Commit Graph

4650 Commits

Author SHA1 Message Date
lemoer
2daf13cd4a docs: add docs for gluon-mesh-vpn-wireguard 2022-06-07 18:30:54 +02:00
David Bauer
15ef885836
ipq40xx: switch Wave2 firmware to -ct (#2541)
Use the candelatech firmware for the QCA Wave-2 firmware.

The Qualcomm firmware used for the IPQ401x chip in OpenWrt in 22.03
is experiencing heavily degraded performance due to excessive
retransmits when using A-MSDU. Disabling VHT modes or switching to the
candelatech firmware circumvents this issue.

Apply the same to other Wave-2 platforms in order to keep consistency
with upstream.

Wave-1 chips do not support mesh modes with the -ct firmware, so keep
using the QCA firmware in their case.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-06-05 11:55:25 +02:00
David Bauer
98be390391
Merge pull request #2540 from blocktrron/upstream-master-updates
modules: update to latest HEAD
2022-06-03 05:50:59 +02:00
David Bauer
4d84617598 modules: update packages
656ed7aef openwisp-config: update to 1.0.0
29d26d1d0 xray-core: Update to 1.5.6
0647d444b cloudflared: Update to 2022.5.3
62514d596 yq: Update to 4.25.2
a9eed2e80 php8: update to 8.1.6
b42781523 php8: update to 8.1.5
a60cb1fbd libxml2: update to 2.9.14
dbe3820f3 pdns-recursor: update to 4.7.0
1646a22dd strongswan: support child rekey by bytes and packets
2022-06-02 17:03:22 +02:00
David Bauer
e56486b6d8 modules: update openwrt
f765f2f114 ipq40xx: add Aruba AP-365 specific BDF
59e1b59bb3 malta: use default OpenWrt network configuration
dbd4c345fb firewall4: update to latest Git HEAD
dad1533030 ucode: update to latest Git HEAD
2022-06-02 17:03:14 +02:00
J. Burfeind
fc5644f606
docs: use default language 'en' (#2538)
Since sphinx-5.0.0 "None" is not recommended anymore.
2022-06-01 01:06:27 +02:00
Matthias Schiffer
0b9d3b78c4
ath79-generic: update Archer C6 v2 image name (#2534)
The DTS model name has been changed to "TP-Link Archer C6 v2 (EU/RU/JP)"
to distinguish it from the US version.

Closes #2533
2022-06-01 01:06:06 +02:00
J. Burfeind
2887adef5f
ath79-generic: (re)add support for NanoBeam M5 (XW) (#2432)
Gone due to
commit 071cf7b20f ("Switch to Lua for target definitions")

Has prior been introduced as untested -> broken in
commit d586720c5c ("ar71xx-generic: add support for Ubiquiti NanoBeam M5")

Was commented out in the former commit.
2022-05-30 20:44:43 +02:00
David Bauer
7c7fbd14b7
Merge pull request #2524 from s-2/dir-825
ath79-generic: migrate D-Link DIR-825 B1 from ar71xx
2022-05-29 17:31:22 +02:00
David Bauer
541000eeb0
Merge pull request #2536 from blocktrron/upstream-master-updates
modules: update to latest HEAD
2022-05-29 17:30:22 +02:00
David Bauer
ecace93311 modules: update routing
b7a8391 mesh11sd: Release v1.1.1
2022-05-29 00:03:18 +02:00
David Bauer
e42620cd89 modules: update packages
70c8dc36c lua-openssl: update to version 0.8.2-1
a5a0c94cc banip: mark as broken
f263b042a dnslookup: Update to 1.7.0
244eb582f dnsproxy: Update to 0.43.0
80675bedb dnsproxy: Update to 0.42.4
ba8efcc27 vpnc: Update to 0.5.3+git20220517
009915f4f haproxy: Update HAProxy to v2.4.17
1efe209f1 tailscale: update to version 1.24.2
4b697c468 node-serialport: Support for npm@8
403eb59cd node-hid: Support for npm@8
52cb98ae9 node-cylon: Support for npm@8
575fbc5b9 node-arduino-firmata: Support for npm@8
83a9458a1 node-serialport-bindings: Support for npm@8
20a92ce23 node-yarn: Support for npm@8
9934d2851 node-homebridge: Support for npm@8
97d325e6d node-javascript-obfuscator: Support for npm@8
7e853be8f node: Major update from v14 to v16
2022-05-29 00:03:16 +02:00
David Bauer
a8a1a058b4 modules: update openwrt
b42511c007 ath79: fix label MAC address for D-Link DIR-825B1
0ed3446bfc OpenWrt v22.03.0-rc3: revert to branch defaults
f0e0bcba5e OpenWrt v22.03.0-rc3: adjust config defaults
9f415792e1 ath79: NanoBeam M5 fix target_devices
d9cb31f944 ath79: add support for Ubiquiti NanoBeam M5
fca0069247 OpenWrt v22.03.0-rc2: revert to branch defaults
4f6f9caf1f OpenWrt v22.03.0-rc2: adjust config defaults
2022-05-29 00:03:07 +02:00
lemoer
c133fbbef6
push_pkg.sh: use scp protocol for openssh scp (#2479)
Starting from OpenSSH 9.0p, scp started to use sftp in favor of the
scp protocol by default. As dropbear in OpenWrt currently does not
support sftp by default, we now use the fallback cli switch "-O"
to use the scp protocol for scp.
2022-05-28 20:41:10 +02:00
Jan
b690939fae
ramips-mt7620: remove "broken" status for ASUS RT-AC51U (#2494) 2022-05-27 21:40:05 +02:00
Sebastian Schaper
d56a0f2602 ath79-generic: migrate D-Link DIR-825 B1 from ar71xx
Signed-off-by: Sebastian Schaper <openwrt@sebastianschaper.net>
2022-05-27 19:28:04 +02:00
Matthias Schiffer
92a6b81e8a
gluon-autoupdater: check that good_signatures does not exceed number of provided pubkeys 2022-05-27 12:12:26 +02:00
Matthias Schiffer
3a893f67ce
ci: minimal-site: set good_signatures to 0
Do not fail the new check that good_signatures ≤ #pubkeys.
2022-05-27 12:12:26 +02:00
Matthias Schiffer
53cf8796c7
gluon-autoupdater: revert to default branch when configured branch is invalid
An invalid branch may be set for various reasons:

- Previous firmware had an invalid default branch
- Branch list has changed and old UCI branch config was removed by a
  site-specific upgrade script
- Manual UCI configuration
2022-05-27 12:00:32 +02:00
Matthias Schiffer
2c65f0834b
gluon-autoupdater: factor out default_branch() function
Make the code clearer and prepare for invalid branch fixup.
2022-05-27 12:00:32 +02:00
Matthias Schiffer
db48b6b693
gluon-autoupdater: check default branch name
Check the default branch (both from site.conf and GLUON_AUTOUPDATER_BRANCH)
against the list of configured branch names to avoid misconfiguration.
2022-05-27 12:00:32 +02:00
Matthias Schiffer
d24ae56378
gluon-core: check-site: support checking "custom" values
The new "value" helper can be used to turn a Lua value into a path that
can be passed to need_*() etc.
2022-05-27 12:00:31 +02:00
Matthias Schiffer
674ec7b64a
ath79-generic: re-add support for Ubiquiti UniFi AP Outdoor+ (#2440)
Removed in 45c84a117b ("ar71xx: drop target").
2022-05-26 23:35:18 +02:00
Maciej Krüger
a0df96eb97
ath79-mikrotik: add support for Mikrotik RB951Ui-2nD (#2377)
Re-add mikrotik target

Note that previous images were generic ones and as such no migration
path is provided other than manually flashing the image via config-mode.
2022-05-22 11:45:28 +02:00
David Bauer
1ef3edbe58
Merge pull request #2352 from lemoer/pr_site_vpn_mtu_in_provider
RFC: gluon-mesh-vpn-*: make MTU of VPN device provider specific
2022-05-22 11:45:10 +02:00
J. Burfeind
36f406746e
gluon-status-page: fix mesh-vpn section for wg (#2502)
Since freifunk-gluon/packages#250 mesh-vpn-peers
can be empty arrays if they're not connected
and the node is in a WireGuard site.
2022-05-21 20:27:14 +02:00
lemoer
d3dbc3d8ed docs: move mtu in site.rst 2022-05-21 20:09:01 +02:00
lemoer
5f8da70ffd docs: adjust example site.conf 2022-05-21 20:08:52 +02:00
David Bauer
ae27394f78
Merge pull request #2528 from blocktrron/upstream-master-updates
base: update modules
2022-05-21 18:13:31 +02:00
lemoer
7c81897b4c gluon-mesh-vpn-*: make vpn MTU provider specific
If a community uses different vpn providers, they typically
assume the same MTU for the wan device underneath the VPN. As
different VPN providers however have different overhead, the MTU
of the VPN device differs for each provider. Therefore this
commit makes the MTU of the VPN device provider specific.

This has two advantages:
1. The same site.conf can used to bake firmwares for different
   VPN providers (only by selecting a diferent vpn feature in the
   site.mk).
2. We are coming closer to the option of integrating multiple VPN
   providers into one firmware.
2022-05-21 18:12:49 +02:00
David Bauer
18818bb624 modules: update routing
f6d2b09 babeld: rewrite description
37d2c78 babled: update to 1.12.1
255c859 babeld: update to 1.12
f2bebea alfred: Merge bugfixes from 2022.1
2bebe7e batctl: Merge bugfixes from 2022.1
0ab07cf batman-adv: Merge bugfixes from 2022.1
2022-05-21 18:09:26 +02:00
David Bauer
6fcc04ab64 modules: update packages
b708cf5a1 ffmpeg: update to 5.0.1
2d0893afb pigeonhole: update to 2.3.18
2904343fb dovecot: update to 2.3.18
771fc2373 openconnect: bump to version 9.01
6621ab68b miniflux: update to 2.0.36
aaab4075c openldap: drop use of HTTP in favor of HTTPS
2abb60c16 audit: avoid interferece with base libaudit build
964e972af audit: remove host build
0c44bdcea audit: Fix compilation with kernel 5.15
223f6215b poemgr: add package
9f4253df4 shadowsocks-libev: fix compat issue with newer version of ucode
044425dc4 bluez: Update to 5.64, update/refresh patches
30c39ca1d docker: Update to v20.10.16
b23eb24dc dockerd: Update to v20.10.16
6f3e7f879 libnetwork: Updated to 339b97 for docker v20.10.16
c5061b93d containerd: Update to v1.6.4 for docker v20.10.16 * Overrode `PREFIX` to have the old behaviour
33d3642c8 runc: Update to v1.1.1 for docker v20.10.16
001ab241e icu: bump to 71.1
136fb020f usteer: update to latest HEAD
db966f719 telegraf: Update to version 1.22.4
864bc0eac golang: Update to 1.18.2
867ad434f micropython-lib: Update to latest master
0cd609b67 ci: Look for changed packages in the PR branch only
9d2246b28 docker: fix compilation with glibc
5af6f2592 dockerd: fix compilation with glibc
8905f9808 dockerd: Add firewall independent dependencies
79614bb2a dockerd: Sorted dependencies for better diffs
c227c65c6 docker:  Update to 20.10.14
df8b28232 dockerd: Update to 20.10.14, and update version checking mechanism
23547de3c containerd: Update to 1.5.11
c79b4f85b runc: update to 1.0.3
f8892740c privoxy: update to 3.0.33 and fix the init script
6f606107e lxc: export systemd cgroups after install
245c658fa cloudflared: Update to 2022.5.1
61a2e96d2 dnsproxy: Update to 0.42.3
f8e2c5dca dawn: update to 2022-05-09
68c7cb1d3 haproxy: Update HAProxy to v2.4.16
db148cc08 adblock: list maintenance
821fd2499 strongswan: add wolfssl plugin
220c75cef htop: update to 3.2.0
dad9ae19e v2rayA: Update to 1.5.7
2aa2a157b cloudreve: Update to 3.5.3
d51f7c20b cloudreve: Update to 3.5.2
0e639eb47 cloudflared: Update to 2022.5.0
23fc3e63c youtube-dl: update to 2021.12.17
50e306326 usteer: update to latest HEAD
f26d5e546 passh: updated per OpenWrt's common practice
3bd1d510e passh: an sshpass alternative
7fddd201f sexpect: updated per OpenWrt's common practice
40e42950c sexpect: Expect for Shells
b282f5bba https-dns-proxy: 2021-11-22-3: add support for Canary Domains
b93534691 zerotier: fix segfault on ARM platforms
2022-05-21 18:09:25 +02:00
David Bauer
7a80663f18 modules: update openwrt
34b6abf5a8 ath79: add support for MikroTik hAP (RB951Ui-2nD)
03cfdf72e2 ath79: add support for MikroTik RouterBOARD hAP ac lite
80baa60259 firewall4: update to latest Git HEAD
4575498276 ucode: update to latest Git HEAD
e90f74feb6 kernel: bump 5.10 to 5.10.116
95c315f200 ath79: fix ar934x spi driver delays
97a2012ecc openssl: bump to 1.1.1o
6f8db8fee3 wolfssl: bump to v5.3.0-stable
3aeb6e975f ipq806x: add support for Arris TR4400 v2 / RAC2V1A
a11c3cde27 realtek: add support for ZyXEL GS1900-16
9b20e2a699 ath79: add Netgear WNDAP360
6729fa2dd2 ath79: add support for TP-Link Deco M4R v1 and v2
3c57430d1c ramips: add led_source for Asus RT-AC1200 devices
e431195abf ramips: add support for Cudy X6
5439efe37d ramips: Add support for SERCOMM NA502S
fe5943a7bd ramips: add support for Wavlink WL-WN533A8
5454735574 ramips: create shared DTSI for Wavlink WN53XAX devices
7152bc84f4 ramips: add support for TP-Link RE650 v2
d627ea510c ramips: add support for YunCore AX820/HWAP-AX820
9c2ed54aa2 firmware-utils: bump to git HEAD
87f9dd665a firmware-utils: bump to git HEAD
3963a90df8 kernel: Add missing devm_regulator_get_exclusive()
7a0af40e37 kernel: bump 5.10 to 5.10.115
e0aaecdbb8 kernel: bump 5.10 to 5.10.114
416e8aefe1 IPQ4019: AVM FRITZ!Box 7530: Remove NAND ECC restrictions from DTS
ec45e1ff68 kernel: add support for Toshiba TC58NVG0S3HTA00 NAND flash
144d9c4a43 uboot-fritz4040: Add support for Toshiba NAND
9ef931f96b ath79: ZTE MF286[A,R]: add "Power button blocker" GPIO switch
54e759d05d ipq40xx: revert Cell-C RTL30VW to legacy caldata extraction
0f8eba4f95 ath79: fix I2C on GL-AR300M devices
308ce46076 ipq40xx: Lyra: update RGB LED-Controller node for 5.10+
19a8c723b6 lantiq: xway: disable unused switch drivers
a374a959b9 realtek: do not reset SerDes on link change
7b4702afef realtek: Trap all frames with switch as destination to CPU-port
1c6a179e1a ramips: fix booting on Samknows SK-WB8
6120a66e6a bcm27xx: include 'rtc' in target's 'FEATURES'
ae64d0624c kernel: fix corrupted padding on small packets with mt753x dsa
53fc6e9ede kernel: fix flow offload issues with pppoe
77e123340f mediatek: add patches for MT7622 WED (wireless ethernet dispatch)
2022-05-21 18:09:18 +02:00
Martin Weinelt
99bdce1072
ramips-mt7621: add TP-Link RE650v1 (#2527)
- [x] Must be flashable from vendor firmware
  - [x] Web interface
  - [ ] TFTP (untested, but possible according to OpenWrt wiki)
  - [ ] Other: <specify>
- [x] Must support upgrade mechanism
  - [x] Must have working sysupgrade
    - [x] Must keep/forget configuration (`sysupgrade [-n]`, `firstboot`)
  - [x] Gluon profile name matches autoupdater image name
        (`lua -e 'print(require("platform_info").get_image_name())'`)
- [x] Reset/WPS/... button must return device into config mode
- [x] Primary MAC address should match address on device label (or packaging)
      (https://gluon.readthedocs.io/en/latest/dev/hardware.html#notes)
  - When re-adding a device that was supported by an earlier version of Gluon, a
    factory reset must be performed before checking the primary MAC address, as
    the setting from the old version is not reset otherwise.
- Wired network
  - [x] should support all network ports on the device
  - [x] must have correct port assignment (WAN/LAN)
    - On devices supplied via PoE, there is usually no explicit WAN/LAN labeling on the hardware.
      The PoE input should be the WAN port in this case.
- Wireless network (if applicable)
  - [x] Association with AP must be possible on all radios
  - [x] Association with 802.11s mesh must work on all radios
  - [x] AP+mesh mode must work in parallel on all radios
- LED mapping
  - Power/system LED
    - [x] Lit while the device is on
    - [x] Should display config mode blink sequence
          (https://gluon.readthedocs.io/en/latest/features/configmode.html)
  - Radio LEDs
    - [x] Should map to their respective radio
    - [x] Should show activity
  - Switch port LEDs
    - [x] Should map to their respective port (or switch, if only one led present)
    - [x] Should show link state and activity
2022-05-21 14:17:29 +02:00
Maciej Krüger
57c0bdbf56
gluon-core: add post-setup.d .keep (#2525)
This folder is referenced in files/lib/netifd/proto/gluon_mesh.sh, but 
there's no .keep for it
2022-05-20 18:59:37 +02:00
Sebastian Schaper
3ee60c77ba ath79-generic: fix whitespace
Signed-off-by: Sebastian Schaper <openwrt@sebastianschaper.net>
2022-05-17 18:54:15 +02:00
J. Burfeind
02edf564bd
ath79-generic: (re)add CPE210v3 (#2506)
Gone due to
commit 45c84a117b ("ar71xx: drop target")
2022-05-13 23:36:34 +02:00
J. Burfeind
523dead05b
ath79-generic: (re)add support for wndr3700 (#2482)
Gone due to
commit 45c84a117b ("ar71xx: drop target")
2022-05-11 23:00:43 +02:00
David Bauer
6ccd7c587b
Merge pull request #2503 from freifunk-gluon/import-release-notes
Import v2021.1.2 release notes, README / copyright updates
2022-05-08 12:14:19 +02:00
Matthias Schiffer
b68f2484ff
treewide: remove leftover GLUON_SPECIALIZE_KERNEL dependencies (#2514)
This was removed in commit c23bc293ef ("treewide: remove
GLUON_SPECIALIZE_KERNEL").
2022-05-08 12:14:03 +02:00
naveen
341ed3b311 chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.

- Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions

https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

[Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)

Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-05-08 01:00:16 +00:00
Matthias Schiffer
9d403c9849
docs: dev/hardware: update hardware support documentation (#2458)
Replace most of the page to account for the changes that have happened
in Gluon and OpenWrt in the last 4 years:

- Switch from Shell-based target definition language to Lua
- Removal of targets using legacy build code

Closes #2360
2022-05-07 18:27:45 +02:00
David Bauer
56eaf4aa28
treewide: switch crypto lib to WolfSSL (#2509)
WolfSSL has a significant lower flash footprint. Also, issues with OWE /
SAE connections were fixed in OpenWrt a while ago.

See ddcb970274

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-05-07 15:17:03 +02:00
Matthias Schiffer
b1a12a4a0c
generic: reduce kernel size some more (#2510)
Remove a few features that became enabled by default since OpenWrt 19.07.
Disabling CONFIG_RELAY also reduces RAM usage.
2022-05-07 15:16:47 +02:00
David Bauer
1bcd4a47c9
Merge pull request #2508 from blocktrron/gluon-size
generic: reduce flash consumption
2022-05-07 00:01:45 +02:00
David Bauer
fd6f8c2919 generic: optimize kernel size
Remove kernel symbols which are not required for Gluon.

Signed-off-by: David Bauer <mail@david-bauer.net>
2022-05-06 20:57:25 +02:00
David Bauer
6fe2e6fc80 target: remove nftables
Gluon still uses firewall3 and iptables, so remove dependency on
nftables.
2022-05-06 20:57:03 +02:00
David Bauer
d656d38c7c mesh-vpn-core: require legacy iptables
Require legacy iptables, as Gluon still depends on firewall3. Otherwise,
nftables is pulled in as a dependency.
2022-05-06 20:55:57 +02:00
David Bauer
436d6053cb
Merge pull request #2504 from freifunk-gluon/update-modules
Update modules
2022-05-06 08:43:35 +02:00
Matthias Schiffer
8ebba2350a
modules: update OpenWrt packages
948ea0e9c046 ecdsautils: update to v0.4.1
97333939dbcc hwdata: update to version 0.359
22c8efd9377c tor: bump to 0.4.7.7 stable
241e70f5fd84 etherwake-nfqueue: swap iptables for nftables dependency
61e0ee2e8e30 rclone: Update to 1.58.1
a8374c48e14f apfree-wifidog: fix compile error
2af08fe724f3 gst1-libav: fix compilation with ffmpeg5
419054a05f56 libtorrent-rasterbar: Update to 2.0.6

With the update to ecdsautils 0.4.1, we can remove the downstream patch
again.
2022-05-05 20:08:12 +02:00