Compare commits

..

59 Commits

Author SHA1 Message Date
Matthias Schiffer
250b623fb4
Merge pull request from GHSA-xqhj-fmc7-f8mv
ecdsautils: verify: fix signature verification (CVE-2022-24884)
2022-05-05 18:02:38 +02:00
Matthias Schiffer
6eb0720e50
ecdsautils: verify: fix signature verification (CVE-2022-24884)
A vulnerability was found in ecdsautils which allows forgery of ECDSA
signatures. An adversary exploiting this vulnerability can create an update
manifest accepted by the autoupdater, which can be used to distribute
malicious firmware updates by spoofing a Gluon node's connection to the
update server.
2022-05-03 18:02:13 +02:00
David Bauer
570680459d
scripts: download.pl: retry download using filename (#2149)
With this commit, the download script will try downloading source files
using the filename instead of the url-filename in case the previous
download attempt using the url-filename failed.

This is required, as the OpenWrt sources mirrors serve files using the
filename files might be renamed to after downloading. If the original
mirror for a file where url-filename and filename do not match goes
down, the download failed prior to this patch.

Further improvement can be done by performing this only for the
OpenWrt sources mirrors.

Signed-off-by: David Bauer <mail@david-bauer.net>
2020-12-07 04:32:53 +01:00
Martin Weinelt
864d875b57 modules: update OpenWrt
7cbbab7246 mac80211: Fix brcmfmac compile on layerscape/armv8_64b
28a85b8c2b layerscape: update kernel patch to fix build
3a8cfabe0c kernel: Update kernel 4.9 to version 4.9.243
9cdc02be88 kernel: Update kernel 4.14 to version 4.14.206
5625f5bc36 uci: Backport security fixes
d94c59f7eb oxnas: fix qc_prep return in sata driver after kernel 4.14.200
ac56d25361 ar71xx: mikrotik: bypass id check in __rb_get_wlan_data()
5d01d05608 kernel: Update kernel 4.14 to version 4.14.202
edda06c7b4 kernel: Update kernel 4.9 to version 4.9.240
27677af27c firewall: options: fix parsing of boolean attributes

Build-tested: x86-64
2020-11-17 02:33:13 +01:00
Martin Weinelt
fd5706c555 modules: update packages
65e919996 haproxy: Update HAProxy to v1.8.27
3325a3ce0 php7: update to 7.2.34
a72e95a2f fastd: fix buffer leak when receiving invalid packets
34353f2e8 Merge pull request #13685 from jefferyto/python-3.6.12-openwrt-18.06
5d988670c python3: Update to 3.6.12, remove backported patches
46e05d87b simple-adblock: config update file fix
8579739f2 nano: update to 5.3
026055077 Merge pull request #13550 from gladiac1337/haproxy-1.8.26-openwrt-18.06
16f1b537b haproxy: Update HAProxy to v1.8.26
dc09a3791 vpnbypass: README update, code cleanup
82f833312 Merge pull request #13435 from stangri/18.06-simple-adblock
b7c198b3e simple-adblock: add config auto-update feature
a359b1b3b php7: update to 7.2.33
0ad7b4af0 nano: update to 5.2
2020-11-17 02:33:03 +01:00
Andreas Ziegler
446cc1337c
docs, README: Gluon v2019.1.3 2020-11-05 01:38:48 +01:00
Andreas Ziegler
33275b6390 docs: add v2019.1.3 release notes 2020-11-01 18:23:46 +01:00
David Bauer
279fb88c3f Revert "tplink-safeloader: expand support list for TP-Link CPE210 v3"
This reverts commit 1268fda292.
2020-11-01 16:53:20 +01:00
David Bauer
ddb542489f Revert "kernel: mtd: add support for EN25QH64 in spi-nor.c"
This reverts commit ee4ec4da5a.
2020-11-01 16:53:12 +01:00
Martin Weinelt
4648215652
refresh patches 2020-10-27 20:25:55 +01:00
Martin Weinelt
f0a2da5b2c
modules: update routing
83f515d Merge pull request #624 from ecsv/batadv-for-18.06
7448ab9 batman-adv: Fix missing include for backported 2020.4 patch
8f47c32 Merge pull request #621 from ecsv/batadv-for-18.06
351c782 batctl: Merge bugfixes from 2020.4
c197ddb batman-adv: Merge bugfixes from 2020.4

Compile-tested: ar71xx-generic
2020-10-27 20:25:01 +01:00
Matthias Schiffer
b863bb89e7
fastd: fix buffer leak when receiving invalid packets 2020-10-19 22:47:53 +02:00
Andreas Ziegler
845d8ebdc9
Merge pull request #2136 from SmithChart/v2019.1.x/cpe210-3.20
ar71xx-generic: add support for TP-Link CPE210 v3.20
2020-10-19 22:25:09 +02:00
Chris Fiege
1268fda292 tplink-safeloader: expand support list for TP-Link CPE210 v3
This adds new strings to the support list for the TP-Link CPE210 v3
that are supposed to work with the existing setup.

Without it, the factory image won't be accepted by the vendor UI on
these newer revisions.

Tested on a CPE210 v3.20 (EU).

Ref: https://forum.openwrt.org/t/build-for-cpe210-v3-20/68000

Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>

---
This patch was taken from upstream OpenWRT commit-id
4a2380a1e778a8f8e0bfb0a00f2996ed0aab58d8
2020-10-18 20:38:57 +02:00
Chris Fiege
ee4ec4da5a kernel: mtd: add support for EN25QH64 in spi-nor.c
The Eon EN25QH64 is a 64 Mbit SPI NOR flash memory chip. Its 32, 128 and
256 Mbits siblings are supported upstream but this particular size
wasn't.
This commit includes patches for kernels 4.14 and 4.19.

Tested on a COMFAST CF-E120A v3 (ath79).

Signed-off-by: Roger Pueyo Centelles <roger.pueyo@guifi.net>

---
This patch was taken from upstream OpenWRT commit-id
359f5e539036db4f7ac69a6d1c3fb7fe70266ffd.

Additionally change needed for CPE210 V3.2 was backporte from 4.14 to
4.9.
This allows us to use The CPE 210 V3.2 with Gluon 2019.x.
2020-10-18 20:37:23 +02:00
David Bauer
c8d708e585
Merge pull request #2132 from freifunk-gluon/v2019.1.x-openwrt-bump-build-fix
[2019.1.x] update openwrt, routing packages and fix build with GCC10
2020-10-13 12:03:27 +02:00
Andreas Ziegler
e4241c0c7e
patches: packages: perl: backport GCC10 build fix
cherry-picked from openwrt/packages openwrt-19.07 branch
commit 445c3d8f86b85c2c6fc4a8d7a003b06ca219ffb1
2020-10-12 23:57:01 +02:00
Andreas Ziegler
0b45624b09
patches: refresh routing 2020-10-12 01:22:15 +02:00
Andreas Ziegler
7afbba3259
modules: update OpenWrt
6d94a6eca4 scripts: getver.sh: fix version based on stable branch
3d771602e9 mbedtls: update to 2.16.8
910ac641cc tools/squashfs4: fix bugs of xz compress options
e6bcfdfdba fstools: backport: fix ntfs uuid
bf78cd3514 lua: lnum: fix strtoul based number parsing
f402571b49 kernel:  Update kernel 4.9 to version 4.9.237
1da8cc1bbc kernel: Update kernel 4.14 to version 4.14.199
1238a22316 mac80211: Fix potential endless loop
8e89e1c337 mac80211: Backport fixes for Kr00k vulnerabilities
fec2888ae5 mbedtls: update to 2.16.7
3ad44fcd12 kernel: Update kernel 4.9 to version 4.9.234
b8336ebab9 kernel: Update kernel 4.14 to version 4.14.195
2020-10-12 01:14:07 +02:00
Andreas Ziegler
14501b4185
modules: update routing
3862f61 Merge pull request #604 from ecsv/batadv-for-18.06
71a7397 batman-adv: Merge bugfixes from 2020.3
1f4d944 Merge pull request #585 from ecsv/batadv-for-18.06
2020-10-12 01:13:55 +02:00
Martin Weinelt
ff0c72f74b
modules: update packages
b3170384c simple-adblock: bugfix: update config; use command -v
4c1293e3f freeradius3: Fix proxy.conf file conflict.
3fd112e4a lvm2: fix CE in mac
2d1f83793 nano: update to 5.1
e6e24738e nano: update to 5.0
9c8671828 freeradius3: add missing conffiles to Makefile
8dc8d4c20 simple-adblock: README and config update
2020-08-22 18:19:48 +02:00
Martin Weinelt
d05e22fc84
modules: update OpenWrt
0c25ece262 x86: Add CONFIG_EFI_CUSTOM_SSDT_OVERLAYS
2628ec9b37 ar71xx: fix ZyXEL NBG6616 wifi switch
95dc2f5257 tools/cmake: fix typo in parallel make patch
3667693830 uboot-envtools: ar71xx: add ZyXEL NBG6616 uboot env support
5af87620af ar71xx: change u-boot-env to read-write for ZyXEL NBG6616
f9ffdf8825 kernel: update kernel 4.9 to version 4.9.232
35e9edc3df kernel: Update kernel 4.14 to version 4.14.193

Compile-tested: ar71xx-generic, ipq40xx
2020-08-22 18:18:06 +02:00
Martin Weinelt
8bd179a61f modules: update routing
8dd6c08 batctl: Merge bugfixes from 2020.2
2020-08-04 17:43:25 +02:00
Martin Weinelt
c2f0d9e019 modules: update packages
2d3a84f0f libtasn1: add host-build
6aeaf7dc9 netatalk: fix compile error in mac os
77587beda libgpg-error: Fix compilation with GAWK 5.0
e05705fa5 python3: Backport security fixes
c15122fb7 haveged: update to 1.9.13
641745733 python3: Update to 3.6.11
7d3608438 https-dns-proxy: re-add conffiles and add description to Makefile
e97462d3d https-dns-proxy: bugfix: remove eDNS support
a66ee15de haveged: update to 1.9.12
ca1c97a9b haveged: update to 1.9.11
ca1082fa1 haveged: move init script from 13 to 01
2ea2b371b simple-adblock: racially-neutral names
596c55ab2 simple-adblock: remove obsolete dshield.org links from config
971346c38 simple-adblock: bugfix: proper error reporting on failed downloads; lists update script
c3c558f6e nano: update to 4.9.3
2020-08-04 17:43:25 +02:00
Martin Weinelt
ab9c0ad0de
module: update OpenWrt
b18e3eae94 ar71xx: enable ethernet LED of Arduino Yun
dd79314de4 ar71xx: fix sysupgrade for Arduino Yun
f4b3c35e03 ramips: add kmod-usb-dwc2 to ZyXEL Keenetic image
526c1dd7ff ramips: remove patches for USB-dwc2
7bd437cc9f firewall: backport patch for mss clamping in both directions
2ba95d287e ar71xx: Fix mikrotik NAND compile problem
030fe10a41 ar71xx: Fix mikrotik NAND compile problem
8ae74cca9a wireguard: bump to 1.0.20200611
2dcf46b079 libubox: backport additional length-checking fixes
0f07496f52 kernel: Update kernel 4.9 to version 4.9.229
1f8d9f70c2 kernel: Update kernel 4.14 to version 4.14.187
d37f8a60f0 bcm63xx: a226m-fwb: fix linux partition offset
d6bbfc8b52 ipq40xx: essedma: Disable TCP segmentation offload for IPv6
b98bfd4e9b ca-certificates: update to version 20200601
b20a95f181 musl: fix locking synchronization bug
ff6c312000 rpcd: update to latest openwrt-18.06 Git HEAD
aba01f7350 usign: update to latest git HEAD
2ed25124f6 usign: update to latest Git HEAD
6b1f2e6058 squashfs: Fix compile with GCC 10
7b3ada8c6d build: prereq: tidy gcc version checks
e1d4612e0a build: add GCC 10 version detection
401fe1a599 build: adjust gcc/g++ version checks for newer apple compilers

Compile-tested: ar71xx, ipq40xx
2020-08-04 17:43:13 +02:00
Matthias Schiffer
3cd3bf0f86
gluon-core: fix handling of 'disabled' site.conf attributes for mesh interfaces
Because is_disabled() was always returning true or false, the
first_non_nil() would never actually check the default setting from
site.conf. This was broken since v2017.1.

Fixes: 6cf03bab37 ("treewide: replace normal uses of luci.model.uci with simple-uci to reduce LuCI dependencies")
(cherry picked from commit 3c2593b684)
2020-06-12 22:13:54 +02:00
Matthias Schiffer
69badbc253
gluon-config-mode-outdoor, gluon-web-wifi-config: commit network config
200-wireless will add or remove the mesh network sections of
/etc/config/network. Commit this file, so the modified setting doesn't
get lost on reboot.

Fixes: #2048
(cherry picked from commit 600ab99f80)
2020-06-07 17:54:25 +02:00
Martin Weinelt
2e1abda6b5 patches: refresh openwrt & packages 2020-05-22 17:07:50 +02:00
Sven Eckelmann
2b14223373 mac80211: ath10k: increase rx buffer size to 2048
Before, only frames with a maximum size of 1528 bytes could be
transmitted between two 802.11s nodes.

For batman-adv for instance, which adds its own header to each frame,
we typically need an MTU of at least 1532 bytes to be able to transmit
without fragmentation.

This patch now increases the maxmimum frame size from 1528 to 1656
bytes.

Tested with two ath10k devices in 802.11s mode, as well as with
batman-adv on top of 802.11s with forwarding disabled.

Fix originally found and developed by Ben Greear.

(cherry picked from commit 8bc602b021)
2020-05-22 17:07:50 +02:00
Kasalehlia
45ac73a597 gluon-web-model: update inputs on form reset
Register to 'reset' event on form element and make call to 'update' function
delayed in 'data-update' handler to allow the form values to update beforehand.

When using a form's 'reset' button, form field visibility was not updated.
This could lead to situations where a checkbox had to be toggled again
twice to display the detail text inputs. (Example taken from private
wifi package)

(cherry picked from commit bf090a8a83)
(cherry picked from commit 02e213a718)
2020-05-22 17:07:50 +02:00
Martin Weinelt
70990f6732 gluon-respondd: allow queries from extra_prefix6
Fixes #1959

(cherry picked from commit 3fb4cdad13)
(cherry picked from commit f7d0db69f9)
2020-05-22 17:07:50 +02:00
Martin Weinelt
52b3ec7b7c
modules: update routing
0c19201 nodogsplash: update to 4.0.3
b682059 Merge pull request #564 from ecsv/batadv-for-18.06
719709a batman-adv: Merge bugfixes from 2020.1
4e78587 batctl: Merge bugfixes from 2020.1
300fec3 Merge pull request #555 from ecsv/batadv-for-18.06
8f8ab76 batman-adv: Merge bugfixes from 2020.0
0e63ef9 quagga: update to version 1.1.1 (#541)
9fa2b24 [OpenWrt 18.06] bird: Update to version 1.6.8 (security fix) (#539)

Build-tested: x86-64, ipq40xx
2020-05-22 16:52:47 +02:00
Martin Weinelt
c9c9777884
modules: update packages
58b4399a5 bind: update to version 9.11.19
24d14e8b3 Merge pull request #12235 from jefferyto/python-openssl-ca-certs-openwrt-18.06
76a67189c python-openssl,python3-openssl: Add dependency on ca-bundle
e2aa53d37 Python: Fix compile of host modules
618771c3a Python3: Fix host build on OpenSUSE
8b23a429b unbound: update to version 1.10.1
8a0298192 Merge pull request #12207 from micmac1/mar-1806-10413
0bf8d5719 mariadb: bump to 10.1.45
bb636880d php7: update to version 7.2.31
0da88f8eb Merge pull request #12142 from EricLuehrsen/unbound_1806_1100
eab86cd2c unbound: update to 1.10.0
f245b0e88 Merge pull request #12058 from stangri/18.06-vpnbypass
1c2ac45a2 vpnbypass: bugfix: remove non-ASCII from system log; update README
a821c3789 youtube-dl: update to version 2020.3.24
c0ec2dfd5 Merge pull request #11995 from jefferyto/python-2.7.18-openwrt-18.06
dd5896c7c python: Update to 2.7.18, refresh patches
baacda1b4 mwan3: Fix json_load fails with some data
6f81894d9 libarchive: update to 3.4.2
5fc2af438 libarchive: update to version 3.4.1 (security fix)
f85dd8b96 php7: update to version 7.2.30
ae0e27548 php7: fix dependencies for mysqlnd (fixes #11113)
4df97ac0e Merge pull request #11926 from stangri/18.06-simple-adblock
7ed5c9364 simple-adblock: bugfix: start downloads on cold boot
96a2a5cfb Merge pull request #11907 from BKPepe/18.06-git
fc93a4f12 git: update to version 2.20.4
3b55acda9 Merge pull request #11857 from BKPepe/18.06-git
48b347e47 Merge pull request #11883 from yousong/wget1806
a62e54af3 acme: depends on wget-ssl
7d1f138c2 wget: make the ssl variant provides wget-ssl
b07578443 wget: do not provide itself
3066aaa82 ruby: update to 2.5.8
4a4c79327 git: update to version 2.20.3
a0fe9eeab nlbwmon: update to latest Git HEAD
c0fffb996 Merge pull request #11821 from stangri/18.06-https-dns-proxy
a0a779faf https-dns-proxy: bugfix: memory leak
e8cf2e60a nlbwmon: update to latest Git HEAD
8696b3499 nlbwmon: bump to latest git
c66a3cf7c nlbwmon: add procd reload trigger for nlbwmon config
28d6dc944 nlbwmon: receive dhcp interface triggers
6a642a607 net/nlbwmon: run with lower priority
21f7d16a1 Merge pull request #11803 from stangri/18.06-simple-adblock
6787a9bfd simple-adblock: bugfixes: remove escape chars from log, restore from cache on boot
876a7418f nano: update to 4.9.2
133f71a2c Merge pull request #11773 from BKPepe/msmtp
b0484b005 msmtp: update to version 1.8.7
2c4a58a38 nano: update to 4.9.1
6effd4b7a Merge pull request #11756 from gladiac1337/haproxy-1.8.25-openwrt-18.06
0db9f894d haproxy: Update HAProxy to v1.8.25
561064287 Merge pull request #11700 from stangri/18.06-simple-adblock
2c1a3aaf5 simple-adblock: support multiple dnsmasq instances; rework communication between principal package and luci app
e4c60e87d nano: update to 4.9
24f10e379 Merge pull request #11626 from nxhack/18_06_icu_fix_CVE-2020-10531
9bdb25f51 Merge pull request #11616 from stangri/18.06-https-dns-proxy
c4ddc21bf icu: fix CVE-2020-10531
6b290744d https-dns-proxy: support for dnsmasq noresolv option
f5ae75cf0 openvswitch: fix PIE build against 4.14 kernel
c05ea69d6 php7: update to 7.2.28
31e16f276 php7: update to 7.2.27
f3df27f6f xl2tpd: fix building failure caused by pfc
a0f291191 xl2tpd: bump to version 1.3.15
c95e3b71f icu: bump proper variable.
ad7f02d0f icu: backport upstream ARC patch
d1c6d1d95 nano: update to 4.8
b2a29b7a4 Merge pull request #11252 from neheb/i22p
ddfa4cddc i2pd: move chmod command
87a7ec725 i2pd: Move DATADIR to /var/lib/i2pd, fix #5693
8235cc43a Merge pull request #11227 from micmac1/sqlite3-18.06-2
e6884e554 sqlite3: bump to 3.31.1
a744482ef Merge pull request #11186 from micmac1/18.06-maria-10.1.44
27d8c1bcc mariadb: security bump to 10.1.44
925068d4f ddns-scripts: Change protocols of afraid.org urls to HTTPS.
d905324e4 node-hid: fix i386 build fail
4ac86244a node-serialport: fix i386 build fail
1091c431d Merge pull request #11124 from stangri/18.06-https-dns-proxy
7c667ed4e Merge pull request #11127 from micmac1/18.06-tiff
33e31a4b3 tiff: update version to 4.1.0
709dc04d2 tiff: patch security issues
8da1c4110 https-dns-proxy: fix deleting server items, configurable dnsmasq settings change
9e1fcfa6e Merge pull request #9795 from LoEE/jpc/git-macos-cross
3219dbfd8 libsoup: fix intltool host dependency. Cleaup some build args
c6e48ff8e avrdude: Fix GPIO path building
ba934d1fb zerotier: add /etc/config/zerotier as configuration file
3d47a69b0 libseccomp: add seccomp-syscalls.h to InstallDev
c629b44d8 Merge pull request #11023 from jefferyto/golang-goarm-fix-openwrt-18.06
4c6ac36d5 golang: Fix selection of GOARM value
56e7ce0f9 Merge pull request #10995 from BKPepe/libseccomp-18.06
769b3956e libseccomp: update to version 2.4.2
36611df05 transmission: sync with master
b0df5d336 Merge pull request #10832 from BKPepe/git-18.06
7f96b4e2c git: Update to version 2.16.6 (security fix)
8304a768c Merge pull request #10858 from BKPepe/wget-18.06
3abdfbd14 lcdgrilo: Fix compilation with newer Vala
01ddd6de1 lcdgrilo: Depend on vala/host instead
a41b4aa0c lcdgrilo: remove check dependency
0a00a2691 nano: update to 4.7
1bc3375c5 Merge pull request #10889 from EricLuehrsen/unbound_196_1806
c791ba8f5 unbound: update to 1.9.6
8fe26c985 wget: fix CVE-2019-5953
97de55542 git: Update to version 2.16.6 (security fix)
51025867b git: Override uname result for cross-compilation.

Build-tested: x86-64, ipq40xx
2020-05-22 16:51:54 +02:00
Martin Weinelt
b1cdebd6c2
modules: update OpenWrt
6ee6496d07 ramips: drop non-existant ralink,port-map for Ravpower WD03
a7e915975f bcm63xx: mask interrupts on init
8e2201ea50 bcm63xx: ext_intc: fix warning
183e9843e1 bcm63xx: periph_intc: fix warning
a9eebf69f3 bcm63xx: redboot: fix warning
b9daff610e bcm63xx: bcm6362: fix pinctrl bug
488751e1e5 bcm63xx: refresh kernel config
b37a1e428a mbedtls: update to 2.16.6
d3af501317 mbedtls: update to version 2.16.5
15d73a26b6 libjson-c: backport security fixes
7b49c0b48a kernel: bump 4.14 to 4.14.180
5faccaf025 kernel: bump 4.9 to 4.9.223
2a9c2c0721 wireguard: bump to 1.0.20200506
d5118bb511 wireguard: bump to 20191226
1a30fe1621 relayd: bump to version 2020-04-25
b65550e0db relayd: bump to version 2020-04-20
77063bb76e umdns: update to version 2020-04-25
b076243426 umdns: update to version 2020-04-20
cffd5aeb69 umdns: update to the version 2020-04-05
7ebc51a57f umdns: suppress address-of-packed-member warning
f77708d4a5 ramips: remove unnecessary DEVICE_PACKAGES for Belkin F7C027
2051edf381 oxnas: move service file to correct place
1f0679f54d kernel: bump 4.14 to 4.14.176
82c8170cd0 kernel: bump 4.9 to 4.9.219
489fc23535 kernel: add missing symbol for Kernel 4.14
027950fc78 ramips: use full 8MB flash on ZyXEL Keenetic
ad01cb514d Revert "ar71xx: use status led for GL.iNet GL-AR750S"
c3c6cc95ee ar71xx: use status led for GL.iNet GL-AR750S
10c04b4ca3 ar71xx: fix port order on TP-Link Archer C60 v1/v2
983125007e ar71xx: remove wrong MAC address adjustment for Archer C60 v2
302170d383 ar71xx: fix swapped LAN/WAN MAC address for Archer C60 v1/v2
3ef8465cb8 ar71xx: ew-dorin, fix the trigger level for WPS button
08ad7a314d kernel: backport out-of-memory fix for non-Ethernet devices
e38f355569 kernel: bump 4.14 to 4.14.172
4c14dbf5db kernel: bump 4.9 to 4.9.215
e884357fa9 OpenWrt v18.06.8: revert to branch defaults
c3bd1321de OpenWrt v18.06.8: adjust config defaults
82fbd85747 libubox: backport blobmsg_check_array() fix
4c1779ac2c ppp: backport security fixes
cd262f59cb Revert "ppp: backport security fixes"
ed3c3048b8 uhttpd: update to latest Git HEAD
fafe99b62d kernel: bump 4.14 to 4.14.171
bfee12cec6 kernel: bump 4.9 to 4.9.214
cc78f934a9 ppp: backport security fixes
05062462f1 hostapd: remove erroneous $(space) redefinition
6b10354b3c kernel: add support for GD25D05 SPI NOR
4eba86820f kernel: bump 4.14 to 4.14.169
c236071859 kernel: bump 4.9 to 4.9.212

Build-tested: x86-64, ipq40xx
2020-05-22 16:50:01 +02:00
Ralf Jung
12221d442f gluon-mesh-vpn-tunneldigger: only search for exactly the tunneldigger binary in watchdog (#1953)
(cherry picked from commit 68d970e91b)
2020-03-08 13:44:39 +01:00
David Bauer
63ebeb25c0 docs readme: Gluon v2019.1.2 2020-02-04 21:33:56 +01:00
David Bauer
f1f188f804 docs: add v2019.1.2 release notes 2020-02-04 21:33:56 +01:00
David Bauer
71bcdda4d4 modules: refresh patches
While bumping OpenWrt, I've forgot to refresh the patches.

Fixes 61d460ec46 ("modules: bump OpenWrt")
2020-02-02 01:28:18 +01:00
David Bauer
61d460ec46 modules: bump OpenWrt
6bfde67581 OpenWrt v18.06.7: revert to branch defaults
1b5c116233 OpenWrt v18.06.7: adjust config defaults
ca47026b7d opkg: update to latest Git HEAD
cc0a54e332 libubox: backport security patches
ebafb746f0 lantiq: ltq-ptm: vr9: fix skb handling in ptm_hard_start_xmit()
0591348b3d tools/expat: Update to version 2.2.9
f51d1c3b7c mbedtls: update to 2.16.4
153a044c95 kernel: bump 4.14 to 4.14.167
c15a039e62 kernel: bump 4.9 to 4.9.211
02f9582e89 kirkwood: fix HDD LED labels for Zyxel NSA325 in 01_leds
04474c7d22 brcm47xx: fix switch port order for Netgear WN2500RP V1
99ab40c842 brcm47xx: fix switch port order for Netgear WNR3500 V2
3a3ca3230f ramips: fix HiWiFi HC5962 switch configuration
5c7225c26b kernel: bump 4.14 to 4.14.166
8441794f9a kernel: bump 4.14 to 4.14.165
a634830004 kernel: bump 4.9 to 4.9.210
7c42a9b6b1 kernel: bump 4.14 to 4.14.164
891bba8f77 kernel: bump 4.9 to 4.9.209
ab9d1bf608 ethtool: fix PKG_CONFIG_DEPENDS
46c2674225 OpenWrt v18.06.6: revert to branch defaults
8004e3f2c6 OpenWrt v18.06.6: adjust config defaults
d81a8a3e29 ramips: remove duplicate dts nodes of MediaTek LinkIt Smart 7688
e1b62c85f5 sunxi: Turn on CONFIG_PINCTRL_SUN4I_A10 for A20
8c6668f088 kernel: bump 4.9 to 4.9.208
455ae024d5 kernel: bump 4.14 to 4.14.162
b1eeb5dd2a ramips: fix inverted reset button for Ravpower WD03
b72b37d6ff ar71xx: really fix Mikrotik board detection
471baf3f74 ar71xx: fix Mikrotik board detection
336aaedc9c ar71xx: base-files: fix board detect on new MikroTik devices
e838957ad9 ar71xx: fix RB941-2nD detection
6b128326df kernel: bump 4.14 to 4.14.161
97e9be4e3a e2fsprogs: Fix CVE-2019-5094 in libsupport
85c4d374c2 openssl: update to version 1.0.2u

Compile-tested: ar71xx-generic
Runtime-tested: ar71xx-generic
2020-01-29 22:42:35 +01:00
Andreas Ziegler
239c379d06 docs, README: Gluon v2019.1.1 2020-01-06 23:38:05 +01:00
Andreas Ziegler
c612dfbabb docs: add v2019.1.1 release notes 2020-01-06 23:38:05 +01:00
Andreas Ziegler
6d0f2f787d patches: refresh OpenWrt + packages patches 2020-01-06 23:38:05 +01:00
Andreas Ziegler
526eb61448 modules: update routing packages
b3125f0 Merge pull request #537 from ecsv/batadv-for-18.06
0d22982 batman-adv: Merge bugfixes from 2019.5
3610d11 pimbd: update to current git HEAD (#534)

Compile-tested: ar71xx-generic
Runtime-tested: ar71xx-generic
2020-01-06 23:38:05 +01:00
Andreas Ziegler
95d76d60fb modules: update OpenWrt packages
998ef11cb grilo: copy vapi files to versioned vala dir
8f7b6a2bb grilo: update vapi files, copy to unversioned dir
b89a2903b lcdproc: Fix non x86 platforms on musl
6e079e91c Merge pull request #10763 from leonghui/wiki-link-update-18.06
3727d98ce php7: update to 7.2.26
49b5fc001 bind: Update to version 9.11.14
279f4a338 Merge pull request #10855 from BKPepe/python3-18.06
29fe5f91d python3: Updated to version 3.6.10
102c621fc Merge pull request #10846 from cshoredaniel/pr-18.06-fix-nut-cgi-initscript
45c95e862 nut: Fix NUT CGI startup script
d810a3039 Merge pull request #10752 from stangri/18.06-https-dns-proxy
036917465 https-dns-proxy: switch to https-dns-proxy package name
0a3b6465f treewide: update wiki links
44b1f65cc Merge pull request #10744 from luizluca/libvpx-fixcve
98ca3621c libvpx: backport security fixes
cce63a697 luajit: install libluajit-5.1.so.2
c1975f5a1 luajit: add .hpp to InstallDev
6f528c678 nano: update to 4.6
be3ec8bae Merge pull request #10678 from gladiac1337/haproxy-1.8.23-openwrt-18.06
bc37a31b1 haproxy: Update HAProxy to v1.8.23
fff2e26a9 transmission: sync with master branch
2986916b8 tor: update to version 4.1.6
edeac5d3a Merge pull request #9836 from cotequeiroz/grilo-plugins_xml
8794f0956 grilo-plugins: adjust CONFIGURE_ARGS
c3ab7aace grilo-plugins: remove XML::Parser build dependency
86af45302 grilo-plugins: use hostpkg glib-compile-resources
8ef82e962 transmission: Disable webseeding
bd8b4df19 transmission: Fix tracker issue with some firewalls
71969eb04 php7: Update to version 7.2.25
3d409f615 php7: mark /etc/config/php7-fastcgi as conffile
d77c32928 php7-mod-xmlreader: add conditional dependency to php7-mod-dom (fixes #10201)
8667e35c1 php7: bump to 7.2.23
8dc64ea14 php7: update to 7.2.22
882e46916 php7: update to 7.2.21
bbd4ec6cf Merge pull request #10609 from ja-pa/bind-update
d0726f1f2 bind: update to version 9.11.13 (security fix)
04a8496b7 unbound: Update to version 1.9.5
70a990ac4 Merge pull request #10520 from Kulipator/libmraa_ramips_fix
cf4e50ab7 Compilation fix & upgrade to version 0.8.1
1b64cb83d Libmraa compilation fix
d02965832 Libmraa compilation fix
b83b26c33 perl: fixed host compilation of static perl on MacOS
f496ed58d Merge pull request #9671 from BKPepe/clamav1806
340d5ce71 protobuf-c: Fix typo on build dependency.
e9c2ba68f libgd: Properly disable iconv support
e31213308 wget: provides gnu-wget
9f4f78da1 acme: Bring up-to-date with master
938818ec4 ruby: bump to 2.5.7
0f0c062d3 python-cryptography: fix CVE-2018-10903
5a9d222e5 python-cryptography: Add support for LibreSSL 2.7.x
5edcc9f30 Merge pull request #10324 from jefferyto/python-2.7.17-openwrt-18.06
f184eb5f0 python: Update to 2.7.17, refresh patches
4d9282a4d Merge pull request #10312 from stangri/18.06-vpnbypass
7001d4748 vpnbypass: bugfix: PROCD command not found on stop
7dbad81f8 Merge pull request #10279 from BKPepe/sudo-18.06
4c72f8dd6 sudo: Update to version 1.8.28p1
b504ac553 irssi: update to version 1.2.2 (security fix)
e98bc6874 Merge branch 'pr/10215' into openwrt-18.06
f2812716f Merge pull request #9997 from flyn-org/openldap-18.06
22a272ccf Merge pull request #10237 from jefferyto/gammu-fix-lib-symlinks-openwrt-18.06
6e2b8c2da gammu: Fix lib symlinks
9c7cf9880 bind: Update to version 9.11.11
728edfbdc Merge pull request #10108 from BKPepe/expat-1806
a8ca56684 Merge pull request #10167 from BKPepe/unbound18.06
e84deea05 python3-pip: fix install rule
c4710f780 nano: update to 4.5
cae699fc4 Merge pull request #10164 from stangri/18.06-simple-adblock
c674fa684 unbound: Update to version 1.9.4
0b8eee5fb unbound: update to 1.9.3
dba87ee0c simple-adblock: bugfix: proper dnsmasq reload on stop, rework start/stop logic
5452bb833 Merge pull request #10156 from gladiac1337/haproxy-1.8.21-openwrt-18.06
1bb725133 haproxy: Update HAProxy to v1.8.21
da5a8e596 Merge pull request #10155 from jefferyto/python-bpo-38243-34155-openwrt-18.06
ad7b3c618 Merge pull request #10143 from stangri/18.06-simple-adblock
dad9a1a2a python: Fix CVE-2019-16056, CVE-2019-16935
b677e3eee simple-adblock: bugfix and improvements (check description)
7a8808940 clamav: Remove build hacks
eef89800e clamav: update to version 0.100.3
b60caa494 Merge pull request #10120 from BKPepe/youtubedl-1806
2d822fb62 haveged: convert to procd
4fe703393 haveged: update to 1.9.8
36919e51f youtube-dl: Update to version 2019.9.28
00133e1e0 Merge pull request #10118 from BKPepe/libgcrypt-1806
126cdd7c6 python3: fix CVE-2019-16056 and delete two patches
0d9eeca45 python3: backport three security patches
f19f9ffc9 expat: Update to version 2.2.9
c0dea72f9 expat: update to version 2.2.7 (security fix)
deae9b348 expat: fix host build issue with docbook
fec2709d7 expat: disable docbook
fefe8e1f7 lib/expat: Update to 2.2.6
c64a4e86c Merge pull request #9893 from BKPepe/bind-18.06
d98310a3f Merge pull request #9798 from ja-pa/zmq-security-fix-18.06
03fb174ec net/mosquitto: bump to 1.5.9 for CVE
8eca9c916 python-crypto: Fix two CVEs
7ec22baf1 libgcrypt: backport fix for CVE-2019-13627
9265be544 zmq: fix CVE-2019-13132
3772cdb3d openldap: update to 2.4.48
bbc22a721 openldap: Add static function declaration
c272beb43 openldap: version update and new build parameters
ec029b9ae openldap: Switch tarball sources to https and http
e0af45ff7 bind: Update to version 9.11.10

Compile-tested: ar71xx-generic
Runtime-tested: ar71xx-generic
2020-01-06 23:38:05 +01:00
Andreas Ziegler
55801e24a3 modules: update OpenWrt
83ce31d3d8 kernel: bump 4.9 to 4.9.207
c280710d7a kernel: bump 4.14 to 4.14.160
27dddb67c0 kernel: bump 4.14 to 4.14.159
8623b58c1d scripts/dowload.pl: add archive.apache.org to apache mirror list
e242125d71 kernel: fix *-gpio-custom module unloading
84b74bcb0d toolchain/gcc: correct the check expr for newer clang
66ba44c9ec lantiq: fix phys led
b901563611 uhttpd: update to latest Git HEAD
2152722bd3 netifd: add support for suppressing the DHCP request hostname by setting it to *
c3337e8f48 ar71xx: fix MAC address setup for TL-WDR4300 board
d08a63770c ramips: fix number of LAN Ports for Mikrotik RBM33G
022f3898b1 ramips: fix switch port order for TP-Link Archer C20i
5d92949019 kernel: bump 4.14 to 4.14.158
361b555672 kernel: bump 4.9 to 4.9.206
1cbde3eb9c mac80211: Adapt to changes to skb_get_hash_perturb()
bd3b8480ab kernel: bump 4.9 to 4.9.205
2777947a75 kernel: bump 4.14 to 4.14.156
7863a8f302 base-files: config_generate: split macaddr with multiple ifaces
daed78ab55 kernel: nf_conntrack_rtcache: fix WARNING on rmmod
8f6debf633 kernel: nf_conntrack_rtcache: fix WARNING on forward path
72ddeffc09 kernel: nf_conntrack_rtcache: fix cleanup on netns delete and rmmod
70b73f6470 kernel: Add missing configuration option
6e2e5d1bf8 kernel: bump 4.14 to 4.14.155
f6f916b3e5 ar71xx: fix buttons for TP-Link TL-WDR4900 v2
0e85ace840 ar71xx: fix LED setup for TL-WDR4900 v2
45fefa0459 ramips: set uImage name of WeVO 11AC NAS and W2914NS v2
b0d99e32db ar71xx: fix MAC address setup for TL-WDR4900 v2
22fe68643f ar71xx: fix MAC addresses for Archer C5 v1, C7 v1/v2, WDR4900 v2
2219b0258d ipq40xx: fix build error
0a9147be6a kernel: bump 4.14 to 4.14.154
b9e685eed5 kernel: bump 4.9 to 4.9.202
8179ac3dc1 ar71xx: fix WLAN LED names for Archer C7
6962c1e495 ar71xx: fix system LED names on Archer C5/C7
e6a7eacfea mac80211: brcmfmac: fix PCIe reset crash and WARNING
f65330d27d ramips: assign correct key-code to wps buttons
ab6addc95d ramips: rt3833: fix build breakage
f503bc3d25 ramips: add usb-ledtrig-usbport to DEVICE_PACKAGES of CY-SWR1100
506bfaa126 ramips: fix MAC address setup for Samsung CY-SWR1100

Compile-tested: ar71xx-generic
Runtime-tested: ar71xx-generic
2020-01-06 23:38:05 +01:00
Andreas Ziegler
0267b7ca7a docs: add v2018.2.4 release notes
(cherry picked from commit 1e66cd9057)
2020-01-03 00:55:09 +01:00
Matthias Schiffer
f44a6342b4
docs: add revision number to TP-Link RE450 support list entry
We only support v1, not v2 or v3.

(cherry picked from commit ed2479bd40)
2019-12-07 21:43:00 +01:00
Martin Weinelt
de719bc1ec modules: update OpenWrt
c89437e398 gitignore: ignore patches in OpenWrt root directory
ea8f7d74ba ar71xx: fix tl-wdr3320-v2 upgrade
79fd7593a2 ar71xx: update uboot-envtools for Netgear WNR routers
3d3a933315 kernel: bump 4.14 to 4.14.152
862a885103 kernel: bump 4.9 to 4.9.199
05c858ff6a sdk: fix GCC and Python dangling symlinks
c1d19b37d5 build: cleanup possibly dangling Python 3 host symlink
dfd8c3bfdc build: fixup python SetupHostCommand to use python2
69bc68b46b OpenWrt v18.06.5: revert to branch defaults
5e4533cdd4 OpenWrt v18.06.5: adjust config defaults
9d401013fc ustream-ssl: backport fix for CVE-2019-5101, CVE-2019-5102
e70772311d kernel: bump 4.14 to 4.14.151
cdc2937edd kernel: bump 4.9 to 4.9.198
f024b4c83d scripts/ubinize-image.sh: fix buildbot breakage
700f66ae95 kernel: mark kmod-usb-serial-wwan as hidden
c4a2e5102d kernel: add missing symbol
61df1285ce kernel: bump 4.14 to 4.14.150
51431de30d kernel: bump 4.9 to 4.9.197
0880275d5e brcm2708: Add feature flag rootfs-part

compile-tested: ramips-mt7621, ar71xx-generic
runtime-tested: ar71xx-generic (CPE210 v1.0)
2019-11-14 22:16:18 +01:00
Martin Weinelt
0f2fe79453 modules: update routing
c52779c Merge pull request #520 from ecsv/batadv-for-18.06
ee3264b batman-adv: Merge bugfixes from 2019.4
049cb8a Merge pull request #511 from adrianschmutzler/babeld1806
e80f582 babeld: Update to version 1.8.5
6e50f8b nodogsplash: Backport Version 4.0.1. (#493)
a551935 nodogsplash: Backport of Version 4.0.0. (#486)
bb156bf Merge pull request #455 from BKPepe/bird-openwrt18.06
d3f317b bird: update to version 1.6.6
2019-11-14 22:15:36 +01:00
Matthias Schiffer
4942602f7d
gluon-web-node-role: fix node role list
Fixes: 4249d65af7 ("treewide: fix luacheck warnings")
Closes: #1851
(cherry picked from commit a3a8d962fc)
2019-11-05 20:05:50 +01:00
Andreas Ziegler
0dc85a07e2 docs: feature/roles: fix uci set command 2019-11-04 21:40:03 +01:00
Martin Weinelt
49e9152934
modules: update OpenWrt
0880275d5e brcm2708: Add feature flag rootfs-part
b2fba59f10 iptables: bump PKG_RELEASE
a2fe698a40 kernel: Added required dependencies for socket match.
dff0b2104d kernel: netfilter: Add nf_tproxy_ipv{4,6} and nf_socket_ipv{4,6}
3b8db97a52 tcpdump: update to 4.9.3
96a87b90ef libpcap: update to 1.9.1
a857fc2ded libpcap: update to 1.9.0
31181fa062 kernel: bump 4.14 to 4.14.149
9628612abe kernel: bump 4.14 to 4.14.148
1737131c9d kernel: bump 4.9 to 4.9.196
778243b3b4 kernel: bump 4.14 to 4.14.147
d513f28351 kernel: bump 4.9 to 4.9.195
6f1a71c2d0 apm821xx: fix fan control on highest step

compile-tested: ar71xx-generic, ipq40xx
runtime-tested: ar71xx-generic (CPE210v1.0)
2019-10-30 15:03:06 +01:00
Andreas Ziegler
82244336bc ar71xx-generic: fix device alias for Ubiquiti UniFi AC LR
fixes #1834
fixes #1332
2019-10-03 21:26:40 +02:00
David Bauer
320690d8ab ar71xx-generic: add ath10k packages to OCEDO Koala (#1838)
The OCEDO Koala was missing the correct package definition. Because of
this, firmware is potentially built with the wrong ath10k firmware /
driver.
2019-10-03 21:26:38 +02:00
lemoer
9600749f4e contrib: Set up continuous integration through Jenkins
(cherry picked from commit 174dd3146f)
2019-09-27 14:32:31 +02:00
Martin Weinelt
52a1df09a6
modules: update packages
6305d09b1 Merge pull request #10063 from stangri/18.06-simple-adblock
fb43709a6 simple-adblock: dnsmasq.ipset option support, better handling of IDNs, updated README
29cd578d6 Merge pull request #10041 from neheb/djj
f29206251 django: Update to 1.8.19
f587f31ad lighttpd: mark module configuration files
19879284a dovecot: Update to version 2.2.36.4
8f42d4b71 wget: fix CVE-2018-20483
f6e7b56a5 fastd: fix init script for multiple VPN instances
06cc48c49 haveged: update to 1.9.6
6014389c5 Merge pull request #9894 from BKPepe/keepalived-18.06
7a7820fb1 Merge pull request #9904 from RussellSenior/my-18.06
18f9e437c patch: rename CVE-2019-13638 patch to mollify uscan
abe523c57 patch: apply upstream patch for CVE-2019-13638
a3d8698e3 tools/patch: apply upstream patch for CVE-2019-13636
ebb9b3f17 exfat-nofuse: drop BUILD_PATENTED
2d9a3eff4 keepalived: add patch for CVE-2018-19115
e4508a351 keepalived: Update to version 1.4.5
6d8293801 lighttpd: fix CVE-2018-19052
55dcffd7f Merge pull request #9841 from cshoredaniel/pr-18.06-nut-targetted
bdddb2127 Merge pull request #9703 from BKPepe/squid-18.06
e45c2f206 Merge pull request #9814 from guidosarducci/speedtest-18.06
f01e4171d Merge pull request #9777 from BKPepe/tar_1806
85b1ca7fb Merge pull request #9821 from cotequeiroz/vim_host
c1aa1f784 nut: Bump PKG_RELEASE
361e6aaaa nut: Handle FSD properly
a2ab989c1 nut: Fix init actions (server/driver)
ef0bd0140 nut: Fix extra diver params config
77519cd20 nut: Fix permissions with runas
e97684652 nut: Fix statepath handling
5f69f9a06 nut: Fix unset of runas user (ups server)
ccdec71b5 nut: Fix bad check for conf exists
c963f0c29 nut: Fix upsmon init actions
d06bd2d7e nut: Fix unset of runas user (upsmon)
020dfd454 nut: Remove unecessary libwrap dependency
7fe013ce7 nano: update to 4.4
f50edf52d ttyd: Add dependency for vim
d9b29fe5e vim: Add host build to install xxd
5640d6e68 speedtest-netperf: new package to measure network performance
fded0497e Merge pull request #9789 from ja-pa/libarchive-security-fix-18.06
43f49bdbc apinger: Update to latest git revision
45e38f116 node-serialport: fix i386 build fail
19ee25df6 node-hid: fix i386 build fail
232df2821 libarchive: update to version 3.4.0 (security fix)
3bdadf4d7 Merge branch 'pr/9778' into openwrt-18.06
14219822e fastd: update URL and PKG_SOURCE_URL
41a85be71 libuecc: update URL and PKG_SOURCE_URL
51462b3df Merge pull request #9754 from champtar/openwrt-18.06
23eeeeadc bind: update to 9.11.9
0d7a23418 tar: update to version 1.32
70e3f5d17 tar: Update to 1.31
01466e76e lcdringer: Remove libcheck dependency to fix compilation
502ccc496 Merge pull request #9765 from stangri/18.06-simple-adblock
ddcbf080a dovecot: update to version 2.2.36.3
8e8087706 [18.06] simple-adblock: support for varios DNS resolvers/options
a4314b868 linknx: Fix compilation with libiconv
ca99a333e rp-pppoe: redo glibc patch
5327a95d6 rp-pppoe: Fixed compilation with glibc
19d101bd2 ldbus: Add zip/host build dependency
db85d6ec9 gcc: Do not build on ARC
80742d0da prometheus-node-exporter-lua: add target & system to OpenWrt collector
06e513ba3 prometheus-node-exporter-lua: Add more wifi_station metrics and fix naming according to original wifi_linux.go node exporter
60002eb62 prometheus-node-exporter-lua: Bump PKG_RELEASE
1014b0987 prometheus-node-exporter-lua: Add wifi_station_count
0d224bdfa prometheus-node-exporter-lua: wifi packets should be a counter
a08f5e17f prometheus-node-exporter-lua: Bump PKG_RELEASE
b03545e0b prometheus-node-exporter-lua: fix missing conntrack values
70bd5a36c prometheus-node-exporter-lua: change network metric type to counter
ad34675df prometheus-node-exporter-lua: add lantiq dsl modem collector
d921407d4 openssh: fix pthread functions redefine with pam module
df3d2312c Merge pull request #9403 from BKPepe/yt-18.06
6d55ff558 Merge pull request #9513 from BKPepe/openwrt-18.06_python_shebang
b29ecaa11 libinput: Add missing header to fix compilation
3414ca250 libglog: fix removing libunwind dependency
e41a914bf libseccomp: workaround a recursive dependency
a1eccf223 lxc: Backport uClibc patch
08c0b2949 lxc: hide seccomp support for arc
d3e54adcd lxc: Disable use of unwanted libraries explicity
bb1882d29 boost: Fix compilation with uClibc-ng
ad26261e1 iodine: Fix compilation with uClibc-ng
e42f8da51 mariadb: add dependency on libaio for arc as well
29e7e0619 libudev-fbsd: update to git source as of 2017-12-16
a0e1a7700 Merge pull request #9710 from BKPepe/icu_fix
4bda1ca54 icu: fix patch, which adds big endian ARM support
78bf09b08 golang: update to version 1.10.8
fa384e518 libgee: copy vapi files to versioned vala dir
2d59ec88d libgee: use unversioned vala dir, misc fixes
d7a071f4a icu: Fix patch from faulty backport
1607a5bd8 squid: update to version 3.5.28
983bd0370 protobuf-c: add build time dependency protobuf
87b6ed6b9 jamvm: depends on supported architectures
ca0e429e2 icu: Backport ARMEB support patch
ad43d622e gammu: Really fix compilation under 64-bit
1ad4f3a9b gammu: Fix build under 64-bit targets.
cdbc72464 youtube-dl: update to version 2019.8.2
af975f0f3 python,python3: Fix overridden usr/bin symlinks
421c58a94 python,python3: move shebang handle in install script
243f921ae subversion: update to version 1.10.6
70a1ffdf0 jq: compile with _GNU_SOURCE (fixes #7785)
fb0566686 libsoc: fix compilation error caused by multiple goals on make
1fec7ea23 rtl-ais: Fix compilation on i386
de750bba0 libdouble-conversion: Update to 3.1.4
49a6444ab libdouble-conversion: Update to 3.1.1
056cad1e0 libaio: Update to 0.3.112
b4e4e5a00 libaio: Backport DESTDIR patch to simplify the Makefile
7ccc104c9 libaio: Update to 0.3.111
d6145ce0c quassel-irssi: Fix compilation with GCC8
47e4537fd quasselc: Fix compilation with uClibc-ng
b26ffad37 Merge pull request #9625 from micmac1/18.06-mariadb10141
e5cc721c7 mariadb: security bump to 10.1.41
2019-09-26 15:24:37 +02:00
Martin Weinelt
50940cd7d7
modules: update OpenWrt
491e839262 brcm47xx: sysupgrade: fix device model detection
4acc0db480 kernel: bump 4.14 to 4.14.146
3699327da3 kernel: bump 4.9 to 4.9.194
45a2c0f309 hostapd: Fix AP mode PMF disconnection protection bypass
e289a4133c hostapd: SAE/EAP-pwd side-channel attack update
a63edb4691 mbedtls: update to 2.16.3
2698157d54 mbedtls: Update to version 2.16.2
952bafa03c openssl: bump to 1.0.2t, add maintainer
7e1db8f27c kernel: bump 4.14 to 4.14.145
d32cf52674 kernel: bump 4.14 to 4.14.144
745292ba10 kernel: bump 4.9 to 4.9.193
5880dd48d5 mac80211: brcmfmac: backport the last 5.4 changes
90f6af5108 ar71xx: fix potential IRQ misses during dispatch for qca953x
e545808e89 ar71xx: Fix potentially missed IRQ handling during dispatch
59e42f9e3e kernel: bump 4.14 to 4.14.143
418cf097e7 kernel: bump 4.9 to 4.9.192
6f677d6848 tools: mkimage: fix __u64 typedef conflict with new glibc
c5ed9f4344 kernel: bump 4.14 to 4.14.142
556f86bbfd kernel: bump 4.9 to 4.9.191
2d257351f3 ramips: fix duplicate network setup for dlink, dir-615-h1
2a22e41fe4 ramips: fix D-Link DIR-615 H1 switch port mapping
f9dec32be7 ramips: remove duplicate case for MAC setup of freestation5
7393ce8d87 mac80211: brcmfmac: backport more kernel 5.4 changes
f6de1fa6c6 bzip2: Fix CVE-2019-12900
7ac6044632 ar71xx: WNR2200: remove redundant GPIO for WLAN LED
9d1cd9d098 kernel: bump 4.14 to 4.14.141
4b5c77ca2f ath9k: backport dynack improvements
73bba470a4 kernel: bump 4.14 to 4.14.140
8bc800aa56 kernel: bump 4.9 to 4.9.190
c948a74158 kernel: bump 4.14 to 4.14.139
09d63fb0a6 musl: Fix CVE-2019-14697
564d81e944 iptables: patch CVE-2019-11360 (security fix)
5e3b21c916 musl: ldso/dlsym: fix mips returning undef dlsym
2df2b75208 wolfssl: fixes for CVE-2018-16870 & CVE-2019-13628
09bdc14419 kernel: bump 4.14 to 4.14.138
e058fb3658 kernel: bump 4.9 to 4.9.189
28dc34f249 xfsprogs: Replace valloc with posix_memalign
24967a6c42 libbsd: Fix compilation under ARC
30815d65d2 nftables: Fix compilation with uClibc-ng
dc2f2a16d3 tools/patch: apply upstream patch for cve-2019-13638
c99ceb7030 tools/patch: apply upstream patch for CVE-2019-13636

Compile-tested: ar71xx-{generic,tiny}, ramips-rt305x, x86-64
2019-09-26 15:22:38 +02:00
bobcanthelpyou
c221c7a312 docs: fix typos
(cherry picked from commit 8553254867)
2019-09-26 13:04:59 +02:00
Martin Weinelt
cdbfdf7056 docs: Gluon v2019.1 2019-09-23 13:56:57 +02:00
629 changed files with 15479 additions and 18828 deletions

3
.ecrc
View File

@ -1,3 +0,0 @@
{
"Exclude": ["docs/_build"]
}

View File

@ -1,67 +0,0 @@
# Top-most EditorConfig file
root = true
[*]
end_of_line = lf
insert_final_newline = true
indent_style = tab
charset = utf-8
[Dockerfile]
indent_style = space
indent_size = 4
[/patches/**]
indent_style = unset
indent_size = unset
[*.c]
[*.css]
[*.dia]
indent_style = space
indent_size = 2
[*.h]
[*.html]
[*.js]
[*{.json,.ecrc}]
indent_style = space
indent_size = 2
[*.lua]
[{Makefile,*.mk}]
indent_style = unset
[*.md]
indent_style = space
indent_size = 4
[*.pl]
[*.py]
indent_style = space
indent_size = 4
[*.rst]
indent_style = space
indent_size = 2
[*.sh]
[*.yml]
indent_style = space
indent_size = 2
[CMakeLists.txt]
indent_style = space
indent_size = 2
[{docs,contrib/ci}/*site*/**/*.conf]
indent_style = space
indent_size = 2

View File

@ -6,7 +6,7 @@ label: bug
<!--
Please carefully fill out the questionnaire below to help improve the
Please carefully fill out the questionaire below to help improve the
timely triaging of issues. Walk through the questions below and use
them as an inspiration for what information you can provide.
@ -27,7 +27,7 @@ Thank you for taking the time to report a bug with the Gluon project.
### Bug report
**What is the problem?**
<!--
<!--
- What is not working as expected?
- How is it misbehaving?
- When did the problem first start showing up?
@ -43,7 +43,7 @@ Thank you for taking the time to report a bug with the Gluon project.
-->
**Gluon Version:**
<!--
<!--
Please provide a usable Git reference before applying custom patches:
By using a Git reference:
@ -58,9 +58,9 @@ Or the URL to the relevant Gluon commit
<!--
Please provide the URL to your site configuration repository and the
explicit commit used to build the firmware experiencing the problem.
Additionally excerpts of problem-related configuration parts are
often helpful.
often helpful.
-->
**Custom patches:**

View File

@ -1,12 +0,0 @@
# Docs: <https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates>
version: 2
updates:
- package-ecosystem: github-actions
directory: /
schedule: {interval: monthly}
- package-ecosystem: pip
directory: /docs/
schedule: {interval: monthly}

237
.github/filters.yml vendored
View File

@ -1,237 +0,0 @@
{
"ath79-generic": [
"targets/ath79-generic",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"ath79-nand": [
"targets/ath79-nand",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"ath79-mikrotik": [
"targets/ath79-mikrotik",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk",
"targets/mikrotik.inc"
],
"bcm27xx-bcm2708": [
"targets/bcm27xx-bcm2708",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk",
"targets/bcm27xx.inc"
],
"bcm27xx-bcm2709": [
"targets/bcm27xx-bcm2709",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk",
"targets/bcm27xx.inc"
],
"ipq40xx-generic": [
"targets/ipq40xx-generic",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"ipq40xx-mikrotik": [
"targets/ipq40xx-mikrotik",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk",
"targets/mikrotik.inc"
],
"ipq806x-generic": [
"targets/ipq806x-generic",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"lantiq-xrx200": [
"targets/lantiq-xrx200",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"lantiq-xway": [
"targets/lantiq-xway",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"mediatek-mt7622": [
"targets/mediatek-mt7622",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"mpc85xx-p1010": [
"targets/mpc85xx-p1010",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"mpc85xx-p1020": [
"targets/mpc85xx-p1020",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"ramips-mt7620": [
"targets/ramips-mt7620",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"ramips-mt7621": [
"targets/ramips-mt7621",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"ramips-mt76x8": [
"targets/ramips-mt76x8",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"realtek-rtl838x": [
"targets/realtek-rtl838x",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"rockchip-armv8": [
"targets/rockchip-armv8",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"sunxi-cortexa7": [
"targets/sunxi-cortexa7",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"x86-generic": [
"targets/x86-generic",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk",
"targets/x86.inc"
],
"x86-geode": [
"targets/x86-geode",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"x86-legacy": [
"targets/x86-legacy",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk",
"targets/x86.inc"
],
"x86-64": [
"targets/x86-64",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk",
"targets/x86.inc",
"contrib/ci/minimal-site/**",
"package/**"
],
"bcm27xx-bcm2710": [
"targets/bcm27xx-bcm2710",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk",
"targets/bcm27xx.inc"
],
"mvebu-cortexa9": [
"targets/mvebu-cortexa9",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
]
}

59
.github/labeler.yml vendored
View File

@ -1,59 +0,0 @@
---
"3. topic: babel":
- package/gluon-l3roamd/**
- package/gluon-mesh-babel/**
- package/gluon-mmfd/**
"3. topic: batman-adv":
- docs/package/gluon-mesh-batman-adv*
- package/gluon-alfred/**
- package/gluon-cient-bridge/**
- package/gluon-mesh-batman-adv/**
- package/libbatadv/**
"3. topic: build":
- Makefile
- scripts/**
"3. topic: config-mode":
- docs/dev/web/config-mode.rst
- docs/package/gluon-config-mode-*
- packge/gluon-config-mode-*/**
- package/gluon-web*/**
"3. topic: continous integration":
- .github/workflows/*
- contrib/actions/**
- contrib/ci/**
"3. topic: docs":
- docs/**
"3. topic: fastd":
- docs/features/fastd*
- package/gluon-mesh-vpn-fastd/**
"3. topic: firewall":
- package/**/*-firewall
- package/gluon-ebtables-*/**
"3. topic: hardware":
- package/gluon-core/luasrc/lib/gluon/upgrade/010-primary-mac
- package/gluon-core/luasrc/usr/lib/lua/gluon/platform.lua
- targets/*
"3. topic: multidomain":
- docs/features/multidomain*
- docs/multidomain-site-example/**
- package/gluon-config-mode-domain-select/**
- package/gluon-scheduled-domain-switch/**
"3. topic: package":
- package/**
"3. topic: respondd":
- package/**/*respondd*
- package/gluon-respondd/**
"3. topic: status-page":
- package/gluon-status-page/**
"3. topic: tests":
- tests/**
"3. topic: tunneldigger":
- package/gluon-mesh-vpn-tunneldigger/**
"3. topic: wireguard":
- package/gluon-mesh-vpn-wireguard/**
"3. topic: wireless":
- package/gluon-mesh-wireless-sae/**
- package/gluon-private-wifi/**
- package/gluon-web-private-wifi/**
- package/gluon-web-wifi-config/**
- package/gluon-wireless-encryption/**

View File

@ -1,20 +0,0 @@
name: Backport
on:
pull_request_target:
types: [closed, labeled]
permissions:
contents: write # so it can comment
pull-requests: write # so it can create pull requests
jobs:
backport:
name: Backport Pull Request
if: github.repository_owner == 'freifunk-gluon' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name))
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Create backport PRs
uses: korthout/backport-action@v1.2.0
with:
# Config README: https://github.com/korthout/backport-action#backport-action
pull_description: |-
Automatic backport to `${target_branch}`, triggered by a label in #${pull_number}.

View File

@ -1,29 +0,0 @@
name: Build Documentation
on:
push:
paths:
- 'docs/**'
- '.github/workflows/build-docs.yml'
pull_request:
types: [opened, synchronize, reopened]
paths:
- 'docs**/'
- '.github/workflows/build-docs.yml'
permissions:
contents: read
jobs:
build-documentation:
name: docs
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Dependencies
run: sudo pip3 install sphinx-rtd-theme
- name: Build documentation
run: make -C docs html
- name: Archive build output
uses: actions/upload-artifact@v3
with:
name: docs_output
path: docs/_build/html

View File

@ -1,61 +0,0 @@
name: Build Gluon
on:
push:
branches:
- master
- next*
- v20*
pull_request:
types: [opened, synchronize, reopened]
permissions:
contents: read
jobs:
changed:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
pull-requests: read # for dorny/paths-filter to read pull requests
runs-on: ubuntu-latest
outputs:
targets: ${{ steps.filter.outputs.changes }}
steps:
- uses: actions/checkout@v3
# Filter targets based on changed files
- uses: dorny/paths-filter@v2
id: filter
with:
filters: .github/filters.yml
build_firmware:
needs: changed
if: ${{ needs.changed.outputs.targets != '[]' && needs.changed.outputs.targets != '' }}
strategy:
fail-fast: false
matrix:
# Read back changed targets to create build matrix
target: ${{ fromJSON(needs.changed.outputs.targets) }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Dependencies
run: sudo contrib/actions/install-dependencies.sh
- name: Build
run: contrib/actions/run-build.sh ${{ matrix.target }}
- name: Archive build logs
if: ${{ !cancelled() }}
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.target }}_logs
path: openwrt/logs
- name: Archive build output
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.target }}_output
path: output

View File

@ -1,30 +0,0 @@
---
name: Check patches
on:
push:
paths:
- 'modules'
- 'patches/**'
- '.github/workflows/check-patches.yml'
pull_request:
types: [opened, synchronize, reopened]
paths:
- 'modules'
- 'patches/**'
- '.github/workflows/check-patches.yml'
permissions:
contents: read
jobs:
check-patches:
name: Check patches
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Refresh patches
run: make refresh-patches GLUON_SITEDIR="contrib/ci/minimal-site"
- name: Show diff
run: git status; git diff
- name: Patch status
run: git diff-files --quiet

View File

@ -1,21 +0,0 @@
name: "Label PRs"
on:
# only execute base branch actions
pull_request_target:
permissions:
contents: read
jobs:
labels:
permissions:
contents: read # for actions/labeler to determine modified files
pull-requests: write # for actions/labeler to add labels to PRs
runs-on: ubuntu-latest
if: github.repository_owner == 'freifunk-gluon'
steps:
- uses: actions/labeler@v4
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
sync-labels: true

View File

@ -1,54 +0,0 @@
name: Lint
on:
push:
pull_request:
types: [opened, synchronize, reopened]
permissions:
contents: read
jobs:
lua:
name: Lua
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Dependencies
run: sudo apt-get -y update && sudo apt-get -y install lua-check
- name: Install example site
run: ln -s ./docs/site-example ./site
- name: Lint Lua code
run: make lint-lua
sh:
name: Shell
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Dependencies
run: sudo apt-get -y update && sudo apt-get -y install shellcheck
- name: Install example site
run: ln -s ./docs/site-example ./site
- name: Lint shell code
run: make lint-sh
editorconfig:
name: Editorconfig
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Dependencies
run: sudo apt install curl tar
- name: Install editorconfig-checker
env:
VERSION: 2.7.0
OS: linux
ARCH: amd64
run: |
curl -O -L -C - https://github.com/editorconfig-checker/editorconfig-checker/releases/download/$VERSION/ec-$OS-$ARCH.tar.gz
tar xzf ec-$OS-$ARCH.tar.gz
sudo mv ./bin/ec-$OS-$ARCH /usr/bin/editorconfig-checker
sudo chmod +x /usr/bin/editorconfig-checker
- name: Install example site
run: ln -s ./docs/site-example ./site
- name: Lint editorconfig
run: make lint-editorconfig

4
.gitignore vendored
View File

@ -4,7 +4,3 @@
/site
/tmp
/packages
.bash_history
.subversion
.wget-hsts
/.scmversion

View File

@ -12,7 +12,6 @@ include_files = {
"**/*.lua",
"package/**/luasrc/**/*",
"targets/*",
"package/features",
}
exclude_files = {
@ -25,17 +24,14 @@ files["package/**/check_site.lua"] = {
"extend",
"in_domain",
"in_site",
"value",
"need",
"need_alphanumeric_key",
"need_array",
"need_array_elements_exclusive",
"need_array_of",
"need_boolean",
"need_chanlist",
"need_domain_name",
"need_number",
"need_number_range",
"need_one_of",
"need_string",
"need_string_array",
@ -51,7 +47,6 @@ files["package/**/check_site.lua"] = {
files["package/**/luasrc/lib/gluon/config-mode/*"] = {
globals = {
"MultiListValue",
"DynamicList",
"Flag",
"Form",
@ -65,7 +60,6 @@ files["package/**/luasrc/lib/gluon/config-mode/*"] = {
"translate",
"translatef",
"Value",
"Element",
},
}
@ -91,29 +85,20 @@ files["package/**/luasrc/lib/gluon/ebtables/*"] = {
files["targets/*"] = {
read_globals = {
"class",
"config",
"defaults",
"device",
"env",
"envtrue",
"exec",
"exec_capture",
"exec_capture_raw",
"exec_raw",
"factory_image",
"include",
"istrue",
"no_opkg",
"packages",
"sysupgrade_image",
"try_config",
},
}
files["package/features"] = {
read_globals = {
"_",
"feature",
"when",
},
}

View File

@ -1,20 +0,0 @@
# .readthedocs.yaml
# Read the Docs configuration file
# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
# Required
version: 2
# Build documentation in the docs/ directory with Sphinx
sphinx:
configuration: docs/conf.py
# Optionally set the version of Python and requirements required to build your docs
python:
install:
- requirements: docs/requirements.txt
build:
os: ubuntu-22.04
tools:
python: "3.8"

View File

@ -1,30 +0,0 @@
workspace:
base: /build
#clone:
# git:
# image: woodpeckerci/plugin-git
# settings:
# recursive: true
pipeline:
build-${TARGET}:
image: "ubuntu:latest"
pull: true
environment:
- input_version=v2022.1.4
- GLUON_SITEDIR=../site
- FORCE_UNSAFE_CONFIGURE=1
- GLUON_TARGET=${TARGET}
- GLUON_DEPRECATED=1
commands:
- echo ${TARGET}
# - git config --global init.defaultBranch main
# - sed -i 's/install/install file/' contrib/actions/install-dependencies.sh
# - sh contrib/actions/install-dependencies.sh
# - sh contrib/actions/run-build.sh ${TARGET}
matrix:
TARGET:
- ath79-generic
- x86-64

View File

@ -23,8 +23,8 @@ using other parts or why the proposed change breaks other parts of the system.
They might even refuse the idea altogether - after all, they have to sleep well
after merging the changes, too.
The preferred way to discuss is in the IRC channel ([#gluon] on irc.hackint.org)
or on the [mailing list], however, you can also open a new issue on GitHub to
The preferred way to discuss in the IRC channel ([#gluon] on irc.hackint.org)
or on the [mailing list], however, you can also open a new issue on Github to
discuss there. We maintain a [list of rejected features] and we'd like to
kindly ask you to review it first. In general, looking for duplicates may save
you some time.

View File

@ -1,7 +1,7 @@
The code of Project Gluon may be distributed under the following terms, unless
noted otherwise in individual files or subtrees.
Copyright (c) Project Gluon
Copyright (c) 2013-2018, Project Gluon
All rights reserved.
Redistribution and use in source and binary forms, with or without

213
Makefile
View File

@ -4,45 +4,31 @@ LC_ALL:=C
LANG:=C
export LC_ALL LANG
.SHELLFLAGS = -ec
# check for spaces & resolve possibly relative paths
define mkabspath
ifneq (1,$(words [$($(1))]))
$$(error $(1) must not contain spaces)
endif
override $(1) := $(abspath $($(1)))
ifneq (1,$(words [$($(1))]))
$$(error $(1) must not contain spaces)
endif
override $(1) := $(abspath $($(1)))
endef
escape = '$(subst ','\'',$(1))'
GLUON_SITEDIR ?= site
$(eval $(call mkabspath,GLUON_SITEDIR))
ifeq ($(realpath $(GLUON_SITEDIR)/site.mk),)
$(error No site configuration was found. Please check out a site configuration to $(GLUON_SITEDIR))
endif
$(GLUON_SITEDIR)/site.mk:
$(error No site configuration was found. Please check out a site configuration to $(GLUON_SITEDIR))
include $(GLUON_SITEDIR)/site.mk
GLUON_RELEASE ?= $(error GLUON_RELEASE not set. GLUON_RELEASE can be set in site.mk or on the command line)
GLUON_DEPRECATED ?= 0
ifneq ($(GLUON_BRANCH),)
$(warning *** Warning: GLUON_BRANCH has been deprecated, please set GLUON_AUTOUPDATER_BRANCH and GLUON_AUTOUPDATER_ENABLED instead.)
GLUON_AUTOUPDATER_BRANCH ?= $(GLUON_BRANCH)
GLUON_AUTOUPDATER_ENABLED ?= 1
endif
GLUON_AUTOUPDATER_ENABLED ?= 0
GLUON_DEPRECATED ?= $(error GLUON_DEPRECATED not set. Please consult the documentation)
# initialize (possibly already user set) directory variables
GLUON_TMPDIR ?= tmp
GLUON_OUTPUTDIR ?= output
GLUON_IMAGEDIR ?= $(GLUON_OUTPUTDIR)/images
GLUON_PACKAGEDIR ?= $(GLUON_OUTPUTDIR)/packages
GLUON_DEBUGDIR ?= $(GLUON_OUTPUTDIR)/debug
GLUON_TARGETSDIR ?= targets
GLUON_PATCHESDIR ?= patches
@ -53,63 +39,30 @@ $(eval $(call mkabspath,GLUON_PACKAGEDIR))
$(eval $(call mkabspath,GLUON_TARGETSDIR))
$(eval $(call mkabspath,GLUON_PATCHESDIR))
GLUON_VERSION := $(shell scripts/getversion.sh '.')
GLUON_SITE_VERSION := $(shell scripts/getversion.sh '$(GLUON_SITEDIR)')
GLUON_MULTIDOMAIN ?= 0
GLUON_AUTOREMOVE ?= 0
GLUON_WLAN_MESH ?= 11s
GLUON_DEBUG ?= 0
GLUON_MINIFY ?= 1
# Can be overridden via environment/command line/... to use the Gluon
# build system for non-Gluon builds
define GLUON_BASE_FEEDS ?=
src-link gluon_base ../../package
endef
GLUON_VARS = \
GLUON_VERSION GLUON_SITE_VERSION \
GLUON_RELEASE GLUON_REGION GLUON_MULTIDOMAIN GLUON_AUTOREMOVE GLUON_DEBUG GLUON_MINIFY GLUON_DEPRECATED \
GLUON_DEVICES GLUON_TARGETSDIR GLUON_PATCHESDIR GLUON_TMPDIR GLUON_IMAGEDIR GLUON_PACKAGEDIR GLUON_DEBUGDIR \
GLUON_SITEDIR GLUON_AUTOUPDATER_BRANCH GLUON_AUTOUPDATER_ENABLED GLUON_LANGS GLUON_BASE_FEEDS \
GLUON_TARGET BOARD SUBTARGET
unexport $(GLUON_VARS)
GLUON_ENV = $(foreach var,$(GLUON_VARS),$(var)=$(call escape,$($(var))))
export GLUON_RELEASE GLUON_REGION GLUON_MULTIDOMAIN GLUON_WLAN_MESH GLUON_DEBUG GLUON_DEPRECATED GLUON_DEVICES \
GLUON_TARGETSDIR GLUON_PATCHESDIR GLUON_TMPDIR GLUON_IMAGEDIR GLUON_PACKAGEDIR
show-release:
@echo '$(GLUON_RELEASE)'
update: FORCE
@
export $(GLUON_ENV)
scripts/update.sh
scripts/patch.sh
scripts/feeds.sh
@GLUON_SITEDIR='$(GLUON_SITEDIR)' scripts/update.sh
@GLUON_SITEDIR='$(GLUON_SITEDIR)' scripts/patch.sh
@GLUON_SITEDIR='$(GLUON_SITEDIR)' scripts/feeds.sh
update-patches: FORCE
@
export $(GLUON_ENV)
scripts/update.sh
scripts/update-patches.sh
scripts/patch.sh
refresh-patches: FORCE
@
export $(GLUON_ENV)
scripts/update.sh
scripts/patch.sh
scripts/update-patches.sh
@GLUON_SITEDIR='$(GLUON_SITEDIR)' scripts/update.sh
@GLUON_SITEDIR='$(GLUON_SITEDIR)' scripts/update-patches.sh
@GLUON_SITEDIR='$(GLUON_SITEDIR)' scripts/patch.sh
update-feeds: FORCE
@$(GLUON_ENV) scripts/feeds.sh
@GLUON_SITEDIR='$(GLUON_SITEDIR)' scripts/feeds.sh
update-modules: FORCE
@scripts/update-modules.sh
update-ci: FORCE
@$(GLUON_ENV) scripts/update-ci.sh
GLUON_TARGETS :=
@ -128,109 +81,105 @@ OPENWRTMAKE = $(MAKE) -C openwrt
BOARD := $(GLUON_TARGET_$(GLUON_TARGET)_BOARD)
SUBTARGET := $(GLUON_TARGET_$(GLUON_TARGET)_SUBTARGET)
GLUON_CONFIG_VARS := \
GLUON_SITEDIR='$(GLUON_SITEDIR)' \
GLUON_RELEASE='$(GLUON_RELEASE)' \
GLUON_BRANCH='$(GLUON_BRANCH)' \
GLUON_LANGS='$(GLUON_LANGS)' \
BOARD='$(BOARD)' \
SUBTARGET='$(SUBTARGET)'
define CheckTarget
if [ -z '$(BOARD)' ]; then
echo 'Please set GLUON_TARGET to a valid target. Gluon supports the following targets:'
for target in $(GLUON_TARGETS); do
echo " * $$target"
done
exit 1
fi
endef
CheckTarget := [ '$(BOARD)' ] \
|| (echo 'Please set GLUON_TARGET to a valid target. Gluon supports the following targets:'; $(foreach target,$(GLUON_TARGETS),echo ' * $(target)';) false)
CheckExternal := test -d openwrt || (echo 'You don'"'"'t seem to have obtained the external repositories needed by Gluon; please call `make update` first!'; false)
define CheckSite
if ! GLUON_SITEDIR='$(GLUON_SITEDIR)' GLUON_SITE_CONFIG='$(1).conf' $(LUA) -e 'assert(dofile("scripts/site_config.lua")(os.getenv("GLUON_SITE_CONFIG")))'; then
echo 'Your site configuration ($(1).conf) did not pass validation'
exit 1
fi
@GLUON_SITEDIR='$(GLUON_SITEDIR)' GLUON_SITE_CONFIG='$(1).conf' $(LUA) -e 'assert(dofile("scripts/site_config.lua")(os.getenv("GLUON_SITE_CONFIG")))' \
|| (echo 'Your site configuration ($(1).conf) did not pass validation.'; false)
endef
list-targets: FORCE
@for target in $(GLUON_TARGETS); do
echo "$$target"
done
@$(foreach target,$(GLUON_TARGETS),echo '$(target)';)
lint: lint-editorconfig lint-lua lint-sh
lint-editorconfig: FORCE
@scripts/lint-editorconfig.sh
GLUON_DEFAULT_PACKAGES := hostapd-mini
lint-lua: FORCE
@scripts/lint-lua.sh
GLUON_FEATURE_PACKAGES := $(shell scripts/features.sh '$(GLUON_FEATURES)' || echo '__ERROR__')
ifneq ($(filter __ERROR__,$(GLUON_FEATURE_PACKAGES)),)
$(error Error while evaluating GLUON_FEATURES)
endif
lint-sh: FORCE
@scripts/lint-sh.sh
GLUON_PACKAGES :=
define merge_packages
$(foreach pkg,$(1),
GLUON_PACKAGES := $$(strip $$(filter-out -$$(patsubst -%,%,$(pkg)) $$(patsubst -%,%,$(pkg)),$$(GLUON_PACKAGES)) $(pkg))
)
endef
$(eval $(call merge_packages,$(GLUON_DEFAULT_PACKAGES) $(GLUON_FEATURE_PACKAGES) $(GLUON_SITE_PACKAGES)))
LUA := openwrt/staging_dir/hostpkg/bin/lua
$(LUA):
+@
@$(CheckExternal)
scripts/module_check.sh
[ -e openwrt/.config ] || $(OPENWRTMAKE) defconfig
$(OPENWRTMAKE) tools/install
$(OPENWRTMAKE) package/lua/host/compile
+@[ -e openwrt/.config ] || $(OPENWRTMAKE) defconfig
+@$(OPENWRTMAKE) tools/install
+@$(OPENWRTMAKE) package/lua/host/compile
config: $(LUA) FORCE
+@
@$(CheckExternal)
@$(CheckTarget)
$(foreach conf,site $(patsubst $(GLUON_SITEDIR)/%.conf,%,$(wildcard $(GLUON_SITEDIR)/domains/*.conf)),$(call CheckSite,$(conf)))
scripts/module_check.sh
$(CheckTarget)
$(foreach conf,site $(patsubst $(GLUON_SITEDIR)/%.conf,%,$(wildcard $(GLUON_SITEDIR)/domains/*.conf)),\
$(call CheckSite,$(conf)); \
)
@$(GLUON_CONFIG_VARS) \
$(LUA) scripts/target_config.lua '$(GLUON_TARGET)' '$(GLUON_PACKAGES)' \
> openwrt/.config
+@$(OPENWRTMAKE) defconfig
$(OPENWRTMAKE) prepare-tmpinfo
$(GLUON_ENV) $(LUA) scripts/target_config.lua > openwrt/.config
$(OPENWRTMAKE) defconfig
$(GLUON_ENV) $(LUA) scripts/target_config_check.lua
container: FORCE
@scripts/container.sh
@$(GLUON_CONFIG_VARS) \
$(LUA) scripts/target_config_check.lua '$(GLUON_TARGET)' '$(GLUON_PACKAGES)'
all: config
+@
$(GLUON_ENV) $(LUA) scripts/clean_output.lua
$(OPENWRTMAKE)
$(GLUON_ENV) $(LUA) scripts/copy_output.lua
@$(GLUON_CONFIG_VARS) \
$(LUA) scripts/clean_output.lua
+@$(OPENWRTMAKE)
@$(GLUON_CONFIG_VARS) \
$(LUA) scripts/copy_output.lua '$(GLUON_TARGET)'
clean download: config
+@$(OPENWRTMAKE) $@
dirclean: FORCE
+@
[ -e openwrt/.config ] || $(OPENWRTMAKE) defconfig
$(OPENWRTMAKE) dirclean
rm -rf $(GLUON_TMPDIR) $(GLUON_OUTPUTDIR)
+@[ -e openwrt/.config ] || $(OPENWRTMAKE) defconfig
+@$(OPENWRTMAKE) dirclean
@rm -rf $(GLUON_TMPDIR) $(GLUON_OUTPUTDIR)
manifest: $(LUA) FORCE
@
[ '$(GLUON_AUTOUPDATER_BRANCH)' ] || (echo 'Please set GLUON_AUTOUPDATER_BRANCH to create a manifest.'; false)
echo '$(GLUON_PRIORITY)' | grep -qE '^([0-9]*\.)?[0-9]+$$' || (echo 'Please specify a numeric value for GLUON_PRIORITY to create a manifest.'; false)
scripts/module_check.sh
@[ '$(GLUON_BRANCH)' ] || (echo 'Please set GLUON_BRANCH to create a manifest.'; false)
@echo '$(GLUON_PRIORITY)' | grep -qE '^([0-9]*\.)?[0-9]+$$' || (echo 'Please specify a numeric value for GLUON_PRIORITY to create a manifest.'; false)
@$(CheckExternal)
(
export $(GLUON_ENV)
echo 'BRANCH=$(GLUON_AUTOUPDATER_BRANCH)'
echo "DATE=$$($(LUA) scripts/rfc3339date.lua)"
echo 'PRIORITY=$(GLUON_PRIORITY)'
echo
for target in $(GLUON_TARGETS); do
$(LUA) scripts/generate_manifest.lua "$$target"
done
) > 'tmp/$(GLUON_AUTOUPDATER_BRANCH).manifest.tmp'
@( \
echo 'BRANCH=$(GLUON_BRANCH)' && \
echo "DATE=$$($(LUA) scripts/rfc3339date.lua)" && \
echo 'PRIORITY=$(GLUON_PRIORITY)' && \
echo && \
$(foreach GLUON_TARGET,$(GLUON_TARGETS), \
GLUON_SITEDIR='$(GLUON_SITEDIR)' $(LUA) scripts/generate_manifest.lua '$(GLUON_TARGET)' && \
) : \
) > 'tmp/$(GLUON_BRANCH).manifest.tmp'
mkdir -p '$(GLUON_IMAGEDIR)/sysupgrade'
mv 'tmp/$(GLUON_AUTOUPDATER_BRANCH).manifest.tmp' '$(GLUON_IMAGEDIR)/sysupgrade/$(GLUON_AUTOUPDATER_BRANCH).manifest'
@mkdir -p '$(GLUON_IMAGEDIR)/sysupgrade'
@mv 'tmp/$(GLUON_BRANCH).manifest.tmp' '$(GLUON_IMAGEDIR)/sysupgrade/$(GLUON_BRANCH).manifest'
FORCE: ;
.PHONY: FORCE
.NOTPARALLEL:
.ONESHELL:

View File

@ -1,21 +1,12 @@
[![Build Gluon](https://github.com/freifunk-gluon/gluon/actions/workflows/build-gluon.yml/badge.svg?branch=master)](https://github.com/freifunk-gluon/gluon/actions/workflows/build-gluon.yml)
[![License](https://img.shields.io/badge/License-BSD%202--Clause-orange.svg)](https://opensource.org/license/bsd-2-clause/)
[![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/freifunk-gluon/gluon?sort=semver)](https://github.com/freifunk-gluon/gluon/releases/latest)
# Gluon
Gluon is a firmware framework to build preconfigured OpenWrt images for public mesh networks.
## Getting started
We have a huge amount of documentation over at https://gluon.readthedocs.io/.
Documentation (incomplete at this time, contribute if you can!) may be found at
https://gluon.readthedocs.io/.
If you're new to Gluon and ready to get your feet wet, have a look at the
[Getting Started Guide](https://gluon.readthedocs.io/en/latest/user/getting_started.html).
Gluon's developers frequent an IRC chatroom at [#gluon](ircs://irc.hackint.org/#gluon)
on [hackint](https://hackint.org/). There is also a [webchat](https://webirc.hackint.org/#irc://irc.hackint.org/#gluon)
that allows for uncomplicated access from within your browser. This channel is also available as a bridged Matrix Room at [#gluon:hackint.org](https://matrix.to/#/#gluon:hackint.org).
that allows for access from within your browser.
## Issues & Feature requests
@ -30,10 +21,10 @@ the future development of Gluon.
Please refrain from using the `master` branch for anything else but development purposes!
Use the most recent release instead. You can list all releases by running `git tag`
and switch to one by running `git checkout v2022.1 && make update`.
and switch to one by running `git checkout v2019.1.3 && make update`.
If you're using the autoupdater, do not autoupdate nodes with anything but releases.
If you upgrade using random master commits the nodes *might break* eventually.
If you upgrade using random master commits the nodes *will break* eventually.
## Mailinglist

26
contrib/Dockerfile Normal file
View File

@ -0,0 +1,26 @@
FROM debian:buster-slim
RUN apt update && apt install -y --no-install-recommends \
ca-certificates \
file \
git \
subversion \
python \
build-essential \
gawk \
unzip \
libncurses5-dev \
zlib1g-dev \
libssl-dev \
libelf-dev \
wget \
time \
ecdsautils \
lua-check \
&& rm -rf /var/lib/apt/lists/*
RUN useradd -d /gluon gluon
USER gluon
VOLUME /gluon
WORKDIR /gluon

View File

@ -1,53 +0,0 @@
#!/usr/bin/env python3
# Update target filters using
# make update-ci
import re
import os
import sys
import json
# these changes trigger rebuilds on all targets
common = [
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk",
]
# these changes are only built on x86-64
extra = [
"contrib/ci/minimal-site/**",
"package/**"
]
_filter = dict()
# INCLUDE_PATTERN matches:
# include '...'
# include "..."
# include("...")
# include('...')
INCLUDE_PATTERN = "^\\s*include *\\(? *[\"']([^\"']+)[\"']"
# construct filters map from stdin
for target in sys.stdin:
target = target.strip()
_filter[target] = [
f"targets/{target}"
] + common
target_file = os.path.join(os.environ['GLUON_TARGETSDIR'], target)
with open(target_file) as f:
includes = re.findall(INCLUDE_PATTERN, f.read(), re.MULTILINE)
_filter[target].extend([f"targets/{i}" for i in includes])
if target == "x86-64":
_filter[target].extend(extra)
# print filters to stdout in json format, because json is stdlib and yaml compatible.
print(json.dumps(_filter, indent=2))

View File

@ -1,8 +0,0 @@
#!/bin/sh
set -e
apt-get -y update
apt-get -y install git build-essential python3 gawk unzip libncurses5-dev zlib1g-dev libssl-dev libelf-dev wget rsync time qemu-utils
apt-get -y clean
rm -rf /var/lib/apt/lists/*

View File

@ -1,13 +0,0 @@
#!/bin/sh
set -e
export BROKEN=1
export GLUON_AUTOREMOVE=1
export GLUON_DEPRECATED=1
export GLUON_SITEDIR="contrib/ci/minimal-site"
export GLUON_TARGET="$1"
export BUILD_LOG=1
make update
make -j2 V=s

27
contrib/ci/Jenkinsfile vendored Normal file
View File

@ -0,0 +1,27 @@
pipeline {
agent { label 'gluon-docker' }
environment {
GLUON_SITEDIR = "contrib/ci/minimal-site"
GLUON_TARGET = "x86-64"
BUILD_LOG = "1"
}
stages {
stage('lint') {
steps {
sh 'luacheck package scripts targets'
}
}
stage('docs') {
steps {
sh 'make -C docs html'
}
}
stage('build') {
steps {
sh 'make update'
sh 'test -d /dl_cache && ln -s /dl_cache openwrt/dl || true'
sh 'make -j$(nproc) V=s'
}
}
}
}

View File

@ -0,0 +1,33 @@
FROM gluon
USER root
# this is needed to install default-jre-headless in debian slim images
RUN mkdir -p /usr/share/man/man1
RUN apt-get update && apt-get install -y default-jre-headless curl python3 python3-pip python3-sphinx git
RUN pip3 install jenkins-webapi sphinx_rtd_theme
# Get docker-compose in the agent container
RUN mkdir -p /home/jenkins
RUN mkdir -p /var/lib/jenkins
RUN mkdir -p /remoting
RUN chown gluon /home/jenkins
RUN chown gluon /var/lib/jenkins
RUN chown gluon /remoting
# Start-up script to attach the slave to the master
ADD slave.py /var/lib/jenkins/slave.py
USER gluon
WORKDIR /home/jenkins
ENV JENKINS_URL "https://build.ffh.zone/"
ENV JENKINS_SLAVE_ADDRESS ""
ENV SLAVE_EXECUTORS "1"
ENV SLAVE_LABELS "docker"
ENV SLAVE_WORING_DIR ""
ENV CLEAN_WORKING_DIR "true"
CMD [ "python3", "-u", "/var/lib/jenkins/slave.py" ]

View File

@ -0,0 +1,32 @@
# Gluon CI using Jenkins
## Requirements
- Only a host with docker.
## Architecture
![Screenshot from 2019-09-24 00-20-32](https://user-images.githubusercontent.com/601153/65468827-9edf2c80-de65-11e9-9fe0-56c3487719c3.png)
## Installation
You can support the gluon CI with your infrastructure:
1. You need to query @lemoer (freifunk@irrelefant.net) for credentials.
2. He will give you a `SLAVE_NAME` and a `SLAVE_SECRET` for your host.
3. Then go to your docker host and substitute the values for `SLAVE_NAME` and a `SLAVE_SECRET` in the following statements:
``` shell
git clone https://github.com/freifunk-gluon/gluon/
cd gluon/contrib/ci/jenkins-community-slave/
docker build -t gluon-jenkins .
mkdir /var/cache/openwrt_dl_cache/
docker run --detach --restart always \
-e "SLAVE_NAME=whoareyou" \
-e "SLAVE_SECRET=changeme" \
-v /var/cache/openwrt_dl_cache/:/dl_cache
```
4. Check whether the instance is running correctly:
- Your node should appear [here](https://build.ffh.zone/label/gluon-docker/).
- When clicking on it, Jenkins should state "Agent is connected." like here:
![Screenshot from 2019-09-24 01-00-52](https://user-images.githubusercontent.com/601153/65469209-dac6c180-de66-11e9-9d62-0d1c3b6b940b.png)
5. **Your docker container needs to be rebuilt, when the build dependencies of gluon change. So please be aware of that and update your docker container in that case.**
## Backoff
- If @lemoer is not reachable, please be patient at first if possible. Otherwise contact info@hannover.freifunk.net or join the channel `#freifunkh` on hackint.

View File

@ -0,0 +1,103 @@
from jenkins import Jenkins, JenkinsError, NodeLaunchMethod
import os
import signal
import sys
import urllib.request
import subprocess
import shutil
import requests
import time
slave_jar = '/var/lib/jenkins/slave.jar'
slave_name = os.environ['SLAVE_NAME'] if os.environ['SLAVE_NAME'] != '' else 'docker-slave-' + os.environ['HOSTNAME']
jnlp_url = os.environ['JENKINS_URL'] + '/computer/' + slave_name + '/slave-agent.jnlp'
slave_jar_url = os.environ['JENKINS_URL'] + '/jnlpJars/slave.jar'
print(slave_jar_url)
process = None
def clean_dir(dir):
for root, dirs, files in os.walk(dir):
for f in files:
os.unlink(os.path.join(root, f))
for d in dirs:
shutil.rmtree(os.path.join(root, d))
def slave_create(node_name, working_dir, executors, labels):
j = Jenkins(os.environ['JENKINS_URL'], os.environ['JENKINS_USER'], os.environ['JENKINS_PASS'])
j.node_create(node_name, working_dir, num_executors = int(executors), labels = labels, launcher = NodeLaunchMethod.JNLP)
def slave_delete(node_name):
j = Jenkins(os.environ['JENKINS_URL'], os.environ['JENKINS_USER'], os.environ['JENKINS_PASS'])
j.node_delete(node_name)
def slave_download(target):
if os.path.isfile(slave_jar):
os.remove(slave_jar)
loader = urllib.request.URLopener()
loader.retrieve(os.environ['JENKINS_URL'] + '/jnlpJars/slave.jar', '/var/lib/jenkins/slave.jar')
def slave_run(slave_jar, jnlp_url):
params = [ 'java', '-jar', slave_jar, '-jnlpUrl', jnlp_url ]
if os.environ['JENKINS_SLAVE_ADDRESS'] != '':
params.extend([ '-connectTo', os.environ['JENKINS_SLAVE_ADDRESS' ] ])
if os.environ['SLAVE_SECRET'] == '':
params.extend([ '-jnlpCredentials', os.environ['JENKINS_USER'] + ':' + os.environ['JENKINS_PASS'] ])
else:
params.extend([ '-secret', os.environ['SLAVE_SECRET'] ])
return subprocess.Popen(params, stdout=subprocess.PIPE)
def signal_handler(sig, frame):
if process != None:
process.send_signal(signal.SIGINT)
signal.signal(signal.SIGINT, signal_handler)
signal.signal(signal.SIGTERM, signal_handler)
def h():
print("ERROR!: please specify environment variables")
print("")
print('docker run -e "SLAVE_NAME=test" -e "SLAVE_SECRET=..." jenkins')
if os.environ.get('SLAVE_NAME') is None:
h()
sys.exit(1)
if os.environ.get('SLAVE_SECRET') is None:
h()
sys.exit(1)
def master_ready(url):
try:
r = requests.head(url, verify=False, timeout=None)
return r.status_code == requests.codes.ok
except:
return False
while not master_ready(slave_jar_url):
print("Master not ready yet, sleeping for 10sec!")
time.sleep(10)
slave_download(slave_jar)
print('Downloaded Jenkins slave jar.')
if os.environ['SLAVE_WORING_DIR']:
os.setcwd(os.environ['SLAVE_WORING_DIR'])
if os.environ['CLEAN_WORKING_DIR'] == 'true':
clean_dir(os.getcwd())
print("Cleaned up working directory.")
if os.environ['SLAVE_NAME'] == '':
slave_create(slave_name, os.getcwd(), os.environ['SLAVE_EXECUTORS'], os.environ['SLAVE_LABELS'])
print('Created temporary Jenkins slave.')
process = slave_run(slave_jar, jnlp_url)
print('Started Jenkins slave with name "' + slave_name + '" and labels [' + os.environ['SLAVE_LABELS'] + '].')
process.wait()
print('Jenkins slave stopped.')
if os.environ['SLAVE_NAME'] == '':
slave_delete(slave_name)
print('Removed temporary Jenkins slave.')

View File

@ -1,4 +1,4 @@
-- This is an example site configuration for Gluon v2022.1
-- This is an example site configuration for Gluon v2018.2+
--
-- Take a look at the documentation located at
-- https://gluon.readthedocs.io/ for details.
@ -10,7 +10,7 @@
-- hostname_prefix = 'freifunk-',
-- Name of the community.
site_name = 'Continuous Integration',
site_name = 'Continious Integration',
-- Shorthand of the community.
site_code = 'ci',
@ -42,14 +42,10 @@
-- Wireless channel.
channel = 1,
-- ESSIDs used for client network.
-- ESSID used for client network.
ap = {
ssid = 'gluon-ci-ssid',
-- disabled = true, -- (optional)
-- Configuration for a backward compatible OWE network below.
owe_ssid = 'owe.gluon-ci-ssid', -- (optional - SSID for OWE client network)
owe_transition_mode = true, -- (optional - enables transition-mode - requires ssid as well as owe_ssid)
},
mesh = {
@ -76,12 +72,6 @@
},
},
mesh = {
vxlan = true,
batman_adv = {
routing_algo = 'BATMAN_IV',
},
},
-- The next node feature allows clients to always reach the node it is
-- connected to using a known IP address.
@ -92,19 +82,16 @@
ip6 = 'fd::1',
},
-- Options specific to routing protocols (optional)
-- mesh = {
-- Options specific to the batman-adv routing protocol (optional)
-- batman_adv = {
-- Gateway selection class (optional)
-- The default class 20 is based on the link quality (TQ) only,
-- class 1 is calculated from both the TQ and the announced bandwidth
-- gw_sel_class = 1,
-- },
-- },
mesh = {
vxlan = true,
batman_adv = {
routing_algo = 'BATMAN_IV'
}
},
mesh_vpn = {
-- enabled = true,
mtu = 1312,
fastd = {
-- Refer to https://fastd.readthedocs.io/en/latest/ to better understand
@ -112,7 +99,6 @@
-- List of crypto-methods to use.
methods = {'salsa2012+umac'},
mtu = 1312,
-- configurable = true,
-- syslog_level = 'warn',
@ -125,18 +111,7 @@
peers = {
},
-- Optional: nested peer groups
-- groups = {
-- backbone_sub = {
-- ...
-- },
-- ...
-- },
},
-- Optional: additional peer groups, possibly with other limits
-- backbone2 = {
-- ...
-- },
},
},
@ -153,8 +128,7 @@
},
autoupdater = {
-- Default branch (optional), can be overridden by setting GLUON_AUTOUPDATER_BRANCH when building.
-- Set GLUON_AUTOUPDATER_ENABLED to enable the autoupdater by default for newly installed nodes.
-- Default branch. Don't forget to set GLUON_BRANCH when building!
branch = 'stable',
-- List of branches. You may define multiple branches.
@ -169,7 +143,7 @@
-- Have multiple maintainers sign your build and only
-- accept it when a sufficient number of them have
-- signed it.
good_signatures = 0,
good_signatures = 2,
-- List of public keys of maintainers.
pubkeys = {

View File

@ -1 +0,0 @@
../minimal-site/i18n

View File

@ -1 +0,0 @@
../minimal-site/modules

View File

@ -1,176 +0,0 @@
-- This is an example site configuration for Gluon v2022.1
--
-- Take a look at the documentation located at
-- https://gluon.readthedocs.io/ for details.
--
-- This configuration will not work as is. You're required to make
-- community specific changes to it!
{
-- Used for generated hostnames, e.g. freifunk-abcdef123456. (optional)
-- hostname_prefix = 'freifunk-',
-- Name of the community.
site_name = 'Continuous Integration',
-- Shorthand of the community.
site_code = 'ci',
-- 32 bytes of random data, encoded in hexadecimal
-- This data must be unique among all sites and domains!
-- Can be generated using: echo $(hexdump -v -n 32 -e '1/1 "%02x"' </dev/urandom)
domain_seed = 'e9608c4ff338b920992d629190e9ff11049de1dfc3f299eac07792dfbcda341c',
-- Prefixes used by clients within the mesh.
-- prefix6 is required, prefix4 can be omitted if next_node.ip4
-- is not set.
prefix6 = 'fdff:cafe:cafe:cafe::/64',
-- Prefixes used by nodes within the mesh
node_prefix6 = 'fdff:cafe:cafe:cafe::/64',
-- Timezone of your community.
-- See https://openwrt.org/docs/guide-user/base-system/system_configuration#time_zones
timezone = 'CET-1CEST,M3.5.0,M10.5.0/3',
-- List of NTP servers in your community.
-- Must be reachable using IPv6!
-- ntp_servers = {'1.ntp.services.ffxx'},
-- Wireless regulatory domain of your community.
regdom = 'DE',
-- Wireless configuration for 2.4 GHz interfaces.
wifi24 = {
-- Wireless channel.
channel = 1,
-- ESSIDs used for client network.
ap = {
ssid = 'gluon-ci-ssid',
-- disabled = true, -- (optional)
-- Configuration for a backward compatible OWE network below.
owe_ssid = 'owe.gluon-ci-ssid', -- (optional - SSID for OWE client network)
owe_transition_mode = true, -- (optional - enables transition-mode - requires ssid as well as owe_ssid)
},
mesh = {
-- Adjust these values!
id = 'ueH3uXjdp', -- usually you don't want users to connect to this mesh-SSID, so use a cryptic id that no one will accidentally mistake for the client WiFi
mcast_rate = 12000,
-- disabled = true, -- (optional)
},
},
-- Wireless configuration for 5 GHz interfaces.
-- This should be equal to the 2.4 GHz variant, except
-- for channel.
wifi5 = {
channel = 44,
outdoor_chanlist = '100-140',
ap = {
ssid = 'gluon-ci-ssid',
-- disabled = true, -- (optional)
-- Configuration for a backward compatible OWE network below.
owe_ssid = 'owe.gluon-ci-ssid', -- (optional - SSID for OWE client network)
owe_transition_mode = true, -- (optional - enables transition-mode - requires ssid as well as owe_ssid)
},
mesh = {
-- Adjust these values!
id = 'ueH3uXjdp',
mcast_rate = 12000,
},
},
-- The next node feature allows clients to always reach the node it is
-- connected to using a known IP address.
next_node = {
-- anycast IPs of all nodes
name = { 'nextnode.location.community.example.org', 'nextnode', 'nn' },
ip4 = '10.0.0.1',
ip6 = 'fd::1',
},
-- Options specific to routing protocols (optional)
mesh = {
vxlan = true,
olsrd = {},
},
mesh_vpn = {
-- enabled = true,
fastd = {
-- Refer to https://fastd.readthedocs.io/en/latest/ to better understand
-- what these options do.
-- List of crypto-methods to use.
methods = {'salsa2012+umac'},
mtu = 1312,
-- configurable = true,
-- syslog_level = 'warn',
groups = {
backbone = {
-- Limit number of connected peers to reduce bandwidth.
limit = 1,
-- List of peers.
peers = {
},
-- Optional: nested peer groups
-- groups = {
-- backbone_sub = {
-- ...
-- },
-- ...
-- },
},
-- Optional: additional peer groups, possibly with other limits
-- backbone2 = {
-- ...
-- },
},
},
bandwidth_limit = {
-- The bandwidth limit can be enabled by default here.
enabled = false,
-- Default upload limit (kbit/s).
egress = 200,
-- Default download limit (kbit/s).
ingress = 3000,
},
},
autoupdater = {
-- Default branch (optional), can be overridden by setting GLUON_AUTOUPDATER_BRANCH when building.
-- Set GLUON_AUTOUPDATER_ENABLED to enable the autoupdater by default for newly installed nodes.
branch = 'stable',
-- List of branches. You may define multiple branches.
branches = {
stable = {
name = 'stable',
-- List of mirrors to fetch images from. IPv6 required!
mirrors = {'http://1.updates.services.ffhl/stable/sysupgrade'},
-- Number of good signatures required.
-- Have multiple maintainers sign your build and only
-- accept it when a sufficient number of them have
-- signed it.
good_signatures = 0,
-- List of public keys of maintainers.
pubkeys = {
},
},
},
},
}

View File

@ -1,57 +0,0 @@
## gluon site.mk makefile example
## GLUON_FEATURES
# Specify Gluon features/packages to enable;
# Gluon will automatically enable a set of packages
# depending on the combination of features listed
GLUON_FEATURES := \
autoupdater \
ebtables-filter-multicast \
ebtables-filter-ra-dhcp \
ebtables-limit-arp \
mesh-olsrd \
mesh-vpn-fastd \
respondd \
status-page \
web-advanced \
web-wizard
GLUON_FEATURES_standard := \
wireless-encryption-wpa3
## GLUON_SITE_PACKAGES
# Specify additional Gluon/OpenWrt packages to include here;
# A minus sign may be prepended to remove a packages from the
# selection that would be enabled by default or due to the
# chosen feature flags
GLUON_SITE_PACKAGES := iwinfo
## DEFAULT_GLUON_RELEASE
# version string to use for images
# gluon relies on
# opkg compare-versions "$1" '>>' "$2"
# to decide if a version is newer or not.
DEFAULT_GLUON_RELEASE := 0.6+exp$(shell date '+%Y%m%d')
# Variables set with ?= can be overwritten from the command line
## GLUON_RELEASE
# call make with custom GLUON_RELEASE flag, to use your own release version scheme.
# e.g.:
# $ make images GLUON_RELEASE=23.42+5
# would generate images named like this:
# gluon-ff%site_code%-23.42+5-%router_model%.bin
GLUON_RELEASE ?= $(DEFAULT_GLUON_RELEASE)
# Default priority for updates.
GLUON_PRIORITY ?= 0
# Region code required for some images; supported values: us eu
GLUON_REGION ?= eu
# Languages to include
GLUON_LANGS ?= en de

View File

@ -5,7 +5,8 @@
# * Works only if directory names and package names are the same (true for all Gluon packages)
# * Doesn't show dependencies through virtual packages correctly
set -e
shopt -s nullglob

View File

@ -1,36 +0,0 @@
FROM debian:bullseye-slim
ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
file \
git \
python3 \
build-essential \
gawk \
unzip \
libncurses5-dev \
zlib1g-dev \
libssl-dev \
libelf-dev \
wget \
rsync \
time \
qemu-utils \
ecdsautils \
lua-check \
shellcheck \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
RUN mkdir /tmp/ec &&\
wget -O /tmp/ec/ec-linux-amd64.tar.gz https://github.com/editorconfig-checker/editorconfig-checker/releases/download/2.7.0/ec-linux-amd64.tar.gz &&\
tar -xvzf /tmp/ec/ec-linux-amd64.tar.gz &&\
mv bin/ec-linux-amd64 /usr/local/bin/editorconfig-checker &&\
rm -rf /tmp/ec
RUN useradd -d /gluon gluon
USER gluon
VOLUME /gluon
WORKDIR /gluon

View File

@ -4,7 +4,7 @@ use strict;
use warnings;
use Text::Balanced qw(extract_bracketed extract_delimited extract_tagged);
@ARGV >= 1 || die "Usage: $0 <source directory>\n";
@ARGV >= 1 || die "Usage: $0 <source direcory>\n";
my %stringtable;
@ -79,7 +79,7 @@ if( open F, "find @ARGV -type f '(' -name '*.html' -o -name '*.lua' ')' |" )
{
my $stag = quotemeta $1;
my $etag = $stag;
$etag =~ s/\[/]/g;
$etag =~ s/\[/]/g;
( $res ) = extract_tagged($code, $stag, $etag);

View File

@ -1,6 +1,5 @@
#!/bin/bash
set -e
# Script to list all upgrade scripts in a clear manner
# Limitations:
# * Does only show scripts of packages whose `files'/`luasrc' directories represent the whole image filesystem (which are all Gluon packages)
@ -28,7 +27,7 @@ fi
pushd "$(dirname "$0")/.." >/dev/null
find ./package packages -name Makefile | grep -v '^packages/packages/' | while read -r makefile; do
find ./package packages -name Makefile | while read makefile; do
dir="$(dirname "$makefile")"
pushd "$dir" >/dev/null
@ -37,12 +36,13 @@ find ./package packages -name Makefile | grep -v '^packages/packages/' | while r
dirname="$(dirname "$dir" | cut -d/ -f 3-)"
package="$(basename "$dir")"
for file in "${SUFFIX1}"/* "${SUFFIX2}"/*; do
basename="$(basename "${file}")"
suffix="$(dirname "${file}")"
printf "%s\t%s\n" "${basename}" "${BLUE}${repo}${RESET}/${dirname}${dirname:+/}${RED}${package}${RESET}/${suffix}/${GREEN}${basename}${RESET}"
for file in "${SUFFIX1}"/*; do
echo "${GREEN}$(basename "${file}")${RESET}" "(${BLUE}${repo}${RESET}/${dirname}${dirname:+/}${RED}${package}${RESET}/${SUFFIX1})"
done
for file in "${SUFFIX2}"/*; do
echo "${GREEN}$(basename "${file}")${RESET}" "(${BLUE}${repo}${RESET}/${dirname}${dirname:+/}${RED}${package}${RESET}/${SUFFIX2})"
done
popd >/dev/null
done | sort | cut -f2-
done | sort
popd >/dev/null

View File

@ -1,149 +0,0 @@
#!/bin/sh
set -e
topdir="$(realpath "$(dirname "${0}")/../openwrt")"
# defaults to qemu run script
ssh_host=localhost
build_only=0
preserve_config=1
print_help() {
echo "$0 [OPTIONS] PACAKGE_DIR [PACKAGE_DIR] ..."
echo ""
echo " -h print this help"
echo " -r HOST use a remote machine as target machine. By default if this"
echo " option is not given, push_pkg.sh will use a locally"
echo " running qemu instance started by run_qemu.sh."
echo " -p PORT use PORT as ssh port (default is 22)"
echo " -b build only, do not push"
echo " -P do not preserve /etc/config. By default, if a package"
echo " defines a config file in /etc/config, this config file"
echo " will be preserved. If you specify this flag, the package"
echo " default will be installed instead."
echo ""
echo ' To change gluon variables, run e.g. "make config GLUON_MINIFY=0"'
echo ' because then the gluon logic will be triggered, and openwrt/.config'
echo ' will be regenerated. The variables from openwrt/.config are already'
echo ' automatically used for this script.'
echo
}
while getopts "p:r:hbP" opt
do
case $opt in
P) preserve_config=0;;
p) ssh_port="${OPTARG}";;
r) ssh_host="${OPTARG}"; [ -z "$ssh_port" ] && ssh_port=22;;
b) build_only=1;;
h) print_help; exit 0;;
*) ;;
esac
done
shift $(( OPTIND - 1 ))
[ -z "$ssh_port" ] && ssh_port=2223
if [ "$build_only" -eq 0 ]; then
remote_info=$(ssh -p "${ssh_port}" "root@${ssh_host}" '
source /etc/os-release
printf "%s\\t%s\\n" "$OPENWRT_BOARD" "$OPENWRT_ARCH"
')
REMOTE_OPENWRT_BOARD="$(echo "$remote_info" | cut -f 1)"
REMOTE_OPENWRT_ARCH="$(echo "$remote_info" | cut -f 2)"
# check target
if ! grep -q "CONFIG_TARGET_ARCH_PACKAGES=\"${REMOTE_OPENWRT_ARCH}\"" "${topdir}/.config"; then
echo "Configured OpenWrt Target is not matching with the target machine!" 1>&2
echo
printf "%s" " Configured architecture: " 1>&2
grep "CONFIG_TARGET_ARCH_PACKAGES" "${topdir}/.config" 1>&2
echo "Target machine architecture: ${REMOTE_OPENWRT_ARCH}" 1>&2
echo 1>&2
echo "To switch the local with the run with the corresponding GLUON_TARGET:" 1>&2
echo " make GLUON_TARGET=... config" 1>&2
exit 1
fi
fi
if [ $# -lt 1 ]; then
echo ERROR: Please specify a PACKAGE_DIR. For example:
echo
echo " \$ $0 package/gluon-core"
exit 1
fi
while [ $# -gt 0 ]; do
pkgdir="$1"; shift
echo "Package: ${pkgdir}"
if ! [ -f "${pkgdir}/Makefile" ]; then
echo "ERROR: ${pkgdir} does not contain a Makefile"
exit 1
fi
if ! grep -q BuildPackage "${pkgdir}/Makefile"; then
echo "ERROR: ${pkgdir}/Makefile does not contain a BuildPackage command"
exit 1
fi
opkg_packages="$(make TOPDIR="${topdir}" -C "${pkgdir}" DUMP=1 | awk '/^Package: / { print $2 }')"
search_package() {
find "$2" -name "$1_*.ipk" -printf '%f\n'
}
make TOPDIR="${topdir}" -C "${pkgdir}" clean
make TOPDIR="${topdir}" -C "${pkgdir}" compile
if [ "$build_only" -eq 1 ]; then
continue
fi
# IPv6 addresses need brackets around the ${ssh_host} for scp!
if echo "${ssh_host}" | grep -q :; then
BL=[
BR=]
fi
for pkg in ${opkg_packages}; do
for feed in "${topdir}/bin/packages/${REMOTE_OPENWRT_ARCH}/"*/ "${topdir}/bin/targets/${REMOTE_OPENWRT_BOARD}/packages/"; do
printf "%s" "searching ${pkg} in ${feed}: "
filename=$(search_package "${pkg}" "${feed}")
if [ -n "${filename}" ]; then
echo found!
break
else
echo not found
fi
done
if [ "$preserve_config" -eq 0 ]; then
opkg_flags=" --force-maintainer"
fi
# shellcheck disable=SC2029
if [ -n "$filename" ]; then
scp -O -P "${ssh_port}" "$feed/$filename" "root@${BL}${ssh_host}${BR}:/tmp/${filename}"
ssh -p "${ssh_port}" "root@${ssh_host}" "
set -e
echo Running opkg:
opkg install --force-reinstall ${opkg_flags} '/tmp/${filename}'
rm '/tmp/${filename}'
gluon-reconfigure
"
else
# Some packages (e.g. procd-seccomp) seem to contain BuildPackage commands
# which do not generate *.ipk files. Till this point, I am not aware why
# this is happening. However, dropping a warning if the corresponding
# *.ipk is not found (maybe due to other reasons as well), seems to
# be more reasonable than aborting. Before this commit, the command
# has failed.
echo "Warning: ${pkg}*.ipk not found! Ignoring." 1>&2
fi
done
done

View File

@ -1,15 +0,0 @@
#!/bin/sh
# Note: You can exit the qemu instance by first pressing "CTRL + a" then "c".
# Then you enter the command mode of qemu and can exit by typing "quit".
qemu-system-x86_64 \
-d 'cpu_reset' \
-enable-kvm \
-gdb tcp::1234 \
-nographic \
-netdev user,id=wan,hostfwd=tcp::2223-10.0.2.15:22 \
-device virtio-net-pci,netdev=wan,addr=0x06,id=nic1 \
-netdev user,id=lan,hostfwd=tcp::6080-192.168.1.1:80,hostfwd=tcp::2222-192.168.1.1:22,net=192.168.1.100/24 \
-device virtio-net-pci,netdev=lan,addr=0x05,id=nic2 \
"$@"

View File

@ -2,7 +2,7 @@
set -e
if [ $# -ne 2 ] || [ "-h" = "$1" ] || [ "--help" = "$1" ] || [ ! -r "$1" ] || [ ! -r "$2" ]; then
if [ $# -ne 2 -o "-h" = "$1" -o "--help" = "$1" -o ! -r "$1" -o ! -r "$2" ]; then
cat <<EOHELP
Usage: $0 <secret> <manifest>
@ -29,22 +29,11 @@ lower="$(mktemp)"
trap 'rm -f "$upper" "$lower"' EXIT
awk 'BEGIN {
sep = 0
}
/^---$/ {
sep = 1;
next
}
{
if(sep == 0) {
print > "'"$upper"'"
} else {
print > "'"$lower"'"
}
}' "$manifest"
awk 'BEGIN { sep=0 }
/^---$/ { sep=1; next }
{ if(sep==0) print > "'"$upper"'";
else print > "'"$lower"'"}' \
"$manifest"
ecdsasign "$upper" < "$SECRET" >> "$lower"

View File

@ -1,7 +1,7 @@
#!/bin/sh
if [ $# -eq 0 ] || [ "-h" = "$1" ] || [ "-help" = "$1" ] || [ "--help" = "$1" ]; then
cat <<EOHELP
if [ $# -eq 0 -o "-h" = "$1" -o "-help" = "$1" -o "--help" = "$1" ]; then
cat <<EOHELP
Usage: $0 <public> <signed manifest>
sigtest.sh checks if a manifest is signed by the public key <public>. There is
@ -12,7 +12,7 @@ See also:
* https://gluon.readthedocs.io/en/latest/features/autoupdater.html
EOHELP
exit 1
exit 1
fi
public="$1"
@ -21,29 +21,18 @@ upper="$(mktemp)"
lower="$(mktemp)"
ret=1
awk 'BEGIN {
sep = 0
}
awk "BEGIN { sep=0 }
/^---\$/ { sep=1; next }
{ if(sep==0) print > \"$upper\";
else print > \"$lower\"}" \
"$manifest"
/^---$/ {
sep = 1;
next
}
{
if(sep == 0) {
print > "'"$upper"'"
} else {
print > "'"$lower"'"
}
}' "$manifest"
while read -r line
while read line
do
if ecdsaverify -s "$line" -p "$public" "$upper"; then
ret=0
break
fi
if ecdsaverify -s "$line" -p "$public" "$upper"; then
ret=0
break
fi
done < "$lower"
rm -f "$upper" "$lower"

View File

@ -1,10 +0,0 @@
/*
This fixes the vertical position of list markers when the first
element in the <li> is a <pre> block
Scrolling inside the <pre> block is still working as expected
*/
.rst-content pre.literal-block,
.rst-content div[class^='highlight'] pre {
overflow: visible;
}

View File

@ -20,11 +20,11 @@
# -- Project information -----------------------------------------------------
project = 'Gluon'
copyright = 'Project Gluon'
copyright = '2015-2019, Project Gluon'
author = 'Project Gluon'
# The short X.Y version
version = '2022.1'
version = '2019.1.3'
# The full version, including alpha/beta/rc tags
release = version
@ -58,7 +58,7 @@ master_doc = 'index'
#
# This is also used if you do content translation via gettext catalogs.
# Usually you set "language" from the command line for these cases.
language = 'en'
language = None
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
@ -71,13 +71,6 @@ pygments_style = None
# Don't highlight code blocks unless requested explicitly
highlight_language = 'none'
# Ignore links to the config mode, as well as anchors on on hackint, which are
# used to mark channel names and do not exist. Regular links are not effected.
linkcheck_ignore = [
'http://192.168.1.1',
'https://webirc.hackint.org/#'
]
# -- Options for HTML output -------------------------------------------------
@ -96,7 +89,7 @@ html_theme = 'sphinx_rtd_theme'
# relative to this directory. They are copied after the builtin static files,
# so a file named "default.css" will overwrite the builtin "default.css".
#
html_static_path = ['_static']
# html_static_path = ['_static']
# Custom sidebar templates, must be a dictionary that maps document names
# to template names.
@ -108,10 +101,6 @@ html_static_path = ['_static']
#
# html_sidebars = {}
# These paths are either relative to html_static_path
# or fully qualified paths (eg. https://...)
html_css_files = ['css/custom.css']
# -- Options for HTMLHelp output ---------------------------------------------
@ -144,7 +133,7 @@ latex_elements = {
# author, documentclass [howto, manual, or own class]).
latex_documents = [
(master_doc, 'Gluon.tex', 'Gluon Documentation',
'Project Gluon', 'manual'),
'Project Gluon', 'manual'),
]
@ -154,7 +143,7 @@ latex_documents = [
# (source start file, name, description, authors, manual section).
man_pages = [
(master_doc, 'gluon', 'Gluon Documentation',
[author], 1)
[author], 1)
]
@ -165,8 +154,8 @@ man_pages = [
# dir menu entry, description, category)
texinfo_documents = [
(master_doc, 'Gluon', 'Gluon Documentation',
author, 'Gluon', 'One line description of project.',
'Miscellaneous'),
author, 'Gluon', 'One line description of project.',
'Miscellaneous'),
]

View File

@ -23,7 +23,6 @@ webbrowser. You're welcome to join us!
.. _hackint: https://hackint.org/
.. _webchat: https://webirc.hackint.org/#irc://irc.hackint.org/#gluon
.. _working-with-repositories:
Working with repositories
-------------------------
@ -33,7 +32,7 @@ rerun
::
make update
make update
`make update` also applies the patches that can be found in the directories found in
`patches`; the resulting branch will be called `patched`, while the commit specified in `modules`
@ -45,7 +44,7 @@ using
::
make update-patches
make update-patches
If applying a patch fails because you have changed the base commit, the repository will be reset to the old `patched` branch
and you can try rebasing it onto the new `base` branch yourself and after that call `make update-patches` to fix the problem.
@ -53,14 +52,6 @@ and you can try rebasing it onto the new `base` branch yourself and after that c
Always call `make update-patches` after making changes to a module repository as `make update` will overwrite your
commits, making `git reflog` the only way to recover them!
::
make refresh-patches
In order to refresh patches when updating feeds or the OpenWrt base, `make refresh-patches` applies and updates all of their patches without installing feed packages to the OpenWrt build system.
This command speeds up the maintenance of updating OpenWrt and feeds.
Development Guidelines
----------------------
Lua should be used instead of sh whenever sensible. The following criteria
@ -76,10 +67,5 @@ apply:
- use tabs instead of spaces
- trailing whitespaces must be eliminated
- files need to end with a final newline
- newlines need to have Unix line endings (lf)
To that end we provide a ``.editorconfig`` configuration, which is supported by most
of the editors out there.
If you add Lua scripts to gluon, check formatting with ``luacheck``.

View File

@ -1,104 +0,0 @@
Build system
============
This page explains internals of the Gluon build system. It is currently very
incomplete; please contribute if you can!
Feed management
---------------
Rather that relying on the *feed.conf* mechanism of OpenWrt directly, Gluon
manages its feeds (*"modules"*) using a collection of scripts. This solution was
selected for multiple reasons:
- Feeds lists from Gluon base and the site repository are combined
- Patchsets are applied to downloaded feed repositories automatically
The following variables specifically affect the feed management:
GLUON_FEEDS
List of base feeds; defined in file *modules* in Gluon base
GLUON_SITE_FEED
List of site feeds; defined in file *modules* in site config
\*_REPO, \*_BRANCH, \*_COMMIT
Git repository URL, branch and
commit ID of the feeds to use. The branch name may be omitted; the default
branch will be used in this case.
GLUON_BASE_FEEDS
Additional feed definitions to be added to *feeds.conf*
verbatim. By default, this contains a reference to the Gluon base packages;
when using the Gluon build system to build a non-Gluon system, the variable
can be set to the empty string.
Helper scripts
--------------
Several tasks of the build process have been separated from the Makefile into
external scripts, which are stored in the *scripts* directory. This was done to
ease maintenance of these scripts and the Makefile, by avoiding a lot of escaping.
These scripts are either bash or Lua scripts that run on the build system.
default_feeds.sh
Defines the constant ``DEFAULT_FEEDS`` with the names of all feeds listed in
*openwrt/feeds.conf.default*. This script is only used as an include by other
scripts.
feeds.sh
Creates the *openwrt/feeds.conf* file from ``FEEDS`` and ``DEFAULT_FEEDS``. The
feeds from ``FEEDS`` are linked to the matching subfolder of *packages/* and not
explicitly defined feeds of ``DEFAULT_FEEDS`` are setup as dummy (src-dummy).
This *openwrt/feeds.conf* is used to reinstall all packages of all feeds with
the *openwrt/scripts/feeds* tool.
modules.sh
Defines the constants ``GLUON_MODULES`` and ``FEEDS`` by reading the *modules*
files of the Gluon repository root and the site configuration. The returned
variables look like:
- ``FEEDS``: "*feedA feedB ...*"
- ``GLUON_MODULES``: "*openwrt packages/feedA packages/feedB ...*"
This script is only used as an include by other scripts.
patch.sh
(Re-)applies the patches from the *patches* directory to all ``GLUON_MODULES``
and checks out the files to the filesystem.
This is done for each repo by:
- creating a temporary clone of the repo to patch
- only branch *base* is used
- applying all patches via *git am* on top of this temporary *base* branch
- this branch is named *patched*
- copying the temporary clone to the *openwrt* (for OpenWrt Base) or
*packages* (for feeds) folder
- *git fetch* is used with the temporary clone as source
- *git checkout* is called to update the filesystem
- updating all git submodules
This solution with a temporary clone ensures that the timestamps of checked
out files are not changed by any intermediate patch steps, but only when
updating the checkout with the final result. This avoids triggering unnecessary
rebuilds.
update.sh
Sets up a working clone of the ``GLUON_MODULES`` (external repos) from the external
source and installs it into *packages/* directory. It simply tries to set the *base*
branch of the cloned repo to the correct commit. If this fails it fetches the
upstream branch and tries again to set the local *base* branch.
getversion.sh
Used to determine the version numbers of the repositories of Gluon and the
site configuration, to be included in the built firmware images as
*/lib/gluon/gluon-version* and */lib/gluon/site-version*.
By default, this uses ``git describe`` to generate a version number based
on the last git tag. This can be overridden by putting a file called
*.scmversion* into the root of the respective repositories.
A command like ``rm -f .scmversion; echo "$(./scripts/getversion.sh .)" > .scmversion``
can be used before applying local patches to ensure that the reported
version numbers refer to an upstream commit ID rather than an arbitrary
local one after ``git am``.

View File

@ -1,51 +0,0 @@
Debugging
=========
.. _dev-debugging-kernel-oops:
Kernel Oops
-----------
Sometimes a running Linux kernel detects an error during runtime that can't
be corrected.
This usually generates a stack trace that points to the location in the code
that caused the oops.
Linux kernels in Gluon (and OpenWrt) are stripped.
That means they do not contain any debug symbols.
On one hand this leads to a smaller binary and faster loading times on the
target.
On the other hand this means that in a case of a stack trace the unwinder
can only print memory locations and no further debugging information.
Gluon stores a compressed kernel with debug symbols for every target
in the directory `output/debug/`.
These kernels should be kept along with the images as long as the images
are in use.
This allows the developer to analyse a stack trace later.
Decoding Stacktraces
....................
The tooling is contained in the kernel source tree in the file
`decode_stacktrace.sh <https://github.com/torvalds/linux/blob/master/scripts/decode_stacktrace.sh>`__.
This file and the needed source tree are available in the directory: ::
openwrt/build_dir/target-<architecture>/linux-<architecture>/linux-<version>/
.. note::
Make sure to use a kernel tree that matches the version and patches
that was used to build the kernel.
If in doubt just re-build the images for the target.
Some more information on how to use this tool can be found at
`LWN <https://lwn.net/Articles/592724/>`__.
Obtaining Stacktraces
.....................
On many targets stack traces can be read from the following
location after reboot: ::
/sys/kernel/debug/crashlog

View File

@ -1,238 +1,144 @@
Adding hardware support
=======================
Adding support for new hardware
===============================
This page will give a short overview on how to add support
for new hardware to Gluon.
Hardware requirements
---------------------
Having an ath9k, ath10k or mt76 based WLAN adapter is highly recommended,
Having an ath9k (or ath10k) based WLAN adapter is highly recommended,
although other chipsets may also work. VAP (multiple SSID) support
with simultaneous AP + Mesh Point (802.11s) operation is required.
is a requirement.
Device checklist
----------------
The description of pull requests adding device support must include the
`device integration checklist
<https://github.com/freifunk-gluon/gluon/wiki/Device-Integration-checklist>`_.
The checklist ensures that core functionality of Gluon is well supported on the
device.
.. _device-class-definition:
.. _hardware-adding-profiles:
Device classes
--------------
All supported hardware is categorized into "device classes". This allows to
adjust the feature set of Gluon to the different hardware's capabilities via
``site.mk`` without having to list individual devices.
Adding profiles
---------------
The vast majority of devices with ath9k WLAN is based on the ar71xx target of OpenWrt.
If the hardware you want to add support for is ar71xx, adding a new profile
is sufficient.
There are currently two devices classes defined: "standard" and "tiny". The
"tiny" class contains all devices that do not meet the following requirements:
Profiles are defined in ``targets/*`` in a shell-based DSL (so common shell
command syntax like ``if`` can be used).
- At least 7 MiB of usable firmware space
- At least 64 MiB of RAM (128MiB for devices with ath10k radio)
The ``device`` command is used to define an image build for a device. It takes
two or three parameters.
Target configuration
--------------------
Gluon's hardware support is based on OpenWrt's. For each supported target,
a configuration file exists at ``targets/<target>-<subtarget>`` (or just
``target/<target>`` for targets without subtargets) that contains all
Gluon-specific settings for the target. The generic configuration
``targets/generic`` contains settings that affect all targets.
The first parameter defines the Gluon profile name, which is used to refer to the
device and is part of the generated image name. The profile name must be same as
the output of the following command (on the target device), so the autoupdater
can work::
All targets must be listed in ``target/targets.mk``.
lua -e 'print(require("platform_info").get_image_name())'
The target configuration language is based on Lua, so Lua's syntax for variables
and control structures can be used.
While porting Gluon to a new device, it might happen that the profile name is
unknown. Best practise is to generate an image first by using an arbitrary value
and then executing the lua command on the device and use its output from then on.
Device definitions
~~~~~~~~~~~~~~~~~~
To configure a device to be built for Gluon, the ``device`` function is used.
In the simplest case, only two arguments are passed, for example:
The second parameter defines the name of the image files generated by OpenWrt. Usually,
it is also the OpenWrt profile name; for devices that still use the old image build
code, a third parameter with the OpenWrt profile name can be passed. The profile names
can be found in the image Makefiles in ``openwrt/target/linux/<target>/image/Makefile``.
.. code-block:: lua
Examples::
device('tp-link-tl-wdr3600-v1', 'tplink_tl-wdr3600-v1')
The first argument is the device name in Gluon, which is part of the output
image filename, and must correspond to the model string looked up by the
autoupdater. The second argument is the corresponding device profile name in
OpenWrt, as found in ``openwrt/target/linux/<target>/image/*``.
A table of additional settings can be passed as a third argument:
.. code-block:: lua
device('ubiquiti-edgerouter-x', 'ubnt_edgerouter-x', {
factory = false,
packages = {'-hostapd-mini'},
manifest_aliases = {
'ubnt-erx',
},
})
The supported additional settings are described in the following sections.
device tp-link-tl-wr1043n-nd-v1 tl-wr1043nd-v1
device alfa-network-hornet-ub hornet-ub HORNETUB
Suffixes and extensions
~~~~~~~~~~~~~~~~~~~~~~~
For many targets, OpenWrt generates images with the suffixes
``-squashfs-factory.bin`` and ``-squashfs-sysupgrade.bin``. For devices with
different image names, is it possible to override the suffixes and extensions
using the settings ``factory``, ``factory_ext``, ``sysupgrade`` and
``sysupgrade_ext``, for example:
'''''''''''''''''''''''
.. code-block:: lua
By default, image files are expected to have the extension ``.bin``. In addition,
the images generated by OpenWrt have a suffix before the extension that defaults to
``-squashfs-factory`` and ``-squashfs-sysupgrade``.
{
factory = '-squashfs-combined',
factory_ext = '.img.gz',
sysupgrade = '-squashfs-combined',
sysupgrade_ext = '.img.gz',
}
This can be changed using the ``factory`` and ``sysupgrade`` commands, either at
the top of the file to set the defaults for all images, or for a single image. There
are three forms with 0 to 2 arguments (all work with ``sysupgrade`` as well)::
Only settings that differ from the defaults need to be passed. ``factory`` and
``sysupgrade`` can be set to ``false`` when no such images exist.
factory SUFFIX .EXT
factory .EXT
factory
For some device types, there are multiple factory images with different
extensions. ``factory_ext`` can be set to a table of strings to account for this
case:
When only an extension is given, the default suffix is retained. When no arguments
are given, this signals that no factory (or sysupgrade) image exists.
.. code-block:: lua
Aliases
'''''''
{
factory_ext = {'.img.gz', '.vmdk', '.vdi'},
}
Sometimes multiple models use the same OpenWrt images. In this case, the ``alias``
command can be used to create symlinks and additional entries in the autoupdater
manifest for the alternative models.
TODO: Extra images
Standalone images
'''''''''''''''''
Aliases and manifest aliases
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sometimes multiple devices exist that use the same OpenWrt images. To make it
easier to find these images, the ``aliases`` setting can be used to define
additional device names. Gluon will create symlinks for these names in the
image output directory.
On targets without *per-device rootfs* support in OpenWrt, the commands described above
can't be used. Instead, ``factory_image`` and ``sysupgrade_image`` are used::
.. code-block:: lua
factory_image PROFILE IMAGE .EXT
sysupgrade_image PROFILE IMAGE .EXT
device('aruba-ap-303', 'aruba_ap-303', {
factory = false,
aliases = {'aruba-instant-on-ap11'},
})
Again, the profile name must match the value printed by the aforementioned Lua
command. The image name must match the part between the target name and the extension
as generated by OpenWrt and is to be omitted when no such part exists.
The aliased name will also be added to the autoupdate manifest, allowing upgrade
images to be found under the different name on targets that perform model name
detection at runtime.
Packages
''''''''
It is also possible to add alternative names to the autoupdater manifest without
creating a symlink by using ``manifest_aliases`` instead of ``aliases``, which
should be done when the alternative name does not refer to a separate device.
This is particularly useful to allow the autoupdater to work when the model name
changed between Gluon versions.
The ``packages`` command takes an arbitrary number of arguments. Each argument
defines an additional package to include in the images in addition to the default
package sets defined by OpenWrt. When a package name is prefixed by a minus sign, the
packages are excluded instead.
Package lists
~~~~~~~~~~~~~
Gluon generates lists of packages that are installed in all images based on a
default list and the features and packages specified in the site configuration.
The ``packages`` command may be used at the top of a target definition to modify
the default package list for all images, or just for a single device (when the
target supports *per-default rootfs*).
In addition, OpenWrt defines additional per-device package lists. These lists
may be modified in Gluon's device definitions, for example to include additional
drivers and firmware, or to remove unneeded software. Packages to remove are
prefixed with a ``-`` character.
For many ath10k-based devices, this is used to replace the "CT" variant of
ath10k with the mainline-based version:
Configuration
'''''''''''''
.. code-block:: lua
The ``config`` command allows to add arbitrary target-specific OpenWrt configuration
to be emitted to ``.config``.
local ATH10K_PACKAGES_QCA9880 = {
'kmod-ath10k',
'-kmod-ath10k-ct',
'-kmod-ath10k-ct-smallbuffers',
'ath10k-firmware-qca988x',
'-ath10k-firmware-qca988x-ct',
}
device('openmesh-a40', 'openmesh_a40', {
packages = ATH10K_PACKAGES_QCA9880,
factory = false,
})
Notes
'''''
This example also shows how to define a local variable, allowing the package
list to be reused for multiple devices.
On devices with multiple WLAN adapters, care must also be taken that the primary MAC address is
configured correctly. ``/lib/gluon/core/sysconfig/primary_mac`` should contain the MAC address which
can be found on a label on most hardware; if it does not, ``/lib/gluon/upgrade/010-primary-mac``
in ``gluon-core`` might need a fix. (There have also been cases in which the address was incorrect
even on devices with only one WLAN adapter, in these cases a OpenWrt bug was the cause).
Device flags
~~~~~~~~~~~~
The settings ``class``, ``deprecated`` or ``broken`` should be set according to
the device support status. The default values are as follows:
Adding support for new hardware targets
---------------------------------------
.. code-block:: lua
Adding a new target is much more complex than adding a new profile. There are two basic steps
required for adding a new target:
{
class = 'standard',
deprecated = false,
broken = false,
}
Package adjustments
'''''''''''''''''''
- Device classes are described in :ref:`device-class-definition`
- Broken devices are untested or do not meet our requirements as given by the
device checklist
- Deprecated devices are slated for removal in a future Gluon version due to
hardware constraints
One package that may need adjustments for new targets is ``libplatforminfo`` (to be found in
`packages/gluon/libs/libplatforminfo <https://github.com/freifunk-gluon/packages/tree/master/libs/libplatforminfo>`_).
If the new platform works fine with the definitions found in ``default.c``, nothing needs to be done. Otherwise,
create a definition for the added target or subtarget, either by symlinking one of the files in the ``templates``
directory, or adding a new source file.
Global settings
~~~~~~~~~~~~~~~
There is a number of directives that can be used outside of a ``device()``
definition:
On many targets, Gluon's network setup scripts (mainly in the package ``gluon-core``)
won't run correctly without some adjustments, so better double check that everything is fine there (and the files
``primary_mac``, ``lan_ifname`` and ``wan_ifname`` in ``/lib/gluon/core/sysconfig/`` contain sensible values).
- ``include('filename')``: Include another file with global settings
- ``config(key, value)``: Set a config symbol in OpenWrt's ``.config``. Value
may be a string, number, boolean, or nil. Booleans and nil are used for
tristate symbols, where nil sets the symbol to ``m``.
- ``try_config(key, value)``: Like ``config()``, but do not fail if setting
the symbol is not possible (usually because its dependencies are not met)
- ``packages { 'package1', '-package2', ... }``: Define a list of packages to
add or remove for all devices of a target. Package lists passed to multiple
calls of ``packages`` will be aggregated.
- ``defaults { key = value, ... }``: Set default values for any of the
additional settings that can be passed to ``device()``.
Build system support
''''''''''''''''''''
Helper functions
~~~~~~~~~~~~~~~~
The following helpers can be used in the target configuration:
A definition for the new target must be created under ``targets``, and it must be added
to ``targets/targets.mk``. The ``GluonTarget`` macro takes one to three arguments:
the target name, the Gluon subtarget name (if the target has subtargets), and the
OpenWrt subtarget name (if it differs from the Gluon subtarget). The third argument
can be used to define multiple Gluon targets with different configuration for the
same OpenWrt target, like it is done for the ``ar71xx-tiny`` target.
- ``env.KEY`` allows to access environment variables
- ``istrue(value)`` returns true if the passed string is a positive number
(often used with ``env``, for example ``if istrue(env.GLUON_DEBUG) then ...``)
Hardware support in packages
----------------------------
In addition to the target configuration files, some device-specific changes may
be required in packages.
gluon-core
~~~~~~~~~~
- ``/lib/gluon/upgrade/010-primary-mac``: Override primary MAC address selection
Usually, the primary (label) MAC address is defined in OpenWrt's Device Trees.
For devices or targets where this is not the case, it is possible to specify
what interface to take the primary MAC address from in ``010-primary-mac``.
- ``/lib/gluon/upgrade/020-interfaces``: Override LAN/WAN interface assignment
On PoE-powered devices, the PoE input port should be "WAN".
- ``/usr/lib/lua/gluon/platform.lua``: Contains a list of outdoor devices
gluon-setup-mode
~~~~~~~~~~~~~~~~
- ``/lib/gluon/upgrade/320-setup-ifname``: Contains a list of devices that use
the WAN port for the config mode
On PoE-powered devices, the PoE input port should be used for the config
mode. This is handled correctly by default for outdoor devices listed in
``platform.lua``.
libplatforminfo
~~~~~~~~~~~~~~~
When adding support for a new target to Gluon, it may be necessary to adjust
libplatforminfo to define how autoupdater image names are derived from the
model name.
After this, is should be sufficient to call ``make GLUON_TARGET=<target>`` to build the images for the new target.

View File

@ -10,9 +10,9 @@ Gluon tries to solve this issue by using a hash of the primary MAC address as a
* 0: client0; WAN
* 1: mesh0
* 2: owe0
* 2: ibss0
* 3: wan_radio0 (private WLAN); batman-adv primary address
* 4: client1; LAN
* 5: mesh1
* 6: owe1
* 6: ibss1
* 7: wan_radio1 (private WLAN); mesh VPN

View File

@ -3,88 +3,6 @@ Package development
Gluon packages are OpenWrt packages and follow the same rules described at https://openwrt.org/docs/guide-developer/packages.
Development workflow
====================
When you are developing packages, it often happens that you iteratively want to deploy
and verify the state your development. There are two ways to verify your changes:
1)
One way is to rebuild the complete firmware, flash it, configure it and verify your
development then. This usually takes at least a few minutes to get your changes
working so you can test them. Especially if you iterate a lot, this becomes tedious.
2)
Another way is to rebuild only the package you are currently working on and
to deploy this package to your test system. Here not even a reboot is required.
This makes iterating relatively fast. Your test system could be real hardware or
even a qemu in most cases.
Gluon provides scripts to enhance workflow 2). Here is an example illustrating
the workflow using these scripts:
.. code-block:: shell
# start a local qemu instance
contrib/run_qemu.sh output/images/factory/[...]-x86-64.img
# apply changes to the desired package
vi package/gluon-ebtables/files/etc/init.d/gluon-ebtables
# rebuild and push the package to the qemu instance
contrib/push_pkg.sh package/gluon-ebtables/
# test your changes
...
# do more changes
...
# rebuild and push the package to the qemu instance
contrib/push_pkg.sh package/gluon-ebtables/
# test your changes
...
(and so on...)
# see help of the script for more information
contrib/push_pkg.sh -h
...
Features of ``push_pkg.sh``:
* Works with compiled and non-compiled packages.
* This means it can be used in the development of C-code, Lua-Code and mostly any other code.
* Works with native OpenWrt and Gluon packages.
* Pushes to remote machines or local qemu instances.
* Pushes multiple packages in in one call if desired.
* Performs site.conf checks.
Implementation details of ``push_pkg.sh``:
* First, the script builds an opkg package using the OpenWrt build system.
* This package is pushed to a *target machine* using scp:
* By default the *target machine* is a locally running x86 qemu started using ``run_qemu.sh``.
* The *target machine* can also be remote machine. (See the cli switch ``-r``)
* Remote machines are not limited to a specific architecture. All architectures supported by gluon can be used as remote machines.
* Finally opkg is used to install/update the packages in the target machine.
* While doing this, it will not override ``/etc/config`` with package defaults by default. (See the cli switch ``-P``).
* While doing this, opkg calls the ``check_site.lua`` from the package as post_install script to validate the ``site.conf``. This means that the ``site.conf`` of the target machine is used for this validation.
Note that:
* ``push_pkg.sh`` does neither build nor push dependencies of the packages automatically. If you want to update dependencies, you must explicitly specify them to be pushed.
* If you add new packages, you must run ``make update config GLUON_TARGET=...``.
* You can change the gluon target of the target machine via ``make config GLUON_TARGET=...``.
* If you want to update the ``site.conf`` of the target machine, use ``push_pkg.sh package/gluon-site/``.
* Sometimes when things break, you can heal them by compiling a package with its dependencies: ``cd openwrt; make package/gluon-ebtables/clean; make package/gluon-ebtables/compile; cd ..``.
* You can exit qemu by pressing ``CTRL + a`` and ``c`` afterwards.
Gluon package makefiles
=======================
@ -153,62 +71,44 @@ Feature flags
=============
Feature flags provide a convenient way to define package selections without
making it necessary to list each package explicitly. The list of features to
enable for a Gluon build is set by the *GLUON_FEATURES* variable in *site.mk*.
making it necessary to list each package explicitly.
The main feature flag definition file is ``package/features``, but each package
feed can provide additional definitions in a file called ``features`` at the root
of the feed repository.
Each flag *$flag* will include the package the name *gluon-$flag* by default.
The feature definition file can modify the package selection by adding or removing
packages when certain combinations of flags are set.
Each flag *$flag* without any explicit definition will simply include the package
with the name *gluon-$flag* by default. The feature definition file can modify
the package selection in two ways:
Feature definitions use Lua syntax. Two basic functions are defined:
* *feature(name, pkgs)*: Defines a new feature. *feature()* expects a feature
(flag) name and a list of packages to add or remove when the feature is
enabled.
* Defining a feature using *feature* replaces the default definition of
just including *gluon-$flag*.
* A package is removed when the package name is prefixed with a ``-`` (after
the opening quotation mark).
* *when(expr, pkgs)*: Adds or removes packages when a given logical expression
of feature flags is satisfied.
* *expr* is a logical expression composed of feature flag names (each prefixed
with an underscore before the opening quotation mark), logical operators
(*and*, *or*, *not*) and parentheses.
* Referencing a feature flag in *expr* has no effect on the default handling
of the flag. When no *feature()* entry for a flag exists, it will still
add *gluon-$flag* by default.
* *pkgs* is handled as for *feature()*.
* The *nodefault* function suppresses default of including the *gluon-$flag*
package
* The *packages* function adds a list of packages (or removes, when package
names are prepended with minus signs) when a given logical expression
is satisfied
Example::
feature('web-wizard', {
'gluon-config-mode-hostname',
'gluon-config-mode-geo-location',
'gluon-config-mode-contact-info',
'gluon-config-mode-outdoor',
})
nodefault 'web-wizard'
when(_'web-wizard' and (_'mesh-vpn-fastd' or _'mesh-vpn-tunneldigger'), {
'gluon-config-mode-mesh-vpn',
})
feature('no-radvd', {
'-gluon-radvd',
})
packages 'web-wizard' \
'gluon-config-mode-hostname' \
'gluon-config-mode-geo-location' \
'gluon-config-mode-contact-info'
packages 'web-wizard & (mesh-vpn-fastd | mesh-vpn-tunneldigger)' \
'gluon-config-mode-mesh-vpn'
This will
* disable the inclusion of the (non-existent) packages *gluon-web-wizard* and *gluon-no-radvd* when their
corresponding feature flags appear in *GLUON_FEATURES*
* enable four additional config mode packages when the *web-wizard* feature is enabled
* disable the inclusion of a (non-existent) package called *gluon-web-wizard*
* enable three config mode packages when the *web-wizard* feature is enabled
* enable *gluon-config-mode-mesh-vpn* when both *web-wizard* and one
of *mesh-vpn-fastd* and *mesh-vpn-tunneldigger* are enabled
* disable the *gluon-radvd* package when *gluon-no-radvd* is enabled
Supported syntax elements of logical expressions are:
* \& (and)
* \| (or)
* \! (not)
* parentheses

View File

@ -1,5 +1,5 @@
Uplink support
==============
WAN support
===========
As the WAN port of a node will be connected to a user's private network, it
is essential that the node only uses the WAN when it is absolutely necessary.
@ -11,12 +11,6 @@ There are two cases in which the WAN port is used:
After the VPN connection has been established, the node should be able to reach
the mesh's DNS servers and use these for all other name resolution.
If a device has only a single Ethernet port (or group of ports), it will be
used as an uplink port even when it is not labelled as "WAN" by default. This
behavior can be controlled using the ``interfaces.single.default_roles``
site.conf option. It is also possible to alter the interface assignment after
installation by modifying ``/etc/config/gluon`` and running
``gluon-reconfigure``.
Routing tables
~~~~~~~~~~~~~~

View File

@ -74,7 +74,8 @@ Useful functions:
- *header* (*key*, *value*): Adds an HTTP header to the reply to be sent to
the client. Has no effect when non-header data has already been written.
- *prepare_content* (*mime*): Sets the *Content-Type* header to the given MIME
type
type, potentially setting additional headers or modifying the MIME type to
accommodate browser quirks
- *write* (*data*, ...): Sends the given data to the client. If headers have not
been sent, it will be done before the data is written.

View File

@ -7,11 +7,8 @@ Building Images
---------------
By default, the autoupdater is disabled (as it is usually not helpful to have unexpected updates
during development), but it can be enabled by setting the variable ``GLUON_AUTOUPDATER_ENABLED`` to ``1`` when building.
It is also possible to override the default branch during build using the variable ``GLUON_AUTOUPDATER_BRANCH``.
If a default branch is set neither in *site.conf* nor via ``GLUON_AUTOUPDATER_BRANCH``, the default branch is
implementation-defined. Currently, the branch with the first name in alphabetical order is chosen.
during development), but it can be enabled by setting the variable GLUON_BRANCH when building
to override the default branch set in the site configuration.
A manifest file for the updater can be generated with `make manifest`. A signing script (using
``ecdsautils``) can be found in the `contrib` directory. When creating the manifest, the
@ -30,42 +27,20 @@ in ``site.mk``, care must be taken to pass the same ``GLUON_RELEASE`` to ``make
as otherwise the generated manifest will be incomplete.
Manifest format
------------------------
The manifest starts with a short header, followed by the list of firmwares and signatures.
The header contains the following information:
.. code-block:: sh
BRANCH=stable
DATE=2020-10-07 00:00:00+02:00
PRIORITY=7
- ``BRANCH`` is the autoupdater branch name that needs to match the nodes configuration.
- ``DATE`` specifies when the time period for the update begins. Nodes will do their regular update during a random minute
between 4:00 and 4:59 am. Nodes might not always have a reliable NTP synchronization, which is why a fallback mechanism
exists, that checks for an update, and will execute if ``DATE`` is at least 24h in the past.
- ``PRIORITY`` can be configured as ``GLUON_PRIORITY`` when generating the manifest or in ``site.mk``, and defines
the number of days over which the update should be stretched out after ``DATE``. Nodes will calculate a probability
based on the time left to determine when to update.
Automated nightly builds
------------------------
A fully automated nightly build could use the following commands:
.. code-block:: sh
::
git pull
# git -C site pull
(git -C site pull)
make update
make clean GLUON_TARGET=ath79-generic
make clean GLUON_TARGET=ar71xx-generic
NUM_CORES_PLUS_ONE=$(expr $(nproc) + 1)
make -j$NUM_CORES_PLUS_ONE GLUON_TARGET=ath79-generic GLUON_RELEASE=$GLUON_RELEASE \
GLUON_AUTOUPDATER_BRANCH=experimental GLUON_AUTOUPDATER_ENABLED=1
make manifest GLUON_RELEASE=$GLUON_RELEASE GLUON_AUTOUPDATER_BRANCH=experimental
make -j$NUM_CORES_PLUS_ONE GLUON_TARGET=ar71xx-generic GLUON_BRANCH=experimental GLUON_RELEASE=$GLUON_RELEASE
make manifest GLUON_BRANCH=experimental GLUON_RELEASE=$GLUON_RELEASE
contrib/sign.sh $SECRETKEY output/images/sysupgrade/experimental.manifest
rm -rf /where/to/put/this/experimental
@ -99,16 +74,16 @@ These commands can be used on a node:
::
# Update with some probability
autoupdater
# Update with some probability
autoupdater
::
# Force update check, even when the updater is disabled
autoupdater -f
# Force update check, even when the updater is disabled
autoupdater -f
::
# If fallback is true the updater will perform an update only if the timespan
# PRIORITY days (as defined in the manifest) and another 24h have passed
autoupdater --fallback
# If fallback is true the updater will perform an update only if the timespan
# PRIORITY days (as defined in the manifest) and another 24h have passed
autoupdater --fallback

View File

@ -14,13 +14,10 @@ Activating Config Mode
----------------------
Config Mode is automatically entered at the first boot. You can re-enter
Config Mode by pressing and holding the RESET/WPS/DECT button for about three
Config Mode by pressing and holding the RESET/WPS button for about three
seconds. The device should reboot (all LEDs will turn off briefly) and
Config Mode will be available.
If you have access to the console of the node, there is the
``gluon-enter-setup-mode`` command, which reboots a node into Config Mode.
Port Configuration
------------------

View File

@ -1,51 +0,0 @@
DNS caching
===========
User experience may be greatly improved when dns is accelerated. Also, it
seems like a good idea to keep the number of packages being exchanged
between node and gateway as small as possible. In order to do this, a
DNS cache may be used on a node. The dnsmasq instance listening on port
53 on the node will be reconfigured to answer requests, use a list of
upstream servers and a specific cache size if the options listed below are
added to site.conf. Upstream servers are the DNS servers which are normally
used by the nodes to resolve hostnames (e.g. gateways/supernodes).
There are the following settings:
servers
cacheentries
To use the node's DNS server, both options should be set. The node will cache at
most 'cacheentries' many DNS records in RAM. The 'servers' list will be used to
resolve the received DNS queries if the request cannot be answered from
cache. Gateways should announce the "next node" address via DHCP and RDNSS (if
any). Note that not setting 'servers' here will lead to DNS not working: Once
the gateways all announce the "next node" address for DNS, there is no way for
nodes to automatically determine DNS servers. They have to be baked into the
firmware.
If these settings do not exist, the cache is not initialized and RAM usage will
not increase.
When next_node.name is set, an A record and an AAAA record for the
next-node IP address are placed in the dnsmasq configuration. This means that
the content of next_node.name may be resolved even without upstream connectivity.
It is suggested to use the same name as the DNS server provides:
e.g. nextnode.location.community.example.org (This way the name also works if a
client uses static DNS Servers). Hint: If next_node.name does not contain a dot
some browsers would open the searchpage instead.
::
dns = {
cacheentries = 5000,
servers = { '2001:db8::1', },
},
next_node = {
name = { 'nextnode.location.community.example.org', 'nextnode', 'nn' },
ip6 = '2001:db8:8::1',
ip4 = '198.51.100.1',
}
Each cache entry will occupy about 90 bytes of RAM.

View File

@ -0,0 +1,26 @@
DNS forwarder
=============
A Gluon node can be configured to act as a DNS forwarder. Requests for the
next-node hostname(s) can be answered locally, without querying the upstream
resolver.
**Note:** While this reduces answer time and allows to use the next-node
hostname without upstream connectivity, this feature should not be used for
next-node hostnames that are FQDN when the zone uses DNSSEC.
One or more upstream resolvers can be configured in the *dns.servers* setting.
When *next_node.name* is set, A and/or AAAA records for the next-node IP
addresses are placed in the dnsmasq configuration.
::
dns = {
servers = { '2001:db8::1', },
},
next_node = {
name = { 'nextnode.location.community.example.org', 'nextnode', 'nn' },
ip6 = '2001:db8:8::1',
ip4 = '198.51.100.1',
}

View File

@ -47,7 +47,7 @@ installed. Please note that at least one alfred daemon is required to run as
.. _alfred-json: https://github.com/ffnord/alfred-json
The following data types are used:
The following datatypes are used:
* `nodeinfo`: 158
* `statistics`: 159

View File

@ -21,18 +21,18 @@ Overview
Multidomain support allows to build a single firmware with multiple,
switchable domain configurations. The nomenclature is as follows:
- ``site``: an aggregate over multiple domains
- ``domain``: mesh network with connectivity parameters that prevent
accidental bridging with other domains
- ``domain code``: unique domain identifier
- ``domain name``: pretty name for a domain code
- ``site``: an aggregate over multiple domains
- ``domain``: mesh network with connectivity parameters that prevent
accidental bridging with other domains
- ``domain code``: unique domain identifier
- ``domain name``: pretty name for a domain code
By default Gluon builds firmware with a single domain embedded into
``site.conf``. To use multiple domains, enable it in ``site.mk``:
::
GLUON_MULTIDOMAIN=1
GLUON_MULTIDOMAIN=1
In the site repository, create the ``domains/`` directory, which will
hold your domain configurations. Each domain configuration file is named
@ -41,26 +41,26 @@ supported.
::
site/
|-- site.conf
|-- site.mk
|-- i18n/
|-- domains/
|-- alpha_centauri.conf
|-- beta_centauri.conf
|-- gamma_centauri.conf
site/
|-- site.conf
|-- site.mk
|-- i18n/
|-- domains/
|-- alpha_centauri.conf
|-- beta_centauri.conf
|-- gamma_centauri.conf
The domain configuration ``alpha_centauri.conf`` could look like this.
::
{
domain_names = {
alpha_centauri = 'Alpha Centauri'
},
{
domain_names = {
alpha_centauri = 'Alpha Centauri'
},
-- more domain specific config follows below
}
-- more domain specific config follows below
}
In this example “Alpha Centauri” is the user-visible ``domain_name`` for the
domain_code ``alpha_centauri``. Also note that the domain code
@ -88,25 +88,18 @@ domain of a router, if and only if one of the above conditions matches.
Switching the domain
--------------------
Via commandline
^^^^^^^^^^^^^^^
**via commandline**:
::
gluon-switch-domain 'newdomaincode'
uci set gluon.core.domain="newdomaincode"
gluon-reconfigure
reboot
When the node is not in config mode, ``gluon-switch-domain`` will automatically
reboot the node by default. This can be suppressed by passing ``--no-reboot``::
**via config mode:**
gluon-switch-domain --no-reboot 'newdomaincode'
Switching the domain without reboot is currently **experimental**.
Via config mode
^^^^^^^^^^^^^^^
To allow switching the domain via config mode, add ``config-mode-domain-select``
to GLUON_FEATURES in site.mk.
To allow switching the domain via config mode, ``config-mode-domain-select``
has to be added to GLUON_FEATURES in the site.mk.
|image0|
@ -123,113 +116,117 @@ site or domain context.
site.conf only variables
^^^^^^^^^^^^^^^^^^^^^^^^
- Used in as initial default values, when the firmware was just flashed
and/or the config mode is skipped, so they do not make sense in a
domain specific way:
- Used in as initial default values, when the firmware was just flashed
and/or the config mode is skipped, so they do not make sense in a
domain specific way:
- authorized_keys
- default_domain
- poe_passthrough
- interfaces.*.default_roles
- setup_mode.skip
- autoupdater.branch
- mesh_vpn.enabled
- mesh_vpn.pubkey_privacy
- mesh_vpn.bandwidth_limit
- mesh_vpn.bandwidth_limit.enabled
- mesh_vpn.bandwidth_limit.ingress
- mesh_vpn.bandwidth_limit.egress
- authorized_keys
- default_domain
- poe_passthrough
- mesh_on_wan
- mesh_on_lan
- single_as_lan
- setup_mode.skip
- autoupdater.branch
- mesh_vpn.enabled
- mesh_vpn.pubkey_privacy
- mesh_vpn.bandwidth_limit
- mesh_vpn.bandwidth_limit.enabled
- mesh_vpn.bandwidth_limit.ingress
- mesh_vpn.bandwidth_limit.egress
- Variables that influence the appearance of the config mode,
domain-independent because they are relevant before a domain was selected.
- Variables that influence the appearance of the config mode,
domain-independent because they are relevant before a domain was selected.
- config_mode.geo_location.show_altitude
- config_mode.hostname.optional
- config_mode.remote_login
- config_mode.remote_login.show_password_form
- config_mode.remote_login.min_password_length
- hostname_prefix
- mesh_vpn.fastd.configurable
- roles.default
- roles.list
- config_mode.geo_location.show_altitude
- config_mode.hostname.optional
- config_mode.remote_login
- config_mode.remote_login.show_password_form
- config_mode.remote_login.min_password_length
- hostname_prefix
- mesh_vpn.fastd.configurable
- roles.default
- roles.list
- Specific to a firmware build itself:
- Specific to a firmware build itself:
- site_code
- site_name
- autoupdater.branches.*.name
- autoupdater.branches.*.good_signatures
- autoupdater.branches.*.pubkeys
- site_code
- site_name
- autoupdater.branches.*.name
- autoupdater.branches.*.good_signatures
- autoupdater.branches.*.pubkeys
- We simply do not see any reason, why these variables could be helpful
in a domain specific way:
- We simply do not see any reason, why these variables could be helpful
in a domain specific way:
- mesh_vpn.fastd.syslog_level
- timezone
- regdom
- mesh_vpn.fastd.syslog_level
- timezone
- regdom
domain.conf only variables
^^^^^^^^^^^^^^^^^^^^^^^^^^
- Obviously:
- Obviously:
- domain_names
- domain_names
- a table of domain codes to domain names
``domain_names = { foo = 'Foo Domain', bar = 'Bar Domain', baz = 'Baz Domain' }``
- a table of domain codes to domain names
``domain_names = { foo = 'Foo Domain', bar = 'Bar Domain', baz = 'Baz Domain' }``
- hide_domain
- hide_domain
- prevents a domain name(s) from appearing in config mode, either
boolean or array of domain codes
- prevents a domain name(s) from appearing in config mode, either
boolean or array of domain codes
- ``true``, ``false``
- ``{ 'foo', 'bar' }``
- ``true``, ``false``
- ``{ 'foo', 'bar' }``
- Because each domain is considered a separate layer 2 network, these
values should be different in each domain:
- Because each domain is considered as an own layer 2 network, these
values should be different in each domain:
- next_node.ip4
- next_node.ip6
- next_node.name
- prefix6
- prefix4
- extra_prefixes6
- next_node.ip4
- next_node.ip6
- next_node.name
- prefix6
- prefix4
- extra_prefixes6
- To prevent accidental bridging of different domains, all meshing
technologies should be separated:
- To prevent accidental bridging of different domains, all meshing
technologies should be separated:
- domain_seed (wired mesh)
- domain_seed (wired mesh)
- must be a random value used to derive the vxlan id for wired meshing
- must be a random value used to derive the vxlan id for wired meshing
- wifi*.mesh.id
- mesh_vpn.fastd.groups.*.peers.remotes
- mesh_vpn.fastd.groups.*.peers.key
- mesh_vpn.tunneldigger.brokers
- wifi*.ibss.ssid
- wifi*.ibss.bssid
- wifi*.mesh.id
- mesh_vpn.fastd.groups.*.peers.remotes
- mesh_vpn.fastd.groups.*.peers.key
- mesh_vpn.tunneldigger.brokers
- Clients consider WiFi networks sharing the same ESSID as if they were
the same L2 network and try to reconfirm and reuse previous
addressing. If multiple neighbouring domains shared the same ESSID,
the roaming experience of clients would degrade.
- Clients consider WiFi networks sharing the same ESSID as if they were
the same L2 network and try to reconfirm and reuse previous
addressing. If multiple neighbouring domains shared the same ESSID,
the roaming experience of clients would degrade.
- wifi*.ap.ssid
- wifi*.ap.ssid
- Some values should be only set in legacy domains and not in new domains.
- Some values should be only set in legacy domains and not in new domains.
- mesh.vxlan
- mesh.vxlan
- By default, this value is `true`. It should be only set to `false`
for one legacy domain, since vxlan prevents accidental wired
merges of domains. For old domains this value is still available
to keep compatibility between all nodes in one domain.
- By default, this value is `true`. It should be only set to `false`
for one legacy domain, since vxlan prevents accidental wired
merges of domains. For old domains this value is still available
to keep compatibility between all nodes in one domain.
- next_node.mac
- next_node.mac
- For new domains, the default value should be used, since there is
no need for a special mac (or domain specific mac). For old domains
this value is still available to keep compatibility between all
nodes in one domain.
- For new domains, the default value should be used, since there is
no need for a special mac (or domain specific mac). For old domains
this value is still available to keep compatibility between all
nodes in one domain.
Example config
--------------

View File

@ -1,16 +1,8 @@
Private WLAN
============
It is possible to set up a private WLAN that bridges the uplink port and is separated from the mesh network.
Please note that you should not enable Wired Mesh on the uplink port at the same time.
The private WLAN is encrypted using WPA2 by default. On devices with enough flash and a supported radio,
WPA3 or WPA2/WPA3 mixed-mode can be used instead of WPA2. For this to work, the ``wireless-encryption-wpa3``
feature has to be added to ``GLUON_FEATURES``.
It is recommended to enable IEEE 802.11w management frame protection for WPA2/WPA3 networks, however this
can lead to connectivity problems for older clients. In this case, management frame protection can be
made optional or completely disabled in the advanced settings tab.
It is possible to set up a private WLAN that bridges the WAN port and is separated from the mesh network.
Please note that you should not enable ``mesh_on_wan`` simultaneously.
The private WLAN can be enabled through the config mode if the package ``gluon-web-private-wifi`` is installed.
You may also enable a private WLAN using the command line::

View File

@ -2,8 +2,8 @@ Roles
=====
It is possible to define a set of roles you want to distinguish at backend side. One node can own one
role which it will announce via respondd/announced inside the mesh. This will make it easier to differentiate
nodes when parsing respondd data. E.g to count only **normal** nodes and not the gateways
role which it will announce via alfred inside the mesh. This will make it easier to differentiate
nodes when parsing alfred data. E.g to count only **normal** nodes and not the gateways
or servers (nodemap). A lot of things are possible.
For this the section ``roles`` in ``site.conf`` is needed::

View File

@ -1,212 +1,57 @@
Mesh VPN
Mesh-VPN
========
Gluon integrates several layer 2 tunneling protocols to
allow connections between local meshes through the internet.
Gluon integrates several OSI-Layer 2 tunneling protocols to
enable interconnects between local meshes and provide
internetwork access. Available protocols currently are:
Protocol handlers
^^^^^^^^^^^^^^^^^
- fastd
- L2TPv3 (via tunneldigger)
There are currently three protocol handlers which can be selected
via ``GLUON_FEATURES`` in ``site.mk``:
mesh-vpn-fastd
""""""""""""""
fastd is a lightweight userspace tunneling daemon that
fastd is a lightweight userspace tunneling daemon, that
implements cipher suites that are specifically designed
to work well on embedded devices. It offers encryption
and authentication.
The primary drawback of fastd's encrypted connection modes
is the necessary context switches when forwarding packets.
A kernel-supported L2TPv3 offloading option is available to
work around the context-switching bottleneck, but it comes
at the cost of losing the ability to protect tunnel connections
against eavesdropping or manipulation.
and authentication. Its primary drawback are the necessary
context-switches when forwarding packets.
mesh-vpn-tunneldigger
"""""""""""""""""""""
Tunneldigger always uses L2TPv3, generally achieving the same
performance as fastd with the ``null@l2tp`` method, but offering
no security.
Tunneldigger's primary drawback is the lack of IPv6 support.
It also provides less configurability than fastd.
mesh-vpn-wireguard
""""""""""""""""""
WireGuard is an encrypted in-kernel tunneling protocol that
provides encrypted transmission and at the same time offers
high throughput.
L2TPv3 is an in-kernel tunneling protocol that performs well,
but offers no security properties by itself.
The brokering of the tunnel happens through tunneldigger,
its primary drawback being the lack of IPv6 support.
fastd
^^^^^
-----
.. _VPN fastd methods:
Methods
"""""""
fastd offers various different connection "methods" with different
security properties that can be configured in the site configuration.
The following methods are currently recommended:
- ``salsa2012+umac``: Encrypted + authenticated
- ``null+salsa2012+umac``: Unencrypted, authenticated
- ``null@l2tp``: Unencrypted, unauthenticated
Multiple methods can be listed in ``site.conf``. The first listed method
supported by both the node and its peer will be used.
The use of the ``null@l2tp`` method with offloading enabled can provide a
considerable performance gain, especially on weaker embedded hardware.
For L2TP offloading, the ``mesh-vpn-fastd-l2tp`` feature needs to be enabled in
``site.mk``.
Configurable Cipher
^^^^^^^^^^^^^^^^^^^
.. _vpn-gateway-configuration:
Gateway / Supernode Configuration
"""""""""""""""""""""""""""""""""
When only using the ``null`` or ``null@l2tp`` methods without offloading,
simply add these methods to the front of the method list. ``null@l2tp``
should always appear before ``null`` in the configuration when both are enabled.
fastd v22 or newer is needed for the ``null@l2tp`` method.
It is often not necessary to enable L2TP offloading on supernodes for
performance reasons. Nodes using offloading can communicate with supernodes that
don't use offloading as long as both use the ``null@l2tp`` method.
.. _vpn-gateway-configuration-offloading:
Offloading on Gateways / Supernodes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To enable L2TP offloading on the supornodes, it is recommended to study the
fastd documentation section pertaining to the `offload configuration option
<https://fastd.readthedocs.io/en/stable/manual/config.html#option-offload>`_.
However, the important changes to the fastd config on your Supernode are:
- | Set ``mode multitap;``
| Every peer gets their own interface.
- | Replace ``interface "foo":`` with ``interface "peer-%k";``
| ``%k`` is substituted for a portion of the peers public key.
- | Set ``offload l2tp yes;``
| This tells fastd to use the l2tp kernel module.
- | Set ``persist interface no;``
| This tells fastd to only keep interfaces around while the connection is active.
Note that in ``multitap`` mode, which is required when using L2TP offloading,
fastd will create one interface per peer on the supernode's. This allows
offloading the L2TP forwarding into the kernel space. But this also means added
complexity with regards to handling those interfaces.
There are two main options on how you can handle this:
- create ``on up`` and ``on down`` hooks
- to handle interface setup and destruction
- preferably using the async keyword, so hooks are not blocking fastd
- use a daemon like systemd-networkd
Examples for both options can be found in the
`Wiki <https://github.com/freifunk-gluon/gluon/wiki/fastd-l2tp-offloading-on-supernodes>`_.
Configurable Method
"""""""""""""""""""
From the site configuration, fastd can be allowed to offer
From the site configuration fastd can be allowed to offer
toggleable encryption in the config mode with the intent to
increase throughput.
increase throughput, although in practice the gain is minimal.
There is also an older unprotected method ``null``. Use of the newer
``null@l2tp`` method is generally recommended over ``null``, as the
performance gains provided by the latter (compared to the encrypted
and authenticated methods) are very small.
**Site configuration:**
Site configuration
~~~~~~~~~~~~~~~~~~
1) Add the feature ``web-mesh-vpn-fastd`` in ``site.mk``
2) Set ``mesh_vpn.fastd.configurable = true`` in ``site.conf``
3) Optionally add ``null`` to the ``mesh_vpn.fastd.methods`` table if you want "Performance mode" as default (not recommended)
1)
Add the feature ``web-mesh-vpn-fastd`` in ``site.mk``
2)
Set ``mesh_vpn.fastd.configurable = true`` in ``site.conf``
3)
Optionally, add ``null@l2tp`` to the ``mesh_vpn.fastd.methods`` table if you want
"Performance mode" as default (not recommended)
**Gateway configuration:**
Config Mode
~~~~~~~~~~~
1) Prepend the ``null`` cipher in fastd's method list
**Config Mode:**
The resulting firmware will allow users to choose between secure (encrypted) and fast (unencrypted) transport.
.. image:: fastd_mode.gif
To confirm whether the correct cipher is being used, the log output
of fastd can be checked using ``logread``.
**Unix socket:**
To confirm whether the correct cipher is being used, fastds unix
socket can be interrogated, after installing for example `socat`.
WireGuard
^^^^^^^^^
::
In order to support WireGuard in Gluon, a few technologies are glued together.
**VXLAN:** As Gluon typically relies on batman-adv, the Mesh VPN has to provide
OSI Layer 2 transport. But WireGuard is an OSI Layer 3 tunneling protocol, so
additional technology is necessary here. For this, we use VXLAN. In short, VXLAN
is a well-known technology to encapsulate ethernet packages into IP packages.
You can think of it as kind of similar to VLAN, but on a different layer. Here,
we use VXLAN to transport batman-adv traffic over WireGuard.
**wgpeerselector**: To connect all gluon nodes to each other, it is common to
create a topology where each gluon node is connected to one of the available
gateways via Mesh VPN respectively. To achieve this, the gluon node should be
able to select a random gateway to connect to. But such "random selection of a
peer" is not implemented in WireGuard by default. WireGuard only knows static
peers. Therefore the *wgpeerselector* has been developed. It randomly selects a
gateway, tries to establish a connection, and if it fails, tries to connect
to the next gateway. This approach has several advantages, such as load
balancing VPN connection attempts and avoiding problems with offline gateways.
More information about the wgpeerselector and its algorithm can be found
`here <https://github.com/freifunk-gluon/packages/blob/master/net/wgpeerselector/README.md>`__.
On the gluon node both VXLAN and the wgpeerselector are well integrated and no
explicit configuration of those tools is necessary, once the general WireGuard
support has been configured.
Attention must by paid to time synchronization. As WireGuard
performs checks on timestamps in order to avoid replay attacks, time must
be synchronized before the Mesh VPN connection is established. This means that
the NTP servers specified in your site.conf must be publicly available (and not
only through the mesh). Be aware that if you fail this, you may not directly see
negative effects. Only when a previously connected node reboots the effect
comes into play, as the gateway still knows about the old timestamp of the gluon
node.
gluon-mesh-vpn-key-translate
""""""""""""""""""""""""""""
Many communities already possess a collection of active fastd-keys when they
plan migrating their community to WireGuard.
These public keys known on the server-side can be derived into their WireGuard
equivalent using `gluon-mesh-vpn-key-translate <https://github.com/AiyionPrime/gluon-mesh-vpn-key-translate>`__.
The routers do the necessary reencoding of the private key seamlessly
when updating firmware from fastd to the WireGuard variant.
Gateway / Supernode Configuration
"""""""""""""""""""""""""""""""""
On the gateway side, a software called *wireguard-vxlan-glue* is necessary. It
is a small daemon that dynamically adds and removes forwarding rules for VXLAN
interfaces, so traffic is sent correctly into the WireGuard interface. Thereby
the forwarding rules are only installed if a client is connected, so
unnecessary traffic in the kernel is avoided. The source can be found
`here <https://github.com/freifunkh/wireguard-vxlan-glue/>`__.
opkg update
opkg install socat
socat - UNIX-CONNECT:/var/run/fastd.mesh_vpn.socket

View File

@ -50,84 +50,38 @@ Configuration
Both Mesh-on-WAN and Mesh-on-LAN can be configured on the "Network" page
of the *Advanced settings* (if the package ``gluon-web-network`` is installed).
It is also possible to enable Mesh-on-WAN and Mesh-on-LAN by default by adding
the ``mesh`` role to the ``interfaces.*.default_roles`` options in your
:ref:`site.conf<user-site-interfaces>`.
.. _wired-mesh-commandline:
It is also possible to enable Mesh-on-WAN and Mesh-on-LAN by default by
adding ``mesh_on_wan = true`` and ``mesh_on_lan = true`` to ``site.conf``.
Commandline
===========
Starting with release 2022.1, the wired network configuration is rebuilt from ``/etc/config/gluon``
upon each ``gluon-reconfigure``.
Therefore the network configuration is overwritten at least with every firmware upgrade.
Every interface has a list of roles assigned to it which can be ``client``, ``mesh`` or ``uplink``.
When the client role is assigned to an interface in combination with other roles
(like 'client', 'mesh' in the Mesh-on-LAN example below), the other roles take
precedence, enabling mesh but not client in the previous example.
The setup/config-mode interface is every interface with the role ``client`` which makes removing
it from interfaces not only unnecessary, but generally unrecommended.
In order to make persistent changes to the router's configuration it's necessary to:
* change the sections in ``/etc/config/gluon`` e.g. using uci (see examples below)
* call ``gluon-reconfigure`` to re-generate ``/etc/config/network``
* apply the networking changes, either through executing ``service network restart`` or by performing a ``reboot``
Enable Mesh-on-WAN::
uci add_list gluon.iface_wan.role='mesh'
uci commit gluon
uci set network.mesh_wan.disabled=0
uci commit network
Disable Mesh-on-WAN::
uci del_list gluon.iface_wan.role='mesh'
uci commit gluon
uci set network.mesh_wan.disabled=1
uci commit network
Enable Mesh-on-LAN::
uci add_list gluon.iface_lan.role='mesh'
uci commit gluon
uci set network.mesh_lan.disabled=0
for ifname in $(cat /lib/gluon/core/sysconfig/lan_ifname); do
uci del_list network.client.ifname=$ifname
done
uci commit network
Disable Mesh-on-LAN::
uci del_list gluon.iface_lan.role='mesh'
uci commit gluon
uci set network.mesh_lan.disabled=1
for ifname in $(cat /lib/gluon/core/sysconfig/lan_ifname); do
uci add_list network.client.ifname=$ifname
done
uci commit network
For devices with a single interface, instead of `iface_lan` and `iface_wan` configuration is
done with `iface_single`.
Enable Mesh-on-Single::
uci add_list gluon.iface_single.role='mesh'
uci commit gluon
Disable Mesh-on-Single::
uci del_list gluon.iface_single.role='mesh'
uci commit gluon
Furthermore it is possible to make use of 802.1Q VLAN.
The following statements would create a VLAN with id 8 on ``eth0`` and join the mesh network with it::
uci set gluon.iface_lan_vlan8=interface
uci set gluon.iface_lan_vlan8.name='eth0.8'
uci add_list gluon.iface_lan_vlan8.role='mesh'
uci commit gluon
Other VLAN-interfaces could be configured on the same parent interface in order to have
all three roles available on ``eth0`` without having them interfere with each other.
This feature comes in especially handy for the persistent configuration of virtual machines
as offloader for bigger installations.
A ``reboot`` is not sufficient to apply an altered configuration; calling ``gluon-reconfigure`` before is
mandatory in order for changes to take effect.
Please note that this configuration has changed in Gluon 2022.1. Using
the old commands on 2022.1 and later will break the corresponding options
Please note that this configuration has changed in Gluon 2016.1. Using
the old commands on 2016.1 and later will break the corresponding options
in the *Advanced settings*.

View File

@ -2,9 +2,10 @@ WLAN configuration
==================
Gluon allows to configure 2.4GHz and 5GHz radios independently. The configuration
may include one or both of the two networks "client" (AP mode) and "mesh" (802.11s
mode), which can be used simultaneously. See :doc:`../user/site` for details on the
configuration.
may include any or all of the three networks "client" (AP mode), "mesh" (802.11s
mode) and "ibss" (adhoc mode), which can be used simultaneously (using "mesh" and
"ibss" at same time should be avoided though as weaker hardware usually can't handle the additional
load). See :doc:`../user/site` for details on the configuration.
Upgrade behaviour
-----------------
@ -15,12 +16,19 @@ on upgrades the existing setting is always retained (as this setting may have be
by the user). This means that it is not possible to enable or disable an existing network
configurations during upgrades.
For the "mesh" and "ibss" networks, the default setting only has an effect if none
of the two has existed before. If a new configuration has been added for "mesh" or "ibss",
while the other of the two has already existed before, the enabled/disabled state of the
existing configuration will also be set for the new configuration.
This allows upgrades to change from IBSS to 11s and vice-versa while retaining the
"wireless meshing is enabled/disabled" property configured by the user regardless
of the used mode.
During upgrades the wifi channel of the 2.4GHz and 5GHz radio will be restored to the channel
configured in the site.conf. The channel width will be reset to Gluon's default. If you need to preserve
these settings during upgrades you can configure this via the uci section ``gluon-core.wireless``::
configured in the site.conf. If you need to preserve a user defined wifi channel during upgrades
you can configure this via the uci section ``gluon-core.wireless``::
uci set gluon.wireless.preserve_channels='1'
uci set gluon-core.@wireless[0].preserve_channels='1'
When channels should be preserved, toggling the outdoor mode will have no effect on the channel settings.
Therefore, the Outdoor mode settings won't be displayed in config mode.
Keep in mind that nodes running wifi interfaces on custom channels can't mesh with default nodes anymore!

View File

@ -6,80 +6,118 @@ Several Freifunk communities in Germany use Gluon as the foundation of their Fre
.. toctree::
:caption: User Documentation
:maxdepth: 2
:caption: User Documentation
:maxdepth: 2
user/getting_started
user/site
user/supported_devices
user/x86
user/faq
user/mtu
user/getting_started
user/site
user/supported_devices
user/x86
user/faq
.. toctree::
:caption: Features
:maxdepth: 2
:caption: Features
:maxdepth: 2
features/configmode
features/autoupdater
features/wlan-configuration
features/private-wlan
features/wired-mesh
features/dns-cache
features/monitoring
features/multidomain
features/authorized-keys
features/roles
features/vpn
features/configmode
features/autoupdater
features/wlan-configuration
features/private-wlan
features/wired-mesh
features/dns-forwarder
features/monitoring
features/multidomain
features/authorized-keys
features/roles
features/vpn
.. toctree::
:caption: Developer Documentation
:maxdepth: 2
:caption: Developer Documentation
:maxdepth: 2
dev/basics
dev/hardware
dev/packages
dev/upgrade
dev/uplink
dev/mac_addresses
dev/site_library
dev/build
dev/debugging
dev/basics
dev/hardware
dev/packages
dev/upgrade
dev/wan
dev/mac_addresses
dev/site_library
.. toctree::
:caption: gluon-web Reference
:maxdepth: 1
:caption: gluon-web Reference
:maxdepth: 1
dev/web/controller
dev/web/model
dev/web/view
dev/web/i18n
dev/web/config-mode
dev/web/controller
dev/web/model
dev/web/view
dev/web/i18n
dev/web/config-mode
.. toctree::
:caption: Packages
:maxdepth: 1
:caption: Packages
:maxdepth: 1
package/gluon-client-bridge
package/gluon-config-mode-domain-select
package/gluon-ebtables-filter-multicast
package/gluon-ebtables-filter-ra-dhcp
package/gluon-ebtables-limit-arp
package/gluon-ebtables-source-filter
package/gluon-hoodselector
package/gluon-logging
package/gluon-mesh-batman-adv
package/gluon-mesh-wireless-sae
package/gluon-radv-filterd
package/gluon-scheduled-domain-switch
package/gluon-web-admin
package/gluon-web-logging
package/gluon-client-bridge
package/gluon-config-mode-domain-select
package/gluon-ebtables-filter-multicast
package/gluon-ebtables-filter-ra-dhcp
package/gluon-ebtables-limit-arp
package/gluon-ebtables-source-filter
package/gluon-hoodselector
package/gluon-mesh-batman-adv
package/gluon-radv-filterd
package/gluon-scheduled-domain-switch
package/gluon-web-admin
package/gluon-web-logging
.. toctree::
:caption: Releases
:maxdepth: 1
:caption: Releases
:maxdepth: 1
releases/index
releases/v2019.1.3
releases/v2019.1.2
releases/v2019.1.1
releases/v2019.1
releases/v2018.2.4
releases/v2018.2.3
releases/v2018.2.2
releases/v2018.2.1
releases/v2018.2
releases/v2018.1.4
releases/v2018.1.3
releases/v2018.1.2
releases/v2018.1.1
releases/v2018.1
releases/v2017.1.8
releases/v2017.1.7
releases/v2017.1.6
releases/v2017.1.5
releases/v2017.1.4
releases/v2017.1.3
releases/v2017.1.2
releases/v2017.1.1
releases/v2017.1
releases/v2016.2.7
releases/v2016.2.6
releases/v2016.2.5
releases/v2016.2.4
releases/v2016.2.3
releases/v2016.2.2
releases/v2016.2.1
releases/v2016.2
releases/v2016.1.6
releases/v2016.1.5
releases/v2016.1.4
releases/v2016.1.3
releases/v2016.1.2
releases/v2016.1.1
releases/v2016.1
releases/v2015.1.2
releases/v2015.1.1
releases/v2015.1
releases/v2014.4
releases/v2014.3.1
releases/v2014.3
License
-------

View File

@ -20,10 +20,10 @@
},
mesh_vpn = {
mtu = 1312,
fastd = {
methods = {'salsa2012+umac'},
mtu = 1312,
},
bandwidth_limit = {

View File

@ -29,7 +29,7 @@ GLUON_MULTIDOMAIN=1
# chosen feature flags
GLUON_SITE_PACKAGES := iwinfo
GLUON_SITE_PACKAGES := haveged iwinfo
## DEFAULT_GLUON_RELEASE
# version string to use for images
@ -58,3 +58,6 @@ GLUON_REGION ?= eu
# Languages to include
GLUON_LANGS ?= en de
# Do not build images for deprecated devices
GLUON_DEPRECATED ?= 0

View File

@ -1,17 +1,17 @@
gluon-ebtables-limit-arp
========================
The *gluon-ebtables-limit-arp* package adds filters to limit the
amount of ARP requests client devices are allowed to send into the
mesh.
The *gluon-ebtables-limit-arp* package adds filters to limit the
amount of ARP requests client devices are allowed to send into the
mesh.
The limits per client device, identified by its MAC address, are
6 packets per minute and 1 per second per node in total.
6 packets per minute and 1 per second per node in total.
A burst of up to 50 ARP requests is allowed until the rate-limiting
takes effect (see ``--limit-burst`` in ``ebtables(8)``).
Furthermore, ARP requests for a target IP already present in the
batman-adv DAT cache are excluded from rate-limiting, in regard
batman-adv DAT cache are excluded from rate-limiting, in regard
to both counting and filtering, as batman-adv will be able
to respond locally without a burden for the mesh. Therefore, this
limiter should not affect popular target IP addresses, like those
@ -21,8 +21,8 @@ However it mitigates the impact on the mesh when a larger range of
its IPv4 subnet is being scanned, which would otherwise result in
a significant amount of ARP chatter, even for unused IP addresses.
This package is installed by default if the selected routing
feature is *mesh-batman-adv-15*.
This package is selected by default if the installed routing
package is gluon-mesh-batman-adv-14 or gluon-mesh-batman-adv-15.
It can be unselected via::
GLUON_SITE_PACKAGES := \

View File

@ -66,7 +66,7 @@ and others which contain shapes.
* **default domain**
The default domain doesn't hold any shapes and represents the inverted area of
The default domain doesnt hold any shapes and represents the inverted area of
all other shapes held by other domains with geo coordinates. It will only be
entered if a node could not be matched to a geo domain. A suggested approach is
to define the "old" network as default domain and gradually migrate nodes from

View File

@ -1,37 +0,0 @@
gluon-logging
=============
The *gluon-logging* package allows to configure a remote syslog server that
will receive the systems log output that is also visible when calling ``logread``
from a terminal.
It supports both IPv4 and IPv6 endpoints over UDP and TCP.
Note: The syslog mechanism is incapable of providing a complete log as network
access is required to send out log messages and ``logd`` does not buffer and resend
older log messages even though they might be available in ``logread``.
This package conflicts with ``gluon-web-logging`` as it will overwrite the
user-given syslog server on every upgrade.
site.conf
---------
syslog.ip : required
- Destination address of the remote syslog server
syslog.port : optional
- Destination port of the remote syslog server
- Defaults to 514
syslog.proto : optional
- Protocol to transport syslog frames in, can be either ``tcp`` or ``udp``
- Defaults to UDP
Example::
syslog = {
ip = "2001:db8::1",
port = 514,
proto = "udp",
},

View File

@ -2,7 +2,7 @@ gluon-mesh-batman-adv
=====================
.. image:: gluon-mesh-batman-adv-logo.svg
:width: 300 px
:width: 300 px
B.A.T.M.A.N. Advanced (often referenced as batman-adv) is an implementation of
the B.A.T.M.A.N. routing protocol in form of a linux kernel module operating on layer 2.
@ -20,11 +20,49 @@ B.A.T.M.A.N. Advanced project homepage:
* https://www.open-mesh.org/projects/batman-adv/wiki/Wiki
Flavours
--------
Gluon currently supports two main build flavours of batman-adv:
gluon-mesh-batman-adv-15
^^^^^^^^^^^^^^^^^^^^^^^^
This is the recommended batman-adv flavour to use.
It follows recent, upstream batman-adv releases and is flexible to new feature additions.
gluon-mesh-batman-adv-14 (`batman-adv-legacy`)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
`gluon-mesh-batman-adv-14`, also known as `batman-adv-legacy` or batman-adv v2013.4
is the last batman-adv release with the batman-adv compatibility version 14, which
was released in October 2013.
With batman-adv v2014.0.0 a compat breakage became necessary for the introduction
of new features. However, one of these features was the addition of TVLV support
(type-version-length-value fields) which from then on allowed adding features
without breaking packet format compatibility. This made it possible to stay with
compatibility version 15 so far.
For new installations `gluon-mesh-batman-adv-14` is **not recommended**. It misses
a lot of bugfixes and is currently only available for existing communities
until they have migrated. This package will soon be deprecated and removed.
Also see:
* https://www.open-mesh.org/projects/batman-adv/wiki/Compatversion
* https://www.open-mesh.org/news/56
* https://github.com/freifunk-gluon/batman-adv-legacy/
B.A.T.M.A.N. Routing Algorithms
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Two routing algorithms are selectable via
:ref:`site.conf mesh section <user-site-mesh>`: BATMAN_IV and BATMAN_V.
For the `gluon-mesh-batman-adv-15` package two routing algorithms are selectable
via :ref:`site.conf mesh section <user-site-mesh>`: BATMAN_IV and BATMAN_V.
For the `gluon-mesh-batman-adv-14` package, BATMAN_IV_LEGACY needs to be selected.
BATMAN_IV - stable
""""""""""""""""""
@ -47,15 +85,15 @@ Multicast Architecture
----------------------
.. image:: gluon-mesh-batman-adv-multicast.svg
:width: 300 px
:width: 300 px
While generally broadcast capability is a nice feature of a layer 2
mesh protocol, it quickly reaches its limit.
For meshes with about **50 nodes / 100 clients, or more** it is therefore highly
recommended to add the :doc:`gluon-ebtables-filter-multicast`
package. Also, with the *mesh-batman-adv-15* feature,
:doc:`gluon-ebtables-limit-arp` is selected by default.
package. Also, with gluon-mesh-batman-adv-15 or gluon-mesh-batman-adv-14
installed :doc:`gluon-ebtables-limit-arp` is selected by default.
Furthermore, by default IGMP and MLD messages are filtered. See
:ref:`site.conf mesh section <user-site-mesh>` and

View File

@ -1,49 +0,0 @@
gluon-mesh-wireless-sae
=======================
This package adds support for SAE on 802.11s mesh connections.
Enabling this package will require all 802.11s mesh connections
to be encrypted using the SAE key agreement scheme. The security
of SAE relies upon the authentication through a shared secret.
In the context of public mesh networks a shared secret is an
obvious oxymoron. Still, this functionality may provide an improvement
over unencrypted mesh connections in that it protects against a
passive attacker who did not observe the key agreement. In addition
Management Frame Protection (802.11w) gets automatically enabled on
wireless mesh interfaces to prevent protocol-level deauthentication attacks.
If `wifi.mesh.sae` is enabled, a shared secret will automatically be
derived from the `prefix6` variable. This is as secure as it gets
for a public mesh network.
For *private* mesh networks `wifi.mesh.sae_passphrase` should be
set to your shared secret.
site.conf
---------
These settings apply to all 802.11s mesh interfaces on all radios.
wifi.mesh.sae \: optional
- ``true`` enables SAE on 802.11s mesh connections
- ``false`` disables SAE on 802.11s mesh connections
- defaults to ``false``
wifi.mesh.sae_passphrase \: optional
- sets a shared secret used to authenticate any two mesh nodes,
crucial for private mesh networks
- should not be set, if the shared secret is shared with untrusted
third parties, like in a publish mesh network
- defaults to an autogenerated value derived from ``prefix6``
Example::
wifi = {
mesh = {
sae = true,
-- sae_passphrase = "<shared secret>",
},
},

View File

@ -13,32 +13,29 @@ Selected router
The router selection mechanism is independent from the batman-adv gateway mode.
In contrast, the device originating the router advertisement could be any router
or client connected to the mesh, as radv-filterd captures all router
advertisements originating from it. All nodes announcing router advertisement
advertisements originating from it. All nodes announcing router advertisement
**with** a default lifetime greater than 0 are being considered as candidates.
In case a router is not a batman-adv originator itself, its TQ is defined by
the originator it is connected to. This lookup uses the batman-adv global
translation table.
Initially the router is selected by choosing the candidate with the strongest
TQ. When another candidate can provide a better TQ metric, that outperforms the
currently selected router by X metric units, it will be picked as the new
selected router. The hysteresis threshold is configurable and prevents excessive
flapping of the gateway.
Initially the router is the selected by choosing the candidate with the
strongest TQ. When another candidate can provide a better TQ metric it is not
picked up as the selected router until it will outperform the currently
selected router by X metric units. The hysteresis threshold is configurable
and prevents excessive flapping of the gateway.
Local routers
-------------
"Local" routers
---------------
Local routers (i.e. local internet gateways connected to some nodes) that are
connected to the client interface via cable or WLAN instead of via the mesh
(technically: appearing in the transtable_local) are taken into account with a
fake TQ of 512, so that they are always preferred.
Be aware of problems if you plan to use local routers together with the
:doc:`gluon-ebtables-filter-ra-dhcp` package. These router advertisements are
filtered anyway and reach neither the node nor any other client. Therefore the
use of local routers is not possible as long as the package
``gluon-radv-filterd`` is used.
The package has functionality to select "local" routers, i.e. those connected
via cable or WLAN instead of via the mesh (technically: appearing in the
``transtable_local``), a fake TQ of 512 so that they are always preferred.
However, if used together with the :doc:`gluon-ebtables-filter-ra-dhcp`
package, these router advertisements are filtered anyway and reach neither the
node nor any other client. You currently have to disable the package or insert
custom ebtables rules in order to use local routers.
respondd module
---------------

View File

@ -3,7 +3,7 @@ gluon-scheduled-domain-switch
This package allows to switch a routers domain at a given point
in time. This is needed for switching between incompatible transport
protocols (e.g. wired meshing with and without VXLAN).
protocols (e.g. 802.11s and IBSS or VXLAN).
Nodes will switch when the defined *switch-time* has passed. In case the node was
powered off while this was supposed to happen, it might not be able to acquire the
@ -15,15 +15,15 @@ site.conf
All those settings have to be defined exclusively in the domain, not the site.
domain_switch : optional (needed for domains to switch)
target_domain :
- target domain to switch to
switch_after_offline_mins :
- amount of time without reachable gateway to switch unconditionally
switch_time :
- UNIX epoch after which domain will be switched
connection_check_targets :
- array of IPv6 addresses which are probed to determine if the node is
connected to the mesh
target_domain :
- target domain to switch to
switch_after_offline_mins :
- amount of time without reachable gateway to switch unconditionally
switch_time :
- UNIX epoch after which domain will be switched
connection_check_targets :
- array of IPv6 addresses which are probed to determine if the node is
connected to the mesh
Example::

View File

@ -1,129 +0,0 @@
Release Notes
=============
.. toctree::
:caption: Gluon 2022.1
:maxdepth: 2
v2022.1.4
v2022.1.3
v2022.1.2
v2022.1.1
v2022.1
.. toctree::
:caption: Gluon 2021.1
:maxdepth: 2
v2021.1.2
v2021.1.1
v2021.1
.. toctree::
:caption: Gluon 2020.2
:maxdepth: 2
v2020.2.3
v2020.2.2
v2020.2.1
v2020.2
.. toctree::
:caption: Gluon 2020.1
:maxdepth: 2
v2020.1.4
v2020.1.3
v2020.1.2
v2020.1.1
v2020.1
.. toctree::
:caption: Gluon 2019.1
:maxdepth: 2
v2019.1.3
v2019.1.2
v2019.1.1
v2019.1
.. toctree::
:caption: Gluon 2018.2
:maxdepth: 2
v2018.2.4
v2018.2.3
v2018.2.2
v2018.2.1
v2018.2
.. toctree::
:caption: Gluon 2018.1
:maxdepth: 2
v2018.1.4
v2018.1.3
v2018.1.2
v2018.1.1
v2018.1
.. toctree::
:caption: Gluon 2017.1
:maxdepth: 2
v2017.1.8
v2017.1.7
v2017.1.6
v2017.1.5
v2017.1.4
v2017.1.3
v2017.1.2
v2017.1.1
v2017.1
.. toctree::
:caption: Gluon 2016.2
:maxdepth: 2
v2016.2.7
v2016.2.6
v2016.2.5
v2016.2.4
v2016.2.3
v2016.2.2
v2016.2.1
v2016.2
.. toctree::
:caption: Gluon 2016.1
:maxdepth: 2
v2016.1.6
v2016.1.5
v2016.1.4
v2016.1.3
v2016.1.2
v2016.1.1
v2016.1
.. toctree::
:caption: Gluon 2015.1
:maxdepth: 2
v2015.1.2
v2015.1.1
v2015.1
.. toctree::
:caption: Gluon 2014.4
:maxdepth: 2
v2014.4
.. toctree::
:caption: Gluon 2014.3
:maxdepth: 2
v2014.3.1
v2014.3

View File

@ -19,7 +19,7 @@ ar71xx-generic
- DIR-615 (C1)
* GL.iNet
* GL-Inet
- 6408A (v1)
- 6416A (v1)
@ -170,16 +170,16 @@ Site changes
for example::
fastd_mesh_vpn = {
methods = {'salsa2012+umac'},
mtu = 1426,
groups = {
backbone = {
limit = 2,
peers = {
-- ...
}
methods = {'salsa2012+umac'},
mtu = 1426,
groups = {
backbone = {
limit = 2,
peers = {
-- ...
}
}
}
}
}
- ``config_mode``: The config mode messages aren't configured in ``site.conf`` anymore. Instead, they are
@ -190,11 +190,11 @@ Site changes
in the site i18n files. The ``site.conf`` section becomes::
roles = {
default = 'foo',
list = {
'foo',
'bar',
}
default = 'foo',
list = {
'foo',
'bar',
}
}
The display string use i18n message IDs like ``gluon-luci-node-role:role:foo`` and ``gluon-luci-node-role:role:bar``.

View File

@ -9,21 +9,21 @@ ar71xx-generic
* OpenMesh
- MR600 (v1, v2)
- MR900 (v1, v2)
- OM2P (v1, v2)
- OM2P-HS (v1, v2)
- OM2P-LC
- OM5P
- OM5P-AN
- MR600 (v1, v2)
- MR900 (v1, v2)
- OM2P (v1, v2)
- OM2P-HS (v1, v2)
- OM2P-LC
- OM5P
- OM5P-AN
* Ubiquiti
- Rocket M XW
- Rocket M XW
* TP-LINK
- TL-WR841N/ND v11
- TL-WR841N/ND v11
Bugfixes
~~~~~~~~

View File

@ -88,8 +88,6 @@ New features
* Add support for making nodes a DNS cache for clients
(`#1000 <https://github.com/freifunk-gluon/gluon/pull/1000>`_)
See also: :doc:`../features/dns-cache`
* Add L2TP via tunneldigger as an alternative VPN system
(`#978 <https://github.com/freifunk-gluon/gluon/pull/978>`_)

View File

@ -28,7 +28,7 @@ Bugfixes
As the path to both config mode and status page were changed between versions
users could be affected by a redirect to a no more valid URL.
* batman-adv has received two bugfixes, which were `backported <https://github.com/openwrt/routing/commit/7bf62cc8b556b5046f9bbd37687376fe9ea175bb>`_ from v2018.4
* batman-adv has received two bugfixes, which were `backported <https://github.com/openwrt-routing/packages/commit/7bf62cc8b556b5046f9bbd37687376fe9ea175bb>`_ from v2018.4
Other changes
~~~~~~~~~~~~~

View File

@ -21,7 +21,7 @@ ramips-mt7620
ramips-mt76x8
^^^^^^^^^^^^^
* GL.iNet
* Gl.iNet
- MT300N (v2) [#noibss]_

View File

@ -30,15 +30,13 @@ Known issues
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
- | Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
| Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
| metric.
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
- | Throughput values are not correctly acquired for different interface types.
| (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
| This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)

View File

@ -26,15 +26,13 @@ Known issues
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
- | Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
| Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
| metric.
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
- | Throughput values are not correctly acquired for different interface types.
| (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
| This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)

View File

@ -36,15 +36,13 @@ Known issues
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
- | Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
| Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
| metric.
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
- | Throughput values are not correctly acquired for different interface types.
| (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
| This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)

View File

@ -15,7 +15,6 @@ possible.
With Gluon v2019.1, nodes will not answer respondd queries on ``[ff02::2:1001]:1001`` anymore. Respondd
querier setups still using this address must be updated to the new address ``[ff05::2:1001]:1001``
(supported since Gluon v2017.1). This change was required due to cross-domain leakage of respondd data.
If you are using hopglass-server to query respondd data, you need to update it to at least commit f0e2c0a5.
If you are upgrading from a version prior to v2018.1, please note that the flash layout on some
devices (TP-Link CPE/WBS 210/510) was changed. To avoid upgrade failures, make sure to upgrade
@ -73,8 +72,8 @@ ramips-mt7621
.. note::
The ``ipq806x`` target has been flagged as broken, as none of its devices are fully supported in this OpenWrt
release yet. You might have to update your build scripts accordingly.
The ``ipq806x`` target has been flagged as broken, as none of its devices are fully supported in this OpenWrt
release yet. You might have to update your build scripts accordingly.
@ -109,20 +108,20 @@ have outdoor mode automatically enabled during their initial setup, specifically
* Ubiquiti
- Bullet M
- Litebeam M5
- Nanostation M5
- Nanostation M5 Loco
- Rocket M5
- Rocket M5 TI
- Unifi AC Mesh
- Unifi AC Mesh Pro
- Unifi Outdoor
- Bullet M
- Litebeam M5
- Nanostation M5
- Nanostation M5 Loco
- Rocket M5
- Rocket M5 TI
- Unifi AC Mesh
- Unifi AC Mesh Pro
- Unifi Outdoor
* TP-Link
- CPE510
- WBS510
- CPE510
- WBS510
See the :ref:`wifi5 <user-site-wifi5>` section for the *site.conf* configuration of this feature.
@ -253,15 +252,13 @@ Known issues
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
- | Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
| Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
| metric.
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
- | Throughput values are not correctly acquired for different interface types.
| (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
| This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)

View File

@ -1,61 +0,0 @@
Gluon 2020.1.1
==============
This is the first service release for the Gluon 2020.1.x line, fixing regressions reported by
the community.
Bugfixes
--------
- Fixed non-working LEDs on TP-Link Archer C5 v1 and Archer C7 v2 after an upgrade to Gluon 2020.1.
- Fixed an issue which leads to AVM FRITZ!WLAN Repeater 450E devices being stuck in failsafe mode
after an upgrade to Gluon 2020.1.
Other changes
-------------
- Linux kernel has been updated to 4.14.171
Known issues
------------
- Out of memory situations with high client count on ath9k.
(`#1768 <https://github.com/freifunk-gluon/gluon/issues/1768>`_)
- The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
- Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
- The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is
disallowed).
- Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
- Frequent reboots due to out-of-memory or high load due to memory pressure on weak hardware especially in larger
meshes (`#1243 <https://github.com/freifunk-gluon/gluon/issues/1243>`_)
Optimizations in Gluon 2018.1 have significantly improved memory usage.
There are still known bugs leading to unreasonably high load that we hope to
solve in future releases.
- High chance of ending in a soft-bricked state for Ubiquiti EdgeRouter-X. Workaround is to
repeat initial installation using the serial console. (`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)

View File

@ -1,84 +0,0 @@
Gluon 2020.1.2
==============
Removed hardware support
------------------------
lantiq-xway
~~~~~~~~~~~
- AVM FRITZ!Box 7320 [#switchports_not_working]_
- AVM FRITZ!Box 7330 [#switchports_not_working]_
- AVM FRITZ!Box 7330 SL [#switchports_not_working]_
.. [#switchports_not_working]
The switchports on these devices are not working properly (`#1943 <https://github.com/freifunk-gluon/gluon/issues/1943>`_)
Bugfixes
--------
- Fixes a bug in the tunneldigger watchdog where the watchdog would incorrectly find itself while looking up the running tunneldigger process. It then went on and assumed a PID mismatch between the tunneldigger service and its PID file and therefore caused an unnecessary restart of the tunnel. (`#1952 <https://github.com/freifunk-gluon/gluon/issues/1952>`_)
- Fixes an oversight in the firewalling of the respondd service where queries from prefix listed in ``extra_prefixes6`` would be dropped. (`#1941 <https://github.com/freifunk-gluon/gluon/issues/1941>`_)
- Fixes a bug in ``gluon-web`` where forms would not correctly update their field visibility on reset. This affected, for example, the private wifi page in the config mode. (`#1970 <https://github.com/freifunk-gluon/gluon/pull/1970>`_)
- Fixes RX buffer sizing in the ath10k driver to allow for frames larger than 1528 Bytes. (`#1992 <https://github.com/freifunk-gluon/gluon/pull/1992>`_)
- Fixes a regression in the v4.14 kernel where spurious data bus errors on ar71xx devices would cause a reboot. (`#1994 <https://github.com/freifunk-gluon/gluon/pull/1994>`_)
Other changes
-------------
- Linux kernel has been updated to 4.14.176
Internals
---------
- OpenWrt 19.07 introduced the urngd entropy daemon that serves the same function as the haveged service, which we have been recommending. To not have two redundant entropy daemons in this release we remove urngd in favor of haveged in the v2020.1 release series.
Known issues
------------
- High chance of ending in a soft-bricked state for Ubiquiti EdgeRouter-X. Workaround is to
repeat initial installation using the serial console. (`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
- Out of memory situations with high client count on ath9k.
(`#1768 <https://github.com/freifunk-gluon/gluon/issues/1768>`_)
- The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
- Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
- The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is
disallowed).
- Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
- Frequent reboots due to out-of-memory or high load due to memory pressure on weak hardware especially in larger
meshes (`#1243 <https://github.com/freifunk-gluon/gluon/issues/1243>`_)
Optimizations in Gluon 2018.1 have significantly improved memory usage.
There are still known bugs leading to unreasonably high load that we hope to
solve in future releases.

View File

@ -1,57 +0,0 @@
Gluon 2020.1.3
==============
Bugfixes
--------
- Fixes a bug in musl which can lead to spurious crashes in fastd and other programs, which alternate between single-
and multi-threaded operation. (`#2029 <https://github.com/freifunk-gluon/gluon/issues/2029>`_)
- Fixes a regression which led to around 2.5 MiB higher memory usage for ar71xx-tiny and ramips-rt305x targets.
While this decreases the memory usage, the image will become around 64KiB larger. (`#2032 <https://github.com/freifunk-gluon/gluon/issues/2032>`_)
- Fixes a bug which can cause the TP-Link TL-MR3020 v1 to become stuck in failsafe mode.
Other changes
-------------
- Linux kernel has been updated to 4.14.180
Known issues
------------
- High chance of ending in a soft-bricked state for Ubiquiti EdgeRouter-X. Workaround is to
repeat initial installation using the serial console. (`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
- Out of memory situations with high client count on ath9k.
(`#1768 <https://github.com/freifunk-gluon/gluon/issues/1768>`_)
- The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
- Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
- The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is
disallowed).
- Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.

View File

@ -1,47 +0,0 @@
Gluon 2020.1.4
==============
Added hardware support
----------------------
- Added support for TP-Link CPE210 3.20 (`#2080 <https://github.com/freifunk-gluon/gluon/issues/2080>`_)
Bugfixes
--------
- Fixed a rare race-condition during mesh interface teardown (`#2057 <https://github.com/freifunk-gluon/gluon/pull/2057>`_)
- Fixed handling of mesh interfaces together with outdoor mode, site.conf defaults and config mode (`#2049 <https://github.com/freifunk-gluon/gluon/pull/2049>`_) (`#2054 <https://github.com/freifunk-gluon/gluon/pull/2054>`_)
Other changes
-------------
- Linux kernel has been updated to 4.14.193
- Backports of batman-adv bugfixes
Known issues
------------
* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the
NAND flash which the NAND driver before this release does not handle well.
(`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is
disallowed).

View File

@ -1,240 +0,0 @@
Gluon 2020.1
============
This is the first release of Gluon in 2020, based on OpenWrt 19.07. It
introduces the ath79 target, which will replace ar71xx in the short
term.
Added hardware support
----------------------
ath79-generic
~~~~~~~~~~~~~
- devolo WiFi pro 1200e
- devolo WiFi pro 1200i
- devolo WiFi pro 1750c
- devolo WiFi pro 1750e
- devolo WiFi pro 1750i
- devolo WiFi pro 1750x
- GL.iNet GL-AR300M-Lite
- OCEDO Raccoon
- TP-Link Archer C6 v2
ipq40xx-generic
~~~~~~~~~~~~~~~
- Aruba AP-303
- Aruba Instant On AP11
- AVM FRITZ!Repeater 1200
ipq806x-generic
~~~~~~~~~~~~~~~
- Netgear R7800
lantiq-xway
~~~~~~~~~~~
- AVM FRITZ!Box 7312
- AVM FRITZ!Box 7320
- AVM FRITZ!Box 7330
- AVM FRITZ!Box 7330 SL
lantiq-xrx200
~~~~~~~~~~~~~
- AVM FRITZ!Box 7360 (v1, v2)
- AVM FRITZ!Box 7360 SL
- AVM FRITZ!Box 7362 SL
- AVM FRITZ!Box 7412
mpc85xx-p1020
~~~~~~~~~~~~~
- Enterasys WS-AP3710i
- OCEDO Panda
ramips-mt7620
~~~~~~~~~~~~~
- TP-Link Archer C2 (v1)
- TP-Link Archer C20 (v1)
- TP-Link Archer C20i
- TP-Link Archer C50 (v1)
- Xiaomi MiWifi Mini
ramips-mt7621
~~~~~~~~~~~~~
- Netgear EX6150 (v1)
- Netgear R6220
ramips-mt76x8
~~~~~~~~~~~~~
- GL.iNet VIXMINI
- TP-Link TL-MR3020 (v3)
- TP-Link TL-WA801ND (v5)
- TP-Link TL-WR902AC (v3)
Removed hardware support
------------------------
- ALFA Network Hornet-UB [#kernelpartition_too_small]_
- ALFA Network Tube2H [#kernelpartition_too_small]_
- ALFA Network N2 [#kernelpartition_too_small]_
- ALFA Network N5 [#kernelpartition_too_small]_
.. [#kernelpartition_too_small]
The kernel partition on this device is too small to build a working image.
Major changes
-------------
OpenWrt 19.07
~~~~~~~~~~~~~
Gluon v2020.1 is the first release to use OpenWrt 19.07. All targets
therefore use Linux 4.14.166.
batman-adv compat v14 removal
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Support for the long deprecated compat 14 version of batman-adv has been
dropped. Communities still using this version should migrate to batman-adv
using the scheduled domain switch.
IBSS wireless mesh removal
~~~~~~~~~~~~~~~~~~~~~~~~~~
Support for the IBSS wireless protocol has been dropped. Communities
still using IBSS are suggested to migrate to 802.11s using the scheduled
domain switch.
Performance enhancements
~~~~~~~~~~~~~~~~~~~~~~~~
We install zram-swap by default on ``ar71xx`` devices with 8MB of flash
and 32MB of RAM.
Renamed targets
~~~~~~~~~~~~~~~
- The ``ipq40xx`` target was renamed to ``ipq40xx-generic``.
- The ``ipq806x`` target was renamed to ``ipq806x-generic``.
Status Page
~~~~~~~~~~~
- Gateway nexthop information has been added to the status page when batman-adv
is used. This includes its MAC address and prettyname as well as the interface
name towards the selected gateway.
- The site name has been added to the status page. If the node is in a multidomain
setup it will also show the domain name.
DECT button to enter config mode
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Many AVM devices don't feature a separate RESET/WPS button, therefore
starting this release we support entering the config mode via DECT buttons.
X86 partition size
~~~~~~~~~~~~~~~~~~
The x86 partition size has been reduced to fit on disks with a capacity of 128 MB.
Bugfixes
--------
Autoupdater aliases
~~~~~~~~~~~~~~~~~~~
We have added several new aliases for autoupdater compatibility on
the following devices:
- Ubiquiti UniFi AC LR
- Raspberry Pi
Site changes
------------
site.mk
~~~~~~~
- The ``GLUON_WLAN_MESH`` variable can be dropped, as 802.11s is
the only supported wireless transport from now on.
Internals
---------
Linting Targets
~~~~~~~~~~~~~~~
Support for linter make targets was added.
- ``make lint``
- ``make lint-sh`` to only check shell scripts
- ``make lint-lua`` to only check lua scripts
These require the shellcheck and luacheck tools. The docker image has
been updated accordingly.
Continuous integration
~~~~~~~~~~~~~~~~~~~~~~
We have implemented continuous integration testing using Jenkins and thereby
ensure that all lua and shell scripts are linted, that the documentation
still builds and warnings are highlighted, and that Gluon still
compiles, by testing a build on the ``x86_64`` target. We expect this to
significantly improve the feedback cycle and quality of contributions.
Known issues
************
* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the
NAND flash which the NAND driver before this release does not handle well.
(`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
* LEDs on TP-Link Archer C5 v1 and Archer C7 v2 are not working after Upgrade to v2020.1
(`#1941 <https://github.com/freifunk-gluon/gluon/issues/1941>`_)
* AVM FRITZ!WLAN Repeater 450E is stuck in failsafe mode. (`#1940 <https://github.com/freifunk-gluon/gluon/issues/1940>`_)
* Out of memory situations with high client count on ath9k.
(`#1768 <https://github.com/freifunk-gluon/gluon/issues/1768>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is
disallowed).
* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
* Frequent reboots due to out-of-memory or high load due to memory pressure on weak hardware especially in larger
meshes (`#1243 <https://github.com/freifunk-gluon/gluon/issues/1243>`_)
Optimizations in Gluon 2018.1 have significantly improved memory usage.
There are still known bugs leading to unreasonably high load that we hope to
solve in future releases.

View File

@ -1,47 +0,0 @@
Gluon 2020.2.1
==============
Added hardware support
----------------------
- Added support for TP-Link CPE210 3.20 (`#2080 <https://github.com/freifunk-gluon/gluon/issues/2080>`_)
Bugfixes
--------
- Fixed handling of *mesh_on_lan* enabled in site configuration (`#2090 <https://github.com/freifunk-gluon/gluon/issues/2090>`_)
- Fixed build issues with lantiq-xrx200 target by removing unsupported DSL modem packages (`#2087 <https://github.com/freifunk-gluon/gluon/pull/2087>`_)
Other changes
-------------
- Linux kernel has been updated to 4.14.193
- Backports of batman-adv bugfixes
Known issues
------------
* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the
NAND flash which the NAND driver before this release does not handle well.
(`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations not using VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is
disallowed).

View File

@ -1,42 +0,0 @@
Gluon 2020.2.2
==============
Bugfixes
--------
- Fixed unstable WiFi on some units of the TP-Link Archer C50 v4 (`#2133 <https://github.com/freifunk-gluon/gluon/pull/2133>`_)
- Fixed CVE-2020-27638 in fastd
Other changes
-------------
- Linux kernel has been updated to 4.14.206
- Backports of batman-adv bugfixes
Known issues
------------
* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the
NAND flash which the NAND driver before this release does not handle well.
(`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations not using VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is
disallowed).

View File

@ -1,49 +0,0 @@
Gluon 2020.2.3
==============
Bugfixes
--------
- LEDs on the ASUS RT-AC51 are now fully functional.
- Netgear EX6150v1 randomly booting into failsafe mode has been fixed.
This happened dependent on the state of the mode setting switch.
- Dnsmasq has been patched against multiple security issues in its DNS response validation.
See the OpenWrt advisory at https://openwrt.org/advisory/2021-01-19-1
Other changes
-------------
- Linux kernel has been updated to 4.14.224
- batman-adv fixes were backported from its 2021.0 release
- OpenSSL has been updated to 1.1.1k
Known issues
------------
* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the
NAND flash which the NAND driver before this release does not handle well.
(`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations not using VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is
disallowed).

View File

@ -1,198 +0,0 @@
Gluon 2020.2
============
Added hardware support
----------------------
ath79-generic
~~~~~~~~~~~~~
* GL.iNet
- GL-AR750S
* TP-Link
- CPE220 (v3)
ipq40xx-generic
~~~~~~~~~~~~~~~
* EnGenius
- ENS620EXT [#outdoor]_
* Linksys
- EA6350 (v3)
lantiq-xrx200
~~~~~~~~~~~~~
* TP-Link
- TD-W8970
lantiq-xway
~~~~~~~~~~~
* NETGEAR
- DGN3500B
ramips-mt76x8
~~~~~~~~~~~~~
* Cudy
- WR1000
x86-legacy [#newtarget]_
~~~~~~~~~~~~~~~~~~~~~~~~
* Devices older than the Pentium 4
.. [#newtarget]
This is a new target.
.. [#outdoor]
This device is supposed to be set up outdoors and will therefore have its outdoor mode flag automatically enabled.
Major changes
-------------
Device Classes
~~~~~~~~~~~~~~
Devices are now categorized into device classes. This device class can determine which features
as well as packages are installed on the device when building images.
Currently there are two classes used in Gluon, *tiny* and *standard*. All devices with less than 64M of RAM or
less than 7M of usable firmware space are assigned to the tiny class.
WPA3 support for Private WLAN
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The private WLAN now supports WPA3-SAE key exchange as well as management frame protection (802.11w).
For this to work, the firmware needs to be built with the *wireless-encryption-wpa3* feature.
OWE on Client Network
~~~~~~~~~~~~~~~~~~~~~
Gluon now allows to configure a VAP for the client network which supports opportunistic encryption on the
client network for devices which support the OWE security type (also known as Enhanced Open).
This encrypted VAP can be the only available access point or be configured in addition to an unencrypted VAP.
In the latter case, the transition mode can be enabled, which enables compatible devices to automatically
connect to the encrypted VAP while legacy devices continue to use the unencrypted connection.
There are issues with some devices running Android 9 when connecting to a transition mode enabled network. See the site documentation for more information.
SAE Encrypted Mesh Links
~~~~~~~~~~~~~~~~~~~~~~~~
Mesh links can now be operated in an encrypted mode using SAE authentication. For this to work, a common shared secret
has to be distributed to all participating nodes using the site.conf.
Responsive status page
~~~~~~~~~~~~~~~~~~~~~~
The status page design is now responsive and reflows better on mobile devices.
Primary domain code
~~~~~~~~~~~~~~~~~~~
The primary domain code is now visible on the node status page as well as in the respondd information
emitted by the node.
Logging
~~~~~~~
The new *gluon-logging* package allows to configure a remote syslog server using the site.conf.
This package can only be included when *gluon-web-logging* is excluded.
Peer cleanup in fastd
~~~~~~~~~~~~~~~~~~~~~
fastd peers and groups are now removed on update in case they do not exist in the new site configuration.
To preserve a custom peer across updates, add the *preserve* key to the peer's UCI configuration and set it to ``1``.
Bugfixes
--------
- The WAN MAC address now matches the one defined in OpenWrt if VXLAN is enabled for the selected domain.
- *gluon-reload* now reloads all relevant services.
- Disabling outdoor mode and enabling meshing in the config mode can now be performed in a single step.
- Fixed section visibility with enabled outdoor mode in config mode.
Site changes
------------
site.mk
~~~~~~~
Starting with version 19.07 OpenWrt ships the urngd entropy daemon by default.
It replaces the haveged daemon, for which we removed the support in Gluon. Remove ``haveged`` from your package selection.
Internal
--------
Editorconfig
~~~~~~~~~~~~
Gluon now ships a *editorconfig* file to allow compatible editors to automatically apply key aspects of Gluon's code style.
Continuous Integration
~~~~~~~~~~~~~~~~~~~~~~
* Jenkins
- The CI now has a test stage to verify Gluons runtime functionality.
* GitHub Actions
- GitHub actions is now enabled for the Gluon project, build-testing all available targets.
Build system
~~~~~~~~~~~~
- Source code minification can now be skipped by enabling the GLUON_MINIFY flag.
- Enabling the GLUON_AUTOREMOVE flag will remove package build directories after they are built.
This reduces space consumption at the expense of subsequent builds being slower.
Known issues
------------
* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the
NAND flash which the NAND driver before this release does not handle well.
(`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations not using VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is
disallowed).

View File

@ -1,63 +0,0 @@
Gluon 2021.1.1
==============
Important notes
---------------
Upgrades to v2021.1 and later releases are only supported from releases v2018.2 and later. This is due to migrations that have been removed to simplify maintenance.
Added hardware support
----------------------
ath79-generic
~~~~~~~~~~~~~
* Joy-IT
- JT-OR750i
ramips-mt76x8
~~~~~~~~~~~~~
* Xiaomi
- Mi Router 4A (100M Edition)
Bugfixes
--------
- Missing bandwidth limit settings resulted in a respondd crash for v2021.1.
- The Tunneldigger VPN provider was not registered with the Gluon VPN backend, resulting in broken Tunneldigger configurations.
- Disabling Radio interfaces in v2021.1 could lead to null pointer dereferences in the respondd airtime module, as the survey returns no data in this case.
Known issues
------------
* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the NAND flash which the NAND driver before this release does not handle well.
(`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).

View File

@ -1,131 +0,0 @@
Gluon 2021.1.2
==============
Important notes
---------------
This release fixes a **critical security vulnerability** in Gluon's
autoupdater.
Upgrades to v2021.1 and later releases are only supported from releases v2018.2
and later. Migration code for upgrades from older versions has been removed to
simplify maintenance.
Updates
-------
- The Linux kernel was updated to version 4.14.275
- The mac80211 wireless driver stack was updated to a version based on kernel
4.19.237
Various minor package updates are not listed here and can be found in the commit
log.
Bugfixes
--------
* **[SECURITY]** Autoupdater: Fix signature verification
A recently discovered issue (CVE-2022-24884) in the *ecdsautils* package
allows forgery of cryptographic signatures. This vulnerability can be
exploited to create a manifest accepted by the autoupdater without knowledge
of the signers' private keys. By intercepting nodes' connections to the update
server, such a manifest allows to distribute malicious firmware updates.
This is a **critical** vulnerability. All nodes with autoupdater must be
updated. Requiring multiple signatures for an update does *not* mitigate the
issue.
As a temporary workaround, the issue can be mitigated on individual nodes by
disabling the autoupdater via config mode or using the following commands::
uci set autoupdater.settings.enabled=0
uci commit autoupdater
A fixed firmware should be installed manually before enabling the autoupdater
again.
See security advisory `GHSA-qhcg-9ffp-78pw
<https://github.com/freifunk-gluon/ecdsautils/security/advisories/GHSA-qhcg-9ffp-78pw>`_
for further information on this vulnerability.
* **[SECURITY]** Config Mode: Prevent Cross-Site Request Forgery (CSRF)
The Config Mode was not validating the *Origin* header of POST requests.
This allowed arbitrary websites to modify configuration (including SSH keys)
on a Gluon node in Config Mode reachable from a user's browser by sending POST
requests with form data to 192.168.1.1.
The impact of this issue is considered low, as nodes are only vulnerable while
in Config Mode.
* Config Mode: Fix occasionally hanging page load after submitting the
configuration wizard causing the reboot message and VPN key not to be
displayed
* Config Mode (OSM): Update default OpenLayers source URL
The OSM feature of the Config Mode was broken when the default source URL was
used for OpenLayers, as the old URL has become unavailable. The default was
updated to a URL that should not become unavailable again.
* Config Mode (OSM): Fix error when using ``"`` character in attribution text
* respondd-module-airtime: Fix respondd crash on devices with disabled WLAN
interfaces
Several improvements were made to the error handling of the
*respondd-module-airtime* package. The "PHY ID" field (introduced in Gluon
2021.1) was removed again.
* ipq40xx: Fix bad WLAN performance on Plasma Cloud PA1200 and PA2200 devices
* Fix occasional build failure in "perl" package with high number of threads
(``-j32`` or higher)
Other improvements
------------------
* Several improvements were made to the status page:
- WLAN channel display does not require the *respondd-module-airtime* package
anymore
- The "gateway nexthop" label now links to the status page of the nexthop node
- The timeout to retrieve information from neighbour nodes was increased,
making the display of the name
of overloaded, slow or otherwise badly reachable nodes more likely to
succeed
Known issues
------------
* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a
soft-bricked state due to bad blocks on the NAND flash which the NAND driver
before this release does not handle well.
(`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page.
(`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to
account for the new throughput metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are
unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations without VXLAN, the MAC address of the WAN interface is
modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected
(like VMware when promiscuous mode is disallowed).

View File

@ -1,141 +0,0 @@
Gluon 2021.1
============
Important notes
---------------
Upgrades to v2021.1 and later releases are only supported from releases v2018.2 and later. This is due to migrations that have been removed to simplify maintenance.
Added hardware support
----------------------
ath79-generic
~~~~~~~~~~~~~
* Plasma Cloud
- PA300 [#outdoor]_
- PA300E [#outdoor]_
* TP-Link
- Archer C2 v3
- Archer D50 v1
ipq40xx-generic
~~~~~~~~~~~~~~~
* AVM
- FRITZ!Box 7530
* Plasma Cloud
- PA1200 [#outdoor]_
- PA2200
ramips-mt7620
~~~~~~~~~~~~~
* Netgear
- EX3700
- EX3800
.. [#outdoor]
This device is supposed to be set up outdoors and will therefore have its outdoor mode flag automatically enabled.
Major changes
-------------
Multicast optimizations (batman-adv)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
In this release, we reenable the multicast optimizations, that have gone through another round of bug squashing upstream. With this feature batman-adv will distribute IPv6 link-local multicast packets via individual unicast packets instead of flooding them through the whole mesh as long as the number of subscribed nodes does not exceed 16. This reduces layer 2 overhead, especially for IPv6 Neighbor Discovery.
We also relaxed the firewall for IPv6 multicast packets: Instead of always dropping non-essential multicast packets we now allow all IPv6 link-local multicast packets to pass when the destination group has up to 16 subscribers
Status page
~~~~~~~~~~~
The status page has received much attention in this release and now exposes many more details that help to understand a node's setup remotely.
Among other things, we now expose wireless client count per radio, the mac80211 identifiers, the frequencies radios are tuned to, as well as information about the VPN provider and details on the mesh protocol stack.
gluon-switch-domain utility
~~~~~~~~~~~~~~~~~~~~~~~~~~~
The ``gluon-switch-domain`` utility has been introduced to allow for a standard way to encapsulate the steps required for safely switching between domains. Existing packages like the hoodselector and the scheduled-domain-switch have been tied in with gluon-switch-domain.
It has an experimental ``--no-reboot`` flag that requires further testing, to ensure it doesn't accidentally bridge separate domains.
Other changes
-------------
- The private WLAN interface is now assigned the interface name `wan_radioX` where X is the phy index.
- Linux kernel has been updated to 4.14.235
- The kernel's mac80211 stack has been updated to 4.19.193-test1 to mitigate the `FragAttacks <https://www.fragattacks.com/>`_ vulnerabilities
- OpenSSL has been updated to 1.1.1k, fixing CVE-2021-3449 and CVE-2021-3450
- Dropbear has been patched against mishandling of special filenames in its scp component (CVE-2020-36524)
Bugfixes
--------
- The firmware partition lookup in gluon-web-admin's firmware update page was using an old partition label and therefore failed to look up the available flash size. This resulted in misleading error messages in case the uploaded firmware file exceeds the flash size.
- Android 9 and higher do not properly wake up to renew their MLD subscriptions, therefore dropping out of the Neighbor Discovery MLD group, which leads to broken IPv6 connectivity after the device has slept for a while. A workaround has been deployed to wake these devices up in regular intervals to prevent this regression.
Internal
--------
Mesh-VPN Abstraction Layer
~~~~~~~~~~~~~~~~~~~~~~~~~~
In preparation for the introduction of new tunneling protocols, the gluon-mesh-vpn framework has been modularized. This allows for providers to use a standard interface and keep their implementation details in a dedicated package.
Continuous Integration
~~~~~~~~~~~~~~~~~~~~~~
* GitHub Actions
- GitHub actions is now enabled for the Gluon project, build-testing all available targets.
- CI jobs are now run based on which paths have been modified.
- Linters for lua and shell scripts have been integrated.
Known issues
------------
* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the NAND flash which the NAND driver before this release does not handle well.
(`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).

View File

@ -1,85 +0,0 @@
Gluon 2022.1.1
==============
Important notes
---------------
This release mitigates multiple flaws in the Linux wireless stack fixing RCE and DoS vulnerabilities.
Added hardware support
----------------------
ipq40xx-generic
~~~~~~~~~~~~~~~
- GL.iNet
- GL-AP1300
mpc85xx-p1010
~~~~~~~~~~~~~
- TP-Link
- TL-WDR4900 (v1)
ramips-mt7621
~~~~~~~~~~~~~
- ZyXEL
- NWA50AX
rockchip-armv8
~~~~~~~~~~~~~~
- FriendlyElec
- NanoPi R4S (4GB LPDDR4)
Bugfixes
--------
* Multiple mitigations for (`critical vulnerabilities <https://seclists.org/oss-sec/2022/q4/20>`_) in the Linux kernel WLAN stack. This only concerns Gluon v2022.1, older Gluon versions are unaffected.
* CVE-2022-41674
* CVE-2022-42719
* CVE-2022-42720
* CVE-2022-42721
* CVE-2022-42722
* Fixes `security issues in WolfSSL <https://openwrt.org/releases/22.03/notes-22.03.1#security_fixes>`_. People who have installed additional, non-Gluon packages which rely on WolfSSL's TLS 1.3 implementation might be affected. Firmwares using either gluon-mesh-wireless-sae or gluon-wireless-encryption-wpa3 are unaffected by these issues, since only WPA-Enterprise relies on the affected TLS functionality.
* CVE-2022-38152
* CVE-2022-39173
* Fixes the update path for GL-AR300M and NanoStation Loco M2/M5 (XW) devices.
Known issues
------------
* A workaround for Android devices not waking up to their MLD subscriptions was removed,
potentially breaking IPv6 connectivity for these devices after extended sleep periods.
(`#2672 <https://github.com/freifunk-gluon/gluon/issues/2672>`_)
* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the NAND flash which the NAND driver before this release does not handle well.
(`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).

View File

@ -1,37 +0,0 @@
Gluon 2022.1.2
==============
Bugfixes
--------
* Various build-errors which sporadically occur when building with a large thread-count have been fixed
* Android devices do not lose their IPv6 connectivity after extended idle-time
* The 802.11s mesh network is now using 802.11ax HE-modes when supported by hardware
Known issues
------------
* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the NAND flash which the NAND driver before this release does not handle well.
(`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).

View File

@ -1,40 +0,0 @@
Gluon 2022.1.3
==============
Bugfixes
--------
* Ipq40xx Wave2 devices temporarily use non-ct firmware again to work around 802.11s unicast package loss in ath10k-ct
(`#2692 <https://github.com/freifunk-gluon/gluon/issues/2692>`_)
* Modify kernel builds slightly to work around a boot hang on various devices based on the QCA9563 SoC - especially the Unifi AC-* devices
(`#2784 <https://github.com/freifunk-gluon/gluon/issues/2784>`_)
* Work around an issue with wifi setup timing by waiting a bit while device initialisation is ongoing
(`#2779 <https://github.com/freifunk-gluon/gluon/issues/2779>`_)
Known issues
------------
* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the NAND flash which the NAND driver before this release does not handle well.
(`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).

View File

@ -1,136 +0,0 @@
Gluon 2022.1.4
==============
Added hardware support
----------------------
ath79-generic
~~~~~~~~~~~~~
- LibreRouter
- LibreRouter (v1)
- Teltonika
- RUT230 (v1)
ath79-nand
~~~~~~~~~~
- Aerohive
- HiveAP 121
- NETGEAR
- WNDR4300 (v1)
lantiq-xrx200
~~~~~~~~~~~~~
- Arcadyan
- o2 Box 6431
ramips-mt7621
~~~~~~~~~~~~~
- Cudy
- X6 (v1, v2)
- D-Link
- DAP-X1860 (A1)
- GL.iNet
- GL-MT1300
- Mercusys
- MR70X (v1)
- Xiaomi
- Mi Router 3G
ramips-mt76x8
~~~~~~~~~~~~~
- TP-Link
- RE200 (v3)
realtek-rtl838x
~~~~~~~~~~~~~~~
- D-Link
- DGS-1210-10P
ipq40xx-generic
~~~~~~~~~~~~~~~
- AVM
- FRITZBox 7520
ipq40xx-mikrotik
~~~~~~~~~~~~~~~~
- Mikrotik
- hAP ac2
Bugfixes
--------
* Enterasys WS-AP3705i now uses the correct image-name for use with the autoupdater
(`#2819 <https://github.com/freifunk-gluon/gluon/issues/2819>`_)
* Reduce memory Usage for ath10k on ZyXEL WRE6606 devices
(`#2842 <https://github.com/freifunk-gluon/gluon/issues/2842>`_)
* Replace the Workaround for failed boots on ath79 with a proper fix.
(`#2784 <https://github.com/freifunk-gluon/gluon/issues/2784#issuecomment-1452126501>`_)
* AVM FRITZ!Box 7360 v2 flashed with the incorrect image for v1 will automatically update to the correct image.
* Revert OOM inducing switch of ath79 Wave2 firmware back to -ct
(`#2879 <https://github.com/freifunk-gluon/gluon/pull/2879>`_)
Known issues
------------
* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the NAND flash which the NAND driver before this release does not handle well.
(`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).

View File

@ -1,417 +0,0 @@
Gluon 2022.1
============
Important notes
---------------
Upgrades to v2022.1 and later releases are only supported from releases v2020.1 and later. This is due to migrations that have been removed to simplify maintenance.
Added hardware support
----------------------
ath79-generic
~~~~~~~~~~~~~
- D-Link
- DAP-2660 A1
- Enterasys
- WS-AP3705i
- Siemens
- WS-AP3610
- TP-Link
- Archer A7 v5
- CPE510 v2
- CPE510 v3
- CPE710 v1
- EAP225-Outdoor v1
- WBS210 v2
ath79-mikrotik
~~~~~~~~~~~~~~
- Mikrotik
- RB951Ui-2nD
ipq40xx-generic
~~~~~~~~~~~~~~~
- Aruba Networks
- AP-303H
- AP-365
- InstantOn AP11D
- InstantOn AP17
ipq40xx-mikrotik
~~~~~~~~~~~~~~~~
- Mikrotik
- SXTsq-5-AC
ramips-mt7620
~~~~~~~~~~~~~
- Xiaomi
- Mi Router 3G (v2)
ramips-mt7621
~~~~~~~~~~~~~
- Cudy
- WR2100
- Netgear
- R6260
- WAC104
- WAX202
- TP-Link
- RE500
- RE650 v1
- Ubiquiti
- UniFi 6 Lite
- Xiaomi
- Mi Router 4A (Gigabit Edition)
ramips-mt7622
~~~~~~~~~~~~~
- Linksys
- E8450
- Xiaomi
- AX3200
- Ubiquiti
- UniFi 6 LR
ramips-mt76x8
~~~~~~~~~~~~~
- GL.iNet
- microuter-N300
- Netgear
- R6020
- RAVPower
- RP-WD009
- TP-Link
- Archer C20 v4
- Archer C20 v5
- RE200 v2
- RE305 v1
- Xiaomi
- Mi Router 4C
- Mi Router 4A (100M Edition)
rockchip-armv8
~~~~~~~~~~~~~~
- FriendlyElec
- NanoPi R2S
mpc85xx-p1010
~~~~~~~~~~~~~
- Sophos
- RED 15w rev. 1
mpc85xx-p1020
~~~~~~~~~~~~~
- Extreme Networks
- WS-AP3825i
Removed Devices
---------------
This list contains devices which do not have enough memory or flash to
be operated with this Gluon release.
- D-Link
- DIR-615 (C1, D1, D2, D3, D4, H1)
- Linksys
- WRT160NL
- TP-Link
- TL-MR13U (v1)
- TL-MR3020 (v1)
- TL-MR3040 (v1, v2)
- TL-MR3220 (v1, v2)
- TL-MR3420 (v1, v2)
- TL-WA701N/ND (v1, v2)
- TL-WA730RE (v1)
- TL-WA750RE (v1)
- TL-WA801N/ND (v1, v2, v3)
- TL-WA830RE (v1, v2)
- TL-WA850RE (v1)
- TL-WA860RE (v1)
- TL-WA901N/ND (v1, v2, v3, v4, v5)
- TL-WA7210N (v2)
- TL-WA7510N (v1)
- TL-WR703N (v1)
- TL-WR710N (v1, v2)
- TL-WR740N (v1, v3, v4, v5)
- TL-WR741N/ND (v1, v2, v4, v5)
- TL-WR743N/ND (v1, v2)
- TL-WR840N (v2)
- TL-WR841N/ND (v3, v5, v7, v8, v9, v10, v11, v12)
- TL-WR841N/ND (v1, v2)
- TL-WR843N/ND (v1)
- TL-WR940N (v1, v2, v3, v4, v5, v6)
- TL-WR941ND (v2, v3, v4, v5, v6)
- TL-WR1043N/ND (v1)
- WDR4900
- Ubiquiti
- AirGateway
- AirGateway Pro
- AirRouter
- Bullet
- LS-SR71
- Nanostation XM
- Nanostation Loco XM
- Picostation
- Unknown
- A5-V11
- VoCore
- VoCore (8M, 16M)
Atheros target migration
------------------------
All Atheros MIPS devices built with the ``ar71xx-generic``,
``ar71xx-nand`` as well as ``ar71xx-tiny`` were deprecated upstream and
are therefore not available with Gluon anymore.
Many devices previously built with ``ar71xx-generic`` and
``ar71xx-nand`` are now available with the ``ath79-generic`` as well as
``ath79-nand`` target respectively.
Missing devices
~~~~~~~~~~~~~~~
The following devices have not yet been integrated into Gluons ath79
targets.
- 8Devices
- Carambola 2
- Aerohive
- HiveAP 121
- Allnet
- ALL0315
- Buffalo
- WZR-HP-G300NH2
- WZR-HP-G450H
- GL.iNet
- 6408A v1
- NETGEAR
- WNDR4300
- WNDRMAC
- WNDRMAC v2
- TP-Link
- WR2543
- Ubiquiti
- Rocket
- WD
- MyNet N600
- MyNet N750
- ZyXEL
- NB6616
- NB6716
Features
--------
WireGuard
~~~~~~~~~
Gluon got WireGuard support. This allows offloading **encrypted**
connections into kernel space, increasing performance by forwarding
packets without the need for context switches between user and kernel
space.
In order to reuse existing (already verified) fastd-keypairs for
WireGuard, a key derivation procedure is `currently being
developed <https://github.com/freifunk-gluon/gluon/pull/2601>`__. This
should ease migration from fastd to WireGuard in case whitelisting VPN
keys is desired.
fastd L2TP
~~~~~~~~~~
fastd can now act as a connection broker for unencrypted L2TP-based
tunneling within Gluons mesh-vpn framework. This new ``null@l2tp``
connection method allows for increased performance within existing
fastd setups.
In addition to a sufficiently
:ref:`configured fastd-based VPN server<vpn-gateway-configuration>`,
this requires further modifications to a sites :ref:`VPN fastd methods<VPN fastd methods>`.
Major changes
-------------
OpenWrt
~~~~~~~
This release is based on the newest OpenWrt 22.03 release branch.
It ships with Linux kernel 5.10 as well as wireless-backports 5.15.
Network changes (DSA / Upgrade-Behavior)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The ``ramips-mt7621`` and ``lantiq-xrx200`` targets now use the upstream DSA
subsystem instead of OpenWrt swconfig for managing ethernet switches.
Gluon detects the existing user-intent and automatically applies it over
to DSA syntax. See the section about network reconfiguration for more
details.
System reconfiguration
~~~~~~~~~~~~~~~~~~~~~~
The network and system-LED configurations are now re-generated after
each update / invocation of ``gluon-reconfigure``.
The user-intent is preserved within Gluons implemented functionality
(Wired-Mesh / Client access / WAN).
As an additional feature, Gluon now supports assigning roles to
interfaces. This behavior is explained
:ref:`here<wired-mesh-commandline>`.
Site changes
------------
VPN provider MTU
~~~~~~~~~~~~~~~~
To account for multiple VPN methods available for a site, the MTU used
for the VPN tunnel connection is now moved to the specific VPN provider
configuration. For fastd this means that ``mesh_vpn.mtu`` needs to be
moved to ``mesh_vpn.fastd.mtu``. (`#2352 <https://github.com/freifunk-gluon/gluon/pull/2352>`__)
Preconfigured Interfaces Roles
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Instead of ``mesh_on_wan`` and ``mesh_on_lan`` there is now an
``interfaces`` block to configure the default behavior of network
interfaces. Details can be found in the
:ref:`documentation<user-site-interfaces>`.
Minor changes
-------------
- The ``brcm2708-bcm2708`` ``brcm2708-bcm2709`` ``brcm2708-bcm2710``
targets were renamed to ``bcm27xx-bcm2708`` ``bcm27xx-bcm2709`` and
``bcm27xx-bcm2710``
- The GL.iNet GL-AR750S was moved to the ``ath79-nand`` subtarget
- Gluon now ships the ath10k-ct firmware derivation for
QCA9886 / QCA9888 / QCA9896 / QCA9898 / QCA9984 /
QCA9994 / IPQ4018 / IPQ4028 / IPQ4019 / IPQ4029
radios (`#2541 <https://github.com/freifunk-gluon/gluon/pull/2541>`__)
- WolfSSL instead of OpenSSL is now used when built with WPA3 support
- The option to configure the wireless-channel independent from the
site-selected channel was moved from
``gluon-core.wireless.preserve_channels`` to
``gluon.wireless.preserve_channels``
- ``gluon-info`` is a new command that provides information about the
current node
- ``GLUON_DEPRECATED`` is now set to 0 by default
- To reboot a running gluon-node into setup-mode, Gluon now offers the
``gluon-enter-setup-mode`` command
- Devices without WLAN do not show the private-wifi configuration
anymore
- The Autoupdater now uses the site default branch in case it is
configured to use a non-existent / invalid branch
Known issues
------------
* A workaround for Android devices not waking up to their MLD subscriptions was removed,
potentially breaking IPv6 connectivity for these devices after extended sleep periods.
(`#2672 <https://github.com/freifunk-gluon/gluon/issues/2672>`_)
* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the NAND flash which the NAND driver before this release does not handle well.
(`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).

View File

@ -1 +0,0 @@
sphinx-rtd-theme==1.2.0

Some files were not shown because too many files have changed in this diff Show More