT_VERBOSE) ) ) && \
 	) :)
 	mkdir -p $(GLUON_IMAGEDIR)/sysupgrade
 	mv $(GLUON_BUILDDIR)/$(GLUON_BRANCH).manifest.tmp $(GLUON_IMAGEDIR)/sysupgrade/$(GLUON_BRANCH).manifest
 dirclean : FORCE
 	for dir in build_dir dl staging_dir tmp; do \
 		rm -rf $(GLUON_ORIGOPENWRTDIR)/$$dir; \
 	done
 	rm -rf $(GLUON_BUILDDIR) $(GLUON_OUTPUTDIR)
 else
 TOPDIR=${CURDIR}
 export TOPDIR
 include rules.mk
 include $(GLUONDIR)/include/gluon.mk
 include $(INCLUDE_DIR)/host.mk
 include $(INCLUDE_DIR)/depends.mk
 include $(INCLUDE_DIR)/subdir.mk
 include package/Makefile
 include tools/Makefile
 include toolchain/Makefile
 include target/Makefile
 PROFILES :=
 PROFILE_PACKAGES :=
 define Profile
  $(eval $(call Profile/Default))
  $(eval $(call Profile/$(1)))
 endef
 define GluonProfile
 PROFILES += $(1)
 PROFILE_PACKAGES += $(filter-out -%,$(2) $(GLUON_$(1)_SITE_PACKAGES))
 GLUON_$(1)_PROFILE := $(if $(3),$(3),$(1))
 GLUON_$(1)_DEFAULT_PACKAGES := $(2)
 GLUON_$(1)_FACTORY_SUFFIX := -squashfs-factory
 GLUON_$(1)_SYSUPGRADE_SUFFIX := -squashfs-sysupgrade
 GLUON_$(1)_FACTORY_EXT := .bin
 GLUON_$(1)_SYSUPGRADE_EXT := .bin
 GLUON_$(1)_MODELS :=
 endef
 define GluonProfileFactorySuffix
 GLUON_$(1)_FACTORY_SUFFIX := $(2)
 GLUON_$(1)_FACTORY_EXT := $(3)
 endef
 define GluonProfileSysupgradeSuffix
 GLUON_$(1)_SYSUPGRADE_SUFFIX := $(2)
 GLUON_$(1)_SYSUPGRADE_EXT := $(3)
 endef
 define GluonModel
 GLUON_$(1)_MODELS += $(3)
 GLUON_$(1)_MODEL_$(3) := $(2)
 GLUON_$(1)_MODEL_$(3)_ALIASES :=
 endef
 define GluonModelAlias
 GLUON_$(1)_MODEL_$(2)_ALIASES += $(3)
 endef
 export SHA512SUM := $(GLUONDIR)/scripts/sha512sum.sh
 prereq: FORCE
 	+$(NO_TRACE_MAKE) prereq
 prepare-tmpinfo: FORCE
 	@+$(MAKE) -r -s staging_dir/host/.prereq-build OPENWRT_BUILD= QUIET=0
 	mkdir -p tmp/info
 	$(_SINGLE)$(NO_TRACE_MAKE) -j1 -r -s -f include/scan.mk SCAN_TARGET="packageinfo" SCAN_DIR="package" SCAN_NAME="package" SCAN_DEPS="$(TOPDIR)/include/package*.mk $(TOPDIR)/overlay/*/*.mk" SCAN_EXTRA=""
 	$(_SINGLE)$(NO_TRACE_MAKE) -j1 -r -s -f include/scan.mk SCAN_TARGET="targetinfo" SCAN_DIR="target/linux" SCAN_NAME="target" SCAN_DEPS="profiles/*.mk $(TOPDIR)/include/kernel*.mk $(TOPDIR)/include/target.mk" SCAN_DEPTH=2 SCAN_EXTRA="" SCAN_MAKEOPTS="TARGET_BUILD=1"
 	for type in package target; do \
 		f=tmp/.$${type}info; t=tmp/.config-$${type}.in; \
 		[ "$$t" -nt "$$f" ] || ./scripts/metadata.pl $${type}_config "$$f" > "$$t" || { rm -f "$$t"; echo "Failed to build $$t"; false; break; }; \
 	done
 	[ tmp/.config-feeds.in -nt tmp/.packagefeeds ] || ./scripts/feeds feed_config > tmp/.config-feeds.in
 	./scripts/metadata.pl package_mk tmp/.packageinfo > tmp/.packagedeps || { rm -f tmp/.packagedeps; false; }
 	./scripts/metadata.pl package_feeds tmp/.packageinfo > tmp/.packagefeeds || { rm -f tmp/.packagefeeds; false; }
 	touch $(TOPDIR)/tmp/.build
 feeds: FORCE
 	rm -rf $(TOPDIR)/package/feeds
 	mkdir $(TOPDIR)/package/feeds
 	[ ! -f $(GLUON_SITEDIR)/modules ] || . $(GLUON_SITEDIR)/modules && for feed in $$GLUON_SITE_FEEDS; do ln -s ../../../packages/$$feed $(TOPDIR)/package/feeds/$$feed; done
 	ln -s ../../../package $(TOPDIR)/package/feeds/gluon
 	. $(GLUONDIR)/modules && for feed in $$GLUON_FEEDS; do ln -s ../../../packages/$$feed $(TOPDIR)/package/feeds/module_$$feed; done
 	+$(GLUONMAKE_EARLY) prepare-tmpinfo
 gluon-tools: FORCE
 	+$(GLUONMAKE_EARLY) tools/patch/install
 	+$(GLUONMAKE_EARLY) tools/sed/install
 	+$(GLUONMAKE_EARLY) tools/cmake/install
 	+$(GLUONMAKE_EARLY) package/lua/host/install package/usign/host/install
 early_prepared_stamp := $(GLUON_BUILDDIR)/prepared_$(shell \
 	( \
 		$(SHA512SUM) $(GLUONDIR)/modules; \
 		[ ! -r $(GLUON_SITEDIR)/modules ] || $(SHA512SUM) $(GLUON_SITEDIR)/modules \
 	) | $(SHA512SUM) )
 prepare-early: FORCE
 	for dir in build_dir dl staging_dir; do \
 		mkdir -p $(GLUON_ORIGOPENWRTDIR)/$$dir; \
 	done
 	+$(GLUONMAKE_EARLY) feeds
 	+$(GLUONMAKE_EARLY) gluon-tools
 	mkdir -p $$(dirname $(early_prepared_stamp))
 	touch $(early_prepared_stamp)
 $(early_prepared_stamp):
 	rm -f $(GLUON_BUILDDIR)/prepared_*
 	+$(GLUONMAKE_EARLY) prepare-early
 $(GLUON_OPKG_KEY): $(early_prepared_stamp) FORCE
 	[ -s $(GLUON_OPKG_KEY) -a -s $(GLUON_OPKG_KEY).pub ] || \
 		( mkdir -p $$(dirname $(GLUON_OPKG_KEY)) && $(STAGING_DIR_HOST)/bin/usign -G -s $(GLUON_OPKG_KEY) -p $(GLUON_OPKG_KEY).pub -c "Gluon opkg key" )
 $(GLUON_OPKG_KEY).pub: $(GLUON_OPKG_KEY)
 create-key: $(GLUON_OPKG_KEY).pub
 include $(GLUONDIR)/targets/targets.mk
 ifneq ($(GLUON_TARGET),)
 include $(GLUONDIR)/targets/$(GLUON_TARGET)/profiles.mk
 BOARD := $(GLUON_TARGET_$(GLUON_TARGET)_BOARD)
 override SUBTARGET := $(GLUON_TARGET_$(GLUON_TARGET)_SUBTARGET)
 target_prepared_stamp := $(BOARD_BUILDDIR)/target-prepared
 gluon_prepared_stamp := $(BOARD_BUILDDIR)/prepared
 PREPARED_RELEASE = $$(cat $(gluon_prepared_stamp))
 IMAGE_PREFIX = gluon-$(GLUON_SITE_CODE)-$(PREPARED_RELEASE)
 MODULE_PREFIX = gluon-$(GLUON_SITE_CODE)-$(PREPARED_RELEASE)
 include $(INCLUDE_DIR)/target.mk
 build-key: FORCE
 	rm -f $(BUILD_KEY) $(BUILD_KEY).pub
 	cp $(GLUON_OPKG_KEY) $(BUILD_KEY)
 	cp $(GLUON_OPKG_KEY).pub $(BUILD_KEY).pub
 config: FORCE
 	+$(NO_TRACE_MAKE) scripts/config/conf OPENWRT_BUILD= QUIET=0
 	+$(GLUONMAKE) prepare-tmpinfo
 	( \
 		cat $(GLUONDIR)/include/config; \
 		echo 'CONFIG_TARGET_$(GLUON_TARGET_$(GLUON_TARGET)_BOARD)=y'; \
 		$(if $(GLUON_TARGET_$(GLUON_TARGET)_SUBTARGET), \
 			echo 'CONFIG_TARGET_$(GLUON_TARGET_$(GLUON_TARGET)_BOARD)_$(GLUON_TARGET_$(GLUON_TARGET)_SUBTARGET)=y'; \
 		) \
 		cat $(GLUONDIR)/targets/$(GLUON_TARGET)/config 2>/dev/null; \
 		echo 'CONFIG_BUILD_SUFFIX="gluon-$(GLUON_TARGET)"'; \
 		echo '$(patsubst %,CONFIG_PACKAGE_%=m,$(sort $(filter-out -%,$(GLUON_DEFAULT_PACKAGES) $(GLUON_SITE_PACKAGES) $(PROFILE_PACKAGES))))' \
 			| sed -e 's/ /\n/g'; \
 		echo '$(patsubst %,CONFIG_LUCI_LANG_%=y,$(GLUON_LANGS))' \
 			| sed -e 's/ /\n/g'; \
 	) > $(BOARD_BUILDDIR)/config.tmp
 	scripts/config/conf --defconfig=$(BOARD_BUILDDIR)/config.tmp Config.in
 	+$(SUBMAKE) tools/install
 prepare-target: $(GLUON_OPKG_KEY).pub
 	rm $(GLUON_OPENWRTDIR)/tmp || true
 	mkdir -p $(GLUON_OPENWRTDIR)/tmp
 	for link in build_dir config Config.in dl include Makefile package rules.mk scripts staging_dir target toolchain tools; do \
 		ln -sf $(GLUON_ORIGOPENWRTDIR)/$$link $(GLUON_OPENWRTDIR); \
 	done
 	+$(GLUONMAKE) config
 	touch $(target_prepared_stamp)
 $(target_prepared_stamp):
 	+$(GLUONMAKE_EARLY) prepare-target
 maybe-prepare-target: $(target_prepared_stamp)
 	+$(GLUONMAKE_EARLY) $(GLUON_OPKG_KEY).pub
 $(BUILD_DIR)/.prepared: Makefile
 	@mkdir -p $$(dirname $@)
 	@touch $@
 $(toolchain/stamp-install): $(tools/stamp-install)
 $(package/stamp-compile): $(package/stamp-cleanup)
 clean: FORCE
 	+$(SUBMAKE) clean
 	rm -f $(gluon_prepared_stamp)
 download: FORCE
 	+$(SUBMAKE) tools/download
 	+$(SUBMAKE) toolchain/download
 	+$(SUBMAKE) package/download
 	+$(SUBMAKE) target/download
 toolchain: $(toolchain/stamp-install) $(tools/stamp-install)
 include $(INCLUDE_DIR)/kernel.mk
 kernel: FORCE
 	+$(NO_TRACE_MAKE) -C $(TOPDIR)/target/linux/$(BOARD) $(LINUX_DIR)/.image TARGET_BUILD=1
 	+$(NO_TRACE_MAKE) -C $(TOPDIR)/target/linux/$(BOARD) $(LINUX_DIR)/.modules TARGET_BUILD=1
 packages: $(package/stamp-compile)
 	$(_SINGLE)$(SUBMAKE) -r package/index
 prepare-image: FORCE
 	rm -rf $(BOARD_KDIR)
 	mkdir -p $(BOARD_KDIR)
 	-cp $(KERNEL_BUILD_DIR)/* $(BOARD_KDIR)/
 	+$(SUBMAKE) -C $(TOPDIR)/target/linux/$(BOARD)/image image_prepare KDIR="$(BOARD_KDIR)"
 prepare: FORCE
 	@$(STAGING_DIR_HOST)/bin/lua $(GLUONDIR)/scripts/site_config.lua \
 		|| (echo 'Your site configuration did not pass validation.'; false)
 	mkdir -p $(GLUON_IMAGEDIR) $(BOARD_BUILDDIR)
 	echo 'src packages file:../openwrt/bin/$(BOARD)/packages' > $(BOARD_BUILDDIR)/opkg.conf
 	+$(GLUONMAKE) toolchain
 	+$(GLUONMAKE) kernel
 	+$(GLUONMAKE) packages
 	+$(GLUONMAKE) prepare-image
 	echo "$(GLUON_RELEASE)" > $(gluon_prepared_stamp)
 $(gluon_prepared_stamp):
 	+$(GLUONMAKE) prepare
 modules: FORCE $(gluon_prepared_stamp)
 	-rm -f $(GLUON_MODULEDIR)/*/$(BOARD)/$(if $(SUBTARGET),$(SUBTARGET),generic)/*
 	-rmdir -p $(GLUON_MODULEDIR)/*/$(BOARD)/$(if $(SUBTARGET),$(SUBTARGET),generic)
 	mkdir -p $(GLUON_MODULEDIR)/$(MODULE_PREFIX)/$(BOARD)/$(if $(SUBTARGET),$(SUBTARGET),generic)
 	cp $(PACKAGE_DIR)/kmod-*.ipk $(GLUON_MODULEDIR)/$(MODULE_PREFIX)/$(BOARD)/$(if $(SUBTARGET),$(SUBTARGET),generic)
 	$(_SINGLE)$(SUBMAKE) -r package/index PACKAGE_DIR=$(GLUON_MODULEDIR)/$(MODULE_PREFIX)/$(BOARD)/$(if $(SUBTARGET),$(SUBTARGET),generic)
 include $(INCLUDE_DIR)/package-ipkg.mk
 # override variables from rules.mk
 PACKAGE_DIR = $(GLUON_OPENWRTDIR)/bin/$(BOARD)/packages
 PROFILE_BUILDDIR = $(BOARD_BUILDDIR)/profiles/$(PROFILE)
 PROFILE_KDIR = $(PROFILE_BUILDDIR)/kernel
 BIN_DIR = $(PROFILE_BUILDDIR)/images
 TARGET_DIR = $(PROFILE_BUILDDIR)/root
 OPKG:= \
  IPKG_TMP="$(TMP_DIR)/ipkgtmp" \
  IPKG_INSTROOT="$(TARGET_DIR)" \
  IPKG_CONF_DIR="$(TMP_DIR)" \
  IPKG_OFFLINE_ROOT="$(TARGET_DIR)" \
  $(STAGING_DIR_HOST)/bin/opkg \
 	-f $(BOARD_BUILDDIR)/opkg.conf \
 	--cache $(TMP_DIR)/dl \
 	--offline-root $(TARGET_DIR) \
 	--force-postinstall \
 	--add-dest root:/ \
 	--add-arch all:100 \
 	--add-arch $(ARCH_PACKAGES):200
 EnableInitscript = ! grep -q '\#!/bin/sh /etc/rc.common' $(1) || bash ./etc/rc.common $(1) enable
 enable_initscripts: FORCE
 	cd $(TARGET_DIR) && ( export IPKG_INSTROOT=$(TARGET_DIR); \
 		$(foreach script,$(wildcard $(TARGET_DIR)/etc/init.d/*), \
 			$(call EnableInitscript,$(script)); \
 		) : \
-	)
+	) > 'tmp/$(GLUON_BRANCH).manifest.tmp'
 	@mkdir -p '$(GLUON_IMAGEDIR)/sysupgrade'
 	@mv 'tmp/$(GLUON_BRANCH).manifest.tmp' '$(GLUON_IMAGEDIR)/sysupgrade/$(GLUON_BRANCH).manifest'
-# Generate package list
+FORCE: ;
 $(eval $(call merge-lists,INSTALL_PACKAGES,DEFAULT_PACKAGES GLUON_DEFAULT_PACKAGES GLUON_SITE_PACKAGES GLUON_$(PROFILE)_DEFAULT_PACKAGES GLUON_$(PROFILE)_SITE_PACKAGES))
-package_install: FORCE
+.PHONY: FORCE
-	$(OPKG) update
+.NOTPARALLEL:
 	$(OPKG) install $(PACKAGE_DIR)/base-files_*.ipk $(PACKAGE_DIR)/libc_*.ipk
 	$(OPKG) install $(PACKAGE_DIR)/kernel_*.ipk
 	$(OPKG) install $(INSTALL_PACKAGES)
 	+$(GLUONMAKE) enable_initscripts
 	rm -f $(TARGET_DIR)/usr/lib/opkg/lists/* $(TARGET_DIR)/tmp/opkg.lock
 # Remove opkg database when opkg is not intalled
 	if [ ! -x $(TARGET_DIR)/bin/opkg ]; then rm -rf $(TARGET_DIR)/usr/lib/opkg; fi
 include $(INCLUDE_DIR)/version.mk
 opkg_config: FORCE
 	for d in base packages luci routing telephony management; do \
 		echo "src/gz %n_$$d %U/$$d"; \
 	done > $(TARGET_DIR)/etc/opkg/distfeeds.conf
 	$(VERSION_SED) $(TARGET_DIR)/etc/opkg/distfeeds.conf
 image: FORCE
 	rm -rf $(TARGET_DIR) $(BIN_DIR) $(PROFILE_KDIR)
 	mkdir -p $(TARGET_DIR) $(BIN_DIR) $(TARGET_DIR)/tmp $(GLUON_IMAGEDIR)/factory $(GLUON_IMAGEDIR)/sysupgrade
 	cp -r $(BOARD_KDIR) $(PROFILE_KDIR)
 	+$(GLUONMAKE) package_install
 	+$(GLUONMAKE) opkg_config
 	$(call Image/mkfs/prepare)
 	$(_SINGLE)$(NO_TRACE_MAKE) -C $(TOPDIR)/target/linux/$(BOARD)/image install TARGET_BUILD=1 IMG_PREFIX=gluon \
 		PROFILE="$(GLUON_$(PROFILE)_PROFILE)" KDIR="$(PROFILE_KDIR)" TARGET_DIR="$(TARGET_DIR)" BIN_DIR="$(BIN_DIR)" TMP_DIR="$(TMP_DIR)"
 	$(foreach model,$(GLUON_$(PROFILE)_MODELS), \
 		$(if $(GLUON_$(PROFILE)_SYSUPGRADE_EXT), \
 			rm -f $(GLUON_IMAGEDIR)/sysupgrade/gluon-*-$(model)-sysupgrade$(GLUON_$(PROFILE)_SYSUPGRADE_EXT) && \
 			cp $(BIN_DIR)/gluon-$(GLUON_$(PROFILE)_MODEL_$(model))$(GLUON_$(PROFILE)_SYSUPGRADE_SUFFIX)$(GLUON_$(PROFILE)_SYSUPGRADE_EXT) $(GLUON_IMAGEDIR)/sysupgrade/$(IMAGE_PREFIX)-$(model)-sysupgrade$(GLUON_$(PROFILE)_SYSUPGRADE_EXT) && \
 		) \
 		$(if $(GLUON_$(PROFILE)_FACTORY_EXT), \
 			rm -f $(GLUON_IMAGEDIR)/factory/gluon-*-$(model)$(GLUON_$(PROFILE)_FACTORY_EXT) && \
 			cp $(BIN_DIR)/gluon-$(GLUON_$(PROFILE)_MODEL_$(model))$(GLUON_$(PROFILE)_FACTORY_SUFFIX)$(GLUON_$(PROFILE)_FACTORY_EXT) $(GLUON_IMAGEDIR)/factory/$(IMAGE_PREFIX)-$(model)$(GLUON_$(PROFILE)_FACTORY_EXT) && \
 		) \
 		\
 		$(foreach alias,$(GLUON_$(PROFILE)_MODEL_$(model)_ALIASES), \
 			$(if $(GLUON_$(PROFILE)_SYSUPGRADE_EXT), \
 				rm -f $(GLUON_IMAGEDIR)/sysupgrade/gluon-*-$(alias)-sysupgrade$(GLUON_$(PROFILE)_SYSUPGRADE_EXT) && \
 				ln -s $(IMAGE_PREFIX)-$(model)-sysupgrade$(GLUON_$(PROFILE)_SYSUPGRADE_EXT) $(GLUON_IMAGEDIR)/sysupgrade/$(IMAGE_PREFIX)-$(alias)-sysupgrade$(GLUON_$(PROFILE)_SYSUPGRADE_EXT) && \
 			) \
 			$(if $(GLUON_$(PROFILE)_FACTORY_EXT), \
 				rm -f $(GLUON_IMAGEDIR)/factory/gluon-*-$(alias)$(GLUON_$(PROFILE)_FACTORY_EXT) && \
 				ln -s $(IMAGE_PREFIX)-$(model)$(GLUON_$(PROFILE)_FACTORY_EXT) $(GLUON_IMAGEDIR)/factory/$(IMAGE_PREFIX)-$(alias)$(GLUON_$(PROFILE)_FACTORY_EXT) && \
 			) \
 		) \
 	) :
 image/%: $(gluon_prepared_stamp)
 	+$(GLUONMAKE) image PROFILE="$(patsubst image/%,%,$@)" V=s$(OPENWRT_VERBOSE)
 call_image/%: FORCE
 	+$(GLUONMAKE) $(patsubst call_image/%,image/%,$@)
 images: $(patsubst %,call_image/%,$(PROFILES)) ;
 manifest: FORCE
 	( \
 		cd $(GLUON_IMAGEDIR)/sysupgrade; \
 		$(foreach profile,$(PROFILES), \
 			$(if $(GLUON_$(profile)_SYSUPGRADE_EXT), \
 				$(foreach model,$(GLUON_$(profile)_MODELS), \
 					file="$(IMAGE_PREFIX)-$(model)-sysupgrade$(GLUON_$(profile)_SYSUPGRADE_EXT)"; \
 					[ -e "$$file" ] && echo '$(model)' "$(PREPARED_RELEASE)" "$$($(SHA512SUM) "$$file")" "$$file"; \
 					\
 					$(foreach alias,$(GLUON_$(profile)_MODEL_$(model)_ALIASES), \
 						file="$(IMAGE_PREFIX)-$(alias)-sysupgrade$(GLUON_$(profile)_SYSUPGRADE_EXT)"; \
 						[ -e "$$file" ] && echo '$(alias)' "$(PREPARED_RELEASE)" "$$($(SHA512SUM) "$$file")" "$$file"; \
 					) \
 				) \
 			) \
 		) : \
 	) >> $(GLUON_BUILDDIR)/$(GLUON_BRANCH).manifest.tmp
 .PHONY: all create-key prepare images modules clean gluon-tools manifest
 endif
 endif
--- a/README.md
+++ b/README.md
@ -1,10 +1,10 @@
 Documentation (incomplete at this time, contribute if you can!) may be found at
-http://gluon.readthedocs.org/.
+https://gluon.readthedocs.org/.
 If you're new to Gluon and ready to get your feet wet, have a look at the
-[Getting Started Guide](http://gluon.readthedocs.org/en/latest/user/getting_started.html).
+[Getting Started Guide](https://gluon.readthedocs.org/en/latest/user/getting_started.html).
-**Gluon IRC channel: `#gluon` in [hackint](http://hackint.org/)**
+**Gluon IRC channel: `#gluon` in [hackint](https://hackint.org/)**
 ## Issues & Feature requests
@ -18,8 +18,8 @@ the future development of Gluon.
 ## Use a release!
 Please refrain from using the `master` branch for anything else but development purposes!
-Use the most recent release instead. You can list all relaseses by running `git branch -a`
+Use the most recent release instead. You can list all releases by running `git tag`
-and switch to one by running `git checkout v2016.1.5 && make update`.
+and switch to one by running `git checkout v2018.1 && make update`.
 If you're using the autoupdater, do not autoupdate nodes with anything but releases.
 If you upgrade using random master commits the nodes *will break* eventually.
@ -28,11 +28,11 @@ If you upgrade using random master commits the nodes *will break* eventually.
 To subscribe to the list, send a message to:
-    gluon-subscribe@luebeck.freifunk.net
+    gluon+subscribe@luebeck.freifunk.net
 To remove your address from the list, just send a message to
 the address in the `List-Unsubscribe` header of any list
 message. If you haven't changed addresses since subscribing,
 you can also send a message to:
-    gluon-unsubscribe@luebeck.freifunk.net
+    gluon+unsubscribe@luebeck.freifunk.net
--- a/contrib/i18n-scan.pl
+++ b/contrib/i18n-scan.pl
@ -0,0 +1,128 @@
 #!/usr/bin/perl
 use strict;
 use warnings;
 use Text::Balanced qw(extract_bracketed extract_delimited extract_tagged);
@ARGV >= 1 || die "Usage: $0 <source direcory>\n";
 my %stringtable;
 sub dec_lua_str
 {
 	my $s = shift;
 	$s =~ s/[\s\n]+/ /g;
 	$s =~ s/\\n/\n/g;
 	$s =~ s/\\t/\t/g;
 	$s =~ s/\\(.)/$1/g;
 	$s =~ s/^ //;
 	$s =~ s/ $//;
 	return $s;
 }
 sub dec_tpl_str
 {
 	my $s = shift;
 	$s =~ s/-$//;
 	$s =~ s/[\s\n]+/ /g;
 	$s =~ s/^ //;
 	$s =~ s/ $//;
 	$s =~ s/\\/\\\\/g;
 	return $s;
 }
 if( open F, "find @ARGV -type f '(' -name '*.html' -o -name '*.lua' ')' |" )
 {
 	while( defined( my $file = readline F ) )
 	{
 		chomp $file;
 		if( open S, "< $file" )
 		{
 			local $/ = undef;
 			my $raw = <S>;
 			close S;
 			my $text = $raw;
 			while( $text =~ s/ ^ .*? (?:translate|translatef|_) [\n\s]* \( /(/sgx )
 			{
 				( my $code, $text ) = extract_bracketed($text, q{('")});
 				$code =~ s/\\\n/ /g;
 				$code =~ s/^\([\n\s]*//;
 				$code =~ s/[\n\s]*\)$//;
 				my $res = "";
 				my $sub = "";
 				if( $code =~ /^['"]/ )
 				{
 					while( defined $sub )
 					{
 						( $sub, $code ) = extract_delimited($code, q{'"}, q{\s*(?:\.\.\s*)?});
 						if( defined $sub && length($sub) > 2 )
 						{
 							$res .= substr $sub, 1, length($sub) - 2;
 						}
 						else
 						{
 							undef $sub;
 						}
 					}
 				}
 				elsif( $code =~ /^(\[=*\[)/ )
 				{
 					my $stag = quotemeta $1;
 					my $etag = $stag;
 					   $etag =~ s/\[/]/g;
 					( $res ) = extract_tagged($code, $stag, $etag);
 					$res =~ s/^$stag//;
 					$res =~ s/$etag$//;
 				}
 				$res = dec_lua_str($res);
 				$stringtable{$res}++ if $res;
 			}
 			$text = $raw;
 			while( $text =~ s/ ^ .*? <% -? [:_] /<%/sgx )
 			{
 				( my $code, $text ) = extract_tagged($text, '<%', '%>');
 				if( defined $code )
 				{
 					$code = dec_tpl_str(substr $code, 2, length($code) - 4);
 					$stringtable{$code}++;
 				}
 			}
 		}
 	}
 	close F;
 }
 if( open C, "| msgcat -" )
 {
 	printf C "msgid \"\"\nmsgstr \"Content-Type: text/plain; charset=UTF-8\"\n\n";
 	foreach my $key ( sort keys %stringtable )
 	{
 		if( length $key )
 		{
 			$key =~ s/"/\\"/g;
 			printf C "msgid \"%s\"\nmsgstr \"\"\n\n", $key;
 		}
 	}
 	close C;
 }
--- a/contrib/lsupgrade.sh
+++ b/contrib/lsupgrade.sh
@ -2,10 +2,11 @@
 # Script to list all upgrade scripts in a clear manner
 # Limitations:
-#  * Does only show scripts of packages whose `files' directory represent the whole image filesystem (which are all Gluon packages)
+#  * Does only show scripts of packages whose `files'/`luasrc' directories represent the whole image filesystem (which are all Gluon packages)
-SUFFIX=files/lib/gluon/upgrade
+SUFFIX1=files/lib/gluon/upgrade
 SUFFIX2=luasrc/lib/gluon/upgrade
 shopt -s nullglob
@ -35,8 +36,11 @@ find ./package packages -name Makefile | while read makefile; do
 	dirname="$(dirname "$dir" | cut -d/ -f 3-)"
 	package="$(basename "$dir")"
-	for file in "${SUFFIX}"/*; do
+	for file in "${SUFFIX1}"/*; do
-		echo "${GREEN}$(basename "${file}")${RESET}" "(${BLUE}${repo}${RESET}/${dirname}${dirname:+/}${RED}${package}${RESET}/${SUFFIX})"
+		echo "${GREEN}$(basename "${file}")${RESET}" "(${BLUE}${repo}${RESET}/${dirname}${dirname:+/}${RED}${package}${RESET}/${SUFFIX1})"
 	done
 	for file in "${SUFFIX2}"/*; do
 		echo "${GREEN}$(basename "${file}")${RESET}" "(${BLUE}${repo}${RESET}/${dirname}${dirname:+/}${RED}${package}${RESET}/${SUFFIX2})"
 	done
 	popd >/dev/null
 done | sort
--- a/contrib/sign.sh
+++ b/contrib/sign.sh
@ -15,7 +15,7 @@ The script may be performed multiple times to the same document
 to indicate an approval by multiple developers.
 See also
- * edcsautils on https://github.com/tcatm/ecdsautils
+ * ecdsautils on https://github.com/tcatm/ecdsautils
 EOHELP
 	exit 1
--- a/docs/conf.py
+++ b/docs/conf.py
@ -47,16 +47,16 @@ master_doc = 'index'
 # General information about the project.
 project = 'Gluon'
-copyright = '2015-2016, Project Gluon'
+copyright = '2015-2018, Project Gluon'
 # The version info for the project you're documenting, acts as replacement for
 # |version| and |release|, also used in various other places throughout the
 # built documents.
 #
 # The short X.Y version.
-version = '2016.1+'
+version = '2018.1'
 # The full version, including alpha/beta/rc tags.
-release = '2016.1+'
+release = '2018.1'
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.
--- a/docs/dev/basics.rst
+++ b/docs/dev/basics.rst
@ -34,21 +34,7 @@ rerun
 `patches`; the resulting branch will be called `patched`, while the commit specified in `modules`
 can be refered to by the branch `base`.
-::
+After new patches have been commited on top of the `patched` branch (or existing commits
 	make unpatch
 sets the repositories to the `base` branch,
 ::
 	make patch
 re-applies the patches by resetting the `patched` branch to `base` and calling `git am`
 for the patch files. Calling `make` or a similar command after calling `make unpatch`
 is generally not a good idea.
 After new patches have been commited on top of the patched branch (or existing commits
 since the base commit have been edited or removed), the patch directories can be regenerated
 using
@ -61,3 +47,19 @@ and you can try rebasing it onto the new `base` branch yourself and after that c
 Always call `make update-patches` after making changes to a module repository as `make update` will overwrite your
 commits, making `git reflog` the only way to recover them!
 Development Guidelines
 ----------------------
 lua should be used instead of sh whenever sensible. The following criteria
 should be considered:
 - Is the script doing more than just executing external commands? if so, use lua
 - Is the script parsing/editing json-data? If so, use lua for speed
 - When using sh, use jsonfilter instead of json_* functions for speed
 Code formatting may sound like a topic for the pedantic, however it helps if
 the code in the project is formatted in the same way. The following rules
 apply:
 - use tabs instead of spaces
 - trailing whitespaces must be eliminated
--- a/docs/dev/configmode.rst
+++ b/docs/dev/configmode.rst
@ -1,92 +0,0 @@
 Config Mode
 ===========
 As of 2014.4 `gluon-config-mode` consists of several modules.
 gluon-config-mode-core
    This modules provides the core functionality for the config mode.
    All modules must depend on it.
 gluon-config-mode-hostname
    Provides a hostname field.
 gluon-config-mode-autoupdater
    Informs whether the autoupdater is enabled.
 gluon-config-mode-mesh-vpn
    Allows toggling of mesh-vpn-fastd and setting a bandwidth limit.
 gluon-config-mode-geo-location
    Enables the user to set the geographical location of the node.
 gluon-config-mode-contact-info
    Adds a field where the user can provide contact information.
 In order to get a config mode close to the one found in 2014.3.x you may add
 these modules to your `site.mk`:
 gluon-config-mode-hostname,
 gluon-config-mode-autoupdater,
 gluon-config-mode-mesh-vpn,
 gluon-config-mode-geo-location,
 gluon-config-mode-contact-info
 Writing Config Mode Modules
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Config mode modules are located at `/lib/gluon/config-mode/wizard` and
 `/lib/gluon/config-mode/reboot`. Modules are named like `0000-name.lua` and
 are executed in lexical order. If you take the standard set of modules, the
 order is, for wizard modules:
  - 0050-autoupdater-info
  - 0100-hostname
  - 0300-mesh-vpn
  - 0400-geo-location
  - 0500-contact-info
 While for reboot modules it is:
  - 0100-mesh-vpn
  - 0900-msg-reboot
 Wizards
 -------
 Wizard modules return a UCI section. A simple module capable of changing the
 hostname might look like this::
  local cbi = require "luci.cbi"
  local uci = luci.model.uci.cursor()
  local M = {}
  function M.section(form)
    local s = form:section(cbi.SimpleSection, nil, nil)
    local o = s:option(cbi.Value, "_hostname", "Hostname")
    o.value = uci:get_first("system", "system", "hostname")
    o.rmempty = false
    o.datatype = "hostname"
  end
  function M.handle(data)
    uci:set("system", uci:get_first("system", "system"), "hostname", data._hostname)
    uci:save("system")
    uci:commit("system")
  end
  return M
 Reboot page
 -----------
 Reboot modules return a function that will be called when the page is to be
 rendered or nil (i.e. the module is skipped)::
  if no_hello_world_today then
    return nil
  else
    return function ()
      luci.template.render_string("Hello World!")
    end
  end
--- a/docs/dev/hardware.rst
+++ b/docs/dev/hardware.rst
@ -7,78 +7,138 @@ Hardware requirements
 ---------------------
 Having an ath9k (or ath10k) based WLAN adapter is highly recommended,
 although other chipsets may also work. VAP (multiple SSID) support
-is a requirement. At the moment, Gluon's scripts can't handle devices
+is a requirement.
-without WLAN adapters (although such environments may also be interesting,
+
 e.g. for automated testing in virtual machines).
 .. _hardware-adding-profiles:
 Adding profiles
 ---------------
-The vast majority of devices with ath9k WLAN uses the ar71xx target of OpenWrt.
+The vast majority of devices with ath9k WLAN is based on the ar71xx target of LEDE.
-If the hardware you want to add support for is also ar71xx, adding a new profile
+If the hardware you want to add support for is ar71xx, adding a new profile
-is enough.
+is sufficient.
-Profiles are defined in ``targets/<target>-<subtarget>/profiles.mk``. There are two macros
+Profiles are defined in ``targets/*`` in a shell-based DSL (so common shell
-used to define which images are generated: ``GluonProfile`` and ``GluonModel``. The following examples
+command syntax like ``if`` can be used).
 are taken from ``profiles.mk`` of the ``ar71xx-generic`` target::
-    $(eval $(call GluonProfile,TLWR1043))
+The ``device`` command is used to define an image build for a device. It takes
-    $(eval $(call GluonModel,TLWR1043,tl-wr1043nd-v1-squashfs,tp-link-tl-wr1043n-nd-v1))
+two or three parameters.
    $(eval $(call GluonModel,TLWR1043,tl-wr1043nd-v2-squashfs,tp-link-tl-wr1043n-nd-v2))
-The ``GluonProfile`` macro takes at least one parameter, the profile name as it is
+The first parameter defines the Gluon profile name, which is used to refer to the
-defined in the Makefiles of OpenWrt (``openwrt/target/linux/<target>/<subtarget>/profiles/*``
+device and is part of the generated image name. The profile name must be same as
-and ``openwrt/target/linux/<target>/image/Makefile``). If the target you are on doesn't define
+the output of the following command (on the target device), so the autoupdater
-profiles (e.g. on x86), just add a single profile called ``Generic`` or similar.
+can work::
 It may optionally take a second parameter which defines additional packages to include for the profile
 (e.g. ath10k). The additional packages defined in ``openwrt/target/linux/<target>/<subtarget>/profiles/*``
 aren't used.
 The ``GluonModel`` macro takes three parameters: The profile name, the suffix of the image file
 generated by OpenWrt (without the file extension), and the final image name of the Gluon image.
 The final image name must be the same that is returned by the following command.
 ::
    lua -e 'print(require("platform_info").get_image_name())'
 While porting Gluon to a new device, it might happen that the profile name is un-
 known. Best practise is to generate an image first by using an arbitrary value
 and then executing the lua command on the device and use its output from then on.
-This is just so the autoupdater can work. The command has to be executed _on_ the target (eg. the hardware router with a flashed image). So you'll first have to build an image with a guessed name, and afterwards build a new, correctly named image. On targets which aren't supported by the autoupdater,
+The second parameter defines the name of the image files generated by LEDE. Usually,
-``require("platform_info").get_image_name()`` will just return ``nil`` and the final image name
+it is also the LEDE profile name; for devices that still use the old image build
-may be defined arbitrarily.
+code, a third parameter with the LEDE profile name can be passed. The profile names
 can be found in the image Makefiles in ``lede/target/linux/<target>/image/Makefile``.
 Examples::
    device tp-link-tl-wr1043n-nd-v1 tl-wr1043nd-v1
    device alfa-network-hornet-ub hornet-ub HORNETUB
 Suffixes and extensions
 '''''''''''''''''''''''
 By default, image files are expected to have the extension ``.bin``. In addition,
 the images generated by LEDE have a suffix before the extension that defaults to
 ``-squashfs-factory`` and ``-squashfs-sysupgrade``.
 This can be changed using the ``factory`` and ``sysupgrade`` commands, either at
 the top of the file to set the defaults for all images, or for a single image. There
 are three forms with 0 to 2 arguments (all work with ``sysupgrade`` as well)::
    factory SUFFIX .EXT
    factory .EXT
    factory
 When only an extension is given, the default suffix is retained. When no arguments
 are given, this signals that no factory (or sysupgrade) image exists.
 Aliases
 '''''''
 Sometimes multiple models use the same LEDE images. In this case, the ``alias``
 command can be used to create symlinks and additional entries in the autoupdater
 manifest for the alternative models.
 Standalone images
 '''''''''''''''''
 On targets without *per-device rootfs* support in LEDE, the commands described above
 can't be used. Instead, ``factory_image`` and ``sysupgrade_image`` are used::
    factory_image PROFILE IMAGE .EXT
    sysupgrade_image PROFILE IMAGE .EXT
 Again, the profile name must match the value printed by the aforementioned Lua
 command. The image name must match the part between the target name and the extension
 as generated by LEDE and is to be omitted when no such part exists.
 Packages
 ''''''''
 The ``packages`` command takes an arbitrary number of arguments. Each argument
 defines an additional package to include in the images in addition to the default
 package sets defined by LEDE. When a package name is prefixed by a minus sign, the
 packages are excluded instead.
 The ``packages`` command may be used at the top of a target definition to modify
 the default package list for all images, or just for a single device (when the
 target supports *per-default rootfs*).
 Configuration
 '''''''''''''
 The ``config`` command allows to add arbitary target-specific LEDE configuration
 to be emitted to ``.config``.
 Notes
 '''''
 On devices with multiple WLAN adapters, care must also be taken that the primary MAC address is
 configured correctly. ``/lib/gluon/core/sysconfig/primary_mac`` should contain the MAC address which
 can be found on a label on most hardware; if it does not, ``/lib/gluon/upgrade/010-primary-mac``
 in ``gluon-core`` might need a fix. (There have also been cases in which the address was incorrect
-even on devices with only one WLAN adapter, in these cases an OpenWrt bug was the cause).
+even on devices with only one WLAN adapter, in these cases a LEDE bug was the cause).
 Adding support for new hardware targets
 ---------------------------------------
 Adding a new target is much more complex than adding a new profile. There are two basic steps
 required for adding a new target:
-Adjust packages
+Package adjustments
-'''''''''''''''
+'''''''''''''''''''
 One package that definitely needs adjustments for every new target added is ``lua-platform-info``. Just
 start with a copy of an existing platform info script, adjust it for the new target, and add the new target
 to the list of supported targets in the package Makefile.
-On many targets, Gluon's network setup scripts (mainly in the packages ``gluon-core`` and ``gluon-mesh-batman-adv-core``)
+One package that may need adjustments for new targets is ``libplatforminfo`` (to be found in
 `packages/gluon/libs/libplatforminfo <https://github.com/freifunk-gluon/packages/tree/master/libs/libplatforminfo>`_).
 If the new platform works fine with the definitions found in ``default.c``, nothing needs to be done. Otherwise,
 create a definition for the added target or subtarget, either by symlinking one of the files in the ``templates``
 directory, or adding a new source file.
 On many targets, Gluon's network setup scripts (mainly in the package ``gluon-core``)
 won't run correctly without some adjustments, so better double check that everything is fine there (and the files
 ``primary_mac``, ``lan_ifname`` and ``wan_ifname`` in ``/lib/gluon/core/sysconfig/`` contain sensible values).
-Add support to the build system
+Build system support
-'''''''''''''''''''''''''''''''
+''''''''''''''''''''
 A directory for the new target must be created under ``targets``, and it must be added
 to ``targets/targets.mk``. In the new target directory, the following files must be created:
-* profiles.mk
+A definition for the new target must be created under ``targets``, and it must be added
-* config (optional)
+to ``targets/targets.mk``. The ``GluonTarget`` macro takes one to three arguments:
-
+the target name, the Gluon subtarget name (if the target has subtargets), and the
-For ``profiles.mk``, see :ref:`hardware-adding-profiles`.
+LEDE subtarget name (if it differs from the Gluon subtarget). The third argument
-The file ``config`` can be used to add additional, target-specific options to the OpenWrt config.
+can be used to define multiple Gluon targets with different configuration for the
 same LEDE target, like it is done for the ``ar71xx-tiny`` target.
 After this, is should be sufficient to call ``make GLUON_TARGET=<target>`` to build the images for the new target.
--- a/docs/dev/i18n.rst
+++ b/docs/dev/i18n.rst
@ -1,88 +0,0 @@
 Internationalization support
 ============================
 General guidelines
 ------------------
 * All config mode packages must be fully translatable, with complete English and German texts.
 * All new expert mode packages be fully translatable. English texts are required, German texts recommended.
 * Existing expert mode packages should be made translatable as soon as possible.
 * The "message IDs" (which are the arguments to the ``translate`` function) should be the
  English texts.
 i18n support in LuCI
 --------------------
 Internationalization support can be found in the ``luci.i18n`` package.
 Strings are translated using the ``i18n.translate`` and ``i18n.translatef`` functions
 (``translate`` for static strings, ``translatef`` for printf-like formatted string).
 Example from the ``gluon-config-mode-geo-location`` package::
  local i18n = require "luci.i18n"
  o = s:option(cbi.Flag, "_location", i18n.translate("Show node on the map"))
 Adding translation templates to Gluon packages
 ----------------------------------------------
 The i18n support is based on the standard gettext system. For each translatable package,
 a translation template with extension ``.pot`` can be created using the ``i18n-scan.pl``
 script from the LuCI repository::
  cd package/gluon-config-mode-geo-location
  mkdir i18n
  cd i18n
  ../../../packages/luci/build/i18n-scan.pl ../files > gluon-config-mode-geo-location.pot
 The entries in the template can be reordered after the generation if desirable. Lots of standard
 translations like "Cancel" are already available in the LuCI base translation file (see
 ``packages/luci/po/templates/base.pot``) and can be removed from the template.
 In addition, some additions to the Makefile must be made. Instead of OpenWrt's default package.mk,
 the Gluon version ``$(GLUONDIR)/include/package.mk`` must be used. The i18n files must be installed
 and PKG_CONFIG_DEPENDS must be added::
  ...
  include $(GLUONDIR)/include/package.mk
  PKG_CONFIG_DEPENDS += $(GLUON_I18N_CONFIG)
  ...
  define Build/Compile
    $(call GluonBuildI18N,gluon-config-mode-geo-location,i18n)
  endef
  define Package/gluon-config-mode-geo-location/install
    ...
    $(call GluonInstallI18N,gluon-config-mode-geo-location,$(1))
  endef
  ...
 Adding translations
 -------------------
 A new translation file for a template can be added using the ``msginit`` command::
  cd package/gluon-config-mode-geo-location/i18n
  msginit -l de
 This will create the file ``de.po`` in which the translations can be added.
 The translation file can be updated to a new template version using the ``msgmerge`` command::
  msgmerge -U de.po gluon-config-mode-geo-location.pot
 After the merge, the translation file should be checked for "fuzzy matched" entries where
 the original English texts have changed. All entries from the the translation file should be
 translated in the ``.po`` file (or removed from it, so the original English texts are displayed
 instead).
 Adding support for new languages
 --------------------------------
 A list of all languages supported by LuCI can be found in the ``packages/luci/luci.mk`` file after
 Gluon's dependencies have been downloaded using ``make update``. Adding translations for these
 languages is straightforward using the ``msginit`` command.
 For other languages, support must be added tu LuCI first, which constitutes completely translating
 the ``base.pot``. Please contact the upstream LuCI maintainers if you'd like to do this.
--- a/docs/dev/mac_addresses.rst
+++ b/docs/dev/mac_addresses.rst
@ -0,0 +1,18 @@
 MAC addresses
 =============
 Many devices don't have enough unique MAC addresses assigned by the vendor
 (in batman-adv, each mesh interface needs an own MAC address that must be unique
 mesh-wide).
 Gluon tries to solve this issue by using a hash of the primary MAC address as a
 45 bit MAC address prefix. The resulting 8 addresses are used as follows:
 * 0: client0; WAN
 * 1: mesh0
 * 2: ibss0
 * 3: wan_radio0 (private WLAN); batman-adv primary address
 * 4: client1; LAN
 * 5: mesh1
 * 6: ibss1
 * 7: wan_radio1 (private WLAN); mesh VPN
--- a/docs/dev/packages.rst
+++ b/docs/dev/packages.rst
@ -0,0 +1,114 @@
 Package development
 ###################
 Gluon packages are OpenWrt packages and follow the same rules described at https://openwrt.org/docs/guide-developer/packages.
 Gluon package makefiles
 =======================
 As many packages share the same or a similar structure, Gluon provides a ``package/gluon.mk`` that
 can be included for common definitions. This file replaces OpenWrt's ``$(INCLUDE_DIR)/package.mk``;
 it is usually included as ``include ../gluon.mk`` from Gluon core packages, or as
 ``include $(TOPDIR)../package/gluon.mk`` from feeds.
 Provided macros
 ***************
 * *GluonBuildI18N* (arguments: *<source directory>*)
  Converts the *.po* files for all enabled languages from the given source directory to
  the binary *.lmo* format and stores them in ``$(PKG_BUILD_DIR)/i18n``.
 * *GluonInstallI18N*
  Install *.lmo* files from ``$(PKG_BUILD_DIR)/i18n`` to ``/lib/gluon/web/i18n`` in the
  package install directory.
 * *GluonSrcDiet* (arguments: *<source directory>*, *<destination directory>*)
  Copies a directory tree, processing all files in it using *LuaSrcDiet*. The directory
  tree should only contain Lua files.
 * *GluonCheckSite* (arguments: *<source file>*)
  Intended to be used in a package postinst script. It will use the passed Lua
  snippet to verify package-specific site configuration.
 * *BuildPackageGluon* (replaces *BuildPackage*)
  Extends the *Package/<name>* definition with common defaults, sets the package
  install script to the common *Gluon/Build/Install*, and automatically creates
  a postinst script using *GluonCheckSite* if a ``check_site.lua`` is found in the
  package directory.
 Default build steps
 *******************
 These defaults greatly reduce the boilerplate in each package, but they can also
 be confusing because of the many implicit behaviors depending on files in the
 package directory. If any part of *Gluon/Build/Compile* or *Gluon/Build/Install*
 does not work as intended for a package, the compile and install steps can
 always be replaced or extended.
 *Build/Compile* is set to *Gluon/Build/Compile* by default, which will
 * run OpenWrt standard default commands (*Build/Compile/Default*) if a ``src/Makefile``
  or ``src/CMakeLists.txt`` is found
 * run *GluonSrcDiet* on all files in the ``luasrc`` directory
 * run *GluonBuildI18N* if a ``i18n`` directory is found
 *Package/<name>* defaults to *Gluon/Build/Install* for packages defined using
 *BuildPackageGluon*, which will
 * copy all files from ``$(PKG_INSTALL_DIR)`` into the package if ``$(PKG_INSTALL)`` is 1
 * copy all files from ``files`` into the package
 * copy all Lua files built from ``luasrc`` into the package
 * installs ``$(PKG_BUILD_DIR)/respondd.so`` to ``/usr/lib/respondd/$(PKG_NAME).so`` if ``src/respondd.c`` exists
 * installs compiled i18n *.lmo* files
 Feature flags
 =============
 Feature flags provide a convenient way to define package selections without
 making it necessary to list each package explicitly.
 The main feature flag definition file is ``package/features``, but each package
 feed can provide additional defintions in a file called ``features`` at the root
 of the feed repository.
 Each flag *$flag* without any explicit definition will simply include the package
 with the name *gluon-$flag* by default. The feature definition file can modify
 the package selection in two ways:
 * The *nodefault* function suppresses default of including the *gluon-$flag*
  package
 * The *packages* function adds a list of packages (or removes, when package
  names are prepended with minus signs) when a given logical expression
  is satisfied
 Example::
    nodefault 'web-wizard'
    packages 'web-wizard' \
      'gluon-config-mode-hostname' \
      'gluon-config-mode-geo-location' \
      'gluon-config-mode-contact-info'
    packages 'web-wizard & (mesh-vpn-fastd | mesh-vpn-tunneldigger)' \
      'gluon-config-mode-mesh-vpn'
 This will
 * disable the inclusion of a (non-existent) package called *gluon-web-wizard*
 * enable three config mode packages when the *web-wizard* feature is enabled
 * enable *gluon-config-mode-mesh-vpn* when both *web-wizard* and one
  of *mesh-vpn-fastd* and *mesh-vpn-tunneldigger* are enabled
 Supported syntax elements of logical expressions are:
 * \& (and)
 * \| (or)
 * \! (not)
 * parentheses
--- a/docs/dev/site_library.rst
+++ b/docs/dev/site_library.rst
@ -0,0 +1,36 @@
 gluon.site library
 ==================
 The *gluon.site* library allows convenient access to the site configuration
 from Lua scripts. Example:
 .. code-block:: lua
  local site = require 'gluon.site'
  print(site.wifi24.ap.ssid())
 The *site* object in this example does not directly represent the *site.conf* data structure;
 instead, it is wrapped in a way that makes it more convenient to access deeply nested elements.
 To access the the underlying values, they must be unwrapped using the function call notation
 (the ``()`` after ``site.wifi24.ap.ssid`` in the example).
 The wrapper objects have two advantages over simple Lua tables:
 * Accessing non-existing values is never an error: ``site.wifi24.ap.ssid()`` will simply
  return *nil* if ``site.wifi24`` or ``site.wifi24.ap`` do not exist
 * Default values: A default value can be passed to the unwrapping function call:
  .. code-block:: lua
    print(site.wifi24.ap.ssid('Default'))
  will return *'Default'* instead of *nil* when the value is unset.
  Note that *nil* values and unset values are equivalent in Lua.
 A simple way to access the whole site configuration as a simple table
 is to unwrap the top-level site object:
 .. code-block:: lua
  local site_table = site()
--- a/docs/dev/upgrade.rst
+++ b/docs/dev/upgrade.rst
@ -6,7 +6,7 @@ Basics
 After each sysupgrade (including the initial installation), Gluon will execute all scripts
 under ``/lib/gluon/upgrade``. These scripts' filenames usually begin with a 3-digit number
-specifying the order of execution.
+specifying the order of execution. Note that the script files need to be executable.
 To get an overview of the ordering of all scripts of all packages, the helper script ``contrib/lsupgrade.sh``
 in the Gluon repository can be used, which will print all upgrade scripts' filenames and directories. If executed
@ -16,17 +16,15 @@ Best practices
 --------------
 * Most upgrade scripts are written in Lua. This allows using lots of helper functions provided
-  by LuCi and Gluon, e.g. to access the site configuration or edit UCI configuration files.
+  by Gluon, e.g. to access the site configuration or edit UCI configuration files.
 * Whenever possible, scripts shouldn't check if they are running for the first time, but just edit configuration
-  files to achive a valid configuration (without overwriting configuration changes made by the user where desirable).
+  files to achieve a valid configuration (without overwriting configuration changes made by the user where desirable).
  This allows using the same code to create the initial configuration and upgrade configurations on upgrades.
 * If it is unavoidable to run different code during the initial installation, the ``sysconfig.gluon_version`` variable
  can be checked. This variable is ``nil`` during the initial installation and contains the previously install Gluon
-  version otherwise. The package ``gluon-legacy`` (which is responsible for upgrades from the old firmwares of
+  version otherwise.
  Hamburg/Kiel/Lübeck) uses the special value ``legacy``; other packages should handle this value just as any other
  string.
 Script ordering
 ---------------
--- a/docs/dev/wan.rst
+++ b/docs/dev/wan.rst
@ -46,4 +46,4 @@ so the WAN DNS servers aren't leaked to the primary DNS daemon.
 *libpacketmark* is used to make the secondary DNS daemon send its requests over the WAN interface.
 The package ``gluon-mesh-vpn-fastd`` provides an iptables rule which will redirect all DNS requests from processes running
-with the primary group ``gluon-fastd`` to ``127.0.0.1:54``, thus making fastd use the secondary DNS daemon.
+with the primary group ``gluon-mesh-vpn`` to ``127.0.0.1:54``, thus making fastd use the secondary DNS daemon.
--- a/docs/dev/web/config-mode.rst
+++ b/docs/dev/web/config-mode.rst
@ -0,0 +1,82 @@
 Config Mode
 ===========
 The `Config Mode` consists of several modules that provide a range of different
 condiguration options:
 gluon-config-mode-core
    This modules provides the core functionality for the config mode.
    All modules must depend on it.
 gluon-config-mode-hostname
    Provides a hostname field.
 gluon-config-mode-autoupdater
    Informs whether the autoupdater is enabled.
 gluon-config-mode-mesh-vpn
    Allows toggling of mesh-vpn-fastd and setting a bandwidth limit.
 gluon-config-mode-geo-location
    Enables the user to set the geographical location of the node.
 gluon-config-mode-contact-info
    Adds a field where the user can provide contact information.
 Writing Config Mode modules
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Config mode modules are located at ``/lib/gluon/config-mode/wizard`` and
 ``/lib/gluon/config-mode/reboot``. Modules are named like ``0000-name.lua`` and
 are executed in lexical order. In the standard package set, the
 order is, for wizard modules:
  - 0050-autoupdater-info
  - 0100-hostname
  - 0300-mesh-vpn
  - 0400-geo-location
  - 0500-contact-info
 The reboot module order is:
  - 0100-mesh-vpn
  - 0900-msg-reboot
 All modules are run in the gluon-web model context and have access to the same
 variables as "full" gluon-web modules.
 Wizards
 -------
 Wizard modules must return a function that is provided with the wizard form and an
 UCI cursor. The function can create configuration sections in the form:
 .. code-block:: lua
  return function(form, uci)
    local s = form:section(Section)
    local o = s:option(Value, "hostname", "Hostname")
    o.default = uci:get_first("system", "system", "hostname")
    o.datatype = "hostname"
    function o:write(data)
      uci:set("system", uci:get_first("system", "system"), "hostname", data)
    end
    return {'system'}
  end
 The function may return a table of UCI packages to commit after the individual
 fields' `write` methods have been executed. This is done to avoid committing the
 packages repeatedly when multiple wizard modules modify the same package.
 Reboot page
 -----------
 Reboot modules are simply executed when the reboot page is
 rendered:
 .. code-block:: lua
  renderer.render_string("Hello World!")
--- a/docs/dev/web/controller.rst
+++ b/docs/dev/web/controller.rst
@ -0,0 +1,123 @@
 Controllers
 ===========
 Controllers live in ``/lib/gluon/web/controller``. They define which pages ("routes")
 exist under the ``/cgi-bin/gluon`` path, and what code is run when these pages are requested.
 Controller scripts usually start with a *package* declaration, followed by calls
 to the *entry* function, which each define one route:
 .. code-block:: lua
  package 'gluon-web-admin'
  entry({"admin"}, alias("admin", "info"), _("Advanced settings"), 10)
  entry({"admin", "info"}, template("admin/info"), _("Information"), 1)
 *package* defines the translation namespace for the titles of the defined
 pages as well as the referenced views and models. The entry function expects 4
 arguments:
  - `path`: Components of the path to define a route for.
    The above example defines routes for the paths ``admin`` and ``admin/info``.
  - `target`: Dispatcher for the route. See the following section for details.
  - `title`: Page title (also used in navigation). The underscore function is used
    to mark the strings as translatable for ``i18n-scan.pl``.
  - `order`: Sort index in navigation (defaults to 100)
 Navigation indexes are automatically generated for each path level. Pages can be
 hidden from the navigation by setting the `hidden` property of the node object
 returned by `entry`:
 .. code-block:: lua
  entry({"hidden"}, alias("foo"), _("I'm hidden!")).hidden = true
 Dispatchers
 -----------
  - *alias* (*path*, ...): Redirects to a different page. The path components are
    passed as individual arguments.
  - *call* (*func*, ...): Runs a Lua function for custom request handling. The given
    function is called with the HTTP object and the template renderer as first
    two arguments, followed by all additional arguments passed to `call`.
  - *template* (*view*): Renders the given view. See :doc:`view`.
  - *model* (*name*): Displays and evaluates a form as defined by the given model. See the
    :doc:`model` page for an explanation of gluon-web models.
 .. _web-controller-http:
 The HTTP object
 ---------------
 The HTTP object provides information about the HTTP requests and allows to add
 data to the reply. Using it directly is rarely necessary when gluon-web
 models and views are used.
 Useful functions:
  - *getenv* (*key*): Returns a value from the CGI environment passed by the webserver.
  - *formvalue* (*key*): Returns a value passed in a query string or in the content
    of a POST request. If multiple values with the same name have been passed, only
    the first is returned.
  - *formvaluetable* (*key*): Similar to *formvalue*, but returns a table of all
    values for the given key.
  - *status* (*code*, *message*): Writes the HTTP status to the reply. Has no effect
    if a status has already been sent or non-header data has been written.
  - *header* (*key*, *value*): Adds an HTTP header to the reply to be sent to to
    the client. Has no effect when non-header data has already been written.
  - *prepare_content* (*mime*): Sets the *Content-Type* header to the given MIME
    type, potentially setting additional headers or modifying the MIME type to
    accommodate browser quirks
  - *write* (*data*, ...): Sends the given data to the client. If headers have not
    been sent, it will be done before the data is written.
 HTTP functions are called in method syntax, for example:
 .. code-block:: lua
  http:write('Output!')
 .. _web-controller-template-renderer:
 The template renderer
 ---------------------
 The template renderer allows to render templates (views). The most useful functions
 are:
  - *render* (*view*, *scope*, *pkg*): Renders the given view, optionally passing a table
    with additional variables to make available in the template. The passed package
    defines the translation namespace.
  - *render_string* (*str*, *scope*, *pkg*): Same as *render*, but the template is passed
    directly instead of being loaded from the view directory.
 The renderer functions are called in property syntax, for example:
 .. code-block:: lua
  renderer.render('layout')
 Differences from LuCI
 ---------------------
  - Controllers must not use the *module* function to define a Lua module (*gluon-web*
    will set up a proper environment for each controller itself)
  - Entries are defined at top level, not inside an *index* function
  - The *alias* dispatcher triggers an HTTP redirect instead of directly running
    the dispatcher of the aliased route.
  - The *call* dispatcher is passed a function instead of a string with a function
    name.
  - The *cbi* dispatcher of LuCI has been renamed to *model*.
  - The HTTP POST handler support the multipart/form-data encoding only, so
    ``enctype="multipart/form-data"`` must be included in all *<form>* HTML
    elements.
  - Other dispatchers like *form* are not provided.
--- a/docs/dev/web/i18n.rst
+++ b/docs/dev/web/i18n.rst
@ -0,0 +1,109 @@
 Internationalization support
 ============================
 General guidelines
 ------------------
 * All config mode packages must be fully translatable, with complete English and German texts.
 * All new expert mode packages must be fully translatable. English texts are required.
 * German translations are recommended. Other supported languages, especially French, are
  nice-to-have, but not required. If you don't know a language well, rather leave the translation
  blank, so it is obvious that there is no proper translation yet.
 * Existing expert mode packages should be made translatable as soon as possible.
 * The "message IDs" (which are the arguments to the *translate* function) should be the
  English texts.
 i18n support in Gluon
 ---------------------
 Internationalization support is available in all components (models, view and
 controllers) of *gluon-web*-based packages. Strings are translated using the *translate*,
 *_translate* and *translatef* functions (*translate* for static strings, *translatef*
 for printf-like formatted string; *_translate* works the same as *translate*, but
 will return *nil* instead of the original string when no translation is available).
 In views, the special tags ``<%:...%>`` can be used to translate the contained string.
 Example from the *gluon-config-mode-geo-location* package:
 .. code-block:: lua
  local share_location = s:option(Flag, "location", translate("Show node on the map"))
 Note that translations are *namespaced*: each package will only use its own
 translation strings by default. For this purpose, the package name must by
 specified in a package's controller. It is possible to access a different
 translation package using the *i18n* function from models and view, which is
 necessary when strings from the site configuration are used, or packages do not
 have their own controller (which is the case for config mode wizard components).
 .. code-block:: lua
  local site_i18n = i18n 'gluon-site'
  local msg = site_i18n._translate('gluon-config-mode:welcome')
 Adding translation templates to Gluon packages
 ----------------------------------------------
 The i18n support is based on the standard gettext system. For each translatable package,
 a translation template with extension ``.pot`` can be created using the *i18n-scan.pl*
 script in the ``contrib`` directory:
 .. code-block:: sh
  cd package/gluon-web-mesh-vpn-fastd
  mkdir i18n
  cd i18n
  ../../../contrib/i18n-scan.pl ../files ../luasrc > gluon-web-mesh-vpn-fastd.pot
 The same command can be run again to update the template.
 In addition, the Makefile must be adjusted. Instead of LEDE's default *package.mk*,
 the Gluon version (``../gluon.mk`` for core packages) must be used. The i18n files must be installed
 and PKG_CONFIG_DEPENDS must be added::
  ...
  include ../gluon.mk
  PKG_CONFIG_DEPENDS += $(GLUON_I18N_CONFIG)
  ...
  define Build/Compile
    $(call GluonBuildI18N,gluon-web-mesh-vpn-fastd,i18n)
  endef
  define Package/gluon-web-mesh-vpn-fastd/install
    ...
    $(call GluonInstallI18N,gluon-web-mesh-vpn-fastd,$(1))
  endef
  ...
 Adding translations
 -------------------
 A new translation file for a template can be added using the *msginit* command:
 .. code-block:: sh
  cd package/gluon-web-mesh-vpn-fastd/i18n
  msginit -l de
 This will create the file *de.po* in which the translations can be added.
 The translation file can be updated to a new template version using the *msgmerge* command:
 .. code-block:: sh
  msgmerge -U de.po gluon-web-mesh-vpn-fastd.pot
 After the merge, the translation file should be checked for "fuzzy matched" entries where
 the original English texts have changed. All entries from the translation file should be
 translated in the *.po* file (or removed from it, so the original English texts are displayed
 instead).
 Adding support for new languages
 --------------------------------
 A list of all languages supported by *gluon-web* can be found in ``package/gluon.mk``.
 New languages just need to be added to *GLUON_SUPPORTED_LANGS*, and a human-readable
 language name must be defined.
--- a/docs/dev/web/model.rst
+++ b/docs/dev/web/model.rst
@ -0,0 +1,148 @@
 Models
 ======
 Models are defined in ``/lib/gluon/web/model``. Each model defines one or more
 forms to display on a page, and how the submitted form data is handled.
 Let's start with an example:
 .. code-block:: lua
  local f = Form(translate('Hostname'))
  local s = f:section(Section)
  local o = s:option(Value, 'hostname', translate('Hostname'))
  o.default = uci:get_first('system', 'system', 'hostname')
  function o:write(data)
    uci:set('system', uci:get_first('system', 'system'), 'hostname', data)
    uci:commit('system')
  end
  return f
 The toplevel element of a model is always a *Form*, but it is also possible for
 a model to return multiple forms, which are displayed one below the other.
 A *Form* has one or more *Sections*, and each *Section* has different types
 of options.
 All of these elements have an *id*, which is used to identify them in the HTML
 form and handlers. If no ID is given, numerical IDs will be assigned automatically,
 but using explicitly named elements is often advisable (and it is required if a
 form does not always include the same elements, i.e., some forms, sections or
 options are added conditionally). IDs are hierarchical, so in the above example,
 the *Value* would get the ID ``1.1.hostname`` (value *hostname* in first section
 of first form).
 Classes and methods
 -------------------
  - *Form* (*title*, *description*, *id*)
    - *Form:section* (*type*, *title*, *description*, *id*)
      Creates a new section of the given type (usually *Section*).
    - *Form:write* ()
      Is called after the form has beed submitted (but only if the data is valid). It
      is called last (after all options' *write* methods) and is usually used
      to commit changed UCI packages.
      The default implementation of *write* doesn't do anything, but it can be
      overridden.
  - *Section* (usually instanciated through *Form:section*)
    - *Section:option* (*type*, *id*, *title*, *description*)
      Creates a new option of the given type. Option types:
        - *Value*: simple text entry
        - *TextValue*: multiline text field
        - *ListValue*: radio buttons or dropdown selection
        - *DynamicList*: variable number of text entry fields
        - *Flag*: checkbox
 Most option types share the same properties and methods:
  - *default*: default value
  - *optional*: value may be empty
  - *datatype*: one of the types described in :ref:`web-model-datatypes`
    By default (when *datatype* is *nil*), all values are accepted.
  - *state*: has one of the values *FORM_NODATA*, *FORM_VALID* and *FORM_INVALID*
    when read in a form handler
    An option that has not been submitted because of its dependencies will have
    the state *FORM_NODATA*, *FORM_INVALID* if the submitted value is not valid
    according to the set *datatype*, and *FORM_VALID* otherwise.
  - *data*: can be read in form handlers to get the submitted value
  - *depends* (*self*, *option*, *value*): adds a dependency on another option
    The option will only be shown when the passed option has the given value. This
    is mainly useful when the other value is a *Flag* or *ListValue*.
  - *depends* (*self*, *deps*): adds a dependency on multiple other options
    *deps* must be a table with options as keys and values as values. The option
    will only be shown when all passed options have the corresponding values.
    Multiple alternative dependencies can be added by calling *depends* repeatedly.
  - *value* (*self*, *value*, *text*): adds a choice to a *ListValue*
  - *write* (*self*, *data*): is called with the submitted value when all form data is valid.
    Does not do anything by default, but can be overridden.
 The *default* value, the *value* argument to *depends* and the output *data* always have
 the same type, which is usually a string (or *nil* for optional values). Exceptions
 are:
  - *Flag* uses boolean values
  - *DynamicList* uses a table of strings
 Despite its name, the *datatype* setting does not affect the returned value type,
 but only defines a validator the check the submitted value with.
 For a more complete example that actually makes use of most of these features,
 have a look at the model of the *gluon-web-network* package.
 .. _web-model-datatypes:
 Data types
 ----------
  - *integer*: an integral number
  - *uinteger*: an integral number greater than or equal to zero
  - *float*: a number
  - *ufloat*: a number greater than or equal to zero
  - *ipaddr*: an IPv4 or IPv6 address
  - *ip4addr*: an IPv4 address
  - *ip6addr*: an IPv6 address
  - *wpakey*: a string usable as a WPA key (either between 8 and 63 characters, or 64 hex digits)
  - *range* (*min*, *max*): a number in the given range (inclusive)
  - *min* (*min*): a number greater than or equal to the given minimum
  - *max* (*max*): a number less than or equal to the given maximum
  - *irange* (*min*, *max*): an integral number in the given range (inclusive)
  - *imin* (*min*): an integral number greater than or equal to the given minimum
  - *imax* (*max*): an integral number less than or equal to the given maximum
  - *minlength* (*min*): a string with the given minimum length
  - *maxlength* (*max*): a string with the given maximum length
 Differences from LuCI
 ---------------------
  - LuCI's *SimpleForm* and *SimpleSection* are called *Form* and *Section*, respectively
  - Is it not possible to add options to a *Form* directly, a *Section* must always
    be created explicitly
  - Many of LuCI's CBI classes have been removed, most importantly the *Map*
  - The *rmempty* option attribute does not exist, use *optional* instead
  - Only the described data types are supported
  - Form handlers work completely differently (in particular, a *Form*'s *handle*
    method should usually not be overridden in *gluon-web*)
--- a/docs/dev/web/view.rst
+++ b/docs/dev/web/view.rst
@ -0,0 +1,55 @@
 Views
 =====
 The template parser reads views from ``/lib/gluon/web/view``. Writing own view
 should be avoided in favour of using :doc:`model` with their predefined views.
 Views are partial HTML pages, with additional template tags that allow
 to embed Lua code and translation strings. The following tags are defined:
  - ``<%`` ... ``%>`` evaluates the enclosed Lua expression.
  - ``<%=`` ... ``%>`` evaluates the enclosed Lua expression and prints its value.
  - ``<%+`` ... ``%>`` includes another template.
  - ``<%:`` ... ``%>`` translates the enclosed string using the loaded i18n catalog.
  - ``<%_`` ... ``%>`` translates the enclosed string *without escaping HTML entities*
    in the translation. This only makes sense when the i18n catalog contains HTML code.
  - ``<%#`` ... ``%>`` is a comment.
 All of these also come in the whitespace-stripping variants ``<%-`` and ``-%>`` that
 remove all whitespace before or after the tag.
 Complex combinations of HTML and Lua code are possible, for example:
 .. code-block:: text
  <div>
    <% if foo then %>
      Content
    <% end %>
  </div>
 Variables and functions
 -----------------------
 Many call sites define additional variables (for example, model templates can
 access the model as *self* and a unique element ID as *id*), but the following
 variables and functions should always be available for the embedded Lua code:
  - *renderer*: :ref:`web-controller-template-renderer`
  - *http*: :ref:`web-controller-http`
  - *request*: Table containing the path components of the current page
  - *url* (*path*): returns the URL for the given path, which is passed as a table of path components.
  - *attr* (*key*, *value*): Returns a string of the form ``key="value"``
    (with a leading space character before the key).
    *value* is converted to a string (tables are serialized as JSON) and HTML entities
    are escaped. Returns an empty string when *value* is *nil* or *false*.
  - *include* (*template*): Includes another template.
  - *node* (*path*, ...): Returns the controller node for the given page (passed as
    one argument per path component).
    Use ``node(unpack(request))`` to get the node for the current page.
  - *pcdata* (*str*): Escapes HTML entities in the passed string.
  - *urlencode* (*str*): Escapes the passed string for use in an URL.
  - *translate*, *_translate*, *translatef* and *i18n*: see :doc:`i18n`
--- a/docs/features/autoupdater.rst
+++ b/docs/features/autoupdater.rst
@ -11,14 +11,24 @@ during development), but it can be enabled by setting the variable GLUON_BRANCH
 to override the default branch set in the set in the site configuration.
 A manifest file for the updater can be generated with `make manifest`. A signing script (using
-ecdsautils) can by found in the `contrib` directory. When creating the manifest, ``GLUON_PRIORITY`` can
+``ecdsautils``) can by found in the `contrib` directory. When creating the manifest, the
-be set on the command line, or it can be taken from the ``site.mk``.
+``PRIORITY`` value may be defined by setting ``GLUON_PRIORITY`` on the command line or in ``site.mk``.
-The priority defines the maximum number of days that may pass between releasing an update and installation
+``GLUON_PRIORITY`` defines the maximum number of days that may pass between releasing an update and installation
-of the images. The update probability will start at 0 after the release time mentioned in the manifest
+of the images. The update probability will start at 0 after the release time declared in the manifest file
-and then slowly rise to 1 up to the point when the number of days given by the priority has passed.
+by the variable DATE and then slowly rise up to 1 when ``GLUON_PRIORITY`` days have passed. The autoupdater checks
 for updates hourly (at a random minute of the hour), but usually only updates during its run between
 4am and 5am, except when the whole ``GLUON_PRIORITY`` days and another 24 hours have passed.
-The priority may be an integer or a decimal fraction.
+``GLUON_PRIORITY`` may be an integer or a decimal fraction.
 If ``GLUON_RELEASE`` is passed to ``make`` explicitly or it is generated dynamically
 in ``site.mk``, care must be taken to pass the same ``GLUON_RELEASE`` to ``make manifest``,
 as otherwise the generated manifest will be incomplete.
 Automated nightly builds
 ------------------------
 A fully automated nightly build could use the following commands:
@ -28,8 +38,9 @@ A fully automated nightly build could use the following commands:
    (cd site && git pull)
    make update
    make clean
-    make -j5 GLUON_TARGET=ar71xx-generic GLUON_BRANCH=experimental
+    NUM_CORES_PLUS_ONE=$(expr $(nproc) + 1)
-    make manifest GLUON_BRANCH=experimental
+    make -j$NUM_CORES_PLUS_ONE GLUON_TARGET=ar71xx-generic GLUON_BRANCH=experimental
    make manifest GLUON_BRANCH=$GLUON_BRANCH GLUON_RELEASE=$GLUON_RELEASE
    contrib/sign.sh $SECRETKEY output/images/sysupgrade/experimental.manifest
    rm -rf /where/to/put/this/experimental
@ -73,8 +84,6 @@ These commands can be used on a node:
 ::
-   # If fallback is true the updater will perform an update only if 
+   # If fallback is true the updater will perform an update only if the timespan
-   # the timespan given by the priority and another 24h have passed
+   # PRIORITY days (as defined in the manifest) and another 24h have passed
   autoupdater --fallback
--- a/docs/features/dns-forwarder.rst
+++ b/docs/features/dns-forwarder.rst
@ -0,0 +1,26 @@
 DNS forwarder
 =============
 A Gluon node can be configured to act as a DNS forwarder. Requests for the
 next-node hostname(s) can be answered locally, without querying the upstream
 resolver.
 **Note:** While this reduces answer time and allows to use the next-node
 hostname without upstream connectivity, this feature should not be used for
 next-node hostnames that are FQDN when the zone uses DNSSEC.
 One or more upstream resolvers can be configured in the *dns.servers* setting.
 When *next_node.name* is set, A and/or AAAA records for the next-node IP
 addresses are placed in the dnsmasq configuration.
 ::
  dns = {
    servers = { '2001:db8::1', },
  },
  next_node = {
    name = { 'nextnode.location.community.example.org', 'nextnode', 'nn' },
    ip6 = '2001:db8:8::1',
    ip4 = '198.51.100.1',
  }
--- a/docs/features/fastd_mode.gif
+++ b/docs/features/fastd_mode.gif
--- a/docs/features/monitoring.rst
+++ b/docs/features/monitoring.rst
@ -45,7 +45,7 @@ retrieve the data you'll need both a local alfred daemon and alfred-json_
 installed. Please note that at least one alfred daemon is required to run as
 `master`.
-.. _alfred-json: https://github.com/tcatm/alfred-json
+.. _alfred-json: https://github.com/ffnord/alfred-json
 The following datatypes are used:
@ -97,7 +97,7 @@ In order to retrieve statistics data you could run:
 You can find more information about alfred in its README_.
-.. _README: http://www.open-mesh.org/projects/alfred/repository/revisions/master/entry/README
+.. _README: https://git.open-mesh.org/alfred.git/blob_plain/refs/heads/master:/README
 gluon-respondd
 ~~~~~~~~~~~~~~
--- a/docs/features/multidomain.rst
+++ b/docs/features/multidomain.rst
@ -0,0 +1,272 @@
 Multidomain Support
 ===================
 Preamble
 --------
 There comes a time when a mesh network grows past sensible boundaries.
 As broadcast traffic grows, mesh networks experience scaling issues and
 using them becomes very unpleasant. An approach to solve this follows
 the well-known “divide and conquer” paradigm and splits a large network
 into multiple smaller networks. These smaller networks start with a
 dedicated layer 2 network each, which are interconnected via their
 gateways by layer 3 routing. Gluon is already field-tested handling a
 single domain and the multidomain feature allows for the reconfiguration
 of key parameters that decide which domain a node participates in,
 without the need of a distinct set of firmware images for each mesh domain.
 Overview
 --------
 Multidomain support allows to build a single firmware with multiple,
 switchable domain configurations. The nomenclature is as follows:
 -  ``site``: an aggregate over multiple domains
 -  ``domain``: mesh network with connectivity parameters that prevent
   accidental bridging with other domains
 -  ``domain code``: unique domain identifier
 -  ``domain name``: pretty name for a domain code
 By default Gluon builds firmware with a single domain embedded into
 ``site.conf``. To use multiple domains, enable it in ``site.mk``:
 ::
    GLUON_MULTIDOMAIN=1
 In the site repository, create the ``domains/`` directory, which will
 hold your domain configurations. Each domain configuration file is named
 after its primary ``domain_code``, additional domain codes and names are
 supported.
 ::
    site/
    |-- site.conf
    |-- site.mk
    |-- i18n/
    |-- domains/
      |-- alpha_centauri.conf
      |-- beta_centauri.conf
      |-- gamma_centauri.conf
 The domain configuration ``alpha_centauri.conf`` could look like this.
 ::
    {
      domain_names = {
        alpha_centauri = 'Alpha Centauri'
      },
      -- more domain specific config follows below
    }
 In this example “Alpha Centauri” is the user-visible ``domain_name`` for the
 domain_code ``alpha_centauri``. Also note that the domain code
 ``alpha_centauri`` matches the filename ``alpha_centauri.conf``.
 Additional domain codes/names can be added to ``domain_names``, which
 are treated as aliases for the their domain configuration. Aliases can
 be used to offer more fine-grained and well-recognizable domain choices
 to users. Having multiple aliases on a single domain is a helpful
 precursor to splitting the domain into even smaller blocks.
 Furthermore you have to specify the ``default_domain`` in the ``site.conf``.
 This domain is applied in following cases:
 - When the config mode is skipped.
 - When a domain is removed in a new firmware release, the default_domain
  will be chosen then.
 - When a user selects a wrong domain code via uci.
 Please note, that this value is saved to uci, so changing the `default_domain`
 value in the `site.conf` in a new firmware release only affects the actual
 domain of a router, if and only if one of the above conditions matches.
 Switching the domain
 --------------------
 **via commandline**:
 ::
    uci set gluon.core.domain="newdomaincode"
    gluon-reconfigure
    reboot
 **via config mode:**
 To allow switching the domain via config mode, ``config-mode-domain-select``
 has to be added to GLUON_FEATURES in the site.mk.
 |image0|
 Allowed site variables
 ----------------------
 Internally the site variables are merged from the ``site.conf`` and the
 selected ``domain.conf``, so the most variables are also allowed in
 ``site.conf`` and in ``domain.conf``. But there are some exceptions,
 which do not make sense in a domain or site specific way. The following
 sections give an overview over variables that are only usable in either
 site or domain context.
 site.conf only variables
 ^^^^^^^^^^^^^^^^^^^^^^^^
 -  Used in as initial default values, when the firmware was just flashed
   and/or the config mode is skipped, so they do not make sense in a
   domain specific way:
   -  authorized_keys
   -  default_domain
   -  poe_passthrough
   -  mesh_on_wan
   -  mesh_on_lan
   -  single_as_lan
   -  setup_mode.skip
   -  autoupdater.branch
   -  mesh_vpn.enabled
   -  mesh_vpn.pubkey_privacy
   -  mesh_vpn.bandwidth_limit
   -  mesh_vpn.bandwidth_limit.enabled
   -  mesh_vpn.bandwidth_limit.ingress
   -  mesh_vpn.bandwidth_limit.egress
 -  Variables that influence the appearance of the config mode,
   domain-independent because they are relevant before a domain was selected.
   -  config_mode.geo_location.show_altitude
   -  config_mode.hostname.optional
   -  config_mode.remote_login
   -  config_mode.remote_login.show_password_form
   -  config_mode.remote_login.min_password_length
   -  hostname_prefix
   -  mesh_vpn.fastd.configurable
   -  roles.default
   -  roles.list
 -  Specific to a firmware build itself:
   -  site_code
   -  site_name
   -  autoupdater.branches.*.name
   -  autoupdater.branches.*.good_signatures
   -  autoupdater.branches.*.pubkeys
 -  We simply do not see any reason, why these variables could be helpful
   in a domain specific way:
   -  mesh_vpn.fastd.syslog_level
   -  wifi*.ibss.supported_basic_rates
   -  wifi*.mesh.supported_basic_rates
   -  timezone
   -  regdom
 domain.conf only variables
 ^^^^^^^^^^^^^^^^^^^^^^^^^^
 -  Obviously:
   -  domain_names
      -  a table of domain codes to domain names
         ``domain_names = { foo = 'Foo Domain', bar = 'Bar Domain', baz = 'Baz Domain' }``
   -  hide_domain
      -  prevents a domain name(s) from appearing in config mode, either
         boolean or array of domain codes
         -  ``true``, ``false``
         -  ``{ 'foo', 'bar' }``
 -  Because each domain is considered as an own layer 2 network, these
   values should be different in each domain:
   -  next_node.ip4
   -  next_node.ip6
   -  next_node.name
   -  prefix6
   -  prefix4
   -  extra_prefixes6
 -  To prevent accidential bridging of different domains, all meshing
   technologies should be seperated:
   -  domain_seed (wired mesh)
      -  must be a random value used to derive the vxlan id for wired meshing
   -  wifi*.ibss.ssid
   -  wifi*.ibss.bssid
   -  wifi*.mesh.id
   -  mesh_vpn.fastd.groups.*.peers.remotes
   -  mesh_vpn.fastd.groups.*.peers.key
   -  mesh_vpn.tunneldigger.brokers
 -  Clients consider WiFi networks sharing the same ESSID as if they were
   the same L2 network and try to reconfirm and reuse previous
   addressing. If multiple neighbouring domains shared the same ESSID,
   the roaming experience of clients would degrade.
   -  wifi*.ap.ssid
 - Some values should be only set in legacy domains and not in new domains.
   -  mesh.vxlan
       -  By default, this value is `true`. It should be only set to `false`
          for one legacy domain, since vxlan prevents accidental wired
          merges of domains. For old domains this value is still available
          to keep compatibility between all nodes in one domain.
   -  next_node.mac
       -  For new domains, the default value should be used, since there is
          no need for a special mac (or domain specific mac). For old domains
          this value is still available to keep compatibility between all
          nodes in one domain.
 Example config
 --------------
 site.mk
 ^^^^^^^
 .. literalinclude:: ../multidomain-site-example/site.mk
  :language: makefile
 site.conf
 ^^^^^^^^^
 .. literalinclude:: ../multidomain-site-example/site.conf
  :language: lua
 domains/alpha_centauri.conf
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^
 .. literalinclude:: ../multidomain-site-example/domains/alpha_centauri.conf
  :language: lua
 i18n/en.po
 ^^^^^^^^^^
 .. literalinclude:: ../multidomain-site-example/i18n/en.po
  :language: po
 i18n/de.po
 ^^^^^^^^^^
 .. literalinclude:: ../multidomain-site-example/i18n/de.po
  :language: po
 modules
 ^^^^^^^
 .. literalinclude:: ../multidomain-site-example/modules
  :language: makefile
 .. |image0| image:: multidomain_configmode.gif
--- a/docs/features/multidomain_configmode.gif
+++ b/docs/features/multidomain_configmode.gif
--- a/docs/features/private-wlan.rst
+++ b/docs/features/private-wlan.rst
@ -4,17 +4,22 @@ Private WLAN
 It is possible to set up a private WLAN that bridges the WAN port and is seperated from the mesh network.
 Please note that you should not enable ``mesh_on_wan`` simultaneously.
-The private WLAN can be enabled through the config mode if the package ``gluon-luci-private-wifi`` is installed.
+The private WLAN can be enabled through the config mode if the package ``gluon-web-private-wifi`` is installed.
 You may also enable a private WLAN using the command line::
-  uci set wireless.wan_radio0=wifi-iface
+  RID=0
-  uci set wireless.wan_radio0.device=radio0
+  SSID="privateWLANname"
-  uci set wireless.wan_radio0.network=wan
+  KEY="yoursecret1337password"
-  uci set wireless.wan_radio0.mode=ap
+
-  uci set wireless.wan_radio0.encryption=psk2
+  uci set wireless.wan_radio$RID=wifi-iface
-  uci set wireless.wan_radio0.ssid="$SSID"
+  uci set wireless.wan_radio$RID.device=radio$RID
-  uci set wireless.wan_radio0.key="$KEY"
+  uci set wireless.wan_radio$RID.network=wan
-  uci set wireless.wan_radio0.disabled=0
+  uci set wireless.wan_radio$RID.mode=ap
  uci set wireless.wan_radio$RID.encryption=psk2
  uci set wireless.wan_radio$RID.ssid="$SSID"
  uci set wireless.wan_radio$RID.key="$KEY"
  uci set wireless.wan_radio$RID.disabled=0
  uci set wireless.wan_radio$RID.macaddr="$($(echo "lua -e print(require('gluon.util').generate_mac(3+4*$RID))"))"
  uci commit
  wifi
--- a/docs/features/roles.rst
+++ b/docs/features/roles.rst
@ -11,18 +11,20 @@ For this the section ``roles`` in ``site.conf`` is needed::
  roles = {
    default = 'node',
    list = {
-      node = 'Normal Node',
+      'node',
-      test = 'Test Node',
+      'test',
-      backbone = 'Backbone Node',
+      'backbone',
-      service = 'Service Node',
+      'service',
    },
  },
 The strings to display in the web interface are configured per language in the
 ``i18n/en.po``, ``i18n/de.po``, etc. files of the site repository using message IDs like
 ``gluon-web-node-role:role:node`` and ``gluon-web-node-role:role:backbone``.
 The value of ``default`` is the role every node will initially own. This value should be part of ``list`` as well.
 If you want node owners to change the defined roles via config-mode you can add the package
-``gluon-luci-node-role`` to your ``site.mk``. Then, you can select one of the defined roles from a dropdown list
+``gluon-web-node-role`` to your ``site.mk``.
 where the right-handed value is the one which is displayed and the left-handed key the one which is configured into 
 the system.
 The role is saved in ``gluon-node-info.system.role``. To change the role using command line do::
--- a/docs/features/vpn.rst
+++ b/docs/features/vpn.rst
@ -0,0 +1,57 @@
 Mesh-VPN
 ========
 Gluon integrates several OSI-Layer 2 tunneling protocols to
 enable interconnects between local meshes and provide
 internetwork access. Available protocols currently are:
 - fastd
 - L2TPv3 (via tunneldigger)
 fastd is a lightweight userspace tunneling daemon, that
 implements cipher suites that are specifically designed
 to work well on embedded devices. It offers encryption
 and authentication. Its primary drawback are the necessary
 context-switches when forwarding packets.
 L2TPv3 is an in-kernel tunneling protocol that performs well,
 but offers no security properties by itself.
 The brokering of the tunnel happens through tunneldigger,
 its primary drawback being the lack of IPv6 support.
 fastd
 -----
 Configurable Cipher
 ^^^^^^^^^^^^^^^^^^^
 From the site configuration fastd can be allowed to offer
 toggleable encryption in the config mode with the intent to
 increase throughput, although in practice the gain is minimal.
 **Site configuration:**
 1) Install ``gluon-web-mesh-vpn-fastd`` in ``site.mk``
 2) Set ``mesh_vpn.fastd.configurable = true`` in ``site.conf``
 **Gateway configuration:**
 1) Prepend the ``null`` cipher in fastd's method list
 **Config Mode:**
 The resulting firmware will allow users to choose between secure (encrypted) and fast (unencrypted) transport.
 .. image:: fastd_mode.gif
 **Unix socket:**
 To confirm whether the correct cipher is being used, fastds unix
 socket can be interrogated, after installing for example `socat`.
 ::
       opkg update
       opkg install socat
       socat - UNIX-CONNECT:/var/run/fastd.mesh_vpn.socket
--- a/docs/features/wired-mesh.rst
+++ b/docs/features/wired-mesh.rst
@ -1,8 +1,8 @@
 Wired mesh (Mesh-on-WAN/LAN)
-============================
+############################
 In addition to meshing over WLAN and VPN, it is also possible to
-configured wired meshing over the LAN or WAN ports. This allows
+configure wired meshing over the LAN or WAN ports. This allows
 nodes to be connected directly or over wireless bridges.
 Mesh-on-WAN can be enabled in addition to the mesh VPN, so multiple nodes
@ -11,55 +11,77 @@ Enabling Mesh-on-WAN should be avoided if the local network is also bridged with
 a WLAN access point, as meshing over batman-adv causes large amounts of
 multicast traffic, which will take up a lot of airtime.
-Enabling Mesh-on-LAN will replace the normal "client network" function
+Enabling Mesh-on-LAN replaces the normal "client network" function
 of the LAN ports, as client network ports may never be connected (so care must be taken to always
 enable Mesh-on-LAN before connecting two nodes' LAN ports).
 Wired mesh encapsulation
 ************************
 Since version 2018.1, Gluon supports encapsulating wired mesh traffic in
 `VXLAN <https://en.wikipedia.org/wiki/Virtual_Extensible_LAN>`_, a new standard with
 usecases similar to VLANs, but a much greater ID space of 24bit; in addition, VXLAN
 packets pass through VLAN-aware switches without any special configuration.
 Encapsulating mesh traffic has two advantages:
 * By using a different VXLAN ID for each site and mesh domain, accidental
  wired mesh connections between nodes of different domains will be prevented.
  This has special importance when nodes migrate between domains automatically,
  as currently possible through different site-specific packages.
 * While batman-adv traffic does not interact with non-mesh traffic in the same wired
  network in any way (so Gluon nodes can mesh over existing wired networks), this is
  not the case for layer 3 mesh protocols like Babel. Encapsulating the traffic allows
  to distinguish mesh traffic from unrelated packets.
 As enabling VXLAN encapsulation will prevent wired mesh communication with old nodes
 that do not support VXLAN yet, VXLANs can be enabled per-domain using the site configuration
 setting *mesh.vxlan*. VXLAN is enabled by default in multidomain setups; in single-domain
 site configurations, the *mesh.vxlan* setting is mandatory. We recommend to enable
 VXLAN encapsulation in all new sites and domains.
 Non-encapsulated ("legacy") wired meshing will be removed in a future Gluon release.
 We cannot give a concrete timeframe for the removal yet; a missing prerequisite is the
 implementation of a robust migration path for existing deployments.
 Configuration
-~~~~~~~~~~~~~
+*************
 Both Mesh-on-WAN and Mesh-on-LAN can be configured on the "Network" page
-of the *Expert Mode* (if the package ``gluon-luci-portconfig`` is installed).
+of the *Advanced settings* (if the package ``gluon-web-network`` is installed).
 It is also possible to enable Mesh-on-WAN and Mesh-on-LAN by default by
 adding ``mesh_on_wan = true`` and ``mesh_on_lan = true`` to ``site.conf``.
-Commandline configuration
+Commandline
-------------------------
+===========
-Mesh-on-WAN
+Enable Mesh-on-WAN::
 ...........
-It's possible to enable Mesh-on-WAN like this::
+  uci set network.mesh_wan.disabled=0
  uci commit network
-  uci set network.mesh_wan.auto=1
+Disable Mesh-on-WAN::
  uci commit
-It may be disabled by running::
+  uci set network.mesh_wan.disabled=1
  uci commit network
-  uci set network.mesh_wan.auto=0
+Enable Mesh-on-LAN::
  uci commit
-
+  uci set network.mesh_lan.disabled=0
 Mesh-on-LAN
 ...........
 Configuring Mesh-on-LAN is a bit more complicated::
  uci set network.mesh_lan.auto=1
  for ifname in $(cat /lib/gluon/core/sysconfig/lan_ifname); do
    uci del_list network.client.ifname=$ifname
  done
-  uci commit
+  uci commit network
-It may be disabled by running::
+Disable Mesh-on-LAN::
-  uci set network.mesh_lan.auto=0
+  uci set network.mesh_lan.disabled=1
  for ifname in $(cat /lib/gluon/core/sysconfig/lan_ifname); do
    uci add_list network.client.ifname=$ifname
  done
-  uci commit
+  uci commit network
-Please note that this configuration has changed in Gluon v2016.1. Using
+Please note that this configuration has changed in Gluon 2016.1. Using
-the old commands on v2016.1 will break the corresponding Expert Mode
+the old commands on 2016.1 and later will break the corresponding options
-settings.
+in the *Advanced settings*.
--- a/docs/features/wlan-configuration.rst
+++ b/docs/features/wlan-configuration.rst
@ -13,7 +13,7 @@ Upgrade behaviour
 For each of these networks, the site configuration may define a `disabled` flag (by
 default, all configured networks are enabled). This flag is merely a default setting,
 on upgrades the existing setting is always retained (as this setting may have been changed
-by the user). This means that is is not possible to enable or disable an existing network
+by the user). This means that it is not possible to enable or disable an existing network
 configurations during upgrades.
 For the "mesh" and "ibss" networks, the default setting only has an effect if none
--- a/docs/index.rst
+++ b/docs/index.rst
@ -5,10 +5,8 @@ Gluon is a modular framework for creating OpenWrt-based firmwares for wireless m
 Several Freifunk communities in Germany use Gluon as the foundation of their Freifunk firmwares.
 User Documentation
 ------------------
 .. toctree::
   :caption: User Documentation
   :maxdepth: 2
   user/getting_started
@ -16,10 +14,8 @@ User Documentation
   user/x86
   user/faq
 Features
 --------
 .. toctree::
   :caption: Features
   :maxdepth: 2
   features/configmode
@ -27,40 +23,72 @@ Features
   features/wlan-configuration
   features/private-wlan
   features/wired-mesh
   features/dns-forwarder
   features/monitoring
   features/multidomain
   features/authorized-keys
   features/roles
-
+   features/vpn
 Developer Documentation
 -----------------------
 .. toctree::
   :caption: Developer Documentation
   :maxdepth: 2
   dev/basics
   dev/hardware
   dev/packages
   dev/upgrade
   dev/configmode
   dev/wan
-   dev/i18n
+   dev/mac_addresses
-
+   dev/site_library
 Packages
 --------
 .. toctree::
   :caption: gluon-web Reference
   :maxdepth: 1
   dev/web/controller
   dev/web/model
   dev/web/view
   dev/web/i18n
   dev/web/config-mode
 .. toctree::
   :caption: Packages
   :maxdepth: 1
   package/gluon-client-bridge
-   package/gluon-config-mode-geo-location
+   package/gluon-config-mode-domain-select
   package/gluon-ebtables-filter-multicast
   package/gluon-ebtables-filter-ra-dhcp
-
+   package/gluon-ebtables-limit-arp
-Releases
+   package/gluon-ebtables-source-filter
--------
+   package/gluon-radv-filterd
   package/gluon-web-admin
   package/gluon-web-logging
 .. toctree::
   :caption: Releases
   :maxdepth: 1
   releases/v2018.1
   releases/v2017.1.8
   releases/v2017.1.7
   releases/v2017.1.6
   releases/v2017.1.5
   releases/v2017.1.4
   releases/v2017.1.3
   releases/v2017.1.2
   releases/v2017.1.1
   releases/v2017.1
   releases/v2016.2.7
   releases/v2016.2.6
   releases/v2016.2.5
   releases/v2016.2.4
   releases/v2016.2.3
   releases/v2016.2.2
   releases/v2016.2.1
   releases/v2016.2
   releases/v2016.1.6
   releases/v2016.1.5
   releases/v2016.1.4
   releases/v2016.1.3
@ -88,34 +116,40 @@ ar71xx-generic
 * ALFA Network
  - AP121
  - AP121F
  - AP121U
  - Hornet-UB
  - Tube2H
  - N2
  - N5
 * Allnet
  - ALL0315N
 * AVM
  - Fritz!Box 4020
 * Buffalo
  - WZR-HP-AG300H / WZR-600DHP
  - WZR-HP-G300NH
  - WZR-HP-G300NH2
  - WZR-HP-G450H
 * Cisco Meraki
  - MR12 / MR62
  - MR16 / MR66
 * D-Link
-  - DIR-505 (A1)
+  - DIR-505 (A1, A2)
  - DIR-615 (C1)
  - DIR-825 (B1)
-* GL-Inet
+* GL Innovations
-  - 6408A (v1)
+  - GL-AR150
-  - 6416A (v1)
+  - GL-AR300M
  - GL-AR750 [#ath10k]_
  - GL-iNet 6408A (v1)
  - GL-iNet 6416A (v1)
 * Linksys
@ -123,7 +157,7 @@ ar71xx-generic
 * Netgear
-  - WNDR3700 (v1, v2)
+  - WNDR3700 (v1, v2, v5)
  - WNDR3800
  - WNDRMAC (v2)
@ -133,65 +167,59 @@ ar71xx-generic
 * OpenMesh
- - MR1750
+  - A40
  - A60
  - MR600 (v1, v2)
  - MR900 (v1, v2)
- - OM2P (v1, v2)
+  - MR1750 (v1, v2) [#ath10k]_
- - OM2P-HS (v1, v2)
+  - OM2P (v1, v2, v4)
  - OM2P-HS (v1, v2, v3, v4)
  - OM2P-LC
  - OM5P
 - OM5P-AC (v1, v2)
  - OM5P-AN
  - OM5P-AC (v1, v2) [#ath10k]_
 * TP-Link
-  - CPE210 (v1.0, v1.1)
+  - Archer C5 (v1) [#ath10k]_
-  - CPE220 (v1.0, v1.1)
+  - Archer C59 (v1) [#80211s]_
  - Archer C7 (v2, v4) [#ath10k]_
  - CPE210 (v1.0, v1.1, v2.0)
  - CPE220 (v1.1)
  - CPE510 (v1.0, v1.1)
-  - CPE520 (v1.0, v1.1)
+  - CPE520 (v1.1)
-  - TL-MR13U (v1)
+  - RE450 [#ath10k]_
  - TL-MR3020 (v1)
  - TL-MR3040 (v1, v2)
  - TL-MR3220 (v1, v2)
  - TL-MR3420 (v1, v2)
  - TL-WA701N/ND (v1, v2)
  - TL-WA750RE (v1)
  - TL-WA7510N (v1)
  - TL-WA801N/ND (v1, v2)
  - TL-WA830RE (v1, v2)
  - TL-WA850RE (v1)
  - TL-WA860RE (v1)
  - TL-WA901N/ND (v1, v2, v3)
  - TL-WDR3500 (v1)
  - TL-WDR3600 (v1)
  - TL-WDR4300 (v1)
-  - TL-WR703N (v1)
+  - TL-WR710N (v1, v2.1)
-  - TL-WR710N (v1, v2)
+  - TL-WR842N/ND (v1, v2, v3)
-  - TL-WR740N (v1, v3, v4, v5)
+  - TL-WR1043N/ND (v1, v2, v3, v4, v5)
  - TL-WR741N/ND (v1, v2, v4, v5)
  - TL-WR743N/ND (v1, v2)
  - TL-WR801N/ND (v1, v2)
  - TL-WR841N/ND (v3, v5, v7, v8, v9, v10, v11)
  - TL-WR842N/ND (v1, v2)
  - TL-WR843N/ND (v1)
  - TL-WR940N (v1, v2, v3)
  - TL-WR941ND (v2, v3, v4, v5, v6)
  - TL-WR1043N/ND (v1, v2, v3)
  - TL-WR2543N/ND (v1)
  - WBS210 (v1.20)
  - WBS510 (v1.20)
 * Ubiquiti
  - Air Gateway
  - Air Gateway LR
  - Air Gateway PRO
  - Air Router
-  - Bullet M
+  - Bullet M2/M5
-  - Loco M
+  - Loco M2/M5
-  - Loco M XW
+  - Loco M2/M5 XW
-  - Nanostation M
+  - Nanostation M2/M5
-  - Nanostation M XW
+  - Nanostation M2/M5 XW
-  - Picostation M
+  - Picostation M2/M5
-  - Rocket M
+  - Rocket M2/M5
-  - Rocket M XW
+  - Rocket M2/M5 Ti
  - Rocket M2/M5 XW
  - UniFi AC Mesh [#ath10k]_
  - UniFi AP
  - UniFi AP AC Lite [#ath10k]_
  - UniFi AP AC LR [#ath10k]_
  - UniFi AP AC Pro [#ath10k]_
  - UniFi AP LR
  - UniFi AP Pro
  - UniFi AP Outdoor
  - UniFi AP Outdoor+
@ -209,6 +237,61 @@ ar71xx-nand
  - WNDR3700 (v4)
  - WNDR4300 (v1)
 * ZyXEL
  - NBG6716 [#ath10k]_
 ar71xx-tiny
 ^^^^^^^^^^^
 * D-Link
  - DIR-615 (C1)
 * TP-Link
  - TL-MR13U (v1)
  - TL-MR3020 (v1)
  - TL-MR3040 (v1, v2)
  - TL-MR3220 (v1, v2)
  - TL-MR3420 (v1, v2)
  - TL-WA701N/ND (v1, v2)
  - TL-WA730RE (v1)
  - TL-WA750RE (v1)
  - TL-WA801N/ND (v1, v2, v3)
  - TL-WA830RE (v1, v2)
  - TL-WA850RE (v1)
  - TL-WA860RE (v1)
  - TL-WA901N/ND (v1, v2, v3, v4, v5)
  - TL-WA7210N (v2)
  - TL-WA7510N (v1)
  - TL-WR703N (v1)
  - TL-WR710N (v1, v2, v2.1)
  - TL-WR740N (v1, v3, v4, v5)
  - TL-WR741N/ND (v1, v2, v4, v5)
  - TL-WR743N/ND (v1, v2)
  - TL-WR841N/ND (v3, v5, v7, v8, v9, v10, v11, v12)
  - TL-WR843N/ND (v1)
  - TL-WR940N (v1, v2, v3, v4, v5, v6)
  - TL-WR941ND (v2, v3, v4, v5, v6)
 brcm2708-bcm2708
 ^^^^^^^^^^^^^^^^
 * RaspberryPi 1
 brcm2708-bcm2709
 ^^^^^^^^^^^^^^^^
 * RaspberryPi 2
 ipq806x
 ^^^^^^^
 * TP-Link
  - Archer C2600 [#80211s]_
 mpc85xx-generic
 ^^^^^^^^^^^^^^^
@ -216,34 +299,87 @@ mpc85xx-generic
  - TL-WDR4900 (v1)
 ramips-mt7620
 ^^^^^^^^^^^^^
 * GL Innovations
  - GL-MT300A [#80211s]_
  - GL-MT300N [#80211s]_
  - GL-MT750 [#80211s]_
 ramips-mt7621
 ^^^^^^^^^^^^^
 * Ubiquiti
  - EdgeRouter X
  - EdgeRouter X-SFP
 ramips-mt7628
 ^^^^^^^^^^^^^
 * VoCore
  - VoCore2 [#80211s]_
 ramips-rt305x
 ^^^^^^^^^^^^^
 * A5-V11 [#80211s]_
 * D-Link
  - DIR-615 (D1, D2, D3, D4, H1) [#80211s]_
 * VoCore
  - VoCore (8M) [#80211s]_
  - VoCore (16M) [#80211s]_
 sunxi
 ^^^^^
 * LeMaker
  - Banana Pi M1
 x86-generic
 ^^^^^^^^^^^
 * x86-generic
 * x86-virtualbox
 * x86-vmware
 See also: :doc:`user/x86`
-x86-kvm_guest
+x86-geode
-^^^^^^^^^^^^^
+^^^^^^^^^
 * x86-kvm
-See also: :doc:`user/x86`
+* x86-geode
 x86-xen_domu
 ^^^^^^^^^^^^
 * x86-xen
 See also: :doc:`user/x86`
 x86-64
 ^^^^^^
 * x86-64-generic
 * x86-64-virtualbox
 * x86-64-vmware
 See also: :doc:`user/x86`
 Footnotes
 ^^^^^^^^^
 .. [#ath10k]
  Device uses the ath10k WLAN driver; images are built for 11s by default unless GLUON_WLAN_MESH
  is set as described in :ref:`getting-started-make-variables`
 .. [#80211s]
  Device does not support IBSS; images are built by default unless GLUON_WLAN_MESH
  is explicitly set to something other than *11s*
 License
 -------
--- a/docs/multidomain-site-example/domains/alpha_centauri.conf
+++ b/docs/multidomain-site-example/domains/alpha_centauri.conf
@ -0,0 +1,62 @@
 {
  -- multiple codes/names can be defined, the first one is the primary name
  -- additional aliases can be defined
  domain_names = {
    alpha_centauri = 'Alpha Centauri',
    rigil_kentaurus = 'Rigil Kentaurus',
    proxima_centauri = 'Proxima Centauri',
  },
  -- 32 byte random data in hexadecimal encoding
  -- This data must be unique among all sites and domains!
  -- Can be generated using: echo $(hexdump -v -n 32 -e '1/1 "%02x"' </dev/urandom)
  domain_seed = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
  -- unique network prefixes per domain
  prefix4 = '10.xxx.0.0/20',
  prefix6 = 'fdxx:xxxx:xxxx:xxxx::/64',
  next_node = {
    ip4 = '10.xxx.yyy.zzz',
    ip6 = 'fdxx:xxxx:xxxx:xxxx::xxxx',
  },
  wifi24= {
    ap = {
      ssid = "alpha-centauri.example.org",
      channel = 1,
    },
    mesh = {
      id = 'ueH3uXjdp', -- usually you don't want users to connect to this mesh-SSID, so use a cryptic id that no one will accidentally mistake for the client WiFi
    },
  },
  wifi5= {
    ap = {
      ssid = "alpha-centauri.example.org",
      channel = 44,
    },
    mesh = {
      id = 'ueH3uXjdp',
    },
  },
  mesh_vpn = {
    fastd = {
      groups = {
        backbone = {
          peers = {
            peer1 = {
              key = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
              remotes = {'"peer1.example.org" port xxxxx'},
            },
            peer2 = {
              key = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
              remotes = {'"peer2.example.org" port xxxxx'},
            },
          },
        },
      },
    },
  },
 }
--- a/docs/multidomain-site-example/i18n
+++ b/docs/multidomain-site-example/i18n
@ -0,0 +1 @@
 ../site-example/i18n/
--- a/docs/multidomain-site-example/modules
+++ b/docs/multidomain-site-example/modules
@ -0,0 +1 @@
 ../site-example/modules
--- a/docs/multidomain-site-example/site.conf
+++ b/docs/multidomain-site-example/site.conf
@ -0,0 +1,52 @@
 {
  site_name = 'Centauri Mesh',
  site_code = 'centauri',
  default_domain = 'alpha_centauri',
  timezone = 'CET-1CEST,M3.5.0,M10.5.0/3',
  ntp_server = {'ntp1.example.org', 'ntp2.example.org'},
  regdom = 'DE',
  wifi24 = {
    mesh = {
      mcast_rate = 12000,
    },
  },
  wifi5 = {
    mesh = {
      mcast_rate = 12000,
    },
  },
  mesh_vpn = {
    mtu = 1312,
    fastd = {
      methods = {'salsa2012+umac'},
    },
    bandwidth_limit = {
      enabled = false,
      egress = 200, -- kbit/s
      ingress = 3000, -- kbit/s
    },
  },
  autoupdater = {
    branch = 'stable',
    branches = {
      stable = {
        name = 'stable',
        mirrors = {'http://update.example.org/stable/sysupgrade'},
        good_signatures = 2,
        pubkeys = {
          'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', -- Alice
          'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', -- Bob
          'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', -- Mary
        },
      },
    },
  },
 }
--- a/docs/multidomain-site-example/site.mk
+++ b/docs/multidomain-site-example/site.mk
@ -0,0 +1,61 @@
 ##	gluon site.mk makefile example
 ##	GLUON_FEATURES
 #		Specify Gluon features/packages to enable;
 #		Gluon will automatically enable a set of packages
 #		depending on the combination of features listed
 GLUON_FEATURES := \
 	autoupdater \
 	ebtables-filter-multicast \
 	ebtables-filter-ra-dhcp \
 	ebtables-limit-arp \
 	mesh-batman-adv-15 \
 	mesh-vpn-fastd \
 	radvd \
 	respondd \
 	status-page \
 	web-advanced \
 	web-wizard
 ##	GLUON_MULTIDOMAIN
 #		Build gluon with multidomain support.
 GLUON_MULTIDOMAIN=1
 ##	GLUON_SITE_PACKAGES
 #		Specify additional Gluon/LEDE packages to include here;
 #		A minus sign may be prepended to remove a packages from the
 #		selection that would be enabled by default or due to the
 #		chosen feature flags
 GLUON_SITE_PACKAGES := haveged iwinfo
 ##	DEFAULT_GLUON_RELEASE
 #		version string to use for images
 #		gluon relies on
 #			opkg compare-versions "$1" '>>' "$2"
 #		to decide if a version is newer or not.
 DEFAULT_GLUON_RELEASE := 0.6+exp$(shell date '+%Y%m%d')
 # Variables set with ?= can be overwritten from the command line
 ##	GLUON_RELEASE
 #		call make with custom GLUON_RELEASE flag, to use your own release version scheme.
 #		e.g.:
 #			$ make images GLUON_RELEASE=23.42+5
 #		would generate images named like this:
 #			gluon-ff%site_code%-23.42+5-%router_model%.bin
 GLUON_RELEASE ?= $(DEFAULT_GLUON_RELEASE)
 # Default priority for updates.
 GLUON_PRIORITY ?= 0
 # Region code required for some images; supported values: us eu
 GLUON_REGION ?= eu
 # Languages to include
 GLUON_LANGS ?= en de
--- a/docs/package/gluon-config-mode-domain-select.rst
+++ b/docs/package/gluon-config-mode-domain-select.rst
@ -0,0 +1,19 @@
 gluon-config-mode-domain-select
 ===============================
 This package provides a drop-down list for the config mode to select the domain
 the node will be placed in. If the selection has changed the upgrade scripts in
 ``/lib/gluon/upgrade/`` are triggered to update the nodes configuration.
 Hiding domains could be useful for default or testing domains, which should not
 be accidentally selected by a node operater.
 domains/\*.conf
 ---------------
 hide_domain \: optional (defaults to false)
    - ``false`` shows this domain in drop-down list
    - ``true`` hides this domain
 Example::
  hide_domain = true
--- a/docs/package/gluon-config-mode-geo-location.rst
+++ b/docs/package/gluon-config-mode-geo-location.rst
@ -1,14 +0,0 @@
 gluon-config-mode-geo-location
 ==============================
 This package enables the user to set latitude, longitude and altitude of their
 node within config mode. As the usage of the altitude is not well defined the
 corresponding field can be disabled.
 site.conf
 ---------
 config_mode.geo_location.show_altitude : optional
    - ``true`` enables the altitude field
    - ``false`` disables the altitude field if altitude has not yet been set
    - defaults to ``true``
--- a/docs/package/gluon-ebtables-limit-arp.rst
+++ b/docs/package/gluon-ebtables-limit-arp.rst
@ -0,0 +1,23 @@
 gluon-ebtables-limit-arp
 ========================
 The *gluon-ebtables-limit-arp* package adds filters to limit the 
 amount of ARP requests client devices are allowed to send into the 
 mesh. 
 The limits per client device, identified by its MAC address, are
 6 packets per minute and 1 per second per node in total. 
 A burst of up to 50 ARP requests is allowed until the rate-limiting
 takes effect (see ``--limit-burst`` in ``ebtables(8)``).
 Furthermore, ARP requests for a target IP already present in the
 batman-adv DAT cache are excluded from rate-limiting, in regard 
 to both counting and filtering, as batman-adv will be able
 to respond locally without a burden for the mesh. Therefore, this
 limiter should not affect popular target IP addresses, like those
 of gateways or nameservers.
 However it mitigates the impact on the mesh when a larger range of
 its IPv4 subnet is being scanned, which would otherwise result in
 a significant amount of ARP chatter, even for unused IP addresses.
--- a/docs/package/gluon-ebtables-source-filter.rst
+++ b/docs/package/gluon-ebtables-source-filter.rst
@ -0,0 +1,33 @@
 gluon-ebtables-source-filter
 ============================
 The *gluon-ebtables-source-filter* package adds an additional layer-2 filter
 ruleset to prevent unreasonable traffic entering the network via the nodes.
 Unreasonable means traffic entering the mesh via a node which source IP does
 not belong to the configured IP space.
 You may first check if there is a certain proportion of unreasonable traffic,
 before adding this package to the firmware image. Furthermore, you should not
 use this package if some kind of gateway or upstream network is provided by
 a device connected to the client port.
 site.conf
 ---------
 prefix4 : optional
    - IPv4 subnet
 prefix6 :
    - IPv6 subnet
 extra_prefixes6 : optional
    - list of additional IPv6 subnets
 Example::
  prefix4 = '198.51.100.0/21',
  prefix6 = '2001:db8:8::/64',
  extra_prefixes6 = {
    '2001:db8:9::/64',
    '2001:db8:100::/60',
  },
--- a/docs/package/gluon-radv-filterd.rst
+++ b/docs/package/gluon-radv-filterd.rst
@ -0,0 +1,61 @@
 gluon-radv-filterd
 ==================
 This package drops all incoming router advertisements except for the
 default router with the best metric according to B.A.T.M.A.N. advanced.
 Note that advertisements originating from the node itself (for example
 via gluon-radvd) are not affected and considered at all.
 Selected router
 ---------------
 The router selection mechanism is independent from the batman-adv gateway mode.
 In contrast, the device originating the router advertisment could be any router
 or client connected to the mesh, as radv-filterd captures all router
 advertisements originating  from it. All nodes announcing router advertisement
 **with** a default lifetime greater than 0 are being considered as candidates.
 In case a router is not a batman-adv originator itself, its TQ is defined by
 the originator it is connected to. This lookup uses the batman-adv global
 translation table.
 Initially the router is the selected by choosing the candidate with the
 strongest TQ. When another candidate can provide a better TQ metric it is not
 picked up as the selected router until it will outperform the currently
 selected router by X metric units. The hysteresis threshold is configurable
 and prevents excessive flapping of the gateway.
 "Local" routers
 ---------------
 The package has functionality to select "local" routers, i.e. those connected
 via cable or WLAN instead of via the mesh (technically: appearing in the
 ``transtable_local``), a fake TQ of 512 so that they are always preferred.
 However, if used together with the :doc:`gluon-ebtables-filter-ra-dhcp`
 package, these router advertisements are filtered anyway and reach neither the
 node nor any other client. You currently have to disable the package or insert
 custom ebtables rules in order to use local routers.
 respondd module
 ---------------
 This package also contains a module for respondd that announces the currently
 selected router via the ``statistics.gateway6`` property using its interface MAC
 address. Note that this is different from the ``statistics.gateway`` property,
 which contains the MAC address of the main B.A.T.M.A.N. adv slave interface of
 the selected IPv4 gateway.
 site.conf
 ---------
 radv_filterd.threshold : optional
    - minimal difference in TQ value that another gateway has to be better than
      the currently chosen gateway to become the new chosen gateway
    - defaults to ``20``
 Example::
  radv_filterd = {
    threshold = 20,
  }
--- a/docs/package/gluon-web-admin.rst
+++ b/docs/package/gluon-web-admin.rst
@ -0,0 +1,29 @@
 gluon-web-admin
 ===============
 This package allows the user to set options like the password for ssh access
 within config mode. You can define in your ``site.conf`` whether it should be
 possible to access the nodes via ssh with a password or not and what the mimimum
 password length must be.
 site.conf
 ---------
 config_mode.remote_login.show_password_form \: optional
  - ``true`` the password section in config mode is shown
  - ``false`` the password section in config mode is hidden
  - defaults to ``false``
 config_mode.remote_login.min_password_length \: optional
  - sets the minimum allowed password length. Set this to ``1`` to disable the
    length check.
  - defaults to ``12``
 Example::
  config_mode = {
    remote_login = {
      show_password_form = true, -- default false
      min_password_length = 12
    }
  }
--- a/docs/package/gluon-web-logging.rst
+++ b/docs/package/gluon-web-logging.rst
@ -0,0 +1,5 @@
 gluon-web-logging
 =================
 The *gluon-web-logging* package adds a new section to advanced settings
 to allow GUI-based configuration of a remote syslog server.
--- a/docs/releases/v2016.1.6.rst
+++ b/docs/releases/v2016.1.6.rst
@ -0,0 +1,55 @@
 Gluon 2016.1.6
 ==============
 Bugfixes
 ~~~~~~~~
 * build: fix nodejs host build on Debian Wheezy (`#776 <https://github.com/freifunk-gluon/gluon/issues/776>`_)
 * build: fix parallel builds with Make 4.2+
  Trying to use ``-j N`` with Make 4.2 would spawn an unlimited number of processes,
  eventually leading to memory exhaustion.
 * build: fix occasional build failure in libpcap package
 * build: don't require hexdump for x86 builds (`#811 <https://github.com/freifunk-gluon/gluon/issues/811>`_)
  Trying to build Gluon for x86 on systems without hexdump would silently generate
  broken images.
 * Add support for DNS servers given by their link-local IPv6 address in Router Advertisements
  (`#854 <https://github.com/freifunk-gluon/gluon/issues/854>`_)
 * ar71xx-generic: correctly setup LNA GPIOs on CPE210/510 (`#796 <https://github.com/freifunk-gluon/gluon/issues/796>`_)
  Improves the reception by about 20dB.
 * ar71xx-generic: switch default WAN/LAN assignment on Ubiquiti UAP Pro
  (`#764 <https://github.com/freifunk-gluon/gluon/issues/764>`_)
  Switch to the usual "PoE is WAN/setup mode, secondary is LAN" scheme. This only affects
  new installations; the assignment won't be changed on updates unless the configuration is
  reset.
 * ar71xx-generic: fix ath10k memory leak (`#690 <https://github.com/freifunk-gluon/gluon/issues/690>`_)
 * ar71xx-generic: add support for new TP-Link region codes
  (`#860 <https://github.com/freifunk-gluon/gluon/issues/860>`_)
  TP-Link has started providing US- and EU-specific firmwares for the Archer C7 v2. To generate
  Gluon images installable from these new firmwares, the ``GLUON_REGION`` variable must be set
  to ``eu`` or ``us`` in ``site.mk`` or on the ``make`` command line (the images will still be
  installable from all old firmwares without region codes).
 Known Issues
 ~~~~~~~~~~~~
 * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
  Reducing the TX power in the Expert Mode is recommended.
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
--- a/docs/releases/v2016.1.rst
+++ b/docs/releases/v2016.1.rst
@ -175,9 +175,9 @@ Site changes
        mesh_vpn = {
          ifname = 'mesh-vpn',
          enabled = false,
          limit_ingress = 3000,
          limit_egress = 200,
-        }
+          limit_ingress = 3000,
        },
      }
    needs to be changed to
@ -189,8 +189,8 @@ Site changes
        bandwidth_limit = {
          enabled = false,
          ingress = 3000,
          egress = 200,
          ingress = 3000,
        },
      }
--- a/docs/releases/v2016.2.1.rst
+++ b/docs/releases/v2016.2.1.rst
@ -0,0 +1,59 @@
 Gluon 2016.2.1
 ==============
 Added hardware support
 ~~~~~~~~~~~~~~~~~~~~~~
 ar71xx-generic
 ^^^^^^^^^^^^^^
 * TP-Link
  - TL-WA901ND v4
 Bugfixes
 ~~~~~~~~
 * Make status page work with disabled cookies/local storage
  (`#912 <https://github.com/freifunk-gluon/gluon/pull/912>`_)
 * Update kernel to 3.18.44
  Fixes CVE-2016-5195 and CVE-2016-7117. It is unlikely that these issues pose
  a threat to usual Gluon setups, but installing additional packages may make a
  system vulnerable. In any case, updating is highly recommended.
 * Downgrade mac80211 to an earlier state
  Unfortunately, a mac80211 update that was done shortly before the release of
  Gluon v2016.2 (that seemed necessary to properly support ath10k devices) had
  again caused severe ath9k stability issues that remained unreported until v2016.2
  was out.
  We have now reverted mac80211 to an earlier state that was reported to be very
  stable (while keeping the ath10k-specific changes); in addition, some patches
  that were reported to cause connection or performance issues with certain clients
  have been reverted. While is it still not perfectly stable, is should be at least
  as good as (and probably better than) the v2016.1.x release series.
 Known Issues
 ~~~~~~~~~~~~
 * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
  Reducing the TX power in the Advanced Settings is recommended.
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
 * Git HTTPS downloads from git.kernel.org fail on Debian Wheezy (`#919 <https://github.com/freifunk-gluon/gluon/issues/919>`_)
  The GnuTLS version on Debian Wheezy is too old and can't establish a connection with
  git.kernel.org anymore. A newer GnuTLS version is available in wheezy-backports, but
  as there is no libcurl3-gnutls package linked against the new version, installing the
  new version has no effect.
--- a/docs/releases/v2016.2.2.rst
+++ b/docs/releases/v2016.2.2.rst
@ -0,0 +1,78 @@
 Gluon 2016.2.2
 ==============
 Added hardware support
 ~~~~~~~~~~~~~~~~~~~~~~
 ar71xx-generic
 ^^^^^^^^^^^^^^
 * TP-Link
  - CPE210/510 EU/US versions
  - TL-WA801N/ND v3
  - TL-WR841ND v11 EU/US versions
 Bugfixes
 ~~~~~~~~
 * Fix boot on certain QCA955x-based devices (e.g. OpenMesh OM5P AC v2) (`#965 <https://github.com/freifunk-gluon/gluon/pull/965>`_)
  This issue was a regression in Gluon v2016.2.1.
 * Build: Fix git downloads from git.kernel.org on Debian Wheezy (`#919 <https://github.com/freifunk-gluon/gluon/issues/919>`_)
  We've switched back from HTTPS to the git protocol for now to avoid using
  the old GnuTLS version of Debian Wheezy which can't establish a HTTPS connection
  with git.kernel.org anymore.
  This issue was a regression in Gluon v2016.2.
 * Fix RX filter of Ubiquiti UAP Outdoor+ (`d43147a8e03d <https://github.com/freifunk-gluon/gluon/commit/d43147a8e03dd17bc27e4ab203736f2151f9db3d>`_)
  This issue was a regression in Gluon v2016.2.
 * Fix switched WAN/LAN interface assignment on CPE210 (`59deb2064d54 <https://github.com/freifunk-gluon/gluon/commit/59deb2064d54a37e27139b76a3b6064f5f10f364>`_)
  This issue was a regression in Gluon v2016.2.
 * Significantly reduce CPU load used by signal strength LEDs (`#897 <https://github.com/freifunk-gluon/gluon/issues/897>`_)
 * Fix ethernet port of the Ubiquiti UAP AC Lite (`#911 <https://github.com/freifunk-gluon/gluon/issues/911>`_)
 * Build: Don't use host ``/tmp`` directory (`f9072a36411b <https://github.com/freifunk-gluon/gluon/commit/f9072a36411b92089c697b2c0a564155bfe10bd1>`_)
  Fixes build when ``/tmp`` is mounted with *noexec*.
 * Fix mesh interface type respondd/alfred announcements when using VLANs over IBSS (`#941 <https://github.com/freifunk-gluon/gluon/issues/941>`_)
 * Fix next-node ebtables rules without *next_node.ip4* (`9dbe9f785d2b <https://github.com/freifunk-gluon/gluon/commit/9dbe9f785d2b439c3ebdae365b808ebf42b3cf03>`_)
  Gluon v2016.2 added support for using the next-node feature without specifying an IPv4
  address. Some scripts had not been adjusted, making the next-node unreliable when
  no IPv4 address was specified.
 Other changes
 ~~~~~~~~~~~~~
 * x86-generic and x86-64 images now have PATA and MMC support to allow using them
  on various devices that were previously unsupported.
 * Clean up opkg postinst scripts up on image generation
  OpenWrt does this by default to save a little space.
 Known Issues
 ~~~~~~~~~~~~
 * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
  Reducing the TX power in the Advanced Settings is recommended.
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
--- a/docs/releases/v2016.2.3.rst
+++ b/docs/releases/v2016.2.3.rst
@ -0,0 +1,62 @@
 Gluon 2016.2.3
 ==============
 Added hardware support
 ~~~~~~~~~~~~~~~~~~~~~~
 ar71xx-generic
 ^^^^^^^^^^^^^^
 * TP-Link TL-WR940N v4
 * TP-Link TL-WR1043ND v4
 Removed hardware support
 ~~~~~~~~~~~~~~~~~~~~~~~~
 Support for Meraki devices (MR12/16/62/66) has been removed for now because of
 severe problems (all devices were using the same MAC addresses). Support will return
 when the issues have been fixed.
 Bugfixes
 ~~~~~~~~
 * Automatically restart respondd on failure (`#863 <https://github.com/freifunk-gluon/gluon/issues/863>`_)
  There have been many reports of respondd processes disappearing; the exact cause is unclear,
  but might be related to the batman-adv debugfs interface and/or out-of-memory conditions.
  A new respondd initscript uses procd to automatically restart respondd when it dies.
 * Make autoupdater timeouts more robust (`#987 <https://github.com/freifunk-gluon/gluon/issues/987>`_)
  It was reported that wget processes sometimes hang indefinitely during the autoupdater manifest
  download. The autoupdater has been improved to ensure that wget can always be interrupted after
  a timeout.
  This issue, together with the recent addition of lock files to ensure that only one instance
  of the autoupdater can run at a time, had caused the autoupdater to blocked completely
  by hanging processes in some cases (till a node was rebooted).
 * Fix regulation domain switching in ath10k (`#1001 <https://github.com/freifunk-gluon/gluon/pull/1001>`_)
  Prevents use of too high transmission power in some cases.
 * Ensure that *prefix6* in site.conf is always a /64 prefix (`6b62e2f <https://github.com/freifunk-gluon/gluon/commit/6b62e2fc788cd1f83f6634288a15724dfc42b0fd>`_)
  Other prefix lengths were never supported and don't make sense in many places the prefix is used. Ensure
  that such configurations will not pass validation.
 Known Issues
 ~~~~~~~~~~~~
 * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
  Reducing the TX power in the Advanced Settings is recommended.
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
--- a/docs/releases/v2016.2.4.rst
+++ b/docs/releases/v2016.2.4.rst
@ -0,0 +1,55 @@
 Gluon 2016.2.4
 ==============
 Bugfixes
 ~~~~~~~~
 * Fix batman-adv (compat 15) not being able to transmit packages of specific sizes (`b7eeef9 <https://github.com/freifunk-gluon/gluon/commit/b7eeef9b04b44a70b2a953c4efe35a3fdceba2db>`_)
  We suspect that this issue was also the reason for the autoupdater/wget hangs observed by many communities.
  Non-Gluon nodes like gateways should be updated to batman-adv 2017.0.1 to get the fix.
 * Fix build after ftp.all.kernel.org discontinuation (`#1059 <https://github.com/freifunk-gluon/gluon/issues/1059>`_)
 * Fix high load because of frequent calls of the respondd initscript (`9a0aeb9 <https://github.com/freifunk-gluon/gluon/commit/9a0aeb9b7482df4e4515e61356b9d393e3a7eacb>`_)
  The respondd restart triggers added in v2016.2.3 ran a significant portion of the respondd initscript for each router advertisement
  received. This was fixed by a backport of a netifd patch.
 * x86 sysupgrade fixes (`41fd50d <https://github.com/freifunk-gluon/gluon/commit/41fd50d20ba31d73c4796c5b2d4eb44ad2258b90>`_,
  `ad37e2b <https://github.com/freifunk-gluon/gluon/commit/ad37e2b6b43b2c3389356d892b04f3873d8f6b93>`_)
  This fixes sysupgrade on mmcblk and similar devices.
 Other changes
 ~~~~~~~~~~~~~
 * The manifest generator has been extended to generate SHA256 checksums in addition to SHA512 ones
  (`f9d59be <https://github.com/freifunk-gluon/gluon/commit/f9d59be731efd31a26c59e049ccbdc4b1762f6b1>`_)
  We have recently switched the autoupdater to SHA256 in the Gluon master to avoid mixing two different
  lengths of hashes for no good reason. This makes the manifests of Gluon v2016.2.x compatible with the
  new autoupdater so it doesn't prevent backports or downgrades.
  **Note:** Downgrades of major Gluon versions are generally unsupported and will often lead to
  broken configurations.
 Known Issues
 ~~~~~~~~~~~~
 * x86 sysupgrade (sometimes) loses config when kernel partition grows (`#1010 <https://github.com/freifunk-gluon/gluon/issues/1010>`_)
  This issue affects upgrades from v2016.2.x and older to the Gluon master only, we hope to fix it before the next
  major release.
 * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
  Reducing the TX power in the Advanced Settings is recommended.
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
--- a/docs/releases/v2016.2.5.rst
+++ b/docs/releases/v2016.2.5.rst
@ -0,0 +1,36 @@
 Gluon 2016.2.5
 ==============
 This version contains only a single bugfix for a regression introduced in Gluon v2016.2.4.
 As the regression affects batman-adv compat 15 only, firmwares using the compat 14 legacy
 version don't need to be updated.
 Bugfixes
 ~~~~~~~~
 * Fix kernel crash with batman-adv compat 15 (`d452a7c <https://github.com/freifunk-gluon/gluon/commit/d452a7c2cf1c0da4e034666a50dc0e7aa9ddc592>`_)
  An incorrect backport of a fix for a very improbable kernel crash caused a much more
  frequent kernel crash. The backport has been fixed.
  This bug a regression in Gluon v2016.2.4.
 Known Issues
 ~~~~~~~~~~~~
 * x86 sysupgrade (sometimes) loses config when kernel partition grows (`#1010 <https://github.com/freifunk-gluon/gluon/issues/1010>`_)
  This issue affects upgrades from v2016.2.x and older to the Gluon master only, we hope to fix it before the next
  major release.
 * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
  Reducing the TX power in the Advanced Settings is recommended.
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
--- a/docs/releases/v2016.2.6.rst
+++ b/docs/releases/v2016.2.6.rst
@ -0,0 +1,57 @@
 Gluon 2016.2.6
 ==============
 Added hardware support
 ~~~~~~~~~~~~~~~~~~~~~~
 ar71xx-generic
 ^^^^^^^^^^^^^^
 * TP-Link TL-WR841N/ND v12
 Bugfixes
 ~~~~~~~~
 * Fix `CVE-2016-10229 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10229>`_
  (`#1097 <https://github.com/freifunk-gluon/gluon/issues/1097>`_)
  Fortunately, the standard Gluon setup is not vulnerable, as the issue only affects
  applications that use MSG_PEEK on UDP sockets. dnsmasq does use MSG_PEEK, but
  only in the DHCP component, which is not enabled during normal node operation.
 * Fix roaming issue affecting communication between clients
  (`#1121 <https://github.com/freifunk-gluon/gluon/issues/1121>`_)
  This issue affects all previous releases of Gluon v2016.2.x.
 * Fix build against OpenSSL 1.1 (`b6a22ce <https://github.com/freifunk-gluon/gluon/commit/b6a22ce79307853b175192178bb0333d976a3a6f>`_)
 * Fix build with long path names (`#1120 <https://github.com/freifunk-gluon/gluon/issues/1120>`_)
 * Use new staged sysupgrade procedure (`d4a69c0 <https://github.com/freifunk-gluon/gluon/commit/d4a69c00047f72696a2400cd7129be032de458e3>`_)
  The new sysupgrade fixes an issue affecting x86, causing nodes to lose their
  configuration on upgrade when the size of the kernel partition grows. This is
  the case when upgrading from Gluon v2016.2.x to newer (LEDE-based) Gluon
  versions. **This means that a Gluon node running an older version must be
  upgraded to Gluon v2016.2.6 first before switching to a LEDE-based version!**
  One downside of the staged sysupgrade is that all processes, including the SSH
  server, will be terminated at the start of the sysupgrade to allow unmounting
  the root filesystem. This makes it impossible to get any feedback from the
  upgrade process without a serial console.
 Known Issues
 ~~~~~~~~~~~~
 * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
  Reducing the TX power in the Advanced Settings is recommended.
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
--- a/docs/releases/v2016.2.7.rst
+++ b/docs/releases/v2016.2.7.rst
@ -0,0 +1,31 @@
 Gluon 2016.2.7
 ==============
 This release only fixes a single regression introduced in Gluon v2016.2.6, and
 add support for building using Perl 5.26.
 Bugfixes
 ~~~~~~~~
 * Improve sysupgrade error handling (`#1160 <https://github.com/freifunk-gluon/gluon/issues/1160>`_)
  If for some reason processes don't react to SIGKILL (usually because of a kernel bug),
  a node could hang forever in sysupgrade, requiring a power cycle. This has been
  fixed, triggering a reboot instead.
 * Backport fixes to support building with Perl 5.26 or newer (`76753ed <https://github.com/freifunk-gluon/gluon/commit/76753ede0da78e24208f10675fa288247deec961>`_)
 Known Issues
 ~~~~~~~~~~~~
 * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
  Reducing the TX power in the Advanced Settings is recommended.
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
--- a/docs/releases/v2016.2.rst
+++ b/docs/releases/v2016.2.rst
@ -0,0 +1,179 @@
 Gluon 2016.2
 ============
 Added hardware support
 ~~~~~~~~~~~~~~~~~~~~~~
 ar71xx-generic
 ^^^^^^^^^^^^^^
 * ALFA Network
  - Tube2H
  - N2
  - N5
 * Buffalo
  - WZR-HP-G300NH2
 * GL Innovations
  - GL-AR150
 * OpenMesh
  - MR1750 v1, v2 [#ath10k]_
  - OM2P-HS v3
  - OM5P-AC v1, v2 [#ath10k]_
 * TP-Link
  - Archer C5 v1 [#ath10k]_
  - Archer C7 v2 [#ath10k]_
  - TL-WR710N v2.1
  - TL-WR842N/ND v3
 * Ubiquiti
  - UniFi AP AC Lite [#ath10k]_
  - UniFi AP AC Pro [#ath10k]_
 .. [#ath10k]
  Device uses the ath10k WLAN driver; no image is built unless GLUON_ATH10K_MESH
  is set as described in :ref:`getting-started-make-variables`
 brcm2708-bcm2708
 ^^^^^^^^^^^^^^^^
 * RaspberryPi 1
 brcm2708-bcm2709
 ^^^^^^^^^^^^^^^^
 * RaspberryPi 2
 New features
 ~~~~~~~~~~~~
 * Many UBNT Airmax XM model names are detected correctly now (e.g., the Loco
  is no longer displayed as Bullet) (`#632 <https://github.com/freifunk-gluon/gluon/pull/632>`_)
  Also, various new image aliases have been added for these devices.
 * batman-adv: mesh_no_rebroadcast is now enabled for Mesh-on-WAN/LAN (`#652 <https://github.com/freifunk-gluon/gluon/issues/652>`_)
 * The new UCI option ``gluon-core.@wireless[0].preserve_channels`` can be used to
  prevent a changed WLAN channel from being reset on firmware upgrades (`#640 <https://github.com/freifunk-gluon/gluon/issues/640>`_)
 * PoE passthrough can now be configured from site.conf and the Advanced Settings
  on TP-Link CPE 210/510 and Ubiquiti NanoStations (`#328 <https://github.com/freifunk-gluon/gluon/issues/328>`_)
 * The config mode *altitude* field can now be hidden using the ``config_mode.geo_location.show_altitude``
  site.conf setting (`#693 <https://github.com/freifunk-gluon/gluon/issues/693>`_)
 * The contact information field in the config mode can be made obligatory using
  the ``config_mode.owner.obligatory`` site.conf option
 * The *node name* setting in the config mode is no longer restricted to valid DNS
  hostnames, but allows any UTF-8 string (`#414 <https://github.com/freifunk-gluon/gluon/issues/414>`_)
 * Besides the hostname, public key, site config and primary MAC address, the contact
  information can now be accessed from config mode site texts
 * The functions ``escape`` and ``urlescape`` for HTML and URL escaping are now available from config mode
  site texts. They should always be used when including user-provided information like
  hostnames and contact information in HTML code or URLs.
 * Dropbear has been updated to a newer version, enabling new SSH crypto methods and removing
  some old ones like DSA. This reduces the time needed for the first boot and makes
  SSH logins faster (`#223 <https://github.com/freifunk-gluon/gluon/issues/223>`_)
 * WLAN basic and supported rate sets have been made configurable, to allow disabling
  802.11b rates (`#810 <https://github.com/freifunk-gluon/gluon/pull/810>`_)
 * ath10k-based devices are now supported officially; it's possible to choose between
  IBSS- and 11s-capable firmwares in site.mk (`#864 <https://github.com/freifunk-gluon/gluon/pull/864>`_)
 * The ``prefix4`` and ``next_node.ip4`` site.conf options are optional now.
 Bugfixes
 ~~~~~~~~
 * The stability of the ath9k WLAN driver has been improved significantly
  (`#605 <https://github.com/freifunk-gluon/gluon/issues/605>`_)
  mac80211, hostapd and other related drivers and services have been backported from LEDE ``42f559e``.
 * Extremely slow downloads could lead to multiple instances of the autoupdater
  running concurrently (`#582 <https://github.com/freifunk-gluon/gluon/pull/582>`_)
  A lockfile is used to prevent this and timeouts have been added to download processes.
 * Usage of static DNS servers on the WAN port has been fixed
  (`#886 <https://github.com/freifunk-gluon/gluon/issues/886>`_)
  This is a regression introduced in Gluon v2016.1.6.
 Other changes
 ~~~~~~~~~~~~~
 * The "Expert Mode" has been renamed to "Advanced Settings"
 Site changes
 ~~~~~~~~~~~~
 site.mk
 ^^^^^^^
 If you want to support ath10k-based devices, you should set GLUON_ATH10K_MESH
 and GLUON_REGION as described in :ref:`getting-started-make-variables`.
 i18n
 ^^^^
 As the hostname field may now contain an arbitrary UTF-8 string, escaping must
 be added.
 Change
 ::
  <%=hostname%>
 to
 ::
  <%=escape(hostname)%>
 Inside of URLs, ``urlescape`` must be used instead of ``escape``.
 Internals
 ~~~~~~~~~
 * Mesh interfaces are now configured in a protocol-independent way in UCI (`#870 <https://github.com/freifunk-gluon/gluon/pull/870>`_)
  The MAC address assignment of all mesh and WLAN interfaces has been modified to prepare for support of
  Ralink/Mediatek-based WLAN chips.
 * Preparations for supporting the new batman-adv multicast optimizations have been made
  (`#674 <https://github.com/freifunk-gluon/gluon/pull/674>`_, `#675 <https://github.com/freifunk-gluon/gluon/pull/675>`_,
  `#679 <https://github.com/freifunk-gluon/gluon/pull/679>`_)
 * All Lua code is minified now to save some space
 Known Issues
 ~~~~~~~~~~~~
 * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
  Reducing the TX power in the Advanced Settings is recommended.
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
--- a/docs/releases/v2017.1.1.rst
+++ b/docs/releases/v2017.1.1.rst
@ -0,0 +1,41 @@
 Gluon 2017.1.1
 ==============
 Bugfixes
 ~~~~~~~~
 * The autoupdater manifest has been extended to allow automatic upgrades from
  old *x86-kvm* and *x86-xen_domu* systems to the new *x86-generic* image
  (`869ceb4 <https://github.com/freifunk-gluon/gluon/commit/869ceb425cd5f9db3eafddcc52377fd94c6ba0dd>`_)
 * Make flash writable again on Ubiquiti PicoStations with certain bootloader
  versions (and possibly other devices)
  (`9a787c9 <https://github.com/freifunk-gluon/gluon/commit/9a787c9878069158151c843b8fd9aa338815d61e>`_)
  Units affected by this issue running Gluon v2017.1 can't leave config mode and
  no regular sysupgrades are possible. TFTP recovery is necessary to make them
  work again.
 * Add workaround to prevent sporadic segfaults of busybox (ash) when running shell scripts on ar71xx
  (`#1157 <https://github.com/freifunk-gluon/gluon/issues/1157>`_)
 * Disable batman-adv multicast optimizations to work around issue causing large
  amounts of management traffic
  (`819758f <https://github.com/freifunk-gluon/gluon/commit/819758f4250af8820851945ba1a6c17748b0ab4b>`_)
  Multicast optimizations will be enabled again when a proper fix is available.
 Known issues
 ~~~~~~~~~~~~
 * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
  Reducing the TX power in the Advanced Settings is recommended.
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
--- a/docs/releases/v2017.1.2.rst
+++ b/docs/releases/v2017.1.2.rst
@ -0,0 +1,84 @@
 Gluon 2017.1.2
 ==============
 New features
 ~~~~~~~~~~~~
 * Preserve *gw_mode* on sysupgrades (`#1196 <https://github.com/freifunk-gluon/gluon/issues/1196>`_)
  When a Gluon node is used as uplink (for example by connecting it to a router with
  a DHCP server directly, instead of using non-Gluon servers for the internet uplink),
  the *gw_mode* must be set to *server* on that node. The changed *gw_mode* is now
  preserved on upgrades.
 * Allow configuring the batman-adv routing algorithm (*BATMAN IV* or *BATMAN V*)
  in *site.conf* (`#1185 <https://github.com/freifunk-gluon/gluon/issues/1185>`_)
  *BATMAN V* still hasn't received extensive testing (and is incompatible with *BATMAN IV*).
  This new option allows to set up *BATMAN V*-based test meshes. If unset, the routing
  algorithm will default to *BATMAN IV*.
  Configuration:
  .. code-block:: lua
    mesh = {
      batman_adv = {
        routing_algo = 'BATMAN_V'
      }
    }
 * New *show-release* Make target
  The command ``make show-release`` can be used to print the release number
  defined by *GLUON_RELEASE* to the standard output. This can be useful for build scripts
  when a ``$(shell ...)`` expression is used in *site.mk* to generate the release
  number.
 Bugfixes
 ~~~~~~~~
 * The image build code used for some devices has been fixed, solving multiple
  issues (`#1193 <https://github.com/freifunk-gluon/gluon/issues/1193>`_)
  Problems caused by this issue include:
  - sysupgrade rejecting Allnet images
  - OpenMesh devices losing their configuration on upgrades
  This is a regression introduced in Gluon v2017.1.
 * Improve sysupgrade error handling (`#1160 <https://github.com/freifunk-gluon/gluon/issues/1160>`_)
  If for some reason processes don't react to SIGKILL (usually because of a kernel bug),
  a node could hang forever in sysupgrade, requiring a power cycle. This has been
  fixed, triggering a reboot instead.
 * Also display *gluon-config-mode:novpn* message when Tunneldigger is installed, but disabled
  (`#1172 <https://github.com/freifunk-gluon/gluon/issues/1172>`_)
  It was only displayed on nodes with fastd before.
 * Fix migration of enabled/disabled state between fastd and Tunneldigger
  (`#1187 <https://github.com/freifunk-gluon/gluon/issues/1187>`_)
 Known issues
 ~~~~~~~~~~~~
 * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
  Reducing the TX power in the Advanced Settings is recommended.
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
 * Sporadic segfaults of busybox (ash) when running shell scripts on ar71xx
  (`#1157 <https://github.com/freifunk-gluon/gluon/issues/1157>`_)
  The workaround added in Gluon v2017.1.1 has greatly reduced the frequency of
  segfaults, but did not make them disappear completely.
--- a/docs/releases/v2017.1.3.rst
+++ b/docs/releases/v2017.1.3.rst
@ -0,0 +1,65 @@
 Gluon 2017.1.3
 ==============
 The LEDE base of Gluon has been updated to v17.01.3, including various updates,
 stability improvements and security fixes. This includes some critical fixes
 to core packages like dnsmasq (see below for details); upgrading all Gluon
 nodes to v2017.1.3 is highly recommended.
 Bugfixes
 ~~~~~~~~
 * dnsmasq has been upgraded to v2.78, fixing CVE-2017-13704, CVE-2017-14491,
  CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, 2017-CVE-14495 and
  2017-CVE-14496
  While many of the most severe (remote code execution) vulnarabilities are in
  the DHCP component of dnsmasq, which is not active on a Gluon node unless in
  Config Mode, CVE-2017-14491 does affect us. An attacker can cause memory
  corruption and possibly remote code execution by deploying a malicious DNS
  server and tricking a node into querying this server.
 * The Linux kernel has been upgraded to v4.4.89
 * Multiple security issues have been fixed in packages that are not usually part
  of the Gluon build, including tcpdump, curl and mbedtls
  Please refer to the
  `LEDE commit log <https://git.lede-project.org/?p=source.git;a=shortlog;h=refs/heads/lede-17.01>`_
  for details.
 * Filtering of multicast packets between the mesh and the *local-node* interface
  has been fixed (`#1230 <https://github.com/freifunk-gluon/gluon/issues/1230>`_)
  This issue was causing gluon-radvd to send a router advertisement to the local
  clients whenever a router solicitation from the mesh was received. In busy
  meshes, it would continuously send router advertisements every 3 seconds.
 * Reject autoupdater mirror URLs not starting with ``http://`` during build
  (`9ab93992d1fc <https://github.com/freifunk-gluon/gluon/commit/9ab93992d1fca1b9cfa09c54d39cc92d3699055a>`_)
 * Fix MAC addresses on TP-Link TL-WR1043ND v4 when installing Gluon over newer
  stock firmwares (`#1223 <https://github.com/freifunk-gluon/gluon/issues/1223>`_)
 Known issues
 ~~~~~~~~~~~~
 * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
  Reducing the TX power in the Advanced Settings is recommended.
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
 * Sporadic segfaults of busybox (ash) when running shell scripts on ar71xx
  (`#1157 <https://github.com/freifunk-gluon/gluon/issues/1157>`_)
  The workaround added in Gluon v2017.1.1 has greatly reduced the frequency of
  segfaults, but did not make them disappear completely.
--- a/docs/releases/v2017.1.4.rst
+++ b/docs/releases/v2017.1.4.rst
@ -0,0 +1,56 @@
 Gluon 2017.1.4
 ==============
 Added hardware support
 ~~~~~~~~~~~~~~~~~~~~~~
 ar71xx-generic
 ^^^^^^^^^^^^^^
 * GL Innovations GL-AR300M
 Bugfixes
 ~~~~~~~~
 * LEDE has been updated to the latest stable commit, including various fixes for
  the kernel (including security updates), and making opkg work again. This also
  includes fixes for the KRACK issue (which is irrelevant for most Gluon
  deployments, as Gluon nodes are rarely used as WLAN clients)
  (`b62af904bbfd <https://github.com/freifunk-gluon/gluon/commit/b62af904bbfd6360ed728fc9ae69af3d8e8db1d7>`_,
  `ba56b41ddaf6 <https://github.com/freifunk-gluon/gluon/commit/ba56b41ddaf6033e3cdef18d30da6b34cd438e8c>`_,
  `ad0824136e5b <https://github.com/freifunk-gluon/gluon/commit/ad0824136e5b47482e11483c50e7bc88ba2c506e>`_,
  `017fbe88bb8a <https://github.com/freifunk-gluon/gluon/commit/017fbe88bb8a89623464b02e09178696c1d077a6>`_)
 * Fix DNS resolution for mesh VPN (fastd / tunneldigger) on ARM-based targets
  (`#1245 <https://github.com/freifunk-gluon/gluon/issues/1245>`_)
 * Fix a build issue in *kmod-jool*
  (`06842728233a <https://github.com/freifunk-gluon/gluon/commit/06842728233a39784c437767eb9df4167ab07a87>`_)
 * Fix enabling/disabling PoE Passthrough in *site.conf* or in the
  advanced settings
  (`7268e49a301f <https://github.com/freifunk-gluon/gluon/commit/7268e49a301fcd643a49b329bd6097a0f85bdaBb>`_,
  `7c2636d28264 <https://github.com/freifunk-gluon/gluon/commit/7c2636d28264df20b448b0160b69f5059c40b84a>`_)
 Known issues
 ~~~~~~~~~~~~
 * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
  Reducing the TX power in the Advanced Settings is recommended.
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
 * Sporadic segfaults of busybox (ash) when running shell scripts on ar71xx
  (`#1157 <https://github.com/freifunk-gluon/gluon/issues/1157>`_)
  The workaround added in Gluon v2017.1.1 has greatly reduced the frequency of
  segfaults, but it did not make them disappear completely.
--- a/docs/releases/v2017.1.5.rst
+++ b/docs/releases/v2017.1.5.rst
@ -0,0 +1,57 @@
 Gluon 2017.1.5
 ==============
 Added hardware support
 ~~~~~~~~~~~~~~~~~~~~~~
 ar71xx-generic
 ^^^^^^^^^^^^^^
 * TP-Link TL-WR1043N v5
 ramips-mt7621
 ^^^^^^^^^^^^^
 * Ubiquiti EdgeRouter-X
 * Ubiquiti EdgeRouter-X SFP
 Bugfixes
 ~~~~~~~~
 * Fix build with empty ``site/modules``
  (`#1262 <https://github.com/freifunk-gluon/gluon/issues/1262>`_)
 * Fix Ethernet stalls at high throughput on certain devices
  (`#1101 <https://github.com/freifunk-gluon/gluon/issues/1101>`_)
 * Update Tunneldigger to support connections with servers running newer kernel
  versions (`9ed6ff752eb7 <https://github.com/freifunk-gluon/gluon/commit/9ed6ff752eb7972d90b138197641f12eeb4572fb>`_)
 * Fix batman-adv Bridge Loop Avoidance (BLA) with *gluon-ebtables-filter-multicast*
  (`#1198 <https://github.com/freifunk-gluon/gluon/issues/1198>`_)
 Known issues
 ~~~~~~~~~~~~
 * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
  Reducing the TX power in the Advanced Settings is recommended.
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
 * Sporadic segfaults of busybox (ash) when running shell scripts on ar71xx
  (`#1157 <https://github.com/freifunk-gluon/gluon/issues/1157>`_)
  The workaround added in Gluon v2017.1.1 has greatly reduced the frequency of
  segfaults, but it did not make them disappear completely.
 * Frequent reboots due to out-of-memory on weak hardware in larger meshes
  (`#1243 <https://github.com/freifunk-gluon/gluon/issues/1243>`_)
--- a/docs/releases/v2017.1.6.rst
+++ b/docs/releases/v2017.1.6.rst
@ -0,0 +1,91 @@
 Gluon 2017.1.6
 ==============
 Bugfixes
 ~~~~~~~~
 * Remove broken DNS cache feature
  (`#1362 <https://github.com/freifunk-gluon/gluon/issues/1362>`_)
  It was found that dnsmasq does not handle all answer records
  equally. In particular, its cached answers are missing DNSKEY and DS
  records, breaking DNSSEC validation on clients.
  Nodes can still resolve the next-node hostname locally and will continue to
  work as DNS forwarders. The DNS cache feature may return if dnsmasq is fixed
  or if we switch to a different resolver.
 * Ensure that corefiles are stored in /tmp rather than cluttering the root
  filesystem
  (`00df8b76e54c <https://github.com/freifunk-gluon/gluon/commit/00df8b76e54c9bb89299df4b2ec49e972046d6b6>`_)
  Nodes upgrades from Gluon v2016.2.x or earlier did not set kernel.core_pattern
  correctly, leading to corefiles being stored in the current directory (usually
  / for system services) in the case of crashes.
  This is a regression introduced in Gluon v2017.1.
 * Only request a single IPv6 address instead of a prefix on the WAN interface
  (`5db54ba78c3 <https://github.com/freifunk-gluon/gluon/commit/5db54ba78c3e245f06e4a407371608f6cb247b49>`_)
 * Fix signal graph on status page when there are many neighbours
  (packages/`d1e0b6e0bdae <https://github.com/freifunk-gluon/packages/commit/d1e0b6e0bdaea14d8b9425cee6ca83087be1a905>`_)
 * Fix config files managed by opkg not being saved on sysupgrades on ar71xx-tiny
  (LEDE/`17c0362178ca <https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=17c0362178caf837680a4631b8d0de94e5393448>`_,
  LEDE/`75be005e8bdc <https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=75be005e8bdcbf86f9ad167a8737126dda98a444>`_)
 * Fix kernel crash in batman-adv-14
  (`#1358 <https://github.com/freifunk-gluon/gluon/issues/1358>`_)
  Starting with Gluon v2017.1, respondd could trigger a kernel crash caused by
  a use-after-free in batman-adv-14, in particular after a gateway disappeared.
  batman-adv-15 is not affected.
 * Increase bridge multicast querier timeout ("robustness") to avoid
  "querier appeared/disappeared" log spam by batman-adv in the presence of
  an external querier
  (`e305a8c01917 <https://github.com/freifunk-gluon/gluon/commit/e305a8c019179472dbfc6fccea6c87cf40c08a75>`_)
 * Fix "broken pipe" log spam caused by the status page
  (`883c32f2f1dc <https://github.com/freifunk-gluon/gluon/commit/883c32f2f1dc368626069865c07a5701e3e9bcae>`_)
 * Reduce memory limit of WLAN packet queues to 256KB on devices with small RAM
  (`e63c6ca01f50 <https://github.com/freifunk-gluon/gluon/commit/e63c6ca01f50c96d76e5570faa290617a8a312b4>`_)
  Will hopefully make out-of-memory crashes in busy meshes less likely.
 * Improve image validation for TP-Link CPE/WBS 210/510 and make it ready for
  future images
  (LEDE/`6577fe2198f5 <https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=6577fe2198f5c75acb1dba789941d96a036f4dae>`_)
  Future OpenWrt/Gluon images will move the image metadata ("support-list") of
  the CPE/WBS 210/510 images to a different offset. Make sysupgrade ready
  to allow installing such images.
  This change was also backported to Gluon v2016.2.x to allow direct updates
  to future Gluon master versions without installing v2017.1.x first.
 * Sporadic segfaults of busybox (ash) when running shell scripts on ar71xx
  have disappeared with the latest updates
  (`#1157 <https://github.com/freifunk-gluon/gluon/issues/1157>`_)
 Known issues
 ~~~~~~~~~~~~
 * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
  Reducing the TX power in the Advanced Settings is recommended.
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
 * Frequent reboots due to out-of-memory on weak hardware in larger meshes
  (`#1243 <https://github.com/freifunk-gluon/gluon/issues/1243>`_)
--- a/docs/releases/v2017.1.7.rst
+++ b/docs/releases/v2017.1.7.rst
@ -0,0 +1,34 @@
 Gluon 2017.1.7
 ==============
 Bugfixes
 ~~~~~~~~
 * Fix boot failure on many Ubiquiti devices
  (`#1370 <https://github.com/freifunk-gluon/gluon/issues/1370>`_)
  A kernel update in Gluon 2017.1.6 led to boot failures on Ubiquiti Airmax M2/M5
  (NanoStation, Bullet, etc.) if the device had been running AirOS 5.6 before
  installing Gluon/OpenWrt. The XW hardware revision is unaffected.
  While the root cause is a bug in Ubiquiti's bootloader, the issue is mitigated in
  Gluon 2017.1.7.
 Known issues
 ~~~~~~~~~~~~
 * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
  Reducing the TX power in the Advanced Settings is recommended.
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
 * Frequent reboots due to out-of-memory on weak hardware in larger meshes
  (`#1243 <https://github.com/freifunk-gluon/gluon/issues/1243>`_)
--- a/docs/releases/v2017.1.8.rst
+++ b/docs/releases/v2017.1.8.rst
@ -0,0 +1,71 @@
 Gluon 2017.1.8
 ==============
 Added hardware support
 ~~~~~~~~~~~~~~~~~~~~~~
 ar71xx-generic
 ^^^^^^^^^^^^^^
 * GL.iNet GL-AR750
 * TP-Link Archer C7 v4
 * Ubiquiti UniFi AC Mesh
 ar71xx-tiny
 ^^^^^^^^^^^
 * TP-Link TL-WR940N v6
 Bugfixes
 ~~~~~~~~
 * Fix refcounting issue in batman-adv leading to hangs on interface restarts
  (`#1258 <https://github.com/freifunk-gluon/gluon/issues/1258>`_)
  This fix applied to both batman-adv compat 14 (legacy) and 15.
 * Various batman-adv bugfixes have been backported
  (`f5b3c0c3bc7e <https://github.com/freifunk-gluon/gluon/commit/f5b3c0c3bc7e795b4b544cbaa49e9c6ca7581ce9>`_ and
  `5947ba300e50 <https://github.com/freifunk-gluon/gluon/commit/5947ba300e50726a8af38fb115b834172780ab26>`_,
  fixing
  `#1321 <https://github.com/freifunk-gluon/gluon/issues/1321>`_,
  `#1380 <https://github.com/freifunk-gluon/gluon/issues/1380>`_,
  `#1382 <https://github.com/freifunk-gluon/gluon/issues/1382>`_,
  `#1419 <https://github.com/freifunk-gluon/gluon/issues/1419>`_
  and a number of other minor issues)
  The listed bugs could lead to high rates of batman-adv management traffic
  (causing considerable load), trigger warnings about packet checksum failues
  in certain non-standard interface configurations, and possibly other issues.
 Other changes
 ~~~~~~~~~~~~~
 * Linux kernel has been updated to v4.4.129 (LEDE/`81573ea25924 <https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=81573ea259247f1c6c1a7a490de174d0a6c48a64>`_)
 * The description of the "contact information" field in the configuration wizard
  has been extended with regard to the EU General Data Protection Regulation (GDPR)
  (`fd355cf0ef7b <https://github.com/freifunk-gluon/gluon/commit/fd355cf0ef7ba0d1c9137bfb8fd76e87ad5d1aba>`_)
  The *mandatory* site option for the contact information field has been removed.
 Known issues
 ~~~~~~~~~~~~
 * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
  Reducing the TX power in the Advanced Settings is recommended.
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
 * Frequent reboots due to out-of-memory on weak hardware in larger meshes
  (`#1243 <https://github.com/freifunk-gluon/gluon/issues/1243>`_)
--- a/docs/releases/v2017.1.rst
+++ b/docs/releases/v2017.1.rst
@ -0,0 +1,232 @@
 Gluon 2017.1
 ============
 General changes
 ~~~~~~~~~~~~~~~
 Gluon 2017.1 is the first release of Gluon based on the LEDE 17.01 branch. The
 kernel has been updated from 3.18.x to 4.4.x.
 We've used the opportunity to greatly simplify the Gluon build system, removing
 many hacks that were required to make the build work with older OpenWrt releases.
 The *output/modules* directory is now called *output/packages* and provides a
 replacement for the whole repository with target-specific packages of LEDE (in
 contrast to packages that are common for all targets of the same architecture).
 Another change to the build system makes it necessary that the same *GLUON_RELEASE*
 value that is used to build the images is also set for ``make manifest``.
 GCC 4.8 or newer is now required to build Gluon.
 **Note: There is an issue in all Gluon versions before 2016.2.6 that will
 lead to x86 systems losing their configuration when upgrading to Gluon 2017.1!**
 Older Gluon versions should be upgraded to 2016.2.6 first before switching to
 2017.1.
 Another potential issue mostly affects virtual machines: Gluon 2017.1 images are
 bigger than 2016.2.x images on x86. If your virtual harddisk is based on a
 2016.2.x image, it must be resized to 273MB or bigger before upgrading to Gluon
 2017.1. Using qemu, the command
 ::
  qemu-img resize $IMAGE 273MB
 can be used to do this.
 Added hardware support
 ~~~~~~~~~~~~~~~~~~~~~~
 ar71xx-generic
 ^^^^^^^^^^^^^^
 * TP-Link
  - RE450
  - WBS210 v1.20
  - WBS510 v1.20
 * Ubiquiti
  - AirGateway LR
  - AirGateway PRO
  - Rocket M2/M5 Ti
  - UniFi AP LR
 ar71xx-tiny
 ^^^^^^^^^^^
 The new *ar71xx-tiny* target has split out of *ar71xx-generic*; all
 *ar71xx-generic* devices with only 4MB of flash have been moved to this target.
 In contrast to *ar71xx-generic*, *ar71xx-tiny* **does not support opkg anymore**
 to save some space.
 * TP-Link
  - TL-WA730RE v1
  - TL-WA7210N v2
 x86-generic
 ^^^^^^^^^^^
 The *x86-kvm* and *x86-xen_domu* targets have been removed; the *x86-generic*
 images now support these usecases as well, so no separate targets are needed
 anymore.
 x86-geode
 ^^^^^^^^^
 The new *x86-geode* target for hardware based on Geode CPUs has been added.
 New features
 ~~~~~~~~~~~~
 * Localization support has been added to the status page. In addition to German,
  there are English and Russian translations now (`#1044 <https://github.com/freifunk-gluon/gluon/issues/1044>`_)
 * Add support for making nodes a DNS cache for clients
  (`#1000 <https://github.com/freifunk-gluon/gluon/issues/1000>`_)
 * Add L2TP via tunneldigger as an alternative VPN system
  (`#978 <https://github.com/freifunk-gluon/gluon/issues/978>`_)
  L2TP will usually give better performance than fastd as it runs in kernel
  space, but it does not provide encryption. Also, tunneling over IPv6 is
  currently unsupported by tunneldigger.
  It is not possible to include both fastd and tunneldigger in the same
  firmware.
 * Add source filter package (`#1015 <https://github.com/freifunk-gluon/gluon/issues/1015>`_)
  The new package *gluon-ebtables-source-filter* can be used to prevent traffic
  using unexpected IP addresses or packet types from entering the mesh.
  See also: :doc:`../package/gluon-ebtables-source-filter`
 Bugfixes
 ~~~~~~~~
 * Disabling batman-adv on an interface (for example when an Ethernet link is lost
  or before sysupgrades) could lead to a kernel crash in certain configurations
  (`#680 <https://github.com/freifunk-gluon/gluon/issues/680>`_)
 * A race condition in the network setup scripts could lead to incomplete setup
  during boot or when interfaces were added or removed from batman-adv after
  Ethernet link changes (`#905 <https://github.com/freifunk-gluon/gluon/issues/905>`_)
  The fix also solved the long-standing issue of Ethernet-only nodes (i.e. no
  WLAN or VPN mesh) not booting up correctly without an Ethernet mesh link.
 * Some fixes in the WLAN stack of LEDE have improved the stability of the ath9k
  driver (`#605 <https://github.com/freifunk-gluon/gluon/issues/605>`_)
 Site changes
 ~~~~~~~~~~~~
 site.mk
 ^^^^^^^
 * The *gluon-legacy* package does not exist anymore
 * All *gluon-luci-* packages have been renamed to *gluon-web-*;
  *gluon-luci-portconfig* is now called *gluon-web-network*
 * The *gluon-next-node* package has been merged into the Gluon core and must not
  be specified in *site.mk* anymore
 site.conf
 ^^^^^^^^^
 * The *fastd_mesh_vpn* configuration section has been restructured to allow
  sharing more options with tunneldigger. Instead of
  .. code-block:: lua
    fastd_mesh_vpn = {
      mtu = 1280,
      configurable = true,
      methods = {'salsa2012+umac'},
      groups = { ... },
      bandwidth_limit = { ... },
    }
  the configuration must look like this now:
  .. code-block:: lua
    mesh_vpn = {
      mtu = 1280,
      fastd = {
        configurable = true,
        methods = {'salsa2012+umac'},
        groups = { ... },
      }
      bandwidth_limit = { ... },
    }
 * The *opkg.openwrt* option has been renamed to *opkg.lede*
 i18n
 ^^^^
 * The *escape* function has been removed as it was duplicating the existing
  *pcdata* function. All uses of *escape* in i18n templates must be changed to
  use *pcdata* instead.
 * The *gluon-config-mode:altitude-label* and *gluon-config-mode:altitude-help*
  translation IDs have been added to allow adjusting the texts for different
  kinds of altitudes that might be expected.
 * The optional *gluon-config-mode:novpn* label has been added, which will be
  shown in place of *gluon-config-mode:pubkey* when mesh VPN is disabled.
 Internals
 ~~~~~~~~~
 * The LuCI base libraries have been replaced by a stripped-down
  version called "gluon-web" (`#1007 <https://github.com/freifunk-gluon/gluon/issues/1007>`_)
  Custom packages will need to be adjusted; in particular, all uses of *luci.model.uci*
  need to be replaced with *simple-uci*. The Gluon documentation explains the most important
  changes required to migrate from LuCI to gluon-web.
 * respondd now listens on ``ff05::2:1001`` in addition to ``ff02::2:1001`` for mesh-wide
  operation (`#984 <https://github.com/freifunk-gluon/gluon/issues/984>`_)
  Eventually, ``ff02::2:1001`` will be available for exchanging information
  between neighbouring nodes only; map servers should be moved to ``ff05::2:1001``.
 * batman-adv has been updated to version 2017.1
 * Directly running make commands in the *lede* directory is supported now. Consequently,
  build targets like ``target/linux/clean`` and ``package/NAME/compile`` can't be used
  in the Gluon repository root anymore.
  The command ``make config`` will set up the LEDE *.config* in the way a normal
  Gluon build would, so it's possible to build individual packages for testing
  and development afterwards.
 * Target definitions have been migrated from a Make-based format to a simpler
  shell-based DSL
 * Gluon does not pass any custom variables into the LEDE build anymore, so things
  like *GLUONDIR*, *GLUON_VERSION*, or *GLUON_SITEDIR* aren't available
  to package Makefiles in Gluon 2017.1.
  Instead of ``$(GLUONDIR)/package.mk``, ``$(TOPDIR)/../package/gluon.mk`` must
  be included in custom packages now.
 Known issues
 ~~~~~~~~~~~~
 * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
  Reducing the TX power in the Advanced Settings is recommended.
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
--- a/docs/releases/v2018.1.rst
+++ b/docs/releases/v2018.1.rst
@ -0,0 +1,402 @@
 Gluon 2018.1
 ############
 Important notes
 ***************
 This version changes the flash partition layout on some devices (TP-Link CPE/WBS 210/510). To avoid
 upgrade failures, make sure to upgrade to Gluon 2017.1.8 or the latest Gluon 2016.2.x (unreleased)
 before installing Gluon 2018.1.
 Some of the following paragraphs describe so-called "feature flags". This new concept is
 explained in :ref:`user-site-feature-flags`.
 Added hardware support
 **********************
 ar71xx-generic
 ==============
 * ALFA NETWORK
  - AP121F
 * AVM
  - FRITZ!Box 4020
 * OpenMesh
  - A40
  - A60
  - OM2P v4
  - OM2P-HS v4
 * TP-Link
  - Archer C59 v1 [#noibss]_
  - CPE210 v2
 ar71xx-nand
 ===========
 * ZyXEL
  - NBG6716
 ar71xx-tiny
 ===========
 * TP-Link
  - TL-WA901ND v5
 ipq806x [#newtarget]_ [#noibss]_
 ================================
 * TP-Link
  - Archer C2600
 ramips-mt7620 [#newtarget]_ [#noibss]_
 ======================================
 * GL Innovations
  - GL-MT300A
  - GL-MT300N
  - GL-MT750
 ramips-mt7628 [#newtarget]_ [#noibss]_
 ======================================
 * VoCore
  - VoCore 2
 ramips-rt305x [#newtarget]_ [#noibss]_
 ======================================
 * A5
  - V11
 * D-Link
  - DIR615 (D1, D2, D3, D4, H1)
 * VoCore
  - VoCore (8MB, 16MB)
 sunxi [#newtarget]_
 ===================
 * LeMaker/SinoVoip
  - Banana Pi (M1)
 .. [#newtarget]
  New target
 .. [#noibss]
  Device or target does not support AP+IBSS mode: This device or target will not be built
  when *GLUON_WLAN_MESH* is set to ``ibss``.
 New features
 ************
 Multidomain support
 ===================
 When mesh networks grow too large, it becomes necessary to split them into
 multiple independent mesh domains to allow the meshes to work with reasonable
 performance. Formerly, the only way to achieve this with Gluon was to build
 a separate set of firmware images for each domain.
 With Gluon 2018.1, multidomain firmwares can be used to achieve the same,
 using only a single site configuration that is basis for several different
 domain-specific configurations. The feature is explained in detail in
 :doc:`../features/multidomain`.
 Wired mesh encapsulation
 ========================
 Gluon now supports encapsulating wired mesh traffic (Mesh on LAN/WAN) in
 `VXLAN <https://en.wikipedia.org/wiki/Virtual_Extensible_LAN>`_.
 See :doc:`../features/wired-mesh` for details on this feature.
 Router advertisement filtering
 ==============================
 Similar to the builtin batman-adv gateway feature for IPv4, the *gluon-radv-filterd* package
 (*radv-filterd* feature flag) allows to filter IPv6 router advertisements received from the mesh
 so that only the RAs with the best routing metric (TQ) reach the clients, ensuring that
 the "best" (topologically closest) gateway is chosen as the IPv6 default route, thereby
 reducing gateway crosstalk.
 At the moment, this feature only filters RAs forwarded to clients; the RAs handled on
 the nodes themselves will be unfiltered, so the nodes will still use arbitrary default
 gateways.
 IGMP/MLD segmentation
 =====================
 The IGMP/MLD segmentation feature previously provided by the *gluon-ebtables-segment-mld*
 package has been extended and moved into the Gluon core; it does not exist as a separate package
 anymore.
 Filtering IGMP/MLD queries directed towards the mesh ensures that each node becomes the multicast querier
 for its own clients (unless there are other multicast-aware switches connected to the node), rather
 than electing a single, basically arbitrary node in the mesh to become the querier. Overall,
 this should significantly improve the reliablity of multicast in the mesh. This is especially
 important for IPv6, as the IPv6 Neighbour Discovery Protocol (NDP) is based on local multicast.
 See also the documentation of the :ref:`site.conf mesh section <user-site-mesh>`.
 gluon-ebtables-limit-arp
 ========================
 The *gluon-ebtables-limit-arp* (*ebtables-limit-arp* feature flag) package adds filters to limit the
 rate of ARP requests client devices are allowed to send into the mesh.
 Certain client applications are known to generate a significant amount of such ARP requests and
 are reportedly becoming more and more common. Without this package, such clients are one
 known cause for mesh wide load and congestion problems (see also the :ref:`releases-v2018.1-known-issues`
 section below).
 Because of this package's implementation, which relies on frequent dynamic updates
 - something ebtables does not perform well at - it is not included by default, as it can
 cause unnecessary load. Feedback, especially with a close look on load and congestion on
 nodes with a large number of changing client devices, is very much welcome. Depending on the
 feedback, we might enable this feature by default in a future release.
 Public key in respondd data (optional)
 ======================================
 If desired, the fastd public key of a node can be included in the respondd nodeinfo data,
 faciliating the correlations of VPN peers and nodes. As the VPN key is transmitted unencrypted
 in the fastd handshake, this would theoretically allow an ISP to determine which nodes
 are operated behind which internet line. Therefore, this feature must be enabled explicitly
 by setting *mesh_vpn.pubkey_privacy* to ``false`` in *site.conf*.
 B.A.T.M.A.N. V (experimental)
 =============================
 When using batman-adv compat 15, it is now possible to switch to the new routing
 algorithm B.A.T.M.A.N. V (while the old algorithm is called B.A.T.M.A.N. IV) by
 setting *mesh.batman_adv.routing_algo* to ``"BATMAN_V"``. Note that the new routing
 algorithm is not backwards-compatible, so nodes using different algorithms can
 not interoperate.
 .. _releases-v2018.1-site-changes:
 Site changes
 ************
 site.mk
 =======
 * Due to improved package dependency handling, the packages
  *gluon-config-mode-core* and *gluon-setup-mode* do not need
  to be listed explicitly in *site.mk* anymore; they will be
  pulled in implicitly.
 * Including the *ebtables-limit-arp* feature flag is recommended. Please note
  the abovementioned caveats on this feature.
 * We recommend to use *GLUON_FEATURES* for all Gluon packages, and rely on
  *GLUON_SITE_PACKAGES* for non-Gluon (OpenWrt) packages only, as explained
  in :ref:`user-site-feature-flags`.
 site.conf
 =========
 When updating a site configuration from Gluon 2017.1.x, the following changes
 must be made:
 * .. code-block:: lua
    domain_seed = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
  These 32 bytes of random data (encoded in hexadecimal) are used to seed a number
  of site/domain specific random values that must be the same on all nodes of the
  same mesh, but different for different meshes. The following command
  can be used to generate such a random value:
  .. code-block:: shell
    echo $(hexdump -v -n 32 -e '1/1 "%02x"' </dev/urandom)
  In multidomain setups, repeat this command for each domain.
  At this time, only the VXLAN ID for wired meshing is derived from the domain seed.
 * .. code-block:: lua
    mesh = {
      vxlan = true, -- or false
      -- ...
    },
  In single domain setups, the new *mesh.vxlan* option is mandatory. It should be set to *true* in new
  meshes; existing setups should set it to *false* to retain compatibility with older versions of Gluon.
  In multidomain setups, *mesh.vxlan* defaults to *true* and does not need to be set explicitly.
  It can still be set to *false* for individual domains that should allow wired meshing with existing
  setups, which is also useful for migrating an existing mesh to a multidomain-capable firmware.
 * Password change form
  The password change form in the "Advanced settings" is not shown by default anymore, as SSH keys are
  the recommended means of authentication. It is still possible to set a password via SSH while in
  config mode.
  Set
  .. code-block:: lua
    config_mode = {
      remote_login = {
        show_password_form = true,
        -- ...
      },
      -- ...
    },
  to restore the old behaviour.
  When shown, the password form requires a minimum password length of 12 characters now. This requirement
  can be modified using the *config_mode.remote_login.min_password_length* setting.
 * Next-node hostnames
  The builtin DNS resolver of Gluon can be configured to resolve a next-node hostname to the
  next-node IP address without querying an upstream DNS server. Since Gluon v2018.1, multiple
  names can be specified. Old configurations setting *next_node.name* to a string must be
  updated to provide an array of strings instead:
  .. code-block:: lua
    next_node = {
      name = { 'nextnode.location.community.example.org' },
      -- ...
    },
 i18n
 ====
 It is now possible to override a few labels and descriptions in the configuration
 wizard. The available message IDs are listed in :ref:`site-config-mode-texts`.
 These new i18n strings are optional; leaving them empty or unset will retain the
 default texts.
 Internals
 *********
 Status page rewrite
 ===================
 The status page has been rewritten to simplify the code and reduce its size. Rather than
 having a static frontend and retrieving all information via JavaScript, all static information
 in the status page is now generated on the node, and JavaScript is only used for dynamic data.
 Many status page API endpoints have been removed; for all remaining endpoints, CORS
 (Cross-Origin Resource Sharing) has been disabled, as it led to a privacy issues:
 malicious websites could access the API via cross-site scripting, determining which
 node a user was connected to.
 The removal of CORS breaks compatibility with the node switching feature of the
 old status page implementation: In the new status page, switching to another node will
 reload the whole status page from the target node, while the old implementation would
 only switch to another backend host. While this will facilitate future updates, as
 frontend and backend always come from the same node and no stable API needs to be maintained,
 it prevents switching from the old status page to nodes running the new version.
 To achieve all this, the status page was ported to the gluon-web framework. The new status page
 also makes use of Gluon's usual i18n facilities now. In addition, the gluon-web-model
 package was split out of the gluon-web core package, as model support is only required
 for config mode packages, but not for the new status page.
 i18n namespaces
 ===============
 In earlier version of Gluon, all gluon-web (formerly LuCI) packages shared the same i18n namespace,
 so independent packages could override each others translations (with an arbitrary translation of
 the same string "winning"). This issue has been solved by giving each package its own translation
 namespace, which is defined by the *package* directive in a package's controller. It is still
 possible to access a different i18n namespace (e.g. gluon-web base or site translations), which is
 described in :doc:`../dev/web/i18n`.
 Package Makefile cleanup
 ========================
 The Makefiles of the individual Gluon packages have been cleaned up significantly by moving a
 lot of boilerplate code to *package/gluon.mk*. The new features of *package/gluon.mk* are
 explained in detail in :doc:`../dev/packages`.
 Site checker
 ============
 * New JSON/Lua path specification
  The old string-based path specifications in site check scripts (e.g. ``'autoupdater.branch'``)
  have been replaced with arrays (``{'autoupdater', 'branch'}``). This will implicitly ensure that
  *autoupdater* is a table when it exists (simplifying checks for deep structures), and it makes it easier
  to specify paths with variable components (by referencing a variable as an array element).
 * Alternatives
  The site check library has gained support for *alternatives*. It is now possible to check
  if a configuration satisfies one of multiple checks:
  .. code-block:: lua
    -- foo can be a boolean or a string!
    alternatives(function()
      need_boolean({'foo'})
    end, function()
      need_string({'foo'})
    end)
  As many branches (functions) as necessary can be passed to a single *alternatives* call, which will succeed when
  at least one of the branches succeeds.
 batman-adv multicast optimizations
 ==================================
 After various extra rounds of testing and fixes, the batman-adv (compat 15) multicast optimizations were
 reenabled: knowledge about potential multicast listeners is gathered and distributed through the mesh again.
 This is the next step towards the addition of the actual multicast distribution optimizations, which are
 being prepared in `#1357 <https://github.com/freifunk-gluon/gluon/pull/1357>`_. When finished, the optimizations
 will help reduce the remaining Layer-2-specific network overhead, e.g. multicasted ICMPv6 messages.
 No behaviour changes are expected yet, as the multicast sender side is still disabled.
 Once the majority of the mesh network has been updated to Gluon 2018.1, it can be activated on
 dedicated nodes by including `#1357 <https://github.com/freifunk-gluon/gluon/pull/1357>`_ in the firmware
 build. Test feedback is very welcome.
 .. _releases-v2018.1-known-issues:
 Known issues
 ************
 * Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
  Reducing the TX power in the Advanced Settings is recommended.
 * The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
 * Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
 * Frequent reboots due to out-of-memory or high load due to memory pressure on weak hardware specially in larger meshes
  (`#1243 <https://github.com/freifunk-gluon/gluon/issues/1243>`_)
  Optimizations in Gluon 2018.1 have significantly improved memory usage.
  There are still known bugs leading to unreasonably high load that we hope to
  solve in future releases.
--- a/docs/site-example/i18n/de.po
+++ b/docs/site-example/i18n/de.po
@ -12,33 +12,76 @@ msgstr ""
 msgid "gluon-config-mode:welcome"
 msgstr ""
-"Willkommen zum Einrichtungsassistenten für deinen neuen Entenhausener "
+"Willkommen zum Einrichtungsassistenten für deinen neuen Alpha Centauri "
 "Freifunk-Knoten. Fülle das folgende Formular deinen Vorstellungen "
 "entsprechend aus und sende es ab."
 msgid "gluon-config-mode:domain"
 msgstr "Domäne"
 msgid "gluon-config-mode:domain-select"
 msgstr ""
 "Hier hast du die Möglichkeit, die Mesh-Domäne, in der sich dein Knoten "
 "befindet, auszuwählen. Bitte denke daran, dass sich dein Knoten nur mit den "
 "Knoten der ausgewählten Domäne verbinden kann."
 msgid "gluon-config-mode:pubkey"
 msgstr ""
 "<p>Dies ist der öffentliche Schlüssel deines Freifunk-Knotens. Erst nachdem "
-"er auf den Servern des Entenhausener Freifunk-Projektes eingetragen wurde, "
+"er auf den Servern des Freifunk-Projektes auf Alpha Centauri eingetragen wurde, "
-"kann sich dein Knoten mit dem Entenhausener Mesh-VPN verbinden. Bitte "
+"kann sich dein Knoten mit dem Mesh-VPN dort verbinden. Bitte "
 "schicke dazu diesen Schlüssel und den Namen deines Knotens "
-"(<em><%=hostname%></em>) an "
+"(<em><%=pcdata(hostname)%></em>) an "
-"<a href=\"mailto:keys@entenhausen.freifunk.net\">keys@entenhausen.freifunk.net</a>."
+"<a href=\"mailto:keys@alpha-centauri.freifunk.net?subject=<%= urlencode('Anmeldung: ' .. hostname) %>&amp;"
 "body=<%= urlencode('# ' .. hostname .. '\n' .. pubkey) %>\">keys@alpha-centauri.freifunk.net</a>."
 "</p>"
 "<div class=\"the-key\">"
-" # <%= hostname %>"
+" # <%= pcdata(hostname) %>"
 " <br />"
 "<%= pubkey %>"
 "</div>"
 msgid "gluon-config-mode:novpn"
 msgstr ""
 "<p>Du hast ausgewählt, <strong>kein Mesh-VPN</strong> "
 "zu nutzen. Dein Knoten kann also nur dann eine Verbindung zum Freifunk-Netz "
 "aufbauen, wenn andere Freifunk-Router in WLAN-Reichweite sind."
 "</p>"
 msgid "gluon-config-mode:reboot"
 msgstr ""
-"<p>Dein Knoten startet gerade neu und wird anschließend versuchen, "
+"<p>Dein Knoten <em><%= pcdata(hostname) %></em> startet gerade neu und wird "
-"sich mit anderen Freifunkknoten in seiner Nähe zu "
+"anschließend versuchen, sich mit anderen Freifunkknoten in seiner Nähe zu "
 "verbinden. Weitere Informationen zur "
-"Entenhausener Freifunk-Community findest du auf "
+"Alpha Centauri Freifunk-Community findest du auf "
-"<a href=\"https://entenhausen.freifunk.net/\">unserer Webseite</a>.</p>"
+"<a href=\"https://alpha-centauri.freifunk.net/\">unserer Webseite</a>.</p>"
 "<p>Um zu dieser Konfigurationsseite zurückzugelangen, drücke im normalen "
 "Betrieb für drei Sekunden den Reset-Button. Das Gerät wird dann im Config "
 "Mode neustarten.</p>"
 "<p>Viel Spaß mit deinem Knoten und der Erkundung von Freifunk!</p>"
 msgid "gluon-config-mode:altitude-label"
 msgstr "Höhe"
 msgid "gluon-config-mode:altitude-help"
 msgstr ""
 "Die Höhenangabe ist optional und sollte nur gesetzt werden, wenn ein "
 "exakter Wert bekannt ist."
 # Leave empty to use the default text, which can be found in:
 # package/gluon-config-mode-hostname/i18n/
 msgid "gluon-config-mode:hostname-help"
 msgstr ""
 # Leave empty to use the default text, which can be found in:
 # package/gluon-config-mode-geo-location/i18n/
 msgid "gluon-config-mode:geo-location-help"
 msgstr ""
 # Leave empty to use the default text, which can be found in:
 # package/gluon-config-mode-contact-info/i18n/
 msgid "gluon-config-mode:contact-help"
 msgstr ""
 msgid "gluon-config-mode:contact-note"
 msgstr ""
--- a/docs/site-example/i18n/en.po
+++ b/docs/site-example/i18n/en.po
@ -12,31 +12,71 @@ msgstr ""
 msgid "gluon-config-mode:welcome"
 msgstr ""
-"Welcome to the setup wizard of your new Freifunk Duckburg node. "
+"Welcome to the setup wizard of your new Freifunk Alpha Centauri node. "
 "Please fill out the following form and submit it."
 msgid "gluon-config-mode:domain"
 msgstr "Domain"
 msgid "gluon-config-mode:domain-select"
 msgstr ""
 "Here you have the possibility of selecting the mesh domain in which your node "
 "is placed. Please keep in mind that your router only connects with the nodes "
 "of the selected domain"
 msgid "gluon-config-mode:pubkey"
 msgstr ""
 "<p>This is your Freifunk node's public key. The node won't be able to "
-"connect to the mesh VPN until the key has been registered on the Freifunk "
+"connect to the mesh VPN until the key has been registered on the Freifunk servers. "
-"Duckburg servers. "
+"To register, send the key together with your node's name (<em><%=pcdata(hostname)%></em>) to "
-"To register, send the key together with your node's name (<em><%=hostname%></em>) to "
+"<a href=\"mailto:keys@alpha-centauri.freifunk.net?subject=<%= urlencode('Registration: ' .. hostname) %>&amp;"
-"<a href=\"mailto:keys@entenhausen.freifunk.net\">keys@entenhausen.freifunk.net</a>."
+"body=<%= urlencode('# ' .. hostname .. '\n' .. pubkey) %>\">keys@alpha-centauri.freifunk.net</a>."
 "</p>"
 "<div class=\"the-key\">"
-" # <%= hostname %>"
+" # <%= pcdata(hostname) %>"
 " <br />"
 "<%= pubkey %>"
 "</div>"
 msgid "gluon-config-mode:novpn"
 msgstr ""
 "<p>You have selected <strong>not</strong> to use the mesh VPN. "
 "Your node will only be able to connect to the Freifunk network if other nodes in reach "
 "already have a connection.</p>"
 msgid "gluon-config-mode:reboot"
 msgstr ""
-"<p>The node is currently rebooting and will try to connect to other "
+"<p>Your node <em><%= pcdata(hostname) %></em> is currently rebooting and will "
-"nearby Freifunk nodes after that. "
+"try to connect to other nearby Freifunk nodes after that. For more "
-"For more information on the Freifunk Duckburg community, have a look at "
+"information about the Freifunk community on Alpha Centauri, have a look at "
-"<a href=\"https://entenhausen.freifunk.net/\">our homepage</a>.</p>"
+"<a href=\"https://alpha-centauri.freifunk.net/\">our homepage</a>.</p>"
 "<p>To get back to this configuration interface, press the reset button for "
 "3 seconds during normal operation. The device will then reboot into config "
 "mode.</p>"
 "<p>Have fun with your node and exploring of the Freifunk network!</p>"
 msgid "gluon-config-mode:altitude-label"
 msgstr "Altitude"
 msgid "gluon-config-mode:altitude-help"
 msgstr ""
 "Specifying the altitude is optional and should only be done if a proper "
 "value is known."
 # Leave empty to use the default text, which can be found in:
 # package/gluon-config-mode-hostname/i18n/
 msgid "gluon-config-mode:hostname-help"
 msgstr ""
 # Leave empty to use the default text, which can be found in:
 # package/gluon-config-mode-geo-location/i18n/
 msgid "gluon-config-mode:geo-location-help"
 msgstr ""
 # Leave empty to use the default text, which can be found in:
 # package/gluon-config-mode-contact-info/i18n/
 msgid "gluon-config-mode:contact-help"
 msgstr ""
 msgid "gluon-config-mode:contact-note"
 msgstr ""
--- a/docs/site-example/i18n/fr.po
+++ b/docs/site-example/i18n/fr.po
@ -16,28 +16,67 @@ msgstr ""
 "Freifunk. Remplissez le formulaire suivant en fonction de vos besoins "
 "et enregistrez le"
 msgid "gluon-config-mode:domain"
 msgstr "Domaine"
 msgid "gluon-config-mode:domain-select"
 msgstr ""
 msgid "gluon-config-mode:pubkey"
 msgstr ""
 "<p>Ceci est la clé publique de votre nœud Freifunk. Seulment après que la clé soit "
 "entrée sur les serveurs de votre groupe de Freifunk votre nœud pourra se connecter "
 "sur les serveur Mesh-VPN de votre groupe Freifunk. Veuillez envoyer la clé avec le "
 "nom de votre nœud "
-"(<em><%=hostname%></em>) à "
+"(<em><%=pcdata(hostname)%></em>) à "
-"<a href=\"mailto:keys@entenhausen.freifunk.net\">keys@entenhausen.freifunk.net</a>."
+"<a href=\"mailto:keys@alpha-centauri.freifunk.net?subject=<%= urlencode('Enregistrement: ' .. hostname) %>&amp;"
 "body=<%= urlencode('# ' .. hostname .. '\n' .. pubkey) %>\">keys@alpha-centauri.freifunk.net</a>."
 "</p>"
 "<div class=\"the-key\">"
-" # <%= hostname %>"
+" # <%= pcdata(hostname) %>"
 " <br />"
 "<%= pubkey %>"
 "</div>"
 msgid "gluon-config-mode:novpn"
 msgstr ""
 "<p>Vous avez choisi de <strong>ne pas utiliser</strong> "
 "le réseau VPN. Votre nœud ne pourra se connecter au réseau Freifunk que si "
 "d'autres nœuds à portée ont déjà une connexion.</p>"
 msgid "gluon-config-mode:reboot"
 msgstr ""
-"<p>Votre nœud es en train de redémarrer et va ensuite éssayer de se connecter "
+"<p>Votre nœud <em><%= pcdata(hostname) %></em> es en train de redémarrer et "
-"avec les autres nœuds du réseau Freifunk "
+"va ensuite éssayer de se connecter avec les autres nœuds du réseau Freifunk "
 "Vous pourrez trouver plus d'informations sur votre groupe Freifunk sur la page "
-"<a href=\"https://entenhausen.freifunk.net/\"> de ton groupe </a>.</p> "
+"<a href=\"https://alpha-centauri.freifunk.net/\"> de ton groupe </a>.</p> "
 "<p> Pour retrouver cette page de configuration veuillier appuyez pendant le "
 "fonctionement normal pendant 3 Secondes sur le bouton reset. L'appareil va ensuite "
 "redémarer en mode configuration.</p> "
 "<p>Profitez votre de nœud et amusez vous à découvrir le réseau Freifunk!</p>"
 msgid "gluon-config-mode:altitude-label"
 msgstr "Hauteur"
 msgid "gluon-config-mode:altitude-help"
 msgstr ""
 "La altitude est optionelle et ne devrait que être ajoutée si la valeur "
 "exacte est connue."
 # Leave empty to use the default text, which can be found in:
 # package/gluon-config-mode-hostname/i18n/
 msgid "gluon-config-mode:hostname-help"
 msgstr ""
 # Leave empty to use the default text, which can be found in:
 # package/gluon-config-mode-geo-location/i18n/
 msgid "gluon-config-mode:geo-location-help"
 msgstr ""
 # Leave empty to use the default text, which can be found in:
 # package/gluon-config-mode-contact-info/i18n/
 msgid "gluon-config-mode:contact-help"
 msgstr ""
 msgid "gluon-config-mode:contact-note"
 msgstr ""
--- a/docs/site-example/i18n/gluon-site.pot
+++ b/docs/site-example/i18n/gluon-site.pot
@ -4,8 +4,35 @@ msgstr "Content-Type: text/plain; charset=UTF-8"
 msgid "gluon-config-mode:welcome"
 msgstr ""
 msgid "gluon-config-mode:domain"
 msgstr ""
 msgid "gluon-config-mode:domain-select"
 msgstr ""
 msgid "gluon-config-mode:pubkey"
 msgstr ""
 msgid "gluon-config-mode:novpn"
 msgstr ""
 msgid "gluon-config-mode:reboot"
 msgstr ""
 msgid "gluon-config-mode:altitude-label"
 msgstr ""
 msgid "gluon-config-mode:altitude-help"
 msgstr ""
 msgid "gluon-config-mode:contact-help"
 msgstr ""
 msgid "gluon-config-mode:contact-note"
 msgstr ""
 msgid "gluon-config-mode:hostname-help"
 msgstr ""
 msgid "gluon-config-mode:geo-location-help"
 msgstr ""
--- a/docs/site-example/site.conf
+++ b/docs/site-example/site.conf
@ -1,21 +1,28 @@
-- This is an example site configuration for Gluon v2016.1+
+-- This is an example site configuration for Gluon v2018.1
 --
 -- Take a look at the documentation located at
 -- http://gluon.readthedocs.org/ for details.
 --
-- This configuration will not work as it. You're required to make
+-- This configuration will not work as is. You're required to make
 -- community specific changes to it!
 {
  -- Used for generated hostnames, e.g. freifunk-abcdef123456. (optional)
  -- hostname_prefix = 'freifunk-',
  -- Name of the community.
-  site_name = 'Freifunk Entenhausen',
+  site_name = 'Freifunk Alpha Centauri',
  -- Shorthand of the community.
  site_code = 'ffxx',
-  -- Prefixes used within the mesh. Both are required.
+  -- 32 bytes of random data, encoded in hexadecimal
  -- This data must be unique among all sites and domains!
  -- Can be generated using: echo $(hexdump -v -n 32 -e '1/1 "%02x"' </dev/urandom)
  domain_seed = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
  -- Prefixes used within the mesh.
  -- prefix6 is required, prefix4 can be omitted if next_node.ip4
  -- is not set.
  prefix4 = '10.xxx.0.0/20',
  prefix6 = 'fdxx:xxxx:xxxx::/64',
@ -35,17 +42,25 @@
    -- Wireless channel.
    channel = 1,
    -- List of supported wifi rates (optional)
    -- Example removes 802.11b compatibility for better performance
    supported_rates = {6000, 9000, 12000, 18000, 24000, 36000, 48000, 54000},
    -- List of basic wifi rates (optional, required if supported_rates is set)
    -- Example removes 802.11b compatibility for better performance
    basic_rate = {6000, 9000, 18000, 36000, 54000},
    -- ESSID used for client network.
    ap = {
-      ssid = 'entenhausen.freifunk.net',
+      ssid = 'alpha-centauri.freifunk.net',
-      -- disabled = true, (optional)
+      -- disabled = true, -- (optional)
    },
    mesh = {
      -- Adjust these values!
-      id = 'ffxx-mesh',
+      id = 'ueH3uXjdp', -- usually you don't want users to connect to this mesh-SSID, so use a cryptic id that no one will accidentally mistake for the client WiFi
      mcast_rate = 12000,
-      -- disabled = true, (optional)
+      -- disabled = true, -- (optional)
    },
  },
@ -55,23 +70,26 @@
  wifi5 = {
    channel = 44,
    ap = {
-      ssid = 'entenhausen.freifunk.net',
+      ssid = 'alpha-centauri.freifunk.net',
    },
    mesh = {
-      id = 'ffxx-mesh',
+      -- Adjust these values!
      id = 'ueH3uXjdp',
      mcast_rate = 12000,
    },
  },
  mesh = {
    vxlan = true,
  },
  -- The next node feature allows clients to always reach the node it is
  -- connected to using a known IP address.
  next_node = {
    -- anycast IPs of all nodes
    -- name = { 'nextnode.location.community.example.org', 'nextnode', 'nn' },
    ip4 = '10.xxx.0.xxx',
    ip6 = 'fdxx:xxxx:xxxx::xxxx',
    -- anycast MAC of all nodes
    mac = 'xe:xx:xx:xx:xx:xx',
  },
  -- Options specific to routing protocols (optional)
@ -85,15 +103,19 @@
    -- },
  -- },
  mesh_vpn = {
    -- enabled = true,
    mtu = 1312,
    fastd = {
      -- Refer to http://fastd.readthedocs.org/en/latest/ to better understand
      -- what these options do.
-  fastd_mesh_vpn = {
+
      -- List of crypto-methods to use.
      methods = {'salsa2012+umac'},
    -- enabled = true,
      -- configurable = true,
      -- syslog_level = 'warn',
    mtu = 1280,
      groups = {
        backbone = {
          -- Limit number of connected peers to reduce bandwidth.
@ -127,6 +149,7 @@
          -- ...
        -- },
      },
    },
    bandwidth_limit = {
      -- The bandwidth limit can be enabled by default here.
@ -167,27 +190,4 @@
      },
    },
  },
  -- Node roles
  -- roles = {
  --   default = 'node',
  --   list = {
  --     'node',
  --     'test',
  --     'backbone',
  --     'service',
  --   },
  -- },
  -- Skip setup mode (config mode) on first boot
  -- setup_mode = {
  --  skip = true,
  -- },
  -- Show/hide the altitude field
  -- config_mode = {
  --   geo_location = {
  --     show_altitude = false,
  --   },
  -- },
 }
--- a/docs/site-example/site.mk
+++ b/docs/site-example/site.mk
@ -1,34 +1,30 @@
 ##	gluon site.mk makefile example
-##	GLUON_SITE_PACKAGES
+##	GLUON_FEATURES
-#		specify gluon/openwrt packages to include here
+#		Specify Gluon features/packages to enable;
-#		The gluon-mesh-batman-adv-* package must come first because of the dependency resolution
+#		Gluon will automatically enable a set of packages
 #		depending on the combination of features listed
-GLUON_SITE_PACKAGES := \
+GLUON_FEATURES := \
-	gluon-mesh-batman-adv-15 \
+	autoupdater \
-	gluon-alfred \
+	ebtables-filter-multicast \
-	gluon-respondd \
+	ebtables-filter-ra-dhcp \
-	gluon-autoupdater \
+	ebtables-limit-arp \
-	gluon-config-mode-autoupdater \
+	mesh-batman-adv-15 \
-	gluon-config-mode-contact-info \
+	mesh-vpn-fastd \
-	gluon-config-mode-core \
+	radvd \
-	gluon-config-mode-geo-location \
+	respondd \
-	gluon-config-mode-hostname \
+	status-page \
-	gluon-config-mode-mesh-vpn \
+	web-advanced \
-	gluon-ebtables-filter-multicast \
+	web-wizard
-	gluon-ebtables-filter-ra-dhcp \
+
-	gluon-luci-admin \
+##	GLUON_SITE_PACKAGES
-	gluon-luci-autoupdater \
+#		Specify additional Gluon/LEDE packages to include here;
-	gluon-luci-portconfig \
+#		A minus sign may be prepended to remove a packages from the
-	gluon-luci-wifi-config \
+#		selection that would be enabled by default or due to the
-	gluon-next-node \
+#		chosen feature flags
-	gluon-mesh-vpn-fastd \
+
-	gluon-radvd \
+GLUON_SITE_PACKAGES := haveged iwinfo
 	gluon-setup-mode \
 	gluon-status-page \
 	haveged \
 	iptables \
 	iwinfo
 ##	DEFAULT_GLUON_RELEASE
 #		version string to use for images
@ -38,6 +34,7 @@ GLUON_SITE_PACKAGES := \
 DEFAULT_GLUON_RELEASE := 0.6+exp$(shell date '+%Y%m%d')
 # Variables set with ?= can be overwritten from the command line
 ##	GLUON_RELEASE
 #		call make with custom GLUON_RELEASE flag, to use your own release version scheme.
@ -46,11 +43,13 @@ DEFAULT_GLUON_RELEASE := 0.6+exp$(shell date '+%Y%m%d')
 #		would generate images named like this:
 #			gluon-ff%site_code%-23.42+5-%router_model%.bin
 # Allow overriding the release number from the command line
 GLUON_RELEASE ?= $(DEFAULT_GLUON_RELEASE)
 # Default priority for updates.
 GLUON_PRIORITY ?= 0
 # Region code required for some images; supported values: us eu
 GLUON_REGION ?= eu
 # Languages to include
 GLUON_LANGS ?= en de
--- a/docs/user/faq.rst
+++ b/docs/user/faq.rst
@ -15,3 +15,85 @@ interface. This DNS server must be announced in router advertisements (using
 on *batman-adv*. If your mesh does not have global IPv6 connectivity, you can setup
 your *radvd* not to announce a default route by setting the *default lifetime* to 0;
 in this case, the *radvd* is only used to announce the DNS server.
 .. _faq-mtu:
 What is a good MTU on the mesh-vpn
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 Setting the MTU on the transport interface requires careful consideration, as
 setting it too low will cause excessive fragmentation and setting it too high
 may leave peers with a broken tunnel due to packet loss.
 Consider these key values:
 - Payload: Allow for the transport of IPv6 packets, by adhering to the minimum MTU
  of 1280 Byte specified in RFC 2460
  - and configure `MSS clamping`_ accordingly,
  - and announce your link MTU via Router Advertisments and DHCP
  .. _MSS clamping: http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.cookbook.mtu-mss.html
 - Encapsulation: Account for the overhead created by the configured mesh protocol
  encapsulating the payload, which is
  - up to 32 Byte (14 Byte Ethernet + 18 Byte batadv) for batman-adv compat v15 (v2014.0 and later)
  - up to 28 Byte (14 Byte Ethernet + 14 Byte batadv) for batman-adv compat v14 (v2011.3.0 until and including v2013.4.0)
 - PMTU: What MTU does the path between your gateway and each of its peers support?
 For reference, the complete MTU stack looks like this:
 .. image:: mtu-diagram_v5.png
 Minimum MTU
 -----------
 Calculcate the minimum transport MTU by adding the encapsulation overhead to the
 minimum payload MTU required. This is the lowest recommended value, since going
 lower would cause unnecessary fragmentation for clients which respect the announced
 link MTU.
 Example: Our network currently uses batman-adv v15, it therefore requires up
 to 32 Bytes of encapsulation overhead on top of the minimal link MTU required for
 transporting IPv6.::
  \        1312              1294          1280                                 0
   \---------+-----------------+-------------+----------------------------------+
    \TAP     |    batadv v15   |   Ethernet  |            Payload               |
     \-------+-----------------+-------------+----------------------------------+
      \      ^
             |
          MTU_LOW = 1280 Byte + 14 Byte + 18 Byte = 1312 Byte
 Maximum MTU
 -----------
 Calculating the maximum transport MTU is interesting, because it increases the
 throughput, by allowing larger payloads to be transported, but also more difficult
 as you have to take into account the tunneling overhead and each peers PMTU, which
 varies between providers.
 The underlying reasons are mostly PPPoE, Tunneling and IPv6 transition technologies
 like DS-Lite.
 Example: The peer with the smallest MTU on your network is behind DS-Lite and can
 transport IPv4 packets up to 1436 Bytes in size. Your tunnel uses IPv4 (20 Byte),
 UDP (8 Byte), Fastd (24 byte) and you require TAP (14 Byte) for Layer 2 (Ethernet)
 Tunneling.::
  1436                1416     1408                    1384          1370    \
    +-------------------+--------+-----------------------+-------------+------\
    |        IP         |  UDP   |         Fastd         |     TAP     |    bat\
    +-------------------+--------+-----------------------+-------------+--------\
                                                                       ^         \
                                                                       |
       MTU_HIGH = 1436 Byte - 20 Byte - 8 Byte - 24 Byte - 14 Byte = 1370 Byte
 Conclusion
 ----------
 Determining the maximum MTU can be a tedious process, especially since the PMTU
 of peers could change at any time. The general recommendation for maximized
 compatibility is therefore the minimum MTU of 1312 Byte, which works well with
 all combinations of IPv4, IPv6, batman-adv compat v14 and v15.
--- a/docs/user/getting_started.rst
+++ b/docs/user/getting_started.rst
@ -8,7 +8,7 @@ Gluon's releases are managed using `Git tags`_. If you are just getting
 started with Gluon we recommend to use the latest stable release of Gluon.
 Take a look at the `list of gluon releases`_ and notice the latest release,
-e.g. *v2016.1.5*. Always get Gluon using git and don't try to download it
+e.g. *v2018.1*. Always get Gluon using git and don't try to download it
 as a Zip archive as the archive will be missing version information.
 Please keep in mind that there is no "default Gluon" build; a site configuration
@ -36,13 +36,14 @@ freshly installed Debian Wheezy system the following packages are required:
 * `libncurses-dev` (actually `libncurses5-dev`)
 * `libz-dev` (actually `zlib1g-dev`)
 * `libssl-dev`
 * `wget`
 Building the images
 -------------------
 To build Gluon, first check out the repository. Replace *RELEASE* with the
-version you'd like to checkout, e.g. *v2016.1.5*.
+version you'd like to checkout, e.g. *v2018.1*.
 ::
@ -58,7 +59,7 @@ Now, enter the freshly created directory::
 It's time to add (or create) your site configuration. If you already
 have a site repository, just clone it::
-   git clone https://github.com/freifunk-duckburg/site-ffdb.git site
+   git clone https://github.com/freifunk-alpha-centauri/site-ffac.git site
 If you want to build a new site, create a new git repository *site/*::
@ -84,17 +85,16 @@ Next go back to the top-level Gluon directory and build Gluon::
    make update                        # Get other repositories used by Gluon
    make GLUON_TARGET=ar71xx-generic   # Build Gluon
 When calling make, the OpenWrt build environment is prepared/updated.
 In case of errors read the messages carefully and try to fix the stated issues (e.g. install tools not available yet).
 ``ar71xx-generic`` is the most common target and will generate images for most of the supported hardware.
 To see a complete list of supported targets, call ``make`` without setting ``GLUON_TARGET``.
-You should reserve about 10GB of disk space for each `GLUON_TARGET`.
+You should generally reserve 5GB of disk space and additionally about 10GB for each `GLUON_TARGET`.
 The built images can be found in the directory `output/images`. Of these, the `factory`
 images are to be used when flashing from the original firmware a device came with,
-and `sysupgrade` is to upgrade from other versions of Gluon or any other OpenWrt-based
+and `sysupgrade` is to upgrade from other versions of Gluon or any other OpenWrt/LEDE-based
 system.
 **Note:** The images for some models are identical; to save disk space, symlinks are generated instead
@ -110,28 +110,25 @@ There are two levels of `make clean`::
    make clean GLUON_TARGET=ar71xx-generic
-will ensure all packages are rebuilt for a single target; this is what you normally want to do after an update.
+will ensure all packages are rebuilt for a single target. This normally not
 necessary, but may fix certain kinds of build failures.
 ::
    make dirclean
-will clean the entire tree, so the toolchain will be rebuilt as well, which is
+will clean the entire tree, so the toolchain will be rebuilt as well, which will take a while.
 not necessary in most cases, and will take a while.
 opkg repositories
 -----------------
-Gluon is mostly compatible with OpenWrt, so the normal OpenWrt package repositories
+Gluon is mostly compatible with LEDE, so the normal LEDE package repositories
-can be used for Gluon as well. It is advisable to setup a mirror or reverse proxy
+can be used for Gluon as well.
 reachable over IPv6 and add it to ``site.conf`` as http://downloads.openwrt.org/ does
 not support IPv6.
 This is not true for kernel modules; the Gluon kernel is incompatible with the
-kernel of the default OpenWrt images. Therefore, Gluon will not only generate images,
+kernel of the default LEDE images. Therefore, Gluon will not only generate images,
-but also an opkg repository containing all kernel modules provided by OpenWrt/Gluon
+but also an opkg repository containing all core packages provided by LEDE,
-for the kernel of the generated images.
+including modules for the kernel of the generated images.
 Signing keys
 ............
@ -139,53 +136,66 @@ Signing keys
 Gluon does not support HTTPS for downloading packages; fortunately, opkg deploys
 public-key cryptography to ensure package integrity.
-The Gluon images will contain two public keys: the official OpenWrt signing key
+The Gluon images will contain public keys from two sources: the official LEDE keyring
 (to allow installing userspace packages) and a Gluon-specific key (which is used
-to sign the generated module repository).
+to sign the generated package repository).
-By default, Gluon will handle the generation and handling of the keys itself.
+LEDE will handle the generation and handling of the keys itself.
 When making firmware releases based on Gluon, it might make sense to store
 the keypair, so updating the module repository later is possible.
-The location the keys are stored at and read from can be changed
+.. _getting-started-make-variables:
 (see :ref:`getting-started-environment-variables`). To only generate the keypair
 at the configured location without doing a full build, use ``make create-key``.
-.. _getting-started-environment-variables:
+Make variables
 --------------
-Environment variables
+Gluon's build process can be controlled by various variables. They can
---------------------
+usually be set on the command line or in ``site.mk``.
-Gluon's build process can be controlled by various environment variables.
+Common variables
 ................
-GLUON_SITEDIR
+GLUON_BRANCH
-  Path to the site configuration. Defaults to ``site``.
+  Sets the default branch of the autoupdater. If unset, the autoupdater is disabled
  by default. For the ``make manifest`` command, GLUON_BRANCH defines the branch to
  generate a manifest for.
 GLUON_LANGS
  Space-separated list of languages to include for the config mode/advanced settings. Defaults to ``en``.
  ``en`` should always be included, other supported languages are ``de`` and ``fr``.
 GLUON_PRIORITY
  Defines the priority of an automatic update in ``make manifest``. See :doc:`../features/autoupdater` for
  a detailed description of this value.
 GLUON_REGION
  Some devices (at the moment the TP-Link Archer C7) contain a region code that restricts
  firmware installations. Set GLUON_REGION to ``eu`` or ``us`` to make the resulting
  images installable from the respective stock firmwares.
 GLUON_RELEASE
  Firmware release number: This string is displayed in the config mode, announced
  via respondd/alfred and used by the autoupdater to decide if a newer version
  is available. The same GLUON_RELEASE has to be passed to ``make`` and ``make manifest``
  to generate a correct manifest.
 GLUON_TARGET
  Target architecture to build.
 Special variables
 .................
 GLUON_BUILDDIR
  Working directory during build. Defaults to ``build``.
-GLUON_OPKG_KEY
+GLUON_IMAGEDIR
-  Path key file used to sign the module opkg repository. Defaults to ``$(GLUON_BULDDIR)/gluon-opkg-key``.
+  Path where images will be stored. Defaults to ``$(GLUON_OUTPUTDIR)/images``.
-  The private key will be stored as ``$(GLUON_OPKG_KEY)``, the public key as ``$(GLUON_OPKG_KEY).pub``.
+GLUON_PACKAGEDIR
  Path where the opkg package repository will be stored. Defaults to ``$(GLUON_OUTPUTDIR)/packages``.
 GLUON_OUTPUTDIR
  Path where output files will be stored. Defaults to ``output``.
-GLUON_IMAGEDIR
+GLUON_SITEDIR
-  Path where images will be stored. Defaults to ``$(GLUON_OUTPUTDIR)/images``.
+  Path to the site configuration. Defaults to ``site``.
 GLUON_MODULEDIR
  Path where the kernel module opkg repository will be stored. Defaults to ``$(GLUON_OUTPUTDIR)/modules``.
 So all in all, to update and rebuild a Gluon build tree, the following commands should be used (repeat the
 ``make clean`` and ``make`` for all targets you want to build):
 ::
    git pull
    (cd site && git pull)
    make update
    make clean GLUON_TARGET=ar71xx-generic
    make GLUON_TARGET=ar71xx-generic
--- a/docs/user/mtu-diagram_v5.png
+++ b/docs/user/mtu-diagram_v5.png
--- a/docs/user/site.rst
+++ b/docs/user/site.rst
@ -21,12 +21,25 @@ site_code
    The code of your community. It is good practice to use the TLD of
    your community here.
-prefix4
+domain_seed
    32 bytes of random data, encoded in hexadecimal, used to seed other random
    values specific to the mesh domain. It must be the same for all nodes of one
    mesh, but should be different for firmwares that are not supposed to mesh with
    each other.
    The recommended way to generate a value for a new site is:
    ::
        echo $(hexdump -v -n 32 -e '1/1 "%02x"' </dev/urandom)
 prefix4 \: optional
    The IPv4 Subnet of your community mesh network in CIDR notation, e.g.
    ::
       prefix4 = '10.111.111.0/18'
    Required if ``next_node.ip4`` is set.
 prefix6
    The IPv6 subnet of your community mesh network, e.g.
    ::
@ -44,7 +57,7 @@ ntp_server
    List of NTP servers available in your community or used by your community, e.g.:
    ::
-       ntp_servers = {'1.ntp.services.ffeh','2.ntp.services.ffeh'}
+       ntp_servers = {'1.ntp.services.ffac','2.ntp.services.ffac'}
    This NTP servers must be reachable via IPv6 from the nodes. If you don't want to set an IPv6 address
    explicitly, but use a hostname (which is recommended), see also the :ref:`FAQ <faq-dns>`.
@ -54,23 +67,27 @@ opkg \: optional
    There are two optional fields in the ``opkg`` section:
-    - ``openwrt`` overrides the default OpenWrt repository URL
+    - ``lede`` overrides the default LEDE repository URL. The default URL would
      correspond to ``http://downloads.lede-project.org/snapshots/packages/%A``
      and usually doesn't need to be changed when nodes are expected to have IPv6
      internet connectivity.
    - ``extra`` specifies a table of additional repositories (with arbitrary keys)
    ::
      opkg = {
-        openwrt = 'http://opkg.services.ffeh/openwrt/%n/%v/%S/packages',
+        lede = 'http://opkg.services.ffac/lede/snapshots/packages/%A',
        extra = {
-          modules = 'http://opkg.services.ffeh/modules/gluon-%GS-%GR/%S',
+          gluon = 'http://opkg.services.ffac/modules/gluon-%GS-%GR/%S',
        },
      }
    There are various patterns which can be used in the URLs:
-    - ``%n`` is replaced by the OpenWrt version codename (e.g. "chaos_calmer")
+    - ``%n`` is replaced by the LEDE version codename
-    - ``%v`` is replaced by the OpenWrt version number (e.g. "15.05")
+    - ``%v`` is replaced by the LEDE version number (e.g. "17.01")
-    - ``%S`` is replaced by the target architecture (e.g. "ar71xx/generic")
+    - ``%S`` is replaced by the target board (e.g. "ar71xx/generic")
    - ``%A`` is replaced by the target architecture (e.g. "mips_24kc")
    - ``%GS`` is replaced by the Gluon site code (as specified in ``site.conf``)
    - ``%GV`` is replaced by the Gluon version
    - ``%GR`` is replaced by the Gluon release (as specified in ``site.mk``)
@ -81,13 +98,13 @@ regdom \: optional
      regdom = 'DE'
-    Setting ``regdom`` in mandatory if ``wifi24`` or ``wifi5`` is defined.
+    Setting ``regdom`` is mandatory if ``wifi24`` or ``wifi5`` is defined.
 wifi24 \: optional
    WLAN configuration for 2.4 GHz devices.
    ``channel`` must be set to a valid wireless channel for your radio.
-    There are currently three interface types available. You many choose to
+    There are currently three interface types available. You may choose to
    configure any subset of them:
    - ``ap`` creates a master interface where clients may connect
@ -96,27 +113,39 @@ wifi24 \: optional
    Each interface may be disabled by setting ``disabled`` to ``true``.
    This will only affect new installations.
-    Upgrades will not changed the disabled state.
+    Upgrades will not change the disabled state.
    Additionally it is possible to configure the ``supported_rates`` and ``basic_rate``
    of each radio. Both are optional, by default hostapd/driver dictate the rates.
    If ``supported_rates`` is set, ``basic_rate`` is required, because ``basic_rate``
    has to be a subset of ``supported_rates``.
    The example below disables 802.11b rates.
    ``ap`` requires a single parameter, a string, named ``ssid`` which sets the
-    interface's ESSID.
+    interface's ESSID. This is the WiFi the clients connect to.
-    ``mesh`` requires a single parameter, a string, named ``id`` which sets the mesh id.
+    ``mesh`` requires a single parameter, a string, named ``id`` which sets the
    mesh id, also visible as an open WiFi in some network managers. Usually you
    don't want users to connect to this mesh-SSID, so use a cryptic id that no
    one will accidentally mistake for the client WiFi.
    ``ibss`` requires two parametersr: ``ssid`` (a string) and ``bssid`` (a MAC).
    An optional parameter ``vlan`` (integer) is supported.
    Both ``mesh`` and ``ibss`` accept an optional ``mcast_rate`` (kbit/s) parameter for
-    setting the default multicast datarate.
+    setting the multicast bitrate. Increasing the default value of 1000 to something
    like 12000 is recommended.
    ::
       wifi24 = {
         channel = 11,
         supported_rates = {6000, 9000, 12000, 18000, 24000, 36000, 48000, 54000},
         basic_rate = {6000, 9000, 18000, 36000, 54000},
         ap = {
-           ssid = 'entenhausen.freifunk.net',
+           ssid = 'alpha-centauri.freifunk.net',
         },
         mesh = {
-           id = 'entenhausen-mesh',
+           id = 'ueH3uXjdp',
           mcast_rate = 12000,
         },
         ibss = {
@ -134,49 +163,114 @@ next_node \: package
    ::
      next_node = {
        name = { 'nextnode.location.community.example.org', 'nextnode', 'nn' },
        ip4 = '10.23.42.1',
        ip6 = 'fdca:ffee:babe:1::1',
-        mac = 'ca:ff:ee:ba:be:00'
+        mac = '16:41:95:40:f7:dc'
      }
-mesh \: optional
+    All values of this section are optional. If the IPv4 or IPv6 address is
-    Options specific to routing protocols.
+    omitted, there will be no IPv4 or IPv6 anycast address. The MAC address
    defaults to ``16:41:95:40:f7:dc``; this value usually doesn't need to be
    changed, but it can be adjusted to match existing deployments that use a
    different value.
-    At the moment, only the ``batman_adv`` routing protocol has such options:
+    When the nodes' next-node address is used as a DNS resolver by clients
    (by passing it via DHCP or router advertisements), it may be useful to
    allow resolving a next-node hostname without referring to an upstream DNS
    server (e.g. to allow reaching the node using such a hostname via HTTP or SSH
    in isolated mesh segments). This is possible by providing one or more names
    in the ``name`` field.
-    The optional value ``gw_sel_class`` sets the gateway selection class. The default
+.. _user-site-mesh:
-    class 20 is based on the link quality (TQ) only, class 1 is calculated from
+
-    both the TQ and the announced bandwidth.
+mesh
    Configuration of general mesh functionality.
    To avoid inter-mesh links, Gluon can encapsulate the mesh protocol in VXLAN
    for Mesh-on-LAN/WAN. It is recommended to set *mesh.vxlan* to ``true`` to
    enable VXLAN in new setups. Setting it to ``false`` disables this
    encapsulation to allow meshing with other nodes that don't support VXLAN
    (Gluon 2017.1.x and older). In multi-domain setups, *mesh.vxlan* is optional
    and defaults to ``true``.
    Gluon generally segments layer-2 meshes so that each node becomes IGMP/MLD
    querier for its own local clients. This is necessary for reliable multicast
    snooping. The segmentation is realized by preventing IGMP/MLD queries from
    passing through the mesh.
    By default, not only queries are filtered, but also membership report and
    leave packets, as they add to the background noise of the mesh. As a
    consequence, snooping switches outside the mesh that are connected to a
    Gluon node need to be configured to forward all multicast traffic towards
    the mesh; this is usually not a problem, as such setups are unusual. If
    you run a special-purpose mesh that requires membership reports to be
    working, this filtering can be disabled by setting the
    optional *filter_membership_reports* value to ``false``.
    In addition, options specific to the batman-adv routing protocol can be set
    in the *batman_adv* section:
    The optional value *gw_sel_class* sets the gateway selection class. The
    default is class 20, which is based on the link quality (TQ) only; class 1
    is calculated from both the TQ and the announced bandwidth.
    ::
      mesh = {
        vxlan = true,
        filter_membership_reports = false,
        batman_adv = {
          gw_sel_class = 1,
        },
      }
-fastd_mesh_vpn
+mesh_vpn
-    Remote server setup for the fastd-based mesh VPN.
+    Remote server setup for the mesh VPN.
-    The `enabled` option can be set to true to enable the VPN by default.
+    The `enabled` option can be set to true to enable the VPN by default. `mtu`
    defines the MTU of the VPN interface, determining a proper MTU value is described
    in the :ref:`FAQ <faq-mtu>`.
    By default the public key of a node's VPN daemon is not added to announced respondd
    data; this prevents malicious ISPs from correlating VPN sessions with specific mesh
    nodes via public respondd data. If this is of no concern in your threat model,
    this behaviour can be disabled (and thus announcing the public key be enabled) by
    setting `pubkey_privacy` to `false`. At the moment, this option only affects fastd.
    The `fastd` section configures settings specific to the *fastd* VPN
    implementation.
    If `configurable` is set to `false` or unset, the method list will be replaced on updates
    with the list from the site configuration. Setting `configurable` to `true` will allow the user to
    add the method ``null`` to the beginning of the method list or remove ``null`` from it,
    and make this change survive updates. Setting `configurable` is necessary for the
-    package `gluon-luci-mesh-vpn-fastd`, which adds a UI for this configuration.
+    package `gluon-web-mesh-vpn-fastd`, which adds a UI for this configuration.
    In any case, the ``null`` method should always be the first method in the list
    if it is supported at all. You should only set `configurable` to `true` if the
    configured peers support both the ``null`` method and methods with encryption.
    You can set syslog_level from verbose (default) to warn to reduce syslog output.
    The `tunneldigger` section is used to define the *tunneldigger* broker list.
    **Note:** It doesn't make sense to include both `fastd` and `tunneldigger`
    sections in the same configuration file, as only one of the packages *gluon-mesh-vpn-fastd*
    and *gluon-mesh-vpn-tunneldigger* should be installed with the current
    implementation.
    ::
-      fastd_mesh_vpn = {
+      mesh_vpn = {
        methods = {'salsa2012+umac'},
        -- enabled = true,
        mtu = 1312,
        -- pubkey_privacy = true,
        fastd = {
          methods = {'salsa2012+umac'},
          -- configurable = true,
-        mtu = 1280,
+          -- syslog_level = 'warn',
          groups = {
            backbone = {
              -- Limit number of connected peers from this group
@ -186,14 +280,24 @@ fastd_mesh_vpn
                  key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
                  -- Having multiple domains prevents SPOF in freifunk.net
                  remotes = {
-                  'ipv4 "vpn1.entenhausen.freifunk.net" port 10000',
+                    'ipv4 "vpn1.alpha-centauri.freifunk.net" port 10000',
-                  'ipv4 "vpn1.entenhausener-freifunk.de" port 10000',
+                    'ipv4 "vpn1.alpha-centauri-freifunk.de" port 10000',
                  },
                },
                peer2 = {
                  key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
                  -- You can also omit the ipv4 to allow both connection via ipv4 and ipv6
-                remotes = {'"vpn2.entenhausen.freifunk.net" port 10000'},
+                  remotes = {'"vpn2.alpha-centauri.freifunk.net" port 10000'},
                },
                peer3 = {
                  key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
                  -- In addition to domains you can also add ip addresses, which provides
                  -- resilience in case of dns outages
                  remotes = {
                    '"vpn3.alpha-centauri.freifunk.net" port 10000',
                    '[2001:db8::3:1]:10000',
                    '192.0.2.3:10000',
                  },
                },
              },
              -- Optional: nested peer groups
@ -210,6 +314,11 @@ fastd_mesh_vpn
            --   peers = { ... },
            -- },
          },
        },
        tunneldigger = {
          brokers = {'vpn1.alpha-centauri.freifunk.net'}
        },
        bandwidth_limit = {
          -- The bandwidth limit can be enabled by default here.
@ -225,12 +334,24 @@ fastd_mesh_vpn
 mesh_on_wan \: optional
    Enables the mesh on the WAN port (``true`` or ``false``).
    ::
       mesh_on_wan = true,
 mesh_on_lan \: optional
    Enables the mesh on the LAN port (``true`` or ``false``).
    ::
        mesh_on_lan = true,
 poe_passthrough \: optional
    Enable PoE passthrough by default on hardware with such a feature.
 autoupdater \: package
    Configuration for the autoupdater feature of Gluon.
    The mirrors are checked in random order until the manifest could be downloaded
    successfully or all mirrors have been tried.
    ::
      autoupdater = {
@ -240,7 +361,7 @@ autoupdater \: package
            name = 'stable',
            mirrors = {
              'http://[fdca:ffee:babe:1::fec1]/firmware/stable/sysupgrade/',
-              'http://autoupdate.entenhausen.freifunk.net/firmware/stable/sysupgrade/',
+              'http://autoupdate.alpha-centauri.freifunk.net/firmware/stable/sysupgrade/',
            },
            -- Number of good signatures required
            good_signatures = 2,
@ -255,6 +376,39 @@ autoupdater \: package
    All configured mirrors must be reachable from the nodes via IPv6. If you don't want to set an IPv6 address
    explicitly, but use a hostname (which is recommended), see also the :ref:`FAQ <faq-dns>`.
 config_mode \: optional
    Additional configuration for the configuration web interface. All values are
    optional.
    When no hostname is specified, a default hostname based on the *hostname_prefix*
    and the node's primary MAC address is assigned. Manually setting a hostname
    can be enforced by setting *hostname.optional* to *false*.
    By default, no altitude fields are shown by the *gluon-config-mode-geo-location*
    package. If *geo_location.show_altitude* is set to *true*, the *gluon-config-mode:altitude-label*
    and *gluon-config-mode:altitude-help* strings must be provided in the site i18n
    data as well.
    The remote login page only shows SSH key configuration by default. A
    password form can be displayed by setting *remote_login.show_password_form*
    to true; in this case, *remote_login.min_password_length* defines the
    minimum password length.
    ::
        config_mode = {
          hostname = {
            optional = false,
          },
          geo_location = {
            show_altitude = true,
          },
          remote_login = {
            show_password_form = true,
            min_password_length = 10,
          },
        },
 roles \: optional
    Optional role definitions. Nodes will announce their role inside the mesh.
    This will allow in the backend to distinguish between normal, backbone and
@ -262,11 +416,11 @@ roles \: optional
    the community which roles to define. See the section below as an example.
    ``default`` takes the default role which is set initially. This value should be
    part of ``list``. If you want node owners to change the role via config mode add
-    the package ``gluon-luci-node-role`` to ``site.mk``.
+    the package ``gluon-web-node-role`` to ``site.mk``.
-    The strings to display in the LuCI interface can be configured per language in the
+    The strings to display in the web interface are configured per language in the
    ``i18n/en.po``, ``i18n/de.po``, etc. files of the site repository using message IDs like
-    ``gluon-luci-node-role:role:node`` and ``gluon-luci-node-role:role:backbone``.
+    ``gluon-web-node-role:role:node`` and ``gluon-web-node-role:role:backbone``.
    ::
      roles = {
@ -288,30 +442,20 @@ setup_mode \: package
        skip = true,
      },
-legacy \: package
+Build configuration
-    Configuration for the legacy upgrade path.
+-------------------
    This is only required in communities upgrading from Lübeck's LFF-0.3.x.
    ::
-      legacy = {
+The ``site.mk`` is a Makefile which defines various values
             version_files = {'/etc/.freifunk_version_keep', '/etc/.eff_version_keep'},
             old_files = {'/etc/config/config_mode', '/etc/config/ffeh', '/etc/config/freifunk'},
             config_mode_configs = {'config_mode', 'ffeh', 'freifunk'},
             fastd_configs = {'ffeh_mesh_vpn', 'mesh_vpn'},
             mesh_ifname = 'freifunk',
             tc_configs = {'ffki', 'freifunk'},
             wifi_names = {'wifi_freifunk', 'wifi_freifunk5', 'wifi_mesh', 'wifi_mesh5'},
      }
 Packages
 --------
 The ``site.mk`` is a Makefile which should define constants
 involved in the build process of Gluon.
 GLUON_FEATURES
    Defines a list of features to include. The feature list is used to generate
    the default package set.
 GLUON_SITE_PACKAGES
-    Defines a list of packages which should be installed additionally
+    Defines a list of packages which should be installed in addition to the
-    to the ``gluon-core`` package.
+    default package set. It is also possible to remove packages from the
    default set by prepending a minus sign to the package name.
 GLUON_RELEASE
    The current release version Gluon should use.
@ -320,10 +464,86 @@ GLUON_PRIORITY
    The default priority for the generated manifests (see the autoupdater documentation
    for more information).
 GLUON_REGION
    Region code to build into images where necessary. Valid values are the empty string,
    ``us`` and ``eu``.
 GLUON_LANGS
    List of languages (as two-letter-codes) to be included in the web interface. Should always contain
    ``en``.
 GLUON_WLAN_MESH
  Setting this to ``11s`` or ``ibss`` will enable generation of matching images for devices which don't
  support both meshing modes, either at all (e.g. ralink and mediatek don't support AP+IBSS) or in the
  same firmware (ath10k-based 5GHz). Defaults to ``11s``.
 .. _user-site-feature-flags:
 Feature flags
 ^^^^^^^^^^^^^
 With the addition of more and more features that interact in complex ways, it
 has become necessary to split certain packages into multiple parts, so it is
 possible to install just what is needed for a specific usecase. One example
 is the package *gluon-status-page-mesh-batman-adv*: There are batman-adv-specific
 status page components; they should only be installed when both batman-adv and
 the status page are enabled, making the addition of a specific package for this
 combination necessary.
 With the ongoing modularization, e.g. for the purpose of supporting new
 routing protocols, specifying all such split packages in *site.mk* would
 soon become very cumbersome: In the future, further components like
 respondd support or languages might be split off as separate packages,
 leading to entangled package names like *gluon-mesh-vpn-fastd-respondd* or
 *gluon-status-page-mesh-batman-adv-i18n-de*.
 For this reason, we have introduced *feature flags*, which can be specified
 in the *GLUON_FEATURES* variable. These flags allow to specify a set of features
 on a higher level than individual package names.
 Most Gluon packages can simply be specified as feature flags by removing the ``gluon-``
 prefix: The feature flag corresponding to the package *gluon-mesh-batman-adv-15* is
 *mesh-batman-adv-15*.
 The file ``package/features`` in the Gluon repository (or
 ``features`` in site feeds) can specify additional rules for deriving package lists
 from feature flags, e.g. specifying both *status-page* and either *mesh-batman-adv-14*
 or *mesh-batman-adv-15* will automatically select the additional package
 *gluon-status-page-mesh-batman-adv*. In the future, selecting the flags
 *mesh-vpn-fastd* and *respondd* might automatically enable the additional
 package *gluon-mesh-vpn-fastd-respondd*, and enabling *status-page* and
 *mesh-batman-adv-15* (or *-14*) with ``de`` in *GLUON_LANGS* could
 add the package *gluon-status-page-mesh-batman-adv-i18n-de*.
 In short, it is not necessary anymore to list all the individual packages that are
 relevant for a firmware; instead, the package list is derived from a list of feature
 flags using a flexible ruleset defined in the Gluon repo or site package feeds.
 To some extent, it will even allow us to further modularize existing Gluon packages,
 without necessitating changes to existing site configurations.
 It is still possible to override such automatic rules using *GLUON_SITE_PACKAGES*
 (e.g., ``-gluon-status-page-mesh-batman-adv`` to remove the automatically added
 package *gluon-status-page-mesh-batman-adv*).
 For convenience, there are two feature flags that do not directly correspond to a Gluon
 package:
 * web-wizard
  Includes the *gluon-config-mode-...* base packages (hostname, geolocation and contact info),
  as well as the *gluon-config-mode-autoupdater* (when *autoupdater* is in *GLUON_FEATURES*),
  and *gluon-config-mode-mesh-vpn* (when *mesh-vpn-fastd* or *mesh-vpn-tunneldigger* are in
  *GLUON_FEATURES*)
 * web-advanced
  Includes the *gluon-web-...* base packages (admin, network, WiFi config),
  as well as the *gluon-web-autoupdater* (when *autoupdater* is in *GLUON_FEATURES*)
 We recommend to use *GLUON_SITE_PACKAGES* for non-Gluon OpenWrt packages only and
 completely rely on *GLUON_FEATURES* for Gluon packages, as it is shown in the
 example *site.mk*.
 .. _site-config-mode-texts:
 Config mode texts
@ -338,6 +558,27 @@ gluon-config-mode:welcome
 gluon-config-mode:pubkey
    Information about the public VPN key on the reboot page.
 gluon-config-mode:novpn
    Information shown on the reboot page, if the mesh VPN was not selected.
 gluon-config-mode:altitude-label
    Label for the ``altitude`` field
 gluon-config-mode:altitude-help
    Description for the usage of the ``altitude`` field
 gluon-config-mode:contact-help
    Description for the usage of the ``contact`` field
 gluon-config-mode:contact-note
    Note shown (in small font) below the ``contact`` field
 gluon-config-mode:hostname-help
    Description for the usage of the ``hostname`` field
 gluon-config-mode:geo-location-help
    Description for the usage of the longitude/latitude fields
 gluon-config-mode:reboot
    General information shown on the reboot page.
@ -355,6 +596,41 @@ utilities are installed.
   Depending on the context, you might be able to use comments like
   ``<!-- empty -->`` as translations to effectively hide the text.
 Site modules
 ------------
 The file ``modules`` in the site repository is completely optional and can be used
 to supply additional package feeds from which packages are built. The git repositories
 specified here are retrieved in addition to the default feeds when ``make update``
 it called.
 This file's format is very similar to the toplevel ``modules`` file of the Gluon
 tree, with the important different that the list of feeds must be assigned to
 the variable ``GLUON_SITE_FEEDS``. Multiple feed names must be separated by spaces,
 for example::
    GLUON_SITE_FEEDS='foo bar'
 The feed names may only contain alphanumerical characters, underscores and slashes.
 For each of the feeds, the following variables are used to specify how to update
 the feed:
 PACKAGES_${feed}_REPO
    The URL of the git repository to clone (usually ``git://`` or ``http(s)://``)
 PACKAGES_${feed}_COMMIT
    The commit ID of the repository to use
 PACKAGES_${feed}_BRANCH
    Optional: The branch of the repository the given commit ID can be found in.
    Defaults to the default branch of the repository (usually ``master``)
 These variables are always all uppercase, so for an entry ``foo`` in GLUON_SITE_FEEDS,
 the corresponding configuration variables would be ``PACKAGES_FOO_REPO``,
 ``PACKAGES_FOO_COMMIT`` and ``PACKAGES_FOO_BRANCH``. Slashes in feed names are
 replaced by underscores to get valid shell variable identifiers.
 Examples
 --------
@ -394,23 +670,38 @@ site-repos in the wild
 This is a non-exhaustive list of site-repos from various communities:
 * `site-ffa <https://github.com/tecff/site-ffa>`_ (Altdorf, Landshut & Umgebung)
 * `site-ffac <https://github.com/ffac/site>`_ (Regio Aachen)
 * `site-ffbs <https://github.com/ffbs/site-ffbs>`_ (Braunschweig)
 * `site-ffhb <https://github.com/FreifunkBremen/gluon-site-ffhb>`_ (Bremen)
-* `site-ffda <https://github.com/freifunk-darmstadt/site-ffda>`_ (Darmstadt)
+* `site-ffda <https://git.darmstadt.ccc.de/ffda/site>`_ (Darmstadt)
 * `site-ff3l <https://github.com/ff3l/site-ff3l>`_ (Dreiländereck)
 * `site-ffeh <https://github.com/freifunk-ehingen/site-ffeh>`_ (Ehingen)
 * `site-fffl <https://github.com/freifunk-flensburg/site-fffl>`_ (Flensburg)
 * `site-ffgoe <https://github.com/freifunk-goettingen/site-ffgoe>`_ (Göttingen)
 * `site-ffgt-rhw <https://github.com/ffgtso/site-ffgt-rhw>`_ (Guetersloh)
 * `site-ffhh <https://github.com/freifunkhamburg/site-ffhh>`_ (Hamburg)
-* `site-ffho <https://git.c3pb.de/freifunk-pb/site-ffho>`_ (Hochstift)
+* `site-ffho <https://git.ffho.net/freifunkhochstift/ffho-site>`_ (Hochstift)
 * `site-ffhgw <https://github.com/lorenzo-greifswald/site-ffhgw>`_ (Greifswald)
 * `site-ffka <https://github.com/ffka/site-ffka>`_ (Karlsruhe)
 * `site-ffki <https://git.freifunk.in-kiel.de/ffki-site/>`_ (Kiel)
 * `site-fflz <https://github.com/freifunk-lausitz/site-fflz>`_ (Lausitz)
 * `site-ffl <https://github.com/freifunk-leipzig/freifunk-gluon-leipzig>`_ (Leipzig)
 * `site-ffhl <https://github.com/freifunk-luebeck/site-ffhl>`_ (Lübeck)
 * `site-fflg <https://github.com/kartenkarsten/site-fflg>`_ (Lüneburg)
 * `site-ffmd <https://github.com/FreifunkMD/site-ffmd>`_ (Magdeburg)
-* `site-ffmwu <https://github.com/freifunk-mwu/site-ffmwu>`_ (Mainz, Wiesbaden & Umgebung)
+* `site-ffmwu <https://github.com/freifunk-mwu/sites-ffmwu>`_ (Mainz, Wiesbaden & Umgebung)
 * `site-ffmyk <https://github.com/FreifunkMYK/site-ffmyk>`_ (Mayen-Koblenz)
 * `site-ffmo <https://github.com/ffruhr/site-ffmo>`_ (Moers)
 * `site-ffmg <https://github.com/ffruhr/site-ffmg>`_ (Mönchengladbach)
 * `site-ffm <https://github.com/freifunkMUC/site-ffm>`_ (München)
 * `site-ffhmue <https://github.com/Freifunk-Muenden/site-conf>`_ (Münden)
 * `site-ffms <https://github.com/FreiFunkMuenster/site-ffms>`_ (Münsterland)
 * `site-neuss <https://github.com/ffne/site-neuss>`_ (Neuss)
 * `site-ffniers <https://github.com/ffruhr/site-ffniers>`_ (Niersufer)
 * `site-ffndh <https://github.com/freifunk-nordheide/ffnordheide/tree/ffnh-lede/ffndh-site>`_ (Nordheide)
 * `site-ffnw <https://git.nordwest.freifunk.net/ffnw-firmware/siteconf/tree/master>`_ (Nordwest)
-* `site-ffka <https://github.com/ffka/site-ffka>`_ (Karlsruhe)
+* `site-ffrgb <https://github.com/ffrgb/site-ffrgb>`_ (Regensburg)
-* `site-ffrl <https://github.com/ffrl/sites-ffrl>`_ (Rheinland)
+* `site-ffrn <https://github.com/Freifunk-Rhein-Neckar/site-ffrn>`_ (Rhein-Neckar)
-* `site-ffrg <https://github.com/ffruhr/site-ffruhr>`_ (Ruhrgebiet)
+* `site-ffruhr <https://github.com/ffruhr?utf8=✓&query=site>`_ (Ruhrgebiet, Multi-Communities)
 * `site-ffs <https://github.com/freifunk-stuttgart/site-ffs>`_ (Stuttgart)
 * `site-fftr <https://github.com/freifunktrier/site-fftr>`_ (Trier)
--- a/docs/user/x86.rst
+++ b/docs/user/x86.rst
@ -22,15 +22,8 @@ The following targets for x86 images exist:
    These images only differ in the image file format, the content is the same. Therefore there is
    only a single `x86-generic` sysupgrade image instead of three.
-    Please note that the `x86-generic` image doesn't include VirtIO support, so another virtual NIC
+`x86-geode`
-    like `pcnet32` must be chosen when using VirtualBox.
+    x86 image for Geode CPUs.
 `x86-kvm`
    The `x86-kvm` image uses VirtIO as its harddisk and network driver.
 `x86-xen_domu`
    The `x86-xen_domu` target contains the necessary drivers for use in Xen.
 `x86-64`
-    64bit version of `x86-generic`. Also has VirtIO support, so there's no need for an
+    64bit version of `x86-generic`.
    `x86-64-kvm` target.
--- a/include/config
+++ b/include/config
@ -1,22 +0,0 @@
 CONFIG_IMAGEOPT=y
 # CONFIG_PER_FEED_REPO is not set
 # CONFIG_TARGET_ROOTFS_INITRAMFS is not set
 CONFIG_DEVEL=y
 CONFIG_ALL_KMODS=y
 CONFIG_BUSYBOX_CUSTOM=y
 CONFIG_BUSYBOX_CONFIG_SHA512SUM=y
 # CONFIG_BUSYBOX_CONFIG_FEATURE_PREFER_IPV4_ADDRESS is not set
 CONFIG_BUSYBOX_CONFIG_IP=y
 CONFIG_BUSYBOX_CONFIG_FEATURE_IP_ADDRESS=y
 CONFIG_BUSYBOX_CONFIG_FEATURE_IP_LINK=y
 CONFIG_BUSYBOX_CONFIG_FEATURE_IP_ROUTE=y
 CONFIG_BUSYBOX_CONFIG_FEATURE_IP_TUNNEL=y
 CONFIG_BUSYBOX_CONFIG_FEATURE_IP_RULE=y
 CONFIG_BUSYBOX_CONFIG_FEATURE_IP_SHORT_FORMS=y
 CONFIG_BUSYBOX_CONFIG_FEATURE_WGET_TIMEOUT=y
 CONFIG_ATH_USER_REGD=y
 CONFIG_PACKAGE_ATH_DEBUG=y
 CONFIG_LUCI_SRCDIET=y
--- a/include/gluon.mk
+++ b/include/gluon.mk
@ -1,82 +0,0 @@
 ifneq ($(__gluon_inc),1)
 __gluon_inc=1
 GLUON_SITEDIR ?= $(GLUONDIR)/site
 GLUON_BUILDDIR ?= $(GLUONDIR)/build
 GLUON_ORIGOPENWRTDIR := $(GLUONDIR)/openwrt
 GLUON_SITE_CONFIG := $(GLUON_SITEDIR)/site.conf
 GLUON_OUTPUTDIR ?= $(GLUONDIR)/output
 GLUON_IMAGEDIR ?= $(GLUON_OUTPUTDIR)/images
 GLUON_MODULEDIR ?= $(GLUON_OUTPUTDIR)/modules
 GLUON_OPKG_KEY ?= $(GLUON_BUILDDIR)/gluon-opkg-key
 export GLUONDIR GLUON_SITEDIR GLUON_BUILDDIR GLUON_SITE_CONFIG GLUON_OUTPUTDIR GLUON_IMAGEDIR GLUON_MODULEDIR
 BOARD_BUILDDIR = $(GLUON_BUILDDIR)/$(GLUON_TARGET)
 BOARD_KDIR = $(BOARD_BUILDDIR)/kernel
 export BOARD_BUILDDIR
 LINUX_RELEASE := 2
 export LINUX_RELEASE
 GLUON_OPENWRTDIR = $(BOARD_BUILDDIR)/openwrt
 $(GLUON_SITEDIR)/site.mk:
 	$(error There was no site configuration found. Please check out a site configuration to $(GLUON_SITEDIR))
 -include $(GLUON_SITEDIR)/site.mk
 GLUON_VERSION := $(shell cd $(GLUONDIR) && git describe --always 2>/dev/null || echo unknown)
 export GLUON_VERSION
 GLUON_LANGS ?= en
 export GLUON_LANGS
 ifeq ($(OPENWRT_BUILD),1)
 ifeq ($(GLUON_TOOLS),1)
 GLUON_OPENWRT_FEEDS := base packages luci routing telephony management
 export GLUON_OPENWRT_FEEDS
 GLUON_SITE_CODE := $(shell $(GLUONDIR)/scripts/site.sh site_code)
 export GLUON_SITE_CODE
 ifeq ($(GLUON_RELEASE),)
 $(error GLUON_RELEASE not set. GLUON_RELEASE can be set in site.mk or on the command line.)
 endif
 export GLUON_RELEASE
 endif
 endif
 define merge-lists
 $(1) :=
 $(foreach var,$(2),$(1) := $$(filter-out -% $$(patsubst -%,%,$$(filter -%,$$($(var)))),$$($(1)) $$($(var)))
 )
 endef
 GLUON_TARGETS :=
 define GluonTarget
 gluon_target := $(1)$$(if $(2),-$(2))
 GLUON_TARGETS += $$(gluon_target)
 GLUON_TARGET_$$(gluon_target)_BOARD := $(1)
 GLUON_TARGET_$$(gluon_target)_SUBTARGET := $(2)
 endef
 GLUON_DEFAULT_PACKAGES := gluon-core kmod-ipv6 firewall ip6tables -uboot-envtools -wpad-mini hostapd-mini
 override DEFAULT_PACKAGES.router :=
 endif #__gluon_inc
--- a/include/package.mk
+++ b/include/package.mk
@ -1,35 +0,0 @@
 include $(INCLUDE_DIR)/package.mk
 # Annoyingly, make's shell function replaces all newlines with spaces, so we have to do some escaping work. Yuck.
 define GluonCheckSite
 [ -z "$$GLUONDIR" ] || sed -e 's/-@/\n/g' -e 's/+@/@/g' <<'END__GLUON__CHECK__SITE' | "$$GLUONDIR"/scripts/check_site.sh
 $(shell cat $(1) | sed -ne '1h; 1!H; $$ {g; s/@/+@/g; s/\n/-@/g; p}')
 END__GLUON__CHECK__SITE
 endef
 # Languages supported by LuCi
 GLUON_SUPPORTED_LANGS := ca zh_cn en fr de el he hu it ja ms no pl pt_br pt ro ru es sv uk vi
 GLUON_I18N_PACKAGES := $(foreach lang,$(GLUON_SUPPORTED_LANGS),+LUCI_LANG_$(lang):luci-i18n-base-$(lang))
 GLUON_I18N_CONFIG := $(foreach lang,$(GLUON_SUPPORTED_LANGS),CONFIG_LUCI_LANG_$(lang))
 GLUON_ENABLED_LANGS := $(foreach lang,$(GLUON_SUPPORTED_LANGS),$(if $(CONFIG_LUCI_LANG_$(lang)),$(lang)))
 define GluonBuildI18N
 	mkdir -p $$(PKG_BUILD_DIR)/i18n
 	for lang in $$(GLUON_ENABLED_LANGS); do \
 		if [ -e $(2)/$$$$lang.po ]; then \
 			rm -f $$(PKG_BUILD_DIR)/i18n/$(1).$$$$lang.lmo; \
 			po2lmo $(2)/$$$$lang.po $$(PKG_BUILD_DIR)/i18n/$(1).$$$$lang.lmo; \
 		fi; \
 	done
 endef
 define GluonInstallI18N
 	$$(INSTALL_DIR) $(2)/usr/lib/lua/luci/i18n
 	for lang in $$(GLUON_ENABLED_LANGS); do \
 		if [ -e $$(PKG_BUILD_DIR)/i18n/$(1).$$$$lang.lmo ]; then \
 			$$(INSTALL_DATA) $$(PKG_BUILD_DIR)/i18n/$(1).$$$$lang.lmo $(2)/usr/lib/lua/luci/i18n/$(1).$$$$lang.lmo; \
 		fi; \
 	done
 endef
--- a/include/toplevel.mk
+++ b/include/toplevel.mk
@ -1,62 +0,0 @@
 # Makefile for OpenWrt
 #
 # Copyright (C) 2007-2012 OpenWrt.org
 # Copyright (C) 2013-2014 Project Gluon
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
 #
 RELEASE:=Chaos Calmer
 PREP_MK= OPENWRT_BUILD= QUIET=0
 export IS_TTY=$(shell tty -s && echo 1 || echo 0)
 include $(GLUONDIR)/include/verbose.mk
 REVISION:=$(shell [ -d $(TOPDIR) ] && cd $(TOPDIR) && ./scripts/getver.sh 2>/dev/null)
 HOSTCC ?= gcc
 OPENWRTVERSION:=$(RELEASE)$(if $(REVISION), ($(REVISION)))
 export RELEASE
 export REVISION
 export OPENWRTVERSION
 export IS_TTY=$(shell tty -s && echo 1 || echo 0)
 export LD_LIBRARY_PATH:=$(subst ::,:,$(if $(LD_LIBRARY_PATH),$(LD_LIBRARY_PATH):)$(STAGING_DIR_HOST)/lib)
 export DYLD_LIBRARY_PATH:=$(subst ::,:,$(if $(DYLD_LIBRARY_PATH),$(DYLD_LIBRARY_PATH):)$(STAGING_DIR_HOST)/lib)
 export GIT_CONFIG_PARAMETERS='core.autocrlf=false'
 export MAKE_JOBSERVER=$(filter --jobserver%,$(MAKEFLAGS))
 # prevent perforce from messing with the patch utility
 unexport P4PORT P4USER P4CONFIG P4CLIENT
 # prevent user defaults for quilt from interfering
 unexport QUILT_PATCHES QUILT_PATCH_OPTS
 unexport C_INCLUDE_PATH CROSS_COMPILE ARCH
 # prevent distro default LPATH from interfering
 unexport LPATH
 # make sure that a predefined CFLAGS variable does not disturb packages
 export CFLAGS=
 ifneq ($(shell $(HOSTCC) 2>&1 | grep clang),)
  export HOSTCC_REAL?=$(HOSTCC)
  export HOSTCC_WRAPPER:=$(TOPDIR)/scripts/clang-gcc-wrapper
 else
  export HOSTCC_WRAPPER:=$(HOSTCC)
 endif
 SCAN_COOKIE?=$(shell echo $$$$)
 export SCAN_COOKIE
 SUBMAKE:=umask 022; $(SUBMAKE)
 ULIMIT_FIX=_limit=`ulimit -n`; [ "$$_limit" = "unlimited" -o "$$_limit" -ge 1024 ] || ulimit -n 1024;
 FORCE: ;
 .PHONY: FORCE
 .NOTPARALLEL:
--- a/include/verbose.mk
+++ b/include/verbose.mk
@ -1,67 +0,0 @@
 # 
 # Copyright (C) 2006 OpenWrt.org
 #
 # This is free software, licensed under the GNU General Public License v2.
 # See /LICENSE for more information.
 #
 ifndef OPENWRT_VERBOSE
  OPENWRT_VERBOSE:=
 endif
 ifeq ("$(origin V)", "command line")
  OPENWRT_VERBOSE:=$(V)
 endif
 ifeq ($(OPENWRT_VERBOSE),1)
  OPENWRT_VERBOSE:=w
 endif
 ifeq ($(OPENWRT_VERBOSE),99)
  OPENWRT_VERBOSE:=s
 endif
 ifeq ($(NO_TRACE_MAKE),)
 NO_TRACE_MAKE := $(MAKE) V=s$(OPENWRT_VERBOSE)
 export NO_TRACE_MAKE
 endif
 ifeq ($(IS_TTY),1)
  ifneq ($(strip $(NO_COLOR)),1)
    _Y:=\\033[33m
    _R:=\\033[31m
    _N:=\\033[m
  endif
 endif
 ifeq ($(findstring s,$(OPENWRT_VERBOSE)),)
  define MESSAGE
 	printf "$(_Y)%s$(_N)\n" "$(1)" >&8
  endef
  define ERROR_MESSAGE
 	printf "$(_R)%s$(_N)\n" "$(1)" >&8
  endef
  ifeq ($(QUIET),1)
    ifneq ($(CURDIR),$(TOPDIR))
      _DIR:=$(patsubst $(TOPDIR)/%,%,${CURDIR})
    else
      _DIR:=
    endif
    _NULL:=$(if $(MAKECMDGOALS),$(shell \
 		$(call MESSAGE, make[$(MAKELEVEL)]$(if $(_DIR), -C $(_DIR)) $(MAKECMDGOALS)); \
    ))
    SUBMAKE=$(MAKE)
  else
    SILENT:=>/dev/null $(if $(findstring w,$(OPENWRT_VERBOSE)),,2>&1)
    export QUIET:=1
    SUBMAKE=cmd() { $(SILENT) $(MAKE) -s $$* < /dev/null || { echo "make $$*: build failed. Please re-run make with V=s to see what's going on"; false; } } 8>&1 9>&2; cmd
  endif
  .SILENT: $(MAKECMDGOALS)
 else
  SUBMAKE=$(MAKE) -w
  define MESSAGE
    printf "%s\n" "$(1)"
  endef
  ERROR_MESSAGE=$(MESSAGE)
 endif
--- a/26
+++ b/26
@ -1,18 +1,20 @@
 GLUON_FEEDS='openwrt gluon routing luci'
-OPENWRT_REPO=git://git.openwrt.org/15.05/openwrt.git
+LEDE_REPO=https://git.openwrt.org/openwrt/openwrt.git
-OPENWRT_COMMIT=eadf19c0b43d2f75f196ea8d875a08c7c348530c
+LEDE_BRANCH=lede-17.01
 LEDE_COMMIT=0a2c984222d03d940c52c3675849dd6398b34e64
-PACKAGES_OPENWRT_REPO=git://github.com/openwrt/packages.git
+PACKAGES_OPENWRT_REPO=https://github.com/openwrt/packages.git
-PACKAGES_OPENWRT_COMMIT=9622fe984bba3a4547f48bc507ebaba7637eb2b0
+PACKAGES_OPENWRT_BRANCH=lede-17.01
-PACKAGES_OPENWRT_BRANCH=for-15.05
+PACKAGES_OPENWRT_COMMIT=338690b2f79e2c7090be4e9adbb19b452c9e3c36
-PACKAGES_GLUON_REPO=git://github.com/freifunk-gluon/packages.git
+PACKAGES_GLUON_REPO=https://github.com/freifunk-gluon/packages.git
-PACKAGES_GLUON_COMMIT=63376e23c81e53c21d3c5250c3fb7444a90dc019
+PACKAGES_GLUON_COMMIT=be2c35785994e443d895225c7240474a46f64f5e
-PACKAGES_ROUTING_REPO=git://github.com/openwrt-routing/packages.git
+PACKAGES_ROUTING_REPO=https://github.com/openwrt-routing/packages.git
-PACKAGES_ROUTING_COMMIT=2a8338559de5c4b077cde7a83f43f4700a17d5cc
+PACKAGES_ROUTING_BRANCH=openwrt-18.06
 PACKAGES_ROUTING_COMMIT=1b9d1c419f0ecefda51922a7845ab2183d6acd76
-PACKAGES_LUCI_REPO=git://github.com/openwrt/luci.git
+PACKAGES_LUCI_REPO=https://github.com/openwrt/luci.git
-PACKAGES_LUCI_COMMIT=cdcdfd2594634804ab09dc8105e46116edce0cd6
+PACKAGES_LUCI_BRANCH=lede-17.01
-PACKAGES_LUCI_BRANCH=for-15.05
+PACKAGES_LUCI_COMMIT=1f014bd2180b364bec4c3f6457f72a0621884f9a
--- a/overlay/opkg.mk
+++ b/overlay/opkg.mk
@ -0,0 +1,10 @@
 # LEDE doesn't have a nice way to set the list of feeds in
 # /etc/opkg/distfeeds.conf, so we use this overlay file (which is included by
 # the opkg package Makefile though LEDE's IncludeOverlay mechanism).
 # The following definitions make /etc/opkg/distfeeds.conf match the one included
 # in official LEDE builds (by default, FEEDS_DISABLED contains the original list
 # of feeds (which are unused by Gluon), and FEEDS_ENABLED our own feed list).
 FEEDS_ENABLED := $(FEEDS_DISABLED)
 FEEDS_DISABLED :=
--- a/package/features
+++ b/package/features
@ -0,0 +1,26 @@
 nodefault 'web-wizard'
 packages 'web-wizard' \
 	'gluon-config-mode-hostname' \
 	'gluon-config-mode-geo-location' \
 	'gluon-config-mode-contact-info'
 packages 'web-wizard & autoupdater' \
 	'gluon-config-mode-autoupdater'
 packages 'web-wizard & (mesh-vpn-fastd | mesh-vpn-tunneldigger)' \
 	'gluon-config-mode-mesh-vpn'
 nodefault 'web-advanced'
 packages 'web-advanced' \
 	'gluon-web-admin' \
 	'gluon-web-network' \
 	'gluon-web-wifi-config'
 packages 'web-advanced & autoupdater' \
 	'gluon-web-autoupdater'
 packages 'status-page & (mesh-batman-adv-14 | mesh-batman-adv-15)' \
        'gluon-status-page-mesh-batman-adv'
--- a/package/gluon-alfred/Makefile
+++ b/package/gluon-alfred/Makefile
@ -4,29 +4,11 @@ PKG_NAME:=gluon-alfred
 PKG_VERSION:=1
 PKG_RELEASE:=1
-PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
+include ../gluon.mk
 include $(INCLUDE_DIR)/package.mk
 define Package/gluon-alfred
-  SECTION:=gluon
+  DEPENDS:=+gluon-core +gluon-respondd +gluon-neighbour-info gluon-mesh-batman-adv +micrond +alfred
  CATEGORY:=Gluon
  DEPENDS:=+gluon-core +gluon-respondd +gluon-neighbour-info +micrond +alfred
  TITLE:=Configure alfred
 endef
-define Build/Prepare
+$(eval $(call BuildPackageGluon,gluon-alfred))
 	mkdir -p $(PKG_BUILD_DIR)
 endef
 define Build/Configure
 endef
 define Build/Compile
 endef
 define Package/gluon-alfred/install
 	$(CP) ./files/* $(1)/
 endef
 $(eval $(call BuildPackage,gluon-alfred))
--- a/package/gluon-alfred/files/lib/gluon/upgrade/500-enable-alfred
+++ b/package/gluon-alfred/files/lib/gluon/upgrade/500-enable-alfred
@ -1,18 +0,0 @@
 #!/usr/bin/lua
 local uci = require 'luci.model.uci'
 local c = uci.cursor()
 c:delete('alfred', 'alfred')
 c:section('alfred', 'alfred', 'alfred',
 	  {
 		  interface = 'br-client',
 		  mode = 'slave',
 		  batmanif = 'bat0',
 		  start_vis = '1',
 		  run_facters = '0',
 	  }
 )
 c:save('alfred')
--- a/package/gluon-alfred/luasrc/lib/gluon/upgrade/400-alfred-firewall
+++ b/package/gluon-alfred/luasrc/lib/gluon/upgrade/400-alfred-firewall
@ -0,0 +1,14 @@
 #!/usr/bin/lua
 local uci = require('simple-uci').cursor()
 uci:section('firewall', 'rule',  'mesh_respondd', {
 	name = 'mesh_respondd',
 	src = 'mesh',
 	src_ip = 'fe80::/64',
 	dest_port = '16962',
 	proto = 'udp',
 	target = 'ACCEPT',
 })
 uci:save('firewall')
--- a/package/gluon-alfred/luasrc/lib/gluon/upgrade/500-enable-alfred
+++ b/package/gluon-alfred/luasrc/lib/gluon/upgrade/500-enable-alfred
@ -0,0 +1,14 @@
 #!/usr/bin/lua
 local uci = require('simple-uci').cursor()
 uci:delete('alfred', 'alfred')
 uci:section('alfred', 'alfred', 'alfred', {
 	interface = 'br-client',
 	mode = 'slave',
 	batmanif = 'bat0',
 	start_vis = true,
 	run_facters = false,
 })
 uci:save('alfred')
--- a/package/gluon-authorized-keys/Makefile
+++ b/package/gluon-authorized-keys/Makefile
@ -3,34 +3,11 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=gluon-authorized-keys
 PKG_VERSION:=2
-PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
+include ../gluon.mk
 include $(GLUONDIR)/include/package.mk
 define Package/gluon-authorized-keys
  SECTION:=gluon
  CATEGORY:=Gluon
  TITLE:=Fill /etc/dropbear/authorized_keys from site.conf
  DEPENDS:=+gluon-core
 endef
-define Build/Prepare
+$(eval $(call BuildPackageGluon,gluon-authorized-keys))
 	mkdir -p $(PKG_BUILD_DIR)
 endef
 define Build/Configure
 endef
 define Build/Compile
 endef
 define Package/gluon-authorized-keys/install
 	$(CP) ./files/* $(1)/
 endef
 define Package/gluon-authorized-keys/postinst
 #!/bin/sh
 $(call GluonCheckSite,check_site.lua)
 endef
 $(eval $(call BuildPackage,gluon-authorized-keys))
--- a/package/gluon-authorized-keys/check_site.lua
+++ b/package/gluon-authorized-keys/check_site.lua
@ -1 +1 @@
-need_string_array 'authorized_keys'
+need_string_array(in_site({'authorized_keys'}))
--- a/package/gluon-authorized-keys/luasrc/lib/gluon/upgrade/100-authorized-keys
+++ b/package/gluon-authorized-keys/luasrc/lib/gluon/upgrade/100-authorized-keys
@ -1,6 +1,6 @@
 #!/usr/bin/lua
-local site = require 'gluon.site_config'
+local site = require 'gluon.site'
 local file = '/etc/dropbear/authorized_keys'
 local keys = {}
@ -14,7 +14,7 @@ end
 pcall(load_keys)
 local f = io.open(file, 'a')
-for _, key in ipairs(site.authorized_keys) do
+for _, key in ipairs(site.authorized_keys()) do
  if not keys[key] then
    f:write(key .. '\n')
  end
--- a/package/gluon-autoupdater/Makefile
+++ b/package/gluon-autoupdater/Makefile
@ -2,40 +2,30 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=gluon-autoupdater
 PKG_VERSION:=4
 PKG_RELEASE:=$(GLUON_BRANCH)
-PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
+PKG_CONFIG_DEPENDS := CONFIG_GLUON_BRANCH
 PKG_BUILD_DEPENDS := respondd
-include $(GLUONDIR)/include/package.mk
+include ../gluon.mk
 define Package/gluon-autoupdater
  SECTION:=gluon
  CATEGORY:=Gluon
  DEPENDS:=+gluon-core +libgluonutil +micrond +autoupdater
  TITLE:=Automatically update firmware
 endef
-define Build/Prepare
+define Package/gluon-autoupdater/config
-	mkdir -p $(PKG_BUILD_DIR)
+config GLUON_BRANCH
-	$(CP) ./src/* $(PKG_BUILD_DIR)/
+	string "Gluon autoupdater branch"
 	depends on PACKAGE_gluon-autoupdater
 	default ""
 endef
 define Package/gluon-autoupdater/install
-	$(CP) ./files/* $(1)/
+	$(Gluon/Build/Install)
-	$(INSTALL_DIR) $(1)/lib/gluon/respondd
+ifneq ($(CONFIG_GLUON_BRANCH),"")
-	$(CP) $(PKG_BUILD_DIR)/respondd.so $(1)/lib/gluon/respondd/autoupdater.so
+	$(INSTALL_DIR) $(1)/lib/gluon/autoupdater
-
+	echo '$(call qstrip,$(CONFIG_GLUON_BRANCH))' > $(1)/lib/gluon/autoupdater/default_branch
-	if [ '$(GLUON_BRANCH)' ]; then \
+endif
 		$(INSTALL_DIR) $(1)/lib/gluon/autoupdater; \
 		echo '$(GLUON_BRANCH)' > $(1)/lib/gluon/autoupdater/default_branch; \
 	fi
 endef
-define Package/gluon-autoupdater/postinst
+$(eval $(call BuildPackageGluon,gluon-autoupdater))
 #!/bin/sh
 $(call GluonCheckSite,check_site.lua)
 endef
 $(eval $(call BuildPackage,gluon-autoupdater))
--- a/package/gluon-autoupdater/check_site.lua
+++ b/package/gluon-autoupdater/check_site.lua
@ -1,14 +1,10 @@
-need_string 'autoupdater.branch'
+need_string(in_site({'autoupdater', 'branch'}))
-local function check_branch(k, _)
+need_table({'autoupdater', 'branches'}, function(branch)
-   assert_uci_name(k)
+	need_alphanumeric_key(branch)
-   local prefix = string.format('autoupdater.branches[%q].', k)
+	need_string(in_site(extend(branch, {'name'})))
-
+	need_string_array_match(extend(branch, {'mirrors'}), '^http://')
-   need_string(prefix .. 'name')
+	need_number(in_site(extend(branch, {'good_signatures'})))
-   need_string_array(prefix .. 'mirrors')
+	need_string_array_match(in_site(extend(branch, {'pubkeys'})), '^%x+$')
-   need_number(prefix .. 'good_signatures')
+end)
   need_string_array(prefix .. 'pubkeys')
 end
 need_table('autoupdater.branches', check_branch)
--- a/package/gluon-autoupdater/files/lib/gluon/autoupdater/lib.sh
+++ b/package/gluon-autoupdater/files/lib/gluon/autoupdater/lib.sh
@ -2,15 +2,15 @@
 stop() {
-        if [ -x /etc/init.d/$1 ]; then
+        if [ -x /etc/init.d/"$1" ]; then
                echo "Stopping $1..."
-                /etc/init.d/$1 stop
+                /etc/init.d/"$1" stop
        fi
 }
 start_enabled() {
-        if [ -x /etc/init.d/$1 ] && /etc/init.d/$1 enabled; then
+        if [ -x /etc/init.d/"$1" ] && /etc/init.d/"$1" enabled; then
                echo "Starting $1..."
-                /etc/init.d/$1 start
+                /etc/init.d/"$1" start
        fi
 }
--- a/package/gluon-autoupdater/files/lib/gluon/upgrade/500-autoupdater
+++ b/package/gluon-autoupdater/files/lib/gluon/upgrade/500-autoupdater
@ -1,56 +0,0 @@
 #!/usr/bin/lua
 local site = require 'gluon.site_config'
 local uci = require 'luci.model.uci'
 local c = uci.cursor()
 for name, config in pairs(site.autoupdater.branches) do
 	c:delete('autoupdater', name)
 	c:section('autoupdater', 'branch', name,
 		  {
 			  name = config.name,
 			  mirror = config.mirrors,
 			  good_signatures = config.good_signatures,
 			  pubkey = config.pubkeys,
 		  }
 	)
 end
 if not c:get('autoupdater', 'settings') then
 	local enabled = 0
 	local branch = site.autoupdater.branch
 	local f = io.open('/lib/gluon/autoupdater/default_branch')
 	if f then
 		enabled = 1
 		branch = f:read('*line')
 		f:close()
 	end
 	c:section('autoupdater', 'autoupdater', 'settings',
 		  {
 			  enabled = enabled,
 			  branch = branch,
 		  }
 	)
 end
 c:set('autoupdater', 'settings', 'version_file', '/lib/gluon/release')
 c:save('autoupdater')
 local autoupdater_util = require 'autoupdater.util'
 autoupdater_util.randomseed()
 -- Perform updates at a random time between 04:00 and 05:00, and once an hour
 -- a fallback update (used after the regular updates haven't
 local minute = math.random(0, 59)
 local f = io.open('/usr/lib/micron.d/autoupdater', 'w')
 f:write(string.format('%i 4 * * * /usr/sbin/autoupdater\n', minute))
 f:write(string.format('%i 0-3,5-23 * * * /usr/sbin/autoupdater --fallback\n', minute))
 f:close()
--- a/package/gluon-autoupdater/luasrc/lib/gluon/upgrade/500-autoupdater
+++ b/package/gluon-autoupdater/luasrc/lib/gluon/upgrade/500-autoupdater
@ -0,0 +1,53 @@
 #!/usr/bin/lua
 local site = require 'gluon.site'
 local uci = require('simple-uci').cursor()
 for name, config in pairs(site.autoupdater.branches()) do
 	uci:delete('autoupdater', name)
 	uci:section('autoupdater', 'branch', name, {
 		name = config.name,
 		mirror = config.mirrors,
 		good_signatures = config.good_signatures,
 		pubkey = config.pubkeys,
 	})
 end
 if not uci:get('autoupdater', 'settings') then
 	local enabled = false
 	local branch = site.autoupdater.branch()
 	local f = io.open('/lib/gluon/autoupdater/default_branch')
 	if f then
 		enabled = true
 		branch = f:read('*line')
 		f:close()
 	end
 	uci:section('autoupdater', 'autoupdater', 'settings', {
 		enabled = enabled,
 		branch = branch,
 	})
 end
 uci:set('autoupdater', 'settings', 'version_file', '/lib/gluon/release')
 uci:save('autoupdater')
 local urandom = io.open('/dev/urandom', 'r')
 local seed1, seed2 = urandom:read(2):byte(1, 2)
 math.randomseed(seed1*0x100 + seed2)
 urandom:close()
 -- Perform updates at a random time between 04:00 and 05:00, and once an hour
 -- a fallback update (used after the regular updates haven't worked for
 -- (priority+1) days after a firmware release, for example because the node
 -- is always offline at night)
 local minute = math.random(0, 59)
 local f = io.open('/usr/lib/micron.d/autoupdater', 'w')
 f:write(string.format('%i 4 * * * /usr/sbin/autoupdater\n', minute))
 f:write(string.format('%i 0-3,5-23 * * * /usr/sbin/autoupdater --fallback\n', minute))
 f:close()
--- a/package/gluon-autoupdater/src/respondd.c
+++ b/package/gluon-autoupdater/src/respondd.c
@ -36,6 +36,8 @@
 static struct json_object * get_autoupdater(void) {
 	struct uci_context *ctx = uci_alloc_context();
 	if (!ctx)
 		return NULL;
 	ctx->flags &= ~UCI_FLAG_STRICT;
 	struct uci_package *p;
--- a/package/gluon-client-bridge/Makefile
+++ b/package/gluon-client-bridge/Makefile
@ -3,34 +3,11 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=gluon-client-bridge
 PKG_VERSION:=1
-PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
+include ../gluon.mk
 include $(GLUONDIR)/include/package.mk
 define Package/gluon-client-bridge
  SECTION:=gluon
  CATEGORY:=Gluon
  TITLE:=Provides a bridge and a wireless interface for clients to connect to
-  DEPENDS:=+gluon-core
+  DEPENDS:=+gluon-core +kmod-veth +@GLUON_SPECIALIZE_KERNEL:KERNEL_VETH
 endef
-define Build/Prepare
+$(eval $(call BuildPackageGluon,gluon-client-bridge))
 	mkdir -p $(PKG_BUILD_DIR)
 endef
 define Build/Configure
 endef
 define Build/Compile
 endef
 define Package/gluon-client-bridge/install
 	$(CP) ./files/* $(1)/
 endef
 define Package/gluon-client-bridge/postinst
 #!/bin/sh
 $(call GluonCheckSite,check_site.lua)
 endef
 $(eval $(call BuildPackage,gluon-client-bridge))
--- a/Show More
+++ b/Show More
`@ -1 +1 @@`
	`need_string_array 'authorized_keys'`	`need_string_array(in_site({'authorized_keys'}))`