nils/gluon
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: nils:master
Branches Tags
nils:master
nils:next
nils:v2022.1.x
nils:backport-2793-to-v2022.1.x
nils:respondd-fastd-method
nils:backport-2842-to-v2022.1.x
nils:v2022.1.x-mbedtls
nils:doc-remove-css-hack
nils:v2021.1.x
nils:v2018.2.x
nils:v2019.1.x
nils:v2020.1.x
nils:v2020.2.x
nils:next-usteer
nils:pr-ath9k-missing-rx-reset
nils:pr-interfaces-device-rename
nils:next-netifd-bridges
nils:hexa/private-wifi/80211r
nils:qemu-serial-testdriver
nils:v2018.1.x
nils:v2017.1.x
nils:v2016.2.x
nils:v2016.1.x
nils:v2015.1.x
nils:v2014.4.x
nils:v2014.3.x
nils:v2022.1.4
nils:v2022.1.3
nils:v2022.1.2
nils:v2022.1.1
nils:v2022.1
nils:v2021.1.2
nils:v2021.1.1
nils:v2021.1
nils:v2020.2.3
nils:v2020.2.2
nils:v2019.1.3
nils:v2020.2.1
nils:v2020.1.4
nils:v2020.2
nils:v2020.1.3
nils:v2020.1.2
nils:v2020.1.1
nils:v2020.1
nils:v2019.1.2
nils:v2019.1.1
nils:v2018.2.4
nils:v2019.1
nils:v2018.2.3
nils:v2018.2.2
nils:v2018.2.1
nils:v2018.2
nils:v2018.1.4
nils:v2018.1.3
nils:v2018.1.2
nils:v2018.1.1
nils:v2018.1
nils:v2017.1.8
nils:v2017.1.7
nils:v2017.1.6
nils:v2017.1.5
nils:v2017.1.4
nils:v2017.1.3
nils:v2017.1.2
nils:v2016.2.7
nils:v2017.1.1
nils:v2017.1
nils:v2016.2.6
nils:v2016.2.5
nils:v2016.2.4
nils:v2016.2.3
nils:v2016.2.2
nils:v2016.2.1
nils:v2016.2
nils:v2016.1.6
nils:v2016.1.5
nils:v2016.1.4
nils:v2016.1.3
nils:v2016.1.2
nils:v2016.1.1
nils:v2016.1
nils:v2015.1.2
nils:v2015.1.1
nils:v2015.1
nils:v2014.4
nils:v2014.3.1
nils:v2014.3
nils:v2014.2
nils:v2014.1
..
compare: nils:v2021.1.2
Branches Tags
nils:master
nils:next
nils:v2022.1.x
nils:backport-2793-to-v2022.1.x
nils:respondd-fastd-method
nils:backport-2842-to-v2022.1.x
nils:v2022.1.x-mbedtls
nils:doc-remove-css-hack
nils:v2021.1.x
nils:v2018.2.x
nils:v2019.1.x
nils:v2020.1.x
nils:v2020.2.x
nils:next-usteer
nils:pr-ath9k-missing-rx-reset
nils:pr-interfaces-device-rename
nils:next-netifd-bridges
nils:hexa/private-wifi/80211r
nils:qemu-serial-testdriver
nils:v2018.1.x
nils:v2017.1.x
nils:v2016.2.x
nils:v2016.1.x
nils:v2015.1.x
nils:v2014.4.x
nils:v2014.3.x
nils:v2022.1.4
nils:v2022.1.3
nils:v2022.1.2
nils:v2022.1.1
nils:v2022.1
nils:v2021.1.2
nils:v2021.1.1
nils:v2021.1
nils:v2020.2.3
nils:v2020.2.2
nils:v2019.1.3
nils:v2020.2.1
nils:v2020.1.4
nils:v2020.2
nils:v2020.1.3
nils:v2020.1.2
nils:v2020.1.1
nils:v2020.1
nils:v2019.1.2
nils:v2019.1.1
nils:v2018.2.4
nils:v2019.1
nils:v2018.2.3
nils:v2018.2.2
nils:v2018.2.1
nils:v2018.2
nils:v2018.1.4
nils:v2018.1.3
nils:v2018.1.2
nils:v2018.1.1
nils:v2018.1
nils:v2017.1.8
nils:v2017.1.7
nils:v2017.1.6
nils:v2017.1.5
nils:v2017.1.4
nils:v2017.1.3
nils:v2017.1.2
nils:v2016.2.7
nils:v2017.1.1
nils:v2017.1
nils:v2016.2.6
nils:v2016.2.5
nils:v2016.2.4
nils:v2016.2.3
nils:v2016.2.2
nils:v2016.2.1
nils:v2016.2
nils:v2016.1.6
nils:v2016.1.5
nils:v2016.1.4
nils:v2016.1.3
nils:v2016.1.2
nils:v2016.1.1
nils:v2016.1
nils:v2015.1.2
nils:v2015.1.1
nils:v2015.1
nils:v2014.4
nils:v2014.3.1
nils:v2014.3
nils:v2014.2
nils:v2014.1

60 Commits
master ... v2021.1.2

Author SHA1 Message Date
Matthias Schiffer
d0f43aeb08
Merge pull request from GHSA-xqhj-fmc7-f8mv 
ecdsautils: verify: fix signature verification (CVE-2022-24884)
 2022-05-05 18:02:38 +02:00
Matthias Schiffer
dcfa4522b3
Gluon v2021.1.2 2022-05-04 20:08:17 +02:00
Matthias Schiffer
6ccad98fc0
Update copyright years 2022-05-04 20:08:04 +02:00
Matthias Schiffer
7332d33775
docs: releases/v2021.1.2: describe autoupdater security issue 2022-05-04 20:01:53 +02:00
Matthias Schiffer
2b5d4b88b4
ecdsautils: verify: fix signature verification (CVE-2022-24884) 
A vulnerability was found in ecdsautils which allows forgery of ECDSA
signatures. An adversary exploiting this vulnerability can create an update
manifest accepted by the autoupdater, which can be used to distribute
malicious firmware updates by spoofing a Gluon node's connection to the
update server.
 2022-05-03 07:36:23 +02:00
Matthias Schiffer
422e20c8da
docs: add v2021.1.2 release notes (#2488) 2022-05-02 23:37:48 +02:00
Matthias Schiffer
cf1b550517
Merge pull request #2486 from freifunk-gluon/v2021.1.x-update-modules 
v2021.1.x: update modules
 2022-04-21 23:54:06 +02:00
Matthias Schiffer
386fd5b101
modules: update OpenWrt packages 
1c5e4c80f49b zabbix: update to version 4.0.37
 2022-04-21 17:50:33 +02:00
Matthias Schiffer
7fc3fdc232
modules: update OpenWrt base 
ecbbb373edf7 wolfssl: fix compilation with /dev/crypto
f6e22f0956a1 OpenWrt v19.07.10: revert to branch defaults
d03dc49943db OpenWrt v19.07.10: adjust config defaults
9ce6aa9d8d8a wolfssl: bump to 5.2.0
698cdf02020a mac80211: Update to version 4.19.237-1
26a8be9c9814 kernel: generic: add missing symbol for arm64 spectre mitigation
ae2af91edddd kernel: generic: reorder kernel config options
058c2347c51f imagebuilder: fix broken image generation with external targets
d39a6c67dcb4 kernel: bump 4.14 to 4.14.275
9aa35fada652 patchelf: backport fix for rpath endianness
 2022-04-21 17:49:58 +02:00
Matthias Schiffer
ad430d33fa
Merge pull request #2401 from freifunk-gluon/v2021.1.x-update-modules 
v2021.1.x: update modules
 2022-03-30 00:36:51 +02:00
Matthias Schiffer
4aa73858a2
modules: update Gluon packages 
f9ef3fc7d9d7 treewide: change Github URLs from git:// to https:// (#252)
 2022-03-29 18:31:09 +02:00
Matthias Schiffer
ad786c7816
modules: update routing packages 
8f23999365de ahcpd: use SHA256 hash and use HTTPS everywhere
04e7f66aa770 mcproxy: Fix compilation with uClibc-ng
bf77e5f0e026 cjdns-tests: Don't build on ARC (#487)
01417ad6817a cjdns: Do not build on ARC
653ec59929cc olsrd: remove empty .gitignore file
3f095f7f7ef0 pimbd: add PKG_MIRROR_HASH
c1a2f7a25255 oonf-olsrd2: add PKG_MIRROR_HASH
2f9236d864ac oonf-dlep-radio: add PKG_MIRROR_HASH
20f3e5171029 oonf-dlep-proxy: add PKG_MIRROR_HASH
e05cb068c499 olsrd: add PKG_MIRROR_HASH
e37cf04da41a ohybridproxy: add PKG_MIRROR_HASH, refresh patch
95cd0ce4b5a1 mrd6: add PKG_MIRROR_HASH
00eacef47b5e minimalist-pcproxy: add PKG_MIRROR_HASH
84b7b3c55337 mcproxy: add PKG_MIRROR_HASH
f17815946a1b hnetd: add PKG_MIRROR_HASH, refresh patch
372ec6288639 cjdns: add PKG_MIRROR_HASH
ce5adaab9520 CI: fix multi-arch-test-build for 19.07 branch
2ed5a04ab819 CI: fix runtime testing for non master branch
c755ab8dce1c issuetemplate: reference foreign repos
cccff55a6288 CI: fix building multi-arch-test-build
63625f7e1987 CI: copy .github from openwrt-packages
df9f33c52277 batman-adv: Merge bugfixes from 2022.0
7a3e63fd45fe batman-adv: Merge bugfixes from 2021.4
c8734df67719 batman-adv: Refresh patches with quilt
3c10076826a5 batman-adv: Merge bugfixes from 2021.2
 2022-03-29 18:31:09 +02:00
Matthias Schiffer
48f6a11e33
modules: update OpenWrt packages 
5a842639dc87 nano: provide nano-full with most features enabled
165c5625a3c6 netatalk: update to version 3.1.13
7b9c8fd48743 coova-chilli: add dependency for miniportal
6732d0573d62 coova-chilli: clean up Makefile
6ac4167c7318 coova-chilli: remove dnslog option
384c9dc68fed coova-chili: Fix version
944bae08d00c coova-chilli: Update to 1.5
3398ed29b0c0 python3: Update to 3.7.13, refresh patches
e8dc42753c64 bind: bump to 9.16.27
17e7ca6e2e66 syslog-ng: update to version 3.36.1
79db9a8e246e expat: import patches for CVEs
448eb6e4b999 expat: update to 2.2.10
31098bd6b274 htpdate: drop www.freebsd.org from default server list
4c461f9e8559 nano: update to 6.2
8129d30e3653 nano: update to 6.1
e234ea1ae48b ruby: update to 2.6.9
c0c89af7c4fa bind: update to version 9.16.25
56cf18027b67 CI: fix runtime testing for non master branch
5578d60f9ad9 nano: Add a plus variant with more features
864ffb6ca1b9 nss: backport patch for CVE-2021-43527
0af741cd16ce prosody: update to version 0.11.13
20e42ca81e02 prosody: fix shellcheck warnings
0319712eda5e prosody: update to 0.11.7
22a3a54a9c8a prosody: update to 0.11.5
199860fa3ad3 prosody: /etc/prosody permissions fix
498bcd4e25c7 prosody: Update to 0.11.3
057803706e99 tvheadend: fix conffiles section
765307772f15 domoticz: backport patch to fix compilation with uClibc-ng
572392a8ac20 domoticz: bump to 4.10717
8d91ba86a956 domoticz: Fix compilation without deprecated OpenSSL APIs
7bb0a7e929cb netdata: Update init script to use -D rather than -nd
6317eabad70e apache: security bump to 2.4.51
4af8afe6ccde haveged: update to 1.9.17
f299c29a45fc treewide: add missing BUILDONLY
64d0238a1bef zsh: drop bash syntax in postinst
ea3e54accd11 zsh: fix invalid postrm script and little refactor of scripts
5a9b5ee78cd2 nano: update to version 6.0
e1a2d908c3de msmtp: update to version 1.8.1.9
535f4804b661 postgresql: security update to version 11.14
e93fc5a20f57 libs/c-ares: fix domain hijacking CVE-2021-3672
45218f20597b msmtp: update to version 1.8.17
d216572bb147 syslog-ng: update to version 3.35.1
1d5b64958b79 icu: Fix memory bug w/ baseName
e1feccd5aeb7 ddns-scripts: Fix wrong whitespace in preinst and postinst scripts
c559096e03e5 bind: update to version 9.16.23
af8fe2363d07 cyrus-sasl: patch CVE-2019-19906
903d79b3872b php7: Clean up and update distributed php.ini for php 7.2.34
496f50a754cf syslog-ng: update to version 3.34.1
61741b3249d6 ffmpeg: update to version 3.4.9 (security fix)
9abe24fb49fa bind: Bump to 9.16.22
cb4433c4baa1 tvheadend: update libhdhomerun
18af9b9e2132 bind: update to version 9.16.21
bb0ed00885eb nextdns: Update to version 1.37.3
c493a603cdbf vpn-policy-routing: downgrade to 0.2.1-13
20a9e8700b3d python-dateutil: Add missing HOST_PYTHON3_PACKAGE_BUILD_DEPENDS
e933f6f749aa python-importlib-metadata: Pin setuptools-scm version
a5de193e5422 simple-adblock: update to 1.8.8-1
af3643f9b00d https-dns-proxy: update to 2021-09-27
f2af6941fa2b tor: update to 0.4.5.10
746fa830c6d7 python-zipp: pin setuptools-scm version
70bb6f15e8df perl: perlmod.mk: use flock when hostpkg/perl used
15305d2f2ee6 nano: update to 5.9
ece1d7bfcebf haveged: update to 1.9.15
2d35019d6bee lighttpd: update to lighttpd 1.4.55 release hash
b101f744c258 tcpreplay: avoid host lib leakage
be17f9726509 tcpreplay: bump to version 4.3.4
6e4e0d5e9dfd tcpreplay: add libdnet support
e7167f4702b5 tcpreplay: fix compilation with Arch Linux
668aa95dfb15 tcpreplay: bump to version 4.3.3
6dc494fddf3b ntfs-3g: patch CVE-2019-9755
02ce5303d5a8 nextdns: Update to version 1.37.2
7a7b8a257b59 bind: update to version 9.16.20
d8ef698a9fc9 cgi-io: update to latest Git HEAD
6c5169b3956b cgi-io: update to version 2020-10-27
daaacfd24e74 cgi-io: move into out of tree project
d5a7aa18618c haproxy: Update HAProxy to v2.0.25
17f5a0cc8362 python3: update to version 3.7.12
dd6be653dd8b tor: update to version 0.4.4.9
508c15acb77a irssi: update to 1.2.3
93cfd1679a6f nextdns: Update to version 1.37.1
6f3cd160d273 nextdns: Update to version 1.37.0
72f35e712e9f acme: Fix uhttpd restart to load new certificates
684b71f0cddc click: update to version 7.0
5bd73795e8fc dnsdist: fix default SSL lib spelling
1dd040f9ca89 treewide: Remove GO_PKG_LDFLAGS for stripping binaries
82a3613ec8ad nginx: add PROVIDES nginx-ssl to nginx-all-module
b35c3984e1fd Revert "net/miniupnpd: ext_ip_reserved_ignore support"
72d806d18145 apr: patch CVE-2021-35940
9d3ad065b294 nextdns: Update to version 1.36.0
4b091361ef48 postgresql: disable PIC
0573fb59ab33 file: update to 5.38
b03fe54e0e98 https-dns-proxy: patch CMakeList.txt to use OpenWrt CFLAGS
8ff2671b222e tar: fix CVE-2021-20193
3862bb3e6d65 mc: add a missing Syntax file
47e2ef579e90 git: update to 2.26.3
b39f185bdf90 mc: update to 2.8.27
865ae46492ab unixodbc: use 'install' when copying host binaries
67f403b5e6af perl: perlmod.mk: use 'install' for host binaries
5051c4bb0074 knot: update to version 3.0.8
e0f5b4e2891d knot: update to version 3.0.7
de894d37a666 knot: update to version 3.0.6
0c3d97bf5725 knot: update to version 3.0.5
210e3d9167be https-dns-proxy: update to 2021-07-29-01
a0e39ca02c57 nextdns: Update to version 1.35.0
92abb9917028 adblock: bugfix 4.0.7-9
0872827d2dee librouteros: don't build docs
f31271fed30f net/snort3: Include default configs and snort2lua
de84e781e5b6 syslog-ng: update to version 3.33.2
242dbcebafb9 yggdrasil: bump to 0.4.0
df79c0614cbd vpnbypass: updates to 1.3.2-1
f795536f4884 ruby: update to 2.6.8
a673a232686b addrwatch: Various fixes
1f9aa31eab77 addrwatch: fix broken conffiles
531d59dbc733 addrwatch: update to 1.0.2
ce1781155dfd addrwatch: Add missing limits header for PATH_MAX
879838998e13 luajit: for powerpc, add FPU dependency
be2f1b2c0041 luajit: fix compilation with host clang
29c5a802c4d8 [LuaJIT] Allow MIPS64 support
e5e5c889196b luajit: do not install static libraries to InstallDev
dd627367847d luajit: use dynamic buildmode
192aea109ad6 yggdrasil: allow HTTPS connections
7248e1b957a5 yggdrasil: bump to 0.3.16
fe9b2579f984 yggdrasil: bump to 0.3.15
8687d79f8478 yggdrasil: Ygg-over-ygg bugfix
35531bcb26a0 yggdrasil: bump to 0.3.14
3232f272430a yggdrasil: bump to 0.3.13
2136fafe397d yggdrasil: bump to 0.3.12
05816dbfd83c yggdrasil: Change package configuration to UCI
325bf6bc7540 yggdrasil: fixes build name and version #10309
7087b16140da yggdrasil: uci firewall Section name and cover both IP versions - rename the section instance to yggdrasil (feat. request) - allow zone to cover both ip4 and ip6 fam
56b6518c8898 yggdrasil: bump to 0.3.11
b83f6f9af340 syslog-ng: disable mqtt
c0e93ddff35e libuv: fix CVE-2021-22918
39a92140d19a syslog-ng: update to version 3.33.1
dd32c2cbeeef czmq: disable nss
b7d2b9163cf6 apache: update to 2.4.48
a16402770c32 czmq: update to version 4.2.1
1cd6a5f01992 bind: update to version 9.16.18
b86ca1563ba3 lxc: add patch to switch GPG server
dc621a9b195f snort3: Backport stable version from 21.02
5d189c1013a6 libdaq3: New package, dependency of snort3
d6b64bb65368 msmtp: update to version 1.8.15
a2ab06243970 youtube-dl: update to version 2021.4.7
118b0cb9d608 youtube-dl: update to version 2021.2.10
b18aab0d13f9 python3: update to version 3.7.11
9bcac7859a80 nextdns: Update to version 1.34.2
2294d252b3ef ddns-scripts: standardize required params declaration
730e14da79f6 python-dateutil: pin setuptools-scm version to 5.0.2
d1aac139a698 Revert "python-dateutil: disable setuptools-scm for build"
29da5d65b6dc python-dateutil: disable setuptools-scm for build
b955b6943504 nextdns: Update to version 1.33.11
0f5fbe1f5bfd nano: update to 5.8
ce1ae404c3a6 net/mosquitto: Update to 1.6.15
9355f9503d17 ksmbd: update to 3.3.7
2c328f3d8abd ksmbd: update to 3.3.6
08d1a66e3d9f ksmbd: update to 3.3.5
 2022-03-29 18:30:44 +02:00
Matthias Schiffer
5562682b43
modules: update OpenWrt base 
b24905c38a8a kernel: bump 4.14 to 4.14.274
a518a4f78630 ath79: fix link for long cables with OCEDO Raccoon
ea0e521d3706 kernel: bump 4.14 to 4.14.273
0af411f49d43 zlib: backport security fix for a reproducible crash in compressor
565159db573a kernel: bump 4.14 to 4.14.272
c5c047f19bc5 openssl: bump to 1.1.1n
6b8407c6da66 base-files: call "sync" after initial setup
9ced994057ae kernel: bump 4.14 to 4.14.269
5ecc7ead4878 imagebuilder: fix partition signature
f49eec6335ea wolfssl: fix API breakage of SSL_get_verify_result
cc344f1513ee ubus: backport fixes for UAF and other issues
31bb27f35b95 wolfssl: bump to 5.1.1-stable
572a1f9abe45 ar71xx: fix MikroTik wAP detection
a2482fc3a57c OpenWrt v19.07.9: revert to branch defaults
106382c27c25 OpenWrt v19.07.9: adjust config defaults
2a3558b0de17 kernel: bump 4.14 to 4.14.267
3b6ce4f634cc kernel: bump 4.14 to 4.14.266
e7596ce0b085 hostapd: Apply SAE/EAP-pwd side-channel attack update 2
1691c1168d15 mbedtls: Update to version 2.16.12
419b9f4c4514 mbedtls: update to 2.16.11
bfa4cccd46c3 tcpdump: libpcap: Remove http://www.us.tcpdump.org mirror
e92a4e5458ff tcpdump: Fix CVE-2018-16301
606106fb295e kernel: bump 4.14 to 4.14.265
524cbcf6f5b0 build: store SOURCE_DATE_EPOCH in JSON info files
57293f51c48f kernel: bump 4.14 to 4.14.264
974161d7f891 kernel: bump 4.14 to 4.14.262
b50eb70e01c6 openssl: bump to 1.1.1m
5369ceb787b4 kernel: bump 4.14 to 4.14.261
 2022-03-29 18:29:50 +02:00
Matthias Schiffer
2b5c1e57fc
docs: move release notes TOC to sub page (#2422) 
This allows us to organize the TOC a bit better by adding sections per
major version. We can even increase the maxdepth to 2 now, which looks
great in my opinion.

In addition, the full list of releases is not shown in the sidebar
anymore when viewing a completely different part of the documentation,
which took up more than half of the total sidebar entries.

(cherry picked from commit 7ebc88147e)
 2022-03-23 20:36:09 +01:00
Matthias Schiffer
f77f3829fb
Merge pull request #2402 from herbetom/v2021.1.x-container.sh 
v2021.1.x: Backport container.sh script
 2022-02-24 16:26:22 +01:00
Tom Herbers
2099d8e9be
scripts/container.sh: allow for empty Branch Names and git errors (#2363) 
Resolves #2362

(cherry picked from commit 17731ae8fd)
 2022-02-24 01:09:02 +01:00
Martin Weinelt
e7e634396e Add helper to run a containerized build environment (#2292) 
Using `make container` or, if you don't have automake/gmake on your host
system, `./scripts/container.sh` will build an image for the current
branch your are on and drop you into a shell running inside a container
using that image.

From there all tooling required to work on Gluon is available.

Supports both podman (preferred) and docker.

(cherry picked from commit 6728c4a103)
 2022-02-24 01:08:07 +01:00
David Bauer
e51836ecf1
Merge pull request #2390 from freifunk-gluon/v2021.1.x-backports 
Backports for v2021.1.x
 2022-02-23 23:11:18 +01:00
T-X
0da2a7c431
gluon-neighbour-info: fix broken output with large results (#2322) 
Currently a buffer with a fixed size of 8192 bytes is used. However the
result can potentially be larger, which leads to a truncated JSON
output on stdout. UDP packets, without compression and with IP
fragmentation, can be up to 64KiB large.

Instead of using a fixed size buffer on the stack ask the kernel first
about the size of the UDP data and allocate a buffer of appropriate size
on the heap before receiving the UDP data.

The issue was observed with a custom respondd provider.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
(cherry picked from commit 531937cf6f)
 2022-02-22 18:57:39 +01:00
Martin Weinelt
ff4050d873
patches: build perl single-threaded (#2392) 
Prevents spurious build failures.

(cherry picked from commit 545d1cbb11)
 2022-02-22 18:57:02 +01:00
Matthias Schiffer
bf8e97014b
gluon-config-mode-core: discard gluon-reconfigure output (#2395) 
The stdout output of gluon-web scripts is directly sent to uhttpd,
becoming a part of the HTML output or even replacing HTTP status or
headers. The output of gluon-reconfigure is not supposed to end up
there.

While we're at it, also add an exec to avoid an unnecessary shell
process.

(cherry picked from commit eea49a2834)
 2022-02-22 18:54:53 +01:00
Igor Scheller
64bf4d1b53
gluon-web-osm: Fix " rendering in attribution with CDATA tag (#2398) 
(cherry picked from commit bbc00017a9)
 2022-02-22 18:54:53 +01:00
Matthias Schiffer
1e4cf25eb4
gluon-web-osm: update OpenLayers default URL to 5.3.0 
The OpenLayers JS/CSS download URL is dead. Update it to make the map
work again:

- Update from OpenLayers 5.2.0 to 5.3.0
- Switch from the obsolete rawgit.com URL to jsdelivr.net (rawgit.com
  was only redirecting to jsdelivr.net for the last few years anyways)
- Set a fixed commit in the URL, so the URL doesn't become outdated again

(cherry picked from commit 62b24ed7ce)
 2022-02-15 18:18:50 +01:00
Matthias Schiffer
1837b1e2b3 gluon-web: prohibit cross-origin POST 
As gluon-web uses standard multipart/form-data requests, browsers don't
enforce any cross-origin restrictions. To prevent malicious injection of
POST requests into the config mode, match the Origin header against the
Host header of the request.

(cherry picked from commit a83466be6e)
 2022-02-03 17:08:07 +01:00
Matthias Schiffer
f4ae80e73b gluon-web: improve error handling of parse_message_body() 
Actually raise an error and turn it into an HTTP 400 return code when
something goes wrong, rather than ignoring the error.

We also improve the conditions under which errors are thrown before
pump() is called: We don't need to check for the multipart/form-data
content-type twice, and a POST without this content-type is now always
an error.

(cherry picked from commit f3960eeb47)
 2022-02-03 17:08:07 +01:00
Matthias Schiffer
46dce5747b gluon-web: add CRLF to text/plain Internal Server Error output 
Having a trailing newline is nice when viewing the returned data in a
terminal.

(cherry picked from commit de43b306d4)
 2022-02-03 17:08:07 +01:00
Matthias Schiffer
b41cf74509 gluon-web-*: remove unused "token" form value 
This was a remnant of LuCI that was never used in gluon-web.

(cherry picked from commit 94519cfc56)
 2022-02-03 17:08:07 +01:00
Matthias Schiffer
107ffe6d3b workflows: lint: switch from apt to apt-get -y, add update 
Using apt in scripts is discouraged. Also add an update to hopefully fix
the lua-check installation failure in CI.

(cherry picked from commit c75d90d9ab)
 2022-02-03 17:08:07 +01:00
J. Burfeind
16545edf3e gluon-status-page: split bwlimit into two lines (#2371) 
Fixes: 1cb0fc84fc ("gluon-status-page: swap bandwidth limits (#2304)")
Resolves #2370

(cherry picked from commit 7427ba2280)
 2022-02-03 17:08:07 +01:00
Matthias Schiffer
ae1023ac3a gluon-status-page: use UCI + iwinfo to get channel information 
The network.wireless status ubus call only returns the configured
channel from UCI, breaking the status page in outdoor mode, where the
configuration contains 'auto' instead of a number.

Fixes: 0d3fa6b59b ("gluon-status-page: use ubus to get radio channels")
Closes #2336

(cherry picked from commit 201e1597b1)
 2022-02-03 17:08:07 +01:00
aiyion.prime
b623378a5f gluon-status-page: fix lastImage in Signal() 
(cherry picked from commit 1944ea0e01)
 2022-02-03 17:08:07 +01:00
aiyion.prime
2f2d41119b gluon-status-page: fix address_to_groups() 
In js `return` does behave like `continue` in a forEach() iteration.
The fixed function was intended to return nothing on error and does so
now, instead of a shorter (useless) array like before.

(cherry picked from commit 8c85be2125)
 2022-02-03 17:08:07 +01:00
Tom Herbers
3e2a53f1d0 gluon-status-page: swap bandwidth limits (#2304) 
(cherry picked from commit 1cb0fc84fc)
 2022-02-03 17:08:07 +01:00
Matthias Schiffer
89ad149f93 gluon-status-page: fix display of non-string values from respondd data 
Fixes the display of client counts, which are numbers and not strings
in the respondd data.

Fixes: 3a885a1b22 ("gluon-status-page: make "gateway nexthop" a link (#2278)")
(cherry picked from commit a357278464)
 2022-02-03 17:08:07 +01:00
Matthias Schiffer
b46e1839df gluon-status-page: use ubus to get radio channels 
Do not depend on the respondd-airtime module just to get the configured
channels. This removes the display of the frequency in addition to the
channel, as it is not readily available.

In addition, the translation string is improved to allow for text after
the channel number.

(cherry picked from commit 0d3fa6b59b)
 2022-02-03 17:08:07 +01:00
Matthias Schiffer
cc20271cb8 gluon-status-page: avoid complex math 
This code is usually running on an embedded CPU without FPU. In
addtition to its inefficience, the algorithm is also much harder to
understand.

Replace the logarithm formula with a simple loop.

(cherry picked from commit f2e0f7e3a8)
 2022-02-03 17:08:07 +01:00
Matthias Schiffer
b03e1e280e gluon-status-page: fix indentation 
(cherry picked from commit dcb8738a5a)
 2022-02-03 17:08:07 +01:00
lemoer
8af91d86c1 gluon-status-page: make "gateway nexthop" a link (#2278) 
With this commit, the gateway nexthop is now a clickable link, that leads
to the status page of the nexthop.

(cherry picked from commit 3a885a1b22)
 2022-02-03 17:08:07 +01:00
Martin Weinelt
8d51a72fe5 gluon-status-page: relax nodeinfo query timeout (#2262) 
It was found that a one second timeout for nodeinfo data may be too low,
so that when a node is otherwise occupied that timeout may be reached
too often.

The nodeinfo query response is also vital to the status-page base
template, so that when it times out, the site will be turned in a broken
state, that it cannot recover from.

Fixes: #2256
(cherry picked from commit 76185e3a2a)
 2022-02-03 17:08:07 +01:00
Matthias Schiffer
ef2d3578cf Makefile: error earlier when site.mk is missing 
The site.mk target was only evaluated after the whole makefile was
parsed. This caused the GLUON_DEPRECATED error to be emitted first
(hiding the more helpful message that no site config was found) on Gluon
2021.1.x, where GLUON_DEPRECATED is used in a toplevel if in targets.mk.

By moving the check from recipe context to the toplevel, we ensure that
it is evaluated during parsing.

(cherry picked from commit 286d07b35f)
 2022-02-03 17:08:07 +01:00
David Bauer
7e7dfceadc
modules: update OpenWrt (#2358) 
81d0b4a9f4 kernel: bump 4.14 to 4.14.259
1d94f72439 kernel: bump 4.14 to 4.14.258
cc8c1be438 mac80211: Update to version 4.19.221
554f1b89aa iproute2: m_xt.so depends on dynsyms.list
f14bc5cf56 uboot-lantiq: danube: fix hanging lzma kernel uncompression #2
8fb714edd6 uboot-lantiq: danube: fix hanging lzma kernel uncompression
b5b526285a wireless-regdb: update to version 2021.08.28
a5c479a200 wireless-regdb: update to version 2021.04.21
b9f866825f tools/m4: update to 1.4.19
662fe6a6ee kernel: bump 4.14 to 4.14.254
5e8b9624f1 ar71xx: mikrotik: rb91x: fix 10M ethernet link speed
c72ea2a6c7 uboot-lantiq: fix sha1.h header clash when system libmd installed
93a48cb1a0 kernel: bump 4.14 to 4.14.248
123d12eada mac80211: Update to backports-4.19.207-1
31a2d41d64 sdk: fix missing include directories
556d165dda uboot-zynq: fix dtc compilation on host gcc 10
f33dc315cb uboot-tegra: Fix build with GCC-10 as host compiler
f31bb35b63 uboot-mvebu: Fix build with GCC-10 as host compiler
e8cf46ebba uboot-layerscape: fix dtc compilation on host gcc 10
d059ce28f5 uboot-kirkwood: Fix build with GCC-10 as host compiler
af5c8856f8 uboot-sunxi: Fix build with GCC-10 as host compiler

Signed-off-by: David Bauer <mail@david-bauer.net>
 2022-01-01 19:21:36 +01:00
David Bauer
2dad91bdcb
modules: fix respondd segfault (#2328) 
* modules: use v2021.1.x Gluon package branch

* modules: update Gluon packages

015408e respondd-module-airtime: move const specifier to the right location
d068e7d respondd-module-airtime: remove incorrect fprintf argument
97981c2 respondd-module-airtime: remove PHY ID again
8dbd089 respondd-module-airtime: improve error handling

Signed-off-by: David Bauer <mail@david-bauer.net>
 2021-10-30 01:27:43 +02:00
Sven Eckelmann
d4cb17777b
ipq40xx: Fix automatic ipq-wifi selection for Plasma Cloud devices (#2314) 
It was noticed that various devices had not the correct board-2.bin
installed. This was caused by a typo in the package name. The ath10k driver
(unfortunately) is then loading a completely unrelated BDF from the
ath10k-board-qca4019 board-2.bin. It is usually a rather bad idea to use
calibration data from a different board - but the effects depend on the
actual device.

For the PA1200, it was mostly noticed by the bad 2.4GHz performance.

Signed-off-by: Sven Eckelmann <sven@narfation.org>
 2021-09-17 21:00:29 +02:00
David Bauer
0622764ed1 modules: update OpenWrt 
9882a54c48 kernel: bump 4.14 to 4.14.245
fdea0036a2 openssl: bump to 1.1.1l
40c03b101c openssl: use --cross-compile-prefix in Configure

Signed-off-by: David Bauer <mail@david-bauer.net>
 2021-09-02 22:34:13 +02:00
David Bauer
8e679bb1f5 modules: update OpenWrt 
9d082556fe kernel: bump to 4.14.244

Signed-off-by: David Bauer <mail@david-bauer.net>
 2021-08-24 19:49:07 +02:00
David Bauer
de8fbbdf6a openwrt: refresh patches 2021-08-14 19:56:29 +02:00
David Bauer
48d5e38c31 modules: update OpenWrt 
7378c94927 kernel: bump to 4.14.243
cfc1602a1e OpenWrt v19.07.8: revert to branch defaults
31f2f76cd5 OpenWrt v19.07.8: adjust config defaults
ef56c85848 ubus: update to version 2021-07-01
796bf50e8e ubus: update to version 2021-06-03
92e341d632 ubus: backport SOVERSION support
e902d11de9 kernel: bump 4.14 to 4.14.241
ceb8821a3d ath10k-ct: add security fixes
71fa524e1b base-files: fix /tmp/TZ when zoneinfo not installed
c88bdb8294 base-files: fix zoneinfo support
15612706c9 mac80211: distance config: allow "auto" as a value
ec76c365c1 gitignore: add .ccache folder
bdd7faca8d kernel: bump 4.14 to 4.14.236

Signed-off-by: David Bauer <mail@david-bauer.net>
 2021-08-14 19:55:29 +02:00
David Bauer
0d2f834d31
Merge pull request #2285 from blocktrron/pr-v2021.1.1 
docs: add Gluon v2021.1.1 release notes
 2021-08-14 19:16:14 +02:00
David Bauer
a7331b5933
ath79-generic: add support for Joy-IT JT-OR750i (#2284) 2021-08-05 02:07:30 +02:00
David Bauer
aa173868ff README, docs: Gluon v2021.1.1 2021-08-01 17:20:47 +02:00
David Bauer
d7f9e17f3c docs: Add v2021.1.1 release notes 
Signed-off-by: David Bauer <mail@david-bauer.net>
 2021-08-01 17:19:18 +02:00
David Bauer
cb7cec9214 modules: update Gluon packages 
825aa0c respondd-module-airtime: fix null pointer deref

(cherry picked from commit 19381a235e)
 2021-07-06 00:02:50 +02:00
Matthias Schiffer
7a395c1763 modules: update Gluon packages 
64148a9baf14 lua-jsonc: add host build support
c2623391bf42 lua-jsonc: do not link against liblua

(cherry picked from commit 8a41d8d72d)
 2021-07-06 00:02:38 +02:00
David Bauer
26483fae09 modules: update routing feed URL 
The OpenWrt routing feed was moved to the OpenWrt GitHub org.

Update the URL, as the old one might not work in the future.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 3f8d12f55c)
 2021-07-01 03:10:22 +02:00
Dark4MD
78bdd3b565 ramips-mt76x8: add Xiaomi Mi Router 4A (100M Edition) 
(cherry picked from commit 0b00ed9193)
 2021-06-22 12:07:00 +02:00
David Bauer
46191c30b8 gluon-mesh-vpn-core: fix two more missing NULL checks 
read_stdout can return NULL and thus the return value need to be checked
prior to accessing it.

Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 344f8a47db)
 2021-06-21 15:34:04 +02:00
David Bauer
bb1932c927 gluon-mesh-vpn-core: avoid reading null pointer 
In case the limit_ingress or limit_egress options are not present in
gluon's mesh_vpn section the respondd provider compares a string literal
with a NULL pointer, crashing respondd.

Check both pointers prior to comparing them in order to mitigate this
issue.

Suggested-by: Matthias Schiffer <mschiffer@universe-factory.net>
Signed-off-by: David Bauer <mail@david-bauer.net>
(cherry picked from commit 7e1e9fe2bd)
 2021-06-21 15:33:56 +02:00
Matthias Schiffer
a50834f849 gluon-mesh-vpn-tunneldigger: fix Lua mesh-vpn provider module location 
(cherry picked from commit f7e473edfa)
 2021-06-21 15:33:44 +02:00
Martin Weinelt
0f9a6334a0 docs: expand on multicast improvements in v2021.1 
I mixed up two separate improvements into one, this change aims to
clarify them based on a suggestion and conversation with @T-X.

(cherry picked from commit 05199e7e33)
 2021-06-11 00:10:04 +02:00
464 changed files with 13802 additions and 10941 deletions
Show Stats Expand all files Collapse all files

3
.ecrc
View File

@ -1,3 +0,0 @@
{
"Exclude": ["docs/_build"]
}

33
.editorconfig
View File

@ -7,52 +7,25 @@ insert_final_newline = true
indent_style = tab
charset = utf-8
[Dockerfile]
indent_style = space
indent_size = 4
[/patches/**]
indent_style = unset
indent_size = unset
[*.c]
[*.css]
[*.dia]
indent_style = space
indent_size = 2
[*.h]
[*.html]
[*.js]
[*{.json,.ecrc}]
indent_style = space
indent_size = 2
[*.lua]
[{Makefile,*.mk}]
indent_style = unset
[*.md]
indent_style = space
indent_size = 4
[*.pl]
[*.py]
indent_style = space
indent_size = 4
[*.rst]
indent_style = space
indent_size = 2
[*.sh]
indent_size = 3
[*.yml]
indent_style = space
@ -61,7 +34,3 @@ indent_size = 2
[CMakeLists.txt]
indent_style = space
indent_size = 2
[{docs,contrib/ci}/*site*/**/*.conf]
indent_style = space
indent_size = 2

10
.github/ISSUE_TEMPLATE/bug_report.md vendored
View File

@ -6,7 +6,7 @@ label: bug
<!--
Please carefully fill out the questionnaire below to help improve the
Please carefully fill out the questionaire below to help improve the
timely triaging of issues. Walk through the questions below and use
them as an inspiration for what information you can provide.
@ -27,7 +27,7 @@ Thank you for taking the time to report a bug with the Gluon project.
### Bug report
**What is the problem?**
<!--
<!--
- What is not working as expected?
- How is it misbehaving?
- When did the problem first start showing up?
@ -43,7 +43,7 @@ Thank you for taking the time to report a bug with the Gluon project.
-->
**Gluon Version:**
<!--
<!--
Please provide a usable Git reference before applying custom patches:
By using a Git reference:
@ -58,9 +58,9 @@ Or the URL to the relevant Gluon commit
<!--
Please provide the URL to your site configuration repository and the
explicit commit used to build the firmware experiencing the problem.
Additionally excerpts of problem-related configuration parts are
often helpful.
often helpful.
-->
**Custom patches:**

12
.github/dependabot.yml vendored
View File

@ -1,12 +0,0 @@
# Docs: <https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/customizing-dependency-updates>
version: 2
updates:
- package-ecosystem: github-actions
directory: /
schedule: {interval: monthly}
- package-ecosystem: pip
directory: /docs/
schedule: {interval: monthly}

237
.github/filters.yml vendored
View File

@ -1,237 +0,0 @@
{
"ath79-generic": [
"targets/ath79-generic",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"ath79-nand": [
"targets/ath79-nand",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"ath79-mikrotik": [
"targets/ath79-mikrotik",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk",
"targets/mikrotik.inc"
],
"bcm27xx-bcm2708": [
"targets/bcm27xx-bcm2708",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk",
"targets/bcm27xx.inc"
],
"bcm27xx-bcm2709": [
"targets/bcm27xx-bcm2709",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk",
"targets/bcm27xx.inc"
],
"ipq40xx-generic": [
"targets/ipq40xx-generic",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"ipq40xx-mikrotik": [
"targets/ipq40xx-mikrotik",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk",
"targets/mikrotik.inc"
],
"ipq806x-generic": [
"targets/ipq806x-generic",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"lantiq-xrx200": [
"targets/lantiq-xrx200",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"lantiq-xway": [
"targets/lantiq-xway",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"mediatek-mt7622": [
"targets/mediatek-mt7622",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"mpc85xx-p1010": [
"targets/mpc85xx-p1010",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"mpc85xx-p1020": [
"targets/mpc85xx-p1020",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"ramips-mt7620": [
"targets/ramips-mt7620",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"ramips-mt7621": [
"targets/ramips-mt7621",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"ramips-mt76x8": [
"targets/ramips-mt76x8",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"realtek-rtl838x": [
"targets/realtek-rtl838x",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"rockchip-armv8": [
"targets/rockchip-armv8",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"sunxi-cortexa7": [
"targets/sunxi-cortexa7",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"x86-generic": [
"targets/x86-generic",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk",
"targets/x86.inc"
],
"x86-geode": [
"targets/x86-geode",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
],
"x86-legacy": [
"targets/x86-legacy",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk",
"targets/x86.inc"
],
"x86-64": [
"targets/x86-64",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk",
"targets/x86.inc",
"contrib/ci/minimal-site/**",
"package/**"
],
"bcm27xx-bcm2710": [
"targets/bcm27xx-bcm2710",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk",
"targets/bcm27xx.inc"
],
"mvebu-cortexa9": [
"targets/mvebu-cortexa9",
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk"
]
}

20
.github/workflows/backport.yml vendored
View File

@ -1,20 +0,0 @@
name: Backport
on:
pull_request_target:
types: [closed, labeled]
permissions:
contents: write # so it can comment
pull-requests: write # so it can create pull requests
jobs:
backport:
name: Backport Pull Request
if: github.repository_owner == 'freifunk-gluon' && github.event.pull_request.merged == true && (github.event_name != 'labeled' || startsWith('backport', github.event.label.name))
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Create backport PRs
uses: korthout/backport-action@v1.2.0
with:
# Config README: https://github.com/korthout/backport-action#backport-action
pull_description: |-
Automatic backport to `${target_branch}`, triggered by a label in #${pull_number}.

7
.github/workflows/build-docs.yml vendored
View File

@ -9,21 +9,18 @@ on:
paths:
- 'docs**/'
- '.github/workflows/build-docs.yml'
permissions:
contents: read
jobs:
build-documentation:
name: docs
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v1
- name: Install Dependencies
run: sudo pip3 install sphinx-rtd-theme
- name: Build documentation
run: make -C docs html
- name: Archive build output
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v1
with:
name: docs_output
path: docs/_build/html

55
.github/workflows/build-gluon.yml vendored
View File

@ -1,3 +1,7 @@
# Update this file after adding/removing/renaming a target by running
# `make list-targets BROKEN=1 | ./contrib/actions/generate-actions.py > ./.github/workflows/build-gluon.yml`
name: Build Gluon
on:
push:
@ -5,56 +9,45 @@ on:
- master
- next*
- v20*
paths:
- "modules"
- "Makefile"
- "scripts/**"
- "package/**"
- "patches/**"
- "targets/**"
- ".github/workflows/build-gluon.yml"
pull_request:
types: [opened, synchronize, reopened]
permissions:
contents: read
paths:
- "modules"
- "Makefile"
- "scripts/**"
- "package/**"
- "patches/**"
- "targets/**"
- ".github/workflows/build-gluon.yml"
jobs:
changed:
permissions:
contents: read # for dorny/paths-filter to fetch a list of changed files
pull-requests: read # for dorny/paths-filter to read pull requests
runs-on: ubuntu-latest
outputs:
targets: ${{ steps.filter.outputs.changes }}
steps:
- uses: actions/checkout@v3
# Filter targets based on changed files
- uses: dorny/paths-filter@v2
id: filter
with:
filters: .github/filters.yml
build_firmware:
needs: changed
if: ${{ needs.changed.outputs.targets != '[]' && needs.changed.outputs.targets != '' }}
strategy:
fail-fast: false
matrix:
# Read back changed targets to create build matrix
target: ${{ fromJSON(needs.changed.outputs.targets) }}
target: [ar71xx-generic, ar71xx-tiny, ar71xx-nand, ath79-generic, brcm2708-bcm2708, brcm2708-bcm2709, ipq40xx-generic, ipq806x-generic, lantiq-xrx200, lantiq-xway, mpc85xx-generic, mpc85xx-p1020, ramips-mt7620, ramips-mt7621, ramips-mt76x8, ramips-rt305x, sunxi-cortexa7, x86-generic, x86-geode, x86-legacy, x86-64, ar71xx-mikrotik, brcm2708-bcm2710, mvebu-cortexa9]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v1
- name: Install Dependencies
run: sudo contrib/actions/install-dependencies.sh
- name: Build
run: contrib/actions/run-build.sh ${{ matrix.target }}
- name: Archive build logs
if: ${{ !cancelled() }}
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v1
with:
name: ${{ matrix.target }}_logs
path: openwrt/logs
- name: Archive build output
uses: actions/upload-artifact@v3
uses: actions/upload-artifact@v1
with:
name: ${{ matrix.target }}_output
path: output

5
.github/workflows/check-patches.yml vendored
View File

@ -12,15 +12,12 @@ on:
- 'modules'
- 'patches/**'
- '.github/workflows/check-patches.yml'
permissions:
contents: read
jobs:
check-patches:
name: Check patches
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v1
- name: Refresh patches
run: make refresh-patches GLUON_SITEDIR="contrib/ci/minimal-site"
- name: Show diff

8
.github/workflows/labels.yml vendored
View File

@ -4,18 +4,12 @@ on:
# only execute base branch actions
pull_request_target:
permissions:
contents: read
jobs:
labels:
permissions:
contents: read # for actions/labeler to determine modified files
pull-requests: write # for actions/labeler to add labels to PRs
runs-on: ubuntu-latest
if: github.repository_owner == 'freifunk-gluon'
steps:
- uses: actions/labeler@v4
- uses: actions/labeler@v3
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
sync-labels: true

29
.github/workflows/lint.yml vendored
View File

@ -3,15 +3,12 @@ on:
push:
pull_request:
types: [opened, synchronize, reopened]
permissions:
contents: read
jobs:
lua:
name: Lua
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v1
- name: Install Dependencies
run: sudo apt-get -y update && sudo apt-get -y install lua-check
- name: Install example site
@ -23,32 +20,10 @@ jobs:
name: Shell
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/checkout@v1
- name: Install Dependencies
run: sudo apt-get -y update && sudo apt-get -y install shellcheck
- name: Install example site
run: ln -s ./docs/site-example ./site
- name: Lint shell code
run: make lint-sh
editorconfig:
name: Editorconfig
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Install Dependencies
run: sudo apt install curl tar
- name: Install editorconfig-checker
env:
VERSION: 2.7.0
OS: linux
ARCH: amd64
run: |
curl -O -L -C - https://github.com/editorconfig-checker/editorconfig-checker/releases/download/$VERSION/ec-$OS-$ARCH.tar.gz
tar xzf ec-$OS-$ARCH.tar.gz
sudo mv ./bin/ec-$OS-$ARCH /usr/bin/editorconfig-checker
sudo chmod +x /usr/bin/editorconfig-checker
- name: Install example site
run: ln -s ./docs/site-example ./site
- name: Lint editorconfig
run: make lint-editorconfig

1
.gitignore vendored
View File

@ -7,4 +7,3 @@
.bash_history
.subversion
.wget-hsts
/.scmversion

4
.luacheckrc
View File

@ -25,11 +25,9 @@ files["package/**/check_site.lua"] = {
"extend",
"in_domain",
"in_site",
"value",
"need",
"need_alphanumeric_key",
"need_array",
"need_array_elements_exclusive",
"need_array_of",
"need_boolean",
"need_chanlist",
@ -51,7 +49,6 @@ files["package/**/check_site.lua"] = {
files["package/**/luasrc/lib/gluon/config-mode/*"] = {
globals = {
"MultiListValue",
"DynamicList",
"Flag",
"Form",
@ -65,7 +62,6 @@ files["package/**/luasrc/lib/gluon/config-mode/*"] = {
"translate",
"translatef",
"Value",
"Element",
},
}

20
.readthedocs.yml
View File

@ -1,20 +0,0 @@
# .readthedocs.yaml
# Read the Docs configuration file
# See https://docs.readthedocs.io/en/stable/config-file/v2.html for details
# Required
version: 2
# Build documentation in the docs/ directory with Sphinx
sphinx:
configuration: docs/conf.py
# Optionally set the version of Python and requirements required to build your docs
python:
install:
- requirements: docs/requirements.txt
build:
os: ubuntu-22.04
tools:
python: "3.8"

30
.woodpecker.yml
View File

@ -1,30 +0,0 @@
workspace:
base: /build
#clone:
# git:
# image: woodpeckerci/plugin-git
# settings:
# recursive: true
pipeline:
build-${TARGET}:
image: "ubuntu:latest"
pull: true
environment:
- input_version=v2022.1.4
- GLUON_SITEDIR=../site
- FORCE_UNSAFE_CONFIGURE=1
- GLUON_TARGET=${TARGET}
- GLUON_DEPRECATED=1
commands:
- echo ${TARGET}
# - git config --global init.defaultBranch main
# - sed -i 's/install/install file/' contrib/actions/install-dependencies.sh
# - sh contrib/actions/install-dependencies.sh
# - sh contrib/actions/run-build.sh ${TARGET}
matrix:
TARGET:
- ath79-generic
- x86-64

4
CONTRIBUTING.md
View File

@ -23,8 +23,8 @@ using other parts or why the proposed change breaks other parts of the system.
They might even refuse the idea altogether - after all, they have to sleep well
after merging the changes, too.
The preferred way to discuss is in the IRC channel ([#gluon] on irc.hackint.org)
or on the [mailing list], however, you can also open a new issue on GitHub to
The preferred way to discuss in the IRC channel ([#gluon] on irc.hackint.org)
or on the [mailing list], however, you can also open a new issue on Github to
discuss there. We maintain a [list of rejected features] and we'd like to
kindly ask you to review it first. In general, looking for duplicates may save
you some time.

2
LICENSE
View File

@ -1,7 +1,7 @@
The code of Project Gluon may be distributed under the following terms, unless
noted otherwise in individual files or subtrees.
Copyright (c) Project Gluon
Copyright (c) 2013-2022, Project Gluon
All rights reserved.
Redistribution and use in source and binary forms, with or without

19
Makefile
View File

@ -27,7 +27,7 @@ include $(GLUON_SITEDIR)/site.mk
GLUON_RELEASE ?= $(error GLUON_RELEASE not set. GLUON_RELEASE can be set in site.mk or on the command line)
GLUON_DEPRECATED ?= 0
GLUON_DEPRECATED ?= $(error GLUON_DEPRECATED not set. Please consult the documentation)
ifneq ($(GLUON_BRANCH),)
$(warning *** Warning: GLUON_BRANCH has been deprecated, please set GLUON_AUTOUPDATER_BRANCH and GLUON_AUTOUPDATER_ENABLED instead.)
@ -53,9 +53,6 @@ $(eval $(call mkabspath,GLUON_PACKAGEDIR))
$(eval $(call mkabspath,GLUON_TARGETSDIR))
$(eval $(call mkabspath,GLUON_PATCHESDIR))
GLUON_VERSION := $(shell scripts/getversion.sh '.')
GLUON_SITE_VERSION := $(shell scripts/getversion.sh '$(GLUON_SITEDIR)')
GLUON_MULTIDOMAIN ?= 0
GLUON_AUTOREMOVE ?= 0
GLUON_DEBUG ?= 0
@ -68,10 +65,9 @@ src-link gluon_base ../../package
endef
GLUON_VARS = \
GLUON_VERSION GLUON_SITE_VERSION \
GLUON_RELEASE GLUON_REGION GLUON_MULTIDOMAIN GLUON_AUTOREMOVE GLUON_DEBUG GLUON_MINIFY GLUON_DEPRECATED \
GLUON_DEVICES GLUON_TARGETSDIR GLUON_PATCHESDIR GLUON_TMPDIR GLUON_IMAGEDIR GLUON_PACKAGEDIR GLUON_DEBUGDIR \
GLUON_SITEDIR GLUON_AUTOUPDATER_BRANCH GLUON_AUTOUPDATER_ENABLED GLUON_LANGS GLUON_BASE_FEEDS \
GLUON_SITEDIR GLUON_RELEASE GLUON_AUTOUPDATER_BRANCH GLUON_AUTOUPDATER_ENABLED GLUON_LANGS GLUON_BASE_FEEDS \
GLUON_TARGET BOARD SUBTARGET
unexport $(GLUON_VARS)
@ -105,11 +101,6 @@ refresh-patches: FORCE
update-feeds: FORCE
@$(GLUON_ENV) scripts/feeds.sh
update-modules: FORCE
@scripts/update-modules.sh
update-ci: FORCE
@$(GLUON_ENV) scripts/update-ci.sh
GLUON_TARGETS :=
@ -151,10 +142,7 @@ list-targets: FORCE
echo "$$target"
done
lint: lint-editorconfig lint-lua lint-sh
lint-editorconfig: FORCE
@scripts/lint-editorconfig.sh
lint: lint-lua lint-sh
lint-lua: FORCE
@scripts/lint-lua.sh
@ -184,7 +172,6 @@ config: $(LUA) FORCE
$(call CheckSite,$(conf)); \
)
$(OPENWRTMAKE) prepare-tmpinfo
$(GLUON_ENV) $(LUA) scripts/target_config.lua > openwrt/.config
$(OPENWRTMAKE) defconfig
$(GLUON_ENV) $(LUA) scripts/target_config_check.lua

19
README.md
View File

@ -1,21 +1,12 @@
[![Build Gluon](https://github.com/freifunk-gluon/gluon/actions/workflows/build-gluon.yml/badge.svg?branch=master)](https://github.com/freifunk-gluon/gluon/actions/workflows/build-gluon.yml)
[![License](https://img.shields.io/badge/License-BSD%202--Clause-orange.svg)](https://opensource.org/license/bsd-2-clause/)
[![GitHub release (latest SemVer)](https://img.shields.io/github/v/release/freifunk-gluon/gluon?sort=semver)](https://github.com/freifunk-gluon/gluon/releases/latest)
# Gluon
Gluon is a firmware framework to build preconfigured OpenWrt images for public mesh networks.
## Getting started
We have a huge amount of documentation over at https://gluon.readthedocs.io/.
Documentation (incomplete at this time, contribute if you can!) may be found at
https://gluon.readthedocs.io/.
If you're new to Gluon and ready to get your feet wet, have a look at the
[Getting Started Guide](https://gluon.readthedocs.io/en/latest/user/getting_started.html).
Gluon's developers frequent an IRC chatroom at [#gluon](ircs://irc.hackint.org/#gluon)
on [hackint](https://hackint.org/). There is also a [webchat](https://webirc.hackint.org/#irc://irc.hackint.org/#gluon)
that allows for uncomplicated access from within your browser. This channel is also available as a bridged Matrix Room at [#gluon:hackint.org](https://matrix.to/#/#gluon:hackint.org).
that allows for access from within your browser.
## Issues & Feature requests
@ -30,10 +21,10 @@ the future development of Gluon.
Please refrain from using the `master` branch for anything else but development purposes!
Use the most recent release instead. You can list all releases by running `git tag`
and switch to one by running `git checkout v2022.1 && make update`.
and switch to one by running `git checkout v2021.1.2 && make update`.
If you're using the autoupdater, do not autoupdate nodes with anything but releases.
If you upgrade using random master commits the nodes *might break* eventually.
If you upgrade using random master commits the nodes *will break* eventually.
## Mailinglist

67
contrib/actions/generate-actions.py Executable file
View File

@ -0,0 +1,67 @@
#!/usr/bin/env python3
import sys
ACTIONS_HEAD = """
# Update this file after adding/removing/renaming a target by running
# `make list-targets BROKEN=1 | ./contrib/actions/generate-actions.py > ./.github/workflows/build-gluon.yml`
name: Build Gluon
on:
push:
branches:
- master
- next*
- v20*
paths:
- "modules"
- "Makefile"
- "scripts/**"
- "package/**"
- "patches/**"
- "targets/**"
- ".github/workflows/build-gluon.yml"
pull_request:
types: [opened, synchronize, reopened]
paths:
- "modules"
- "Makefile"
- "scripts/**"
- "package/**"
- "patches/**"
- "targets/**"
- ".github/workflows/build-gluon.yml"
jobs:
build_firmware:
strategy:
fail-fast: false
matrix:
target: [{matrix}]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v1
- name: Install Dependencies
run: sudo contrib/actions/install-dependencies.sh
- name: Build
run: contrib/actions/run-build.sh ${{{{ matrix.target }}}}
- name: Archive build logs
if: ${{{{ !cancelled() }}}}
uses: actions/upload-artifact@v1
with:
name: ${{{{ matrix.target }}}}_logs
path: openwrt/logs
- name: Archive build output
uses: actions/upload-artifact@v1
with:
name: ${{{{ matrix.target }}}}_output
path: output
"""
targets = []
for target in sys.stdin:
targets.append(target.strip())
output = ACTIONS_HEAD.format(matrix=", ".join(targets))
print(output)

53
contrib/actions/generate-target-filters.py
View File

@ -1,53 +0,0 @@
#!/usr/bin/env python3
# Update target filters using
# make update-ci
import re
import os
import sys
import json
# these changes trigger rebuilds on all targets
common = [
"modules",
"Makefile",
"patches/**",
"scripts/**",
"targets/generic",
"targets/targets.mk",
]
# these changes are only built on x86-64
extra = [
"contrib/ci/minimal-site/**",
"package/**"
]
_filter = dict()
# INCLUDE_PATTERN matches:
# include '...'
# include "..."
# include("...")
# include('...')
INCLUDE_PATTERN = "^\\s*include *\\(? *[\"']([^\"']+)[\"']"
# construct filters map from stdin
for target in sys.stdin:
target = target.strip()
_filter[target] = [
f"targets/{target}"
] + common
target_file = os.path.join(os.environ['GLUON_TARGETSDIR'], target)
with open(target_file) as f:
includes = re.findall(INCLUDE_PATTERN, f.read(), re.MULTILINE)
_filter[target].extend([f"targets/{i}" for i in includes])
if target == "x86-64":
_filter[target].extend(extra)
# print filters to stdout in json format, because json is stdlib and yaml compatible.
print(json.dumps(_filter, indent=2))

2
contrib/actions/install-dependencies.sh
View File

@ -3,6 +3,6 @@
set -e
apt-get -y update
apt-get -y install git build-essential python3 gawk unzip libncurses5-dev zlib1g-dev libssl-dev libelf-dev wget rsync time qemu-utils
apt-get -y install git subversion build-essential python gawk unzip libncurses5-dev zlib1g-dev libssl-dev wget time
apt-get -y clean
rm -rf /var/lib/apt/lists/*

2
contrib/actions/run-build.sh
View File

@ -6,7 +6,7 @@ export BROKEN=1
export GLUON_AUTOREMOVE=1
export GLUON_DEPRECATED=1
export GLUON_SITEDIR="contrib/ci/minimal-site"
export GLUON_TARGET="$1"
export GLUON_TARGET=$1
export BUILD_LOG=1
make update

82
contrib/ci/Jenkinsfile vendored Normal file
View File

@ -0,0 +1,82 @@
pipeline {
agent none
environment {
GLUON_SITEDIR = "contrib/ci/minimal-site"
GLUON_TARGET = "x86-64"
BUILD_LOG = "1"
}
stages {
stage('lint') {
parallel {
stage('lint-lua') {
agent { label 'gluon-docker' }
steps {
sh label: 'Identify runner', script: 'echo $SLAVE_NAME'
sh 'make lint-lua'
}
}
stage('lint-sh') {
agent { label 'gluon-docker-v1' }
steps {
sh label: 'Identify runner', script: 'echo $SLAVE_NAME'
sh 'make lint-sh'
}
}
}
}
stage('docs') {
agent { label 'gluon-docker' }
steps {
sh label: 'Identify runner', script: 'echo $SLAVE_NAME'
sh 'make -C docs html'
}
}
stage('build') {
agent { label 'gluon-docker-v2' }
steps {
sh label: 'Identify runner', script: 'echo $SLAVE_NAME'
sh 'make update'
sh 'test -d /dl_cache && ln -s /dl_cache openwrt/dl || true'
timeout(time: 2, unit: "HOURS") {
sh 'make -j$(nproc) V=s'
}
stash includes: '**/output/images/factory/*-x86-64.img.gz', name: 'gluon-x86-64-factory'
}
}
stage('test') {
agent { label 'gluon-vmx' }
steps {
sh label: 'Identify runner', script: 'echo $SLAVE_NAME'
unstash 'gluon-x86-64-factory'
sh label: 'Unpack image', script: 'gunzip -cd ./output/images/factory/*x86-64*.img.gz > ./image.img'
sh label: 'Print python environment', script: 'python3 -m pip freeze'
script {
for (f in findFiles(glob: 'tests/*.py')) {
timeout(time: 10, unit: "MINUTES") {
sh label: "Test ${f.name}", script: "python3 tests/${f.name} --use-tmp-workdir"
}
}
}
}
}
}
}
/*
api-history:
Every time the build dependencies of gluon change, the version
every container has to be rebuilt. Therefore, we use Jenkins
labels which intoduce a version number which is documented here.
As soon, as you properly rebuilt your docker container, you
can notify lemoer, that you have updated your node.
- gluon-docker-v1:
- add shellcheck binary to the build environment
- gluon-docker-v2:
- add qemu-testlab testing, requires KVM virtualization support
- require rsync dependency to be able to build the next branch
- gluon-vmx
- splits the qemu testing from the gluon-docker-v2 label to accomodate
nodes without the vmx cpu flag
*/

33
contrib/ci/jenkins-community-slave/Dockerfile Normal file
View File

@ -0,0 +1,33 @@
FROM gluonmesh/build:latest
USER root
# this is needed to install default-jre-headless in debian slim images
RUN mkdir -p /usr/share/man/man1
RUN apt-get update && apt-get install -y default-jre-headless curl git netcat-openbsd python3 python3-pip qemu-system-x86 iproute2 openssh-client rsync
RUN python3 -m pip install jenkins-webapi sphinx sphinx_rtd_theme gluon-qemu-testlab==0.0.5
# Get docker-compose in the agent container
RUN mkdir -p /home/jenkins
RUN mkdir -p /var/lib/jenkins
RUN mkdir -p /remoting
RUN chown gluon /home/jenkins
RUN chown gluon /var/lib/jenkins
RUN chown gluon /remoting
# Start-up script to attach the slave to the master
ADD slave.py /var/lib/jenkins/slave.py
USER gluon
WORKDIR /home/jenkins
ENV JENKINS_URL "https://build.ffh.zone/"
ENV JENKINS_SLAVE_ADDRESS ""
ENV SLAVE_EXECUTORS "1"
ENV SLAVE_LABELS "docker"
ENV SLAVE_WORING_DIR ""
ENV CLEAN_WORKING_DIR "true"
CMD [ "python3", "-u", "/var/lib/jenkins/slave.py" ]

41
contrib/ci/jenkins-community-slave/README.md Normal file
View File

@ -0,0 +1,41 @@
# Gluon CI using Jenkins
## Requirements
- Linux system
- with docker installed
- with Hardware Virtualisation (KVM Support)
- Verify using: `lscpu | grep vmx`
- If machine is virtualized host needs to load `kvm_intel` with `nested=1` option and cpuflags need to include `vmx`
## Architecture
![Screenshot from 2019-09-24 00-20-32](https://user-images.githubusercontent.com/601153/65468827-9edf2c80-de65-11e9-9fe0-56c3487719c3.png)
## Installation
You can support the gluon CI with your infrastructure:
1. You need to query @lemoer (freifunk@irrelefant.net) for credentials.
2. He will give you a `SLAVE_NAME` and a `SLAVE_SECRET` for your host.
3. Then go to your docker host and substitute the values for `SLAVE_NAME` and a `SLAVE_SECRET` in the following statements:
``` shell
git clone https://github.com/freifunk-gluon/gluon/
cd gluon/contrib/ci/jenkins-community-slave/
docker build -t gluon-jenkins .
mkdir /var/cache/openwrt_dl_cache/
chown 1000:1000 /var/cache/openwrt_dl_cache
echo "z /dev/kvm 0666 - kvm -" > /etc/tmpfiles.d/kvm.conf
systemd-tmpfiles --create
docker run --detach --restart always \
--env "SLAVE_NAME=whoareyou" \
--env "SLAVE_SECRET=changeme" \
--device /dev/kvm:/dev/kvm \
--volume /var/cache/openwrt_dl_cache/:/dl_cache \
gluon-jenkins
```
4. Check whether the instance is running correctly:
- Your node should appear [here](https://build.ffh.zone/label/gluon-docker/).
- When clicking on it, Jenkins should state "Agent is connected." like here:
![Screenshot from 2019-09-24 01-00-52](https://user-images.githubusercontent.com/601153/65469209-dac6c180-de66-11e9-9d62-0d1c3b6b940b.png)
5. **Your docker container needs to be rebuilt, when the build dependencies of gluon change. As soon as build dependencies have changed, the build dependency api level has to be raised.** After you rebuilt your docker container, notify @lemoer, so he can bump the versioning number.
## Backoff
- If @lemoer is not reachable, please be patient at first if possible. Otherwise contact info@hannover.freifunk.net or join the channel `#freifunkh` on hackint.

103
contrib/ci/jenkins-community-slave/slave.py Normal file
View File

@ -0,0 +1,103 @@
from jenkins import Jenkins, JenkinsError, NodeLaunchMethod
import os
import signal
import sys
import subprocess
import shutil
import requests
import time
slave_jar = '/var/lib/jenkins/slave.jar'
slave_name = os.environ['SLAVE_NAME'] if os.environ['SLAVE_NAME'] != '' else 'docker-slave-' + os.environ['HOSTNAME']
jnlp_url = os.environ['JENKINS_URL'] + '/computer/' + slave_name + '/slave-agent.jnlp'
slave_jar_url = os.environ['JENKINS_URL'] + '/jnlpJars/slave.jar'
print(slave_jar_url)
process = None
def clean_dir(dir):
for root, dirs, files in os.walk(dir):
for f in files:
os.unlink(os.path.join(root, f))
for d in dirs:
shutil.rmtree(os.path.join(root, d))
def slave_create(node_name, working_dir, executors, labels):
j = Jenkins(os.environ['JENKINS_URL'], os.environ['JENKINS_USER'], os.environ['JENKINS_PASS'])
j.node_create(node_name, working_dir, num_executors = int(executors), labels = labels, launcher = NodeLaunchMethod.JNLP)
def slave_delete(node_name):
j = Jenkins(os.environ['JENKINS_URL'], os.environ['JENKINS_USER'], os.environ['JENKINS_PASS'])
j.node_delete(node_name)
def slave_download(target):
if os.path.isfile(slave_jar):
os.remove(slave_jar)
r = requests.get(os.environ['JENKINS_URL'] + '/jnlpJars/slave.jar')
with open('/var/lib/jenkins/slave.jar', 'wb') as f:
f.write(r.content)
def slave_run(slave_jar, jnlp_url):
params = [ 'java', '-jar', slave_jar, '-jnlpUrl', jnlp_url ]
if os.environ['JENKINS_SLAVE_ADDRESS'] != '':
params.extend([ '-connectTo', os.environ['JENKINS_SLAVE_ADDRESS' ] ])
if os.environ['SLAVE_SECRET'] == '':
params.extend([ '-jnlpCredentials', os.environ['JENKINS_USER'] + ':' + os.environ['JENKINS_PASS'] ])
else:
params.extend([ '-secret', os.environ['SLAVE_SECRET'] ])
return subprocess.Popen(params, stdout=subprocess.PIPE)
def signal_handler(sig, frame):
if process != None:
process.send_signal(signal.SIGINT)
signal.signal(signal.SIGINT, signal_handler)
signal.signal(signal.SIGTERM, signal_handler)
def h():
print("ERROR!: please specify environment variables")
print("")
print('docker run -e "SLAVE_NAME=test" -e "SLAVE_SECRET=..." jenkins')
if os.environ.get('SLAVE_NAME') is None:
h()
sys.exit(1)
if os.environ.get('SLAVE_SECRET') is None:
h()
sys.exit(1)
def master_ready(url):
try:
r = requests.head(url, timeout=None)
return r.status_code == requests.codes.ok
except:
return False
while not master_ready(slave_jar_url):
print("Master not ready yet, sleeping for 10sec!")
time.sleep(10)
slave_download(slave_jar)
print('Downloaded Jenkins slave jar.')
if os.environ['SLAVE_WORING_DIR']:
os.setcwd(os.environ['SLAVE_WORING_DIR'])
if os.environ['CLEAN_WORKING_DIR'] == 'true':
clean_dir(os.getcwd())
print("Cleaned up working directory.")
if os.environ['SLAVE_NAME'] == '':
slave_create(slave_name, os.getcwd(), os.environ['SLAVE_EXECUTORS'], os.environ['SLAVE_LABELS'])
print('Created temporary Jenkins slave.')
process = slave_run(slave_jar, jnlp_url)
print('Started Jenkins slave with name "' + slave_name + '" and labels [' + os.environ['SLAVE_LABELS'] + '].')
process.wait()
print('Jenkins slave stopped.')
if os.environ['SLAVE_NAME'] == '':
slave_delete(slave_name)
print('Removed temporary Jenkins slave.')

50
contrib/ci/minimal-site/site.conf
View File

@ -1,4 +1,4 @@
-- This is an example site configuration for Gluon v2022.1
-- This is an example site configuration for Gluon v2018.2+
--
-- Take a look at the documentation located at
-- https://gluon.readthedocs.io/ for details.
@ -10,7 +10,7 @@
-- hostname_prefix = 'freifunk-',
-- Name of the community.
site_name = 'Continuous Integration',
site_name = 'Continious Integration',
-- Shorthand of the community.
site_code = 'ci',
@ -42,14 +42,10 @@
-- Wireless channel.
channel = 1,
-- ESSIDs used for client network.
-- ESSID used for client network.
ap = {
ssid = 'gluon-ci-ssid',
-- disabled = true, -- (optional)
-- Configuration for a backward compatible OWE network below.
owe_ssid = 'owe.gluon-ci-ssid', -- (optional - SSID for OWE client network)
owe_transition_mode = true, -- (optional - enables transition-mode - requires ssid as well as owe_ssid)
},
mesh = {
@ -76,12 +72,6 @@
},
},
mesh = {
vxlan = true,
batman_adv = {
routing_algo = 'BATMAN_IV',
},
},
-- The next node feature allows clients to always reach the node it is
-- connected to using a known IP address.
@ -92,19 +82,16 @@
ip6 = 'fd::1',
},
-- Options specific to routing protocols (optional)
-- mesh = {
-- Options specific to the batman-adv routing protocol (optional)
-- batman_adv = {
-- Gateway selection class (optional)
-- The default class 20 is based on the link quality (TQ) only,
-- class 1 is calculated from both the TQ and the announced bandwidth
-- gw_sel_class = 1,
-- },
-- },
mesh = {
vxlan = true,
batman_adv = {
routing_algo = 'BATMAN_IV'
}
},
mesh_vpn = {
-- enabled = true,
mtu = 1312,
fastd = {
-- Refer to https://fastd.readthedocs.io/en/latest/ to better understand
@ -112,7 +99,6 @@
-- List of crypto-methods to use.
methods = {'salsa2012+umac'},
mtu = 1312,
-- configurable = true,
-- syslog_level = 'warn',
@ -125,18 +111,7 @@
peers = {
},
-- Optional: nested peer groups
-- groups = {
-- backbone_sub = {
-- ...
-- },
-- ...
-- },
},
-- Optional: additional peer groups, possibly with other limits
-- backbone2 = {
-- ...
-- },
},
},
@ -153,8 +128,7 @@
},
autoupdater = {
-- Default branch (optional), can be overridden by setting GLUON_AUTOUPDATER_BRANCH when building.
-- Set GLUON_AUTOUPDATER_ENABLED to enable the autoupdater by default for newly installed nodes.
-- Default branch. Don't forget to set GLUON_BRANCH when building!
branch = 'stable',
-- List of branches. You may define multiple branches.
@ -169,7 +143,7 @@
-- Have multiple maintainers sign your build and only
-- accept it when a sufficient number of them have
-- signed it.
good_signatures = 0,
good_signatures = 2,
-- List of public keys of maintainers.
pubkeys = {

1
contrib/ci/olsr-site/i18n
View File

@ -1 +0,0 @@
../minimal-site/i18n

1
contrib/ci/olsr-site/modules
View File

@ -1 +0,0 @@
../minimal-site/modules

176
contrib/ci/olsr-site/site.conf
View File

@ -1,176 +0,0 @@
-- This is an example site configuration for Gluon v2022.1
--
-- Take a look at the documentation located at
-- https://gluon.readthedocs.io/ for details.
--
-- This configuration will not work as is. You're required to make
-- community specific changes to it!
{
-- Used for generated hostnames, e.g. freifunk-abcdef123456. (optional)
-- hostname_prefix = 'freifunk-',
-- Name of the community.
site_name = 'Continuous Integration',
-- Shorthand of the community.
site_code = 'ci',
-- 32 bytes of random data, encoded in hexadecimal
-- This data must be unique among all sites and domains!
-- Can be generated using: echo $(hexdump -v -n 32 -e '1/1 "%02x"' </dev/urandom)
domain_seed = 'e9608c4ff338b920992d629190e9ff11049de1dfc3f299eac07792dfbcda341c',
-- Prefixes used by clients within the mesh.
-- prefix6 is required, prefix4 can be omitted if next_node.ip4
-- is not set.
prefix6 = 'fdff:cafe:cafe:cafe::/64',
-- Prefixes used by nodes within the mesh
node_prefix6 = 'fdff:cafe:cafe:cafe::/64',
-- Timezone of your community.
-- See https://openwrt.org/docs/guide-user/base-system/system_configuration#time_zones
timezone = 'CET-1CEST,M3.5.0,M10.5.0/3',
-- List of NTP servers in your community.
-- Must be reachable using IPv6!
-- ntp_servers = {'1.ntp.services.ffxx'},
-- Wireless regulatory domain of your community.
regdom = 'DE',
-- Wireless configuration for 2.4 GHz interfaces.
wifi24 = {
-- Wireless channel.
channel = 1,
-- ESSIDs used for client network.
ap = {
ssid = 'gluon-ci-ssid',
-- disabled = true, -- (optional)
-- Configuration for a backward compatible OWE network below.
owe_ssid = 'owe.gluon-ci-ssid', -- (optional - SSID for OWE client network)
owe_transition_mode = true, -- (optional - enables transition-mode - requires ssid as well as owe_ssid)
},
mesh = {
-- Adjust these values!
id = 'ueH3uXjdp', -- usually you don't want users to connect to this mesh-SSID, so use a cryptic id that no one will accidentally mistake for the client WiFi
mcast_rate = 12000,
-- disabled = true, -- (optional)
},
},
-- Wireless configuration for 5 GHz interfaces.
-- This should be equal to the 2.4 GHz variant, except
-- for channel.
wifi5 = {
channel = 44,
outdoor_chanlist = '100-140',
ap = {
ssid = 'gluon-ci-ssid',
-- disabled = true, -- (optional)
-- Configuration for a backward compatible OWE network below.
owe_ssid = 'owe.gluon-ci-ssid', -- (optional - SSID for OWE client network)
owe_transition_mode = true, -- (optional - enables transition-mode - requires ssid as well as owe_ssid)
},
mesh = {
-- Adjust these values!
id = 'ueH3uXjdp',
mcast_rate = 12000,
},
},
-- The next node feature allows clients to always reach the node it is
-- connected to using a known IP address.
next_node = {
-- anycast IPs of all nodes
name = { 'nextnode.location.community.example.org', 'nextnode', 'nn' },
ip4 = '10.0.0.1',
ip6 = 'fd::1',
},
-- Options specific to routing protocols (optional)
mesh = {
vxlan = true,
olsrd = {},
},
mesh_vpn = {
-- enabled = true,
fastd = {
-- Refer to https://fastd.readthedocs.io/en/latest/ to better understand
-- what these options do.
-- List of crypto-methods to use.
methods = {'salsa2012+umac'},
mtu = 1312,
-- configurable = true,
-- syslog_level = 'warn',
groups = {
backbone = {
-- Limit number of connected peers to reduce bandwidth.
limit = 1,
-- List of peers.
peers = {
},
-- Optional: nested peer groups
-- groups = {
-- backbone_sub = {
-- ...
-- },
-- ...
-- },
},
-- Optional: additional peer groups, possibly with other limits
-- backbone2 = {
-- ...
-- },
},
},
bandwidth_limit = {
-- The bandwidth limit can be enabled by default here.
enabled = false,
-- Default upload limit (kbit/s).
egress = 200,
-- Default download limit (kbit/s).
ingress = 3000,
},
},
autoupdater = {
-- Default branch (optional), can be overridden by setting GLUON_AUTOUPDATER_BRANCH when building.
-- Set GLUON_AUTOUPDATER_ENABLED to enable the autoupdater by default for newly installed nodes.
branch = 'stable',
-- List of branches. You may define multiple branches.
branches = {
stable = {
name = 'stable',
-- List of mirrors to fetch images from. IPv6 required!
mirrors = {'http://1.updates.services.ffhl/stable/sysupgrade'},
-- Number of good signatures required.
-- Have multiple maintainers sign your build and only
-- accept it when a sufficient number of them have
-- signed it.
good_signatures = 0,
-- List of public keys of maintainers.
pubkeys = {
},
},
},
},
}

57
contrib/ci/olsr-site/site.mk
View File

@ -1,57 +0,0 @@
## gluon site.mk makefile example
## GLUON_FEATURES
# Specify Gluon features/packages to enable;
# Gluon will automatically enable a set of packages
# depending on the combination of features listed
GLUON_FEATURES := \
autoupdater \
ebtables-filter-multicast \
ebtables-filter-ra-dhcp \
ebtables-limit-arp \
mesh-olsrd \
mesh-vpn-fastd \
respondd \
status-page \
web-advanced \
web-wizard
GLUON_FEATURES_standard := \
wireless-encryption-wpa3
## GLUON_SITE_PACKAGES
# Specify additional Gluon/OpenWrt packages to include here;
# A minus sign may be prepended to remove a packages from the
# selection that would be enabled by default or due to the
# chosen feature flags
GLUON_SITE_PACKAGES := iwinfo
## DEFAULT_GLUON_RELEASE
# version string to use for images
# gluon relies on
# opkg compare-versions "$1" '>>' "$2"
# to decide if a version is newer or not.
DEFAULT_GLUON_RELEASE := 0.6+exp$(shell date '+%Y%m%d')
# Variables set with ?= can be overwritten from the command line
## GLUON_RELEASE
# call make with custom GLUON_RELEASE flag, to use your own release version scheme.
# e.g.:
# $ make images GLUON_RELEASE=23.42+5
# would generate images named like this:
# gluon-ff%site_code%-23.42+5-%router_model%.bin
GLUON_RELEASE ?= $(DEFAULT_GLUON_RELEASE)
# Default priority for updates.
GLUON_PRIORITY ?= 0
# Region code required for some images; supported values: us eu
GLUON_REGION ?= eu
# Languages to include
GLUON_LANGS ?= en de

16
contrib/docker/Dockerfile
View File

@ -1,11 +1,12 @@
FROM debian:bullseye-slim
FROM debian:buster-slim
ARG DEBIAN_FRONTEND=noninteractive
RUN apt-get update && apt-get install -y --no-install-recommends \
ca-certificates \
file \
git \
python3 \
subversion \
python \
build-essential \
gawk \
unzip \
@ -14,20 +15,11 @@ RUN apt-get update && apt-get install -y --no-install-recommends \
libssl-dev \
libelf-dev \
wget \
rsync \
time \
qemu-utils \
ecdsautils \
lua-check \
shellcheck \
&& apt-get clean \
&& rm -rf /var/lib/apt/lists/*
RUN mkdir /tmp/ec &&\
wget -O /tmp/ec/ec-linux-amd64.tar.gz https://github.com/editorconfig-checker/editorconfig-checker/releases/download/2.7.0/ec-linux-amd64.tar.gz &&\
tar -xvzf /tmp/ec/ec-linux-amd64.tar.gz &&\
mv bin/ec-linux-amd64 /usr/local/bin/editorconfig-checker &&\
rm -rf /tmp/ec
&& rm -rf /var/lib/apt/lists/*
RUN useradd -d /gluon gluon
USER gluon

4
contrib/i18n-scan.pl
View File

@ -4,7 +4,7 @@ use strict;
use warnings;
use Text::Balanced qw(extract_bracketed extract_delimited extract_tagged);
@ARGV >= 1 || die "Usage: $0 <source directory>\n";
@ARGV >= 1 || die "Usage: $0 <source direcory>\n";
my %stringtable;
@ -79,7 +79,7 @@ if( open F, "find @ARGV -type f '(' -name '*.html' -o -name '*.lua' ')' |" )
{
my $stag = quotemeta $1;
my $etag = $stag;
$etag =~ s/\[/]/g;
$etag =~ s/\[/]/g;
( $res ) = extract_tagged($code, $stag, $etag);

13
contrib/lsupgrade.sh
View File

@ -28,7 +28,7 @@ fi
pushd "$(dirname "$0")/.." >/dev/null
find ./package packages -name Makefile | grep -v '^packages/packages/' | while read -r makefile; do
find ./package packages -name Makefile | while read -r makefile; do
dir="$(dirname "$makefile")"
pushd "$dir" >/dev/null
@ -37,12 +37,13 @@ find ./package packages -name Makefile | grep -v '^packages/packages/' | while r
dirname="$(dirname "$dir" | cut -d/ -f 3-)"
package="$(basename "$dir")"
for file in "${SUFFIX1}"/* "${SUFFIX2}"/*; do
basename="$(basename "${file}")"
suffix="$(dirname "${file}")"
printf "%s\t%s\n" "${basename}" "${BLUE}${repo}${RESET}/${dirname}${dirname:+/}${RED}${package}${RESET}/${suffix}/${GREEN}${basename}${RESET}"
for file in "${SUFFIX1}"/*; do
echo "${GREEN}$(basename "${file}")${RESET}" "(${BLUE}${repo}${RESET}/${dirname}${dirname:+/}${RED}${package}${RESET}/${SUFFIX1})"
done
for file in "${SUFFIX2}"/*; do
echo "${GREEN}$(basename "${file}")${RESET}" "(${BLUE}${repo}${RESET}/${dirname}${dirname:+/}${RED}${package}${RESET}/${SUFFIX2})"
done
popd >/dev/null
done | sort | cut -f2-
done | sort
popd >/dev/null

149
contrib/push_pkg.sh
View File

@ -1,149 +0,0 @@
#!/bin/sh
set -e
topdir="$(realpath "$(dirname "${0}")/../openwrt")"
# defaults to qemu run script
ssh_host=localhost
build_only=0
preserve_config=1
print_help() {
echo "$0 [OPTIONS] PACAKGE_DIR [PACKAGE_DIR] ..."
echo ""
echo " -h print this help"
echo " -r HOST use a remote machine as target machine. By default if this"
echo " option is not given, push_pkg.sh will use a locally"
echo " running qemu instance started by run_qemu.sh."
echo " -p PORT use PORT as ssh port (default is 22)"
echo " -b build only, do not push"
echo " -P do not preserve /etc/config. By default, if a package"
echo " defines a config file in /etc/config, this config file"
echo " will be preserved. If you specify this flag, the package"
echo " default will be installed instead."
echo ""
echo ' To change gluon variables, run e.g. "make config GLUON_MINIFY=0"'
echo ' because then the gluon logic will be triggered, and openwrt/.config'
echo ' will be regenerated. The variables from openwrt/.config are already'
echo ' automatically used for this script.'
echo
}
while getopts "p:r:hbP" opt
do
case $opt in
P) preserve_config=0;;
p) ssh_port="${OPTARG}";;
r) ssh_host="${OPTARG}"; [ -z "$ssh_port" ] && ssh_port=22;;
b) build_only=1;;
h) print_help; exit 0;;
*) ;;
esac
done
shift $(( OPTIND - 1 ))
[ -z "$ssh_port" ] && ssh_port=2223
if [ "$build_only" -eq 0 ]; then
remote_info=$(ssh -p "${ssh_port}" "root@${ssh_host}" '
source /etc/os-release
printf "%s\\t%s\\n" "$OPENWRT_BOARD" "$OPENWRT_ARCH"
')
REMOTE_OPENWRT_BOARD="$(echo "$remote_info" | cut -f 1)"
REMOTE_OPENWRT_ARCH="$(echo "$remote_info" | cut -f 2)"
# check target
if ! grep -q "CONFIG_TARGET_ARCH_PACKAGES=\"${REMOTE_OPENWRT_ARCH}\"" "${topdir}/.config"; then
echo "Configured OpenWrt Target is not matching with the target machine!" 1>&2
echo
printf "%s" " Configured architecture: " 1>&2
grep "CONFIG_TARGET_ARCH_PACKAGES" "${topdir}/.config" 1>&2
echo "Target machine architecture: ${REMOTE_OPENWRT_ARCH}" 1>&2
echo 1>&2
echo "To switch the local with the run with the corresponding GLUON_TARGET:" 1>&2
echo " make GLUON_TARGET=... config" 1>&2
exit 1
fi
fi
if [ $# -lt 1 ]; then
echo ERROR: Please specify a PACKAGE_DIR. For example:
echo
echo " \$ $0 package/gluon-core"
exit 1
fi
while [ $# -gt 0 ]; do
pkgdir="$1"; shift
echo "Package: ${pkgdir}"
if ! [ -f "${pkgdir}/Makefile" ]; then
echo "ERROR: ${pkgdir} does not contain a Makefile"
exit 1
fi
if ! grep -q BuildPackage "${pkgdir}/Makefile"; then
echo "ERROR: ${pkgdir}/Makefile does not contain a BuildPackage command"
exit 1
fi
opkg_packages="$(make TOPDIR="${topdir}" -C "${pkgdir}" DUMP=1 | awk '/^Package: / { print $2 }')"
search_package() {
find "$2" -name "$1_*.ipk" -printf '%f\n'
}
make TOPDIR="${topdir}" -C "${pkgdir}" clean
make TOPDIR="${topdir}" -C "${pkgdir}" compile
if [ "$build_only" -eq 1 ]; then
continue
fi
# IPv6 addresses need brackets around the ${ssh_host} for scp!
if echo "${ssh_host}" | grep -q :; then
BL=[
BR=]
fi
for pkg in ${opkg_packages}; do
for feed in "${topdir}/bin/packages/${REMOTE_OPENWRT_ARCH}/"*/ "${topdir}/bin/targets/${REMOTE_OPENWRT_BOARD}/packages/"; do
printf "%s" "searching ${pkg} in ${feed}: "
filename=$(search_package "${pkg}" "${feed}")
if [ -n "${filename}" ]; then
echo found!
break
else
echo not found
fi
done
if [ "$preserve_config" -eq 0 ]; then
opkg_flags=" --force-maintainer"
fi
# shellcheck disable=SC2029
if [ -n "$filename" ]; then
scp -O -P "${ssh_port}" "$feed/$filename" "root@${BL}${ssh_host}${BR}:/tmp/${filename}"
ssh -p "${ssh_port}" "root@${ssh_host}" "
set -e
echo Running opkg:
opkg install --force-reinstall ${opkg_flags} '/tmp/${filename}'
rm '/tmp/${filename}'
gluon-reconfigure
"
else
# Some packages (e.g. procd-seccomp) seem to contain BuildPackage commands
# which do not generate *.ipk files. Till this point, I am not aware why
# this is happening. However, dropping a warning if the corresponding
# *.ipk is not found (maybe due to other reasons as well), seems to
# be more reasonable than aborting. Before this commit, the command
# has failed.
echo "Warning: ${pkg}*.ipk not found! Ignoring." 1>&2
fi
done
done

15
contrib/run_qemu.sh
View File

@ -1,15 +0,0 @@
#!/bin/sh
# Note: You can exit the qemu instance by first pressing "CTRL + a" then "c".
# Then you enter the command mode of qemu and can exit by typing "quit".
qemu-system-x86_64 \
-d 'cpu_reset' \
-enable-kvm \
-gdb tcp::1234 \
-nographic \
-netdev user,id=wan,hostfwd=tcp::2223-10.0.2.15:22 \
-device virtio-net-pci,netdev=wan,addr=0x06,id=nic1 \
-netdev user,id=lan,hostfwd=tcp::6080-192.168.1.1:80,hostfwd=tcp::2222-192.168.1.1:22,net=192.168.1.100/24 \
-device virtio-net-pci,netdev=lan,addr=0x05,id=nic2 \
"$@"

21
contrib/sign.sh
View File

@ -29,22 +29,11 @@ lower="$(mktemp)"
trap 'rm -f "$upper" "$lower"' EXIT
awk 'BEGIN {
sep = 0
}
/^---$/ {
sep = 1;
next
}
{
if(sep == 0) {
print > "'"$upper"'"
} else {
print > "'"$lower"'"
}
}' "$manifest"
awk 'BEGIN { sep=0 }
/^---$/ { sep=1; next }
{ if(sep==0) print > "'"$upper"'";
else print > "'"$lower"'"}' \
"$manifest"
ecdsasign "$upper" < "$SECRET" >> "$lower"

33
contrib/sigtest.sh
View File

@ -1,7 +1,7 @@
#!/bin/sh
if [ $# -eq 0 ] || [ "-h" = "$1" ] || [ "-help" = "$1" ] || [ "--help" = "$1" ]; then
cat <<EOHELP
cat <<EOHELP
Usage: $0 <public> <signed manifest>
sigtest.sh checks if a manifest is signed by the public key <public>. There is
@ -12,7 +12,7 @@ See also:
* https://gluon.readthedocs.io/en/latest/features/autoupdater.html
EOHELP
exit 1
exit 1
fi
public="$1"
@ -21,29 +21,18 @@ upper="$(mktemp)"
lower="$(mktemp)"
ret=1
awk 'BEGIN {
sep = 0
}
/^---$/ {
sep = 1;
next
}
{
if(sep == 0) {
print > "'"$upper"'"
} else {
print > "'"$lower"'"
}
}' "$manifest"
awk "BEGIN { sep=0 }
/^---\$/ { sep=1; next }
{ if(sep==0) print > \"$upper\";
else print > \"$lower\"}" \
"$manifest"
while read -r line
do
if ecdsaverify -s "$line" -p "$public" "$upper"; then
ret=0
break
fi
if ecdsaverify -s "$line" -p "$public" "$upper"; then
ret=0
break
fi
done < "$lower"
rm -f "$upper" "$lower"

41
docs/_static/css/custom.css vendored
View File

@ -1,10 +1,45 @@
/*
This fixes the vertical position of list markers when the first
element in the <li> is a <pre> block
This fixes the vertical position of list markers when the first
element in the <li> is a <pre> block
Scrolling inside the <pre> block is still working as expected
Scrolling inside the <pre> block is still working as expected
*/
.rst-content pre.literal-block,
.rst-content div[class^='highlight'] pre {
overflow: visible;
}
/*
This fixes the bottom margin of paragraphs inside lists, where margins inside
a single list item would incorrectly be displayed larger than margins between
the list items.
Upstream fix (not fixed on readthedocs.io yet):
https://github.com/readthedocs/sphinx_rtd_theme/commit/ac20ce75d426efeb40fe2af1f89ea9bad285a45b
*/
.rst-content .section ol li > p,
.rst-content .section ol li > p:last-child,
.rst-content .section ul li > p,
.rst-content .section ul li > p:last-child {
margin-bottom: 12px;
}
.rst-content .section ol li > p:only-child,
.rst-content .section ol li > p:only-child:last-child,
.rst-content .section ul li > p:only-child,
.rst-content .section ul li > p:only-child:last-child {
margin-bottom: 0rem;
}
/*
This fixes the bottom margin of nested lists
Based on upstream fix (not on readthedocs.io yet):
https://github.com/readthedocs/sphinx_rtd_theme/commit/6f0de13baff93f25204aa2cdf0308aae47d71312
*/
.rst-content .section ul li > ul,
.rst-content .section ul li > ol,
.rst-content .section ol li > ul,
.rst-content .section ol li > ol {
margin-bottom: 12px;
}

21
docs/conf.py
View File

@ -20,11 +20,11 @@
# -- Project information -----------------------------------------------------
project = 'Gluon'
copyright = 'Project Gluon'
copyright = '2015-2022, Project Gluon'
author = 'Project Gluon'
# The short X.Y version
version = '2022.1'
version = '2021.1.2'
# The full version, including alpha/beta/rc tags
release = version
@ -58,7 +58,7 @@ master_doc = 'index'
#
# This is also used if you do content translation via gettext catalogs.
# Usually you set "language" from the command line for these cases.
language = 'en'
language = None
# List of patterns, relative to source directory, that match files and
# directories to ignore when looking for source files.
@ -71,13 +71,6 @@ pygments_style = None
# Don't highlight code blocks unless requested explicitly
highlight_language = 'none'
# Ignore links to the config mode, as well as anchors on on hackint, which are
# used to mark channel names and do not exist. Regular links are not effected.
linkcheck_ignore = [
'http://192.168.1.1',
'https://webirc.hackint.org/#'
]
# -- Options for HTML output -------------------------------------------------
@ -144,7 +137,7 @@ latex_elements = {
# author, documentclass [howto, manual, or own class]).
latex_documents = [
(master_doc, 'Gluon.tex', 'Gluon Documentation',
'Project Gluon', 'manual'),
'Project Gluon', 'manual'),
]
@ -154,7 +147,7 @@ latex_documents = [
# (source start file, name, description, authors, manual section).
man_pages = [
(master_doc, 'gluon', 'Gluon Documentation',
[author], 1)
[author], 1)
]
@ -165,8 +158,8 @@ man_pages = [
# dir menu entry, description, category)
texinfo_documents = [
(master_doc, 'Gluon', 'Gluon Documentation',
author, 'Gluon', 'One line description of project.',
'Miscellaneous'),
author, 'Gluon', 'One line description of project.',
'Miscellaneous'),
]

11
docs/dev/basics.rst
View File

@ -23,7 +23,6 @@ webbrowser. You're welcome to join us!
.. _hackint: https://hackint.org/
.. _webchat: https://webirc.hackint.org/#irc://irc.hackint.org/#gluon
.. _working-with-repositories:
Working with repositories
-------------------------
@ -33,7 +32,7 @@ rerun
::
make update
make update
`make update` also applies the patches that can be found in the directories found in
`patches`; the resulting branch will be called `patched`, while the commit specified in `modules`
@ -45,7 +44,7 @@ using
::
make update-patches
make update-patches
If applying a patch fails because you have changed the base commit, the repository will be reset to the old `patched` branch
and you can try rebasing it onto the new `base` branch yourself and after that call `make update-patches` to fix the problem.
@ -55,9 +54,9 @@ commits, making `git reflog` the only way to recover them!
::
make refresh-patches
make refresh-patches
In order to refresh patches when updating feeds or the OpenWrt base, `make refresh-patches` applies and updates all of their patches without installing feed packages to the OpenWrt build system.
In order to refresh patches when updating feeds or the OpenWrt base, `make refresh-patches` applies and updates all of their patches without installing feed packages to the OpenWrt buildsystem.
This command speeds up the maintenance of updating OpenWrt and feeds.
@ -77,7 +76,7 @@ apply:
- use tabs instead of spaces
- trailing whitespaces must be eliminated
- files need to end with a final newline
- newlines need to have Unix line endings (lf)
- newlines need to have unix line endings (lf)
To that end we provide a ``.editorconfig`` configuration, which is supported by most
of the editors out there.

14
docs/dev/build.rst
View File

@ -88,17 +88,3 @@ update.sh
source and installs it into *packages/* directory. It simply tries to set the *base*
branch of the cloned repo to the correct commit. If this fails it fetches the
upstream branch and tries again to set the local *base* branch.
getversion.sh
Used to determine the version numbers of the repositories of Gluon and the
site configuration, to be included in the built firmware images as
*/lib/gluon/gluon-version* and */lib/gluon/site-version*.
By default, this uses ``git describe`` to generate a version number based
on the last git tag. This can be overridden by putting a file called
*.scmversion* into the root of the respective repositories.
A command like ``rm -f .scmversion; echo "$(./scripts/getversion.sh .)" > .scmversion``
can be used before applying local patches to ensure that the reported
version numbers refer to an upstream commit ID rather than an arbitrary
local one after ``git am``.

12
docs/dev/debugging.rst
View File

@ -32,12 +32,12 @@ The tooling is contained in the kernel source tree in the file
`decode_stacktrace.sh <https://github.com/torvalds/linux/blob/master/scripts/decode_stacktrace.sh>`__.
This file and the needed source tree are available in the directory: ::
openwrt/build_dir/target-<architecture>/linux-<architecture>/linux-<version>/
openwrt/build_dir/target-<architecture>/linux-<architecture>/linux-<version>/
.. note::
Make sure to use a kernel tree that matches the version and patches
that was used to build the kernel.
If in doubt just re-build the images for the target.
Make sure to use a kernel tree that matches the version and patches
that was used to build the kernel.
If in doubt just re-build the images for the target.
Some more information on how to use this tool can be found at
`LWN <https://lwn.net/Articles/592724/>`__.
@ -45,7 +45,7 @@ Some more information on how to use this tool can be found at
Obtaining Stacktraces
.....................
On many targets stack traces can be read from the following
On many targets stacktraces can be read from the following
location after reboot: ::
/sys/kernel/debug/crashlog
/sys/kernel/debug/crashlog

296
docs/dev/hardware.rst
View File

@ -1,5 +1,5 @@
Adding hardware support
=======================
Adding support for new hardware
===============================
This page will give a short overview on how to add support
for new hardware to Gluon.
@ -7,232 +7,158 @@ Hardware requirements
---------------------
Having an ath9k, ath10k or mt76 based WLAN adapter is highly recommended,
although other chipsets may also work. VAP (multiple SSID) support
with simultaneous AP + Mesh Point (802.11s) operation is required.
Device checklist
----------------
The description of pull requests adding device support must include the
`device integration checklist
<https://github.com/freifunk-gluon/gluon/wiki/Device-Integration-checklist>`_.
The checklist ensures that core functionality of Gluon is well supported on the
device.
is a requirement.
.. _device-class-definition:
Device checklist
----------------
Pull requests adding device support must have the device checklist
included in their description. The checklist assures core functionality
of Gluon is well supported on the device.
The checklist can be found in the `wiki <https://github.com/freifunk-gluon/gluon/wiki/Device-Integration-checklist>`_.
Device classes
--------------
All supported hardware is categorized into "device classes". This allows to
adjust the feature set of Gluon to the different hardware's capabilities via
``site.mk`` without having to list individual devices.
Gluon currently is aware of two device classes. Depending on the device class, different
features can be installed onto the device.
There are currently two devices classes defined: "standard" and "tiny". The
"tiny" class contains all devices that do not meet the following requirements:
The ``tiny`` device-class contains devices with the following limitations:
- At least 7 MiB of usable firmware space
- At least 64 MiB of RAM (128MiB for devices with ath10k radio)
* All devices with less than 64 MB of system memory
* All devices with less than 7 MB of usable firmware space
* Devices using a single ath10k radio and less than 128MB of system memory
Target configuration
--------------------
Gluon's hardware support is based on OpenWrt's. For each supported target,
a configuration file exists at ``targets/<target>-<subtarget>`` (or just
``target/<target>`` for targets without subtargets) that contains all
Gluon-specific settings for the target. The generic configuration
``targets/generic`` contains settings that affect all targets.
.. _hardware-adding-profiles:
All targets must be listed in ``target/targets.mk``.
Adding profiles
---------------
The vast majority of devices with ath9k WLAN is based on the ar71xx target of OpenWrt.
If the hardware you want to add support for is ar71xx, adding a new profile
is sufficient.
The target configuration language is based on Lua, so Lua's syntax for variables
and control structures can be used.
Profiles are defined in ``targets/*`` in a shell-based DSL (so common shell
command syntax like ``if`` can be used).
Device definitions
~~~~~~~~~~~~~~~~~~
To configure a device to be built for Gluon, the ``device`` function is used.
In the simplest case, only two arguments are passed, for example:
The ``device`` command is used to define an image build for a device. It takes
two or three parameters.
.. code-block:: lua
The first parameter defines the Gluon profile name, which is used to refer to the
device and is part of the generated image name. The profile name must be same as
the output of the following command (on the target device), so the autoupdater
can work::
device('tp-link-tl-wdr3600-v1', 'tplink_tl-wdr3600-v1')
lua -e 'print(require("platform_info").get_image_name())'
The first argument is the device name in Gluon, which is part of the output
image filename, and must correspond to the model string looked up by the
autoupdater. The second argument is the corresponding device profile name in
OpenWrt, as found in ``openwrt/target/linux/<target>/image/*``.
While porting Gluon to a new device, it might happen that the profile name is
unknown. Best practise is to generate an image first by using an arbitrary value
and then executing the lua command on the device and use its output from then on.
A table of additional settings can be passed as a third argument:
The second parameter defines the name of the image files generated by OpenWrt. Usually,
it is also the OpenWrt profile name; for devices that still use the old image build
code, a third parameter with the OpenWrt profile name can be passed. The profile names
can be found in the image Makefiles in ``openwrt/target/linux/<target>/image/Makefile``.
.. code-block:: lua
Examples::
device('ubiquiti-edgerouter-x', 'ubnt_edgerouter-x', {
factory = false,
packages = {'-hostapd-mini'},
manifest_aliases = {
'ubnt-erx',
},
})
The supported additional settings are described in the following sections.
device tp-link-tl-wr1043n-nd-v1 tl-wr1043nd-v1
device alfa-network-hornet-ub hornet-ub HORNETUB
Suffixes and extensions
~~~~~~~~~~~~~~~~~~~~~~~
For many targets, OpenWrt generates images with the suffixes
``-squashfs-factory.bin`` and ``-squashfs-sysupgrade.bin``. For devices with
different image names, is it possible to override the suffixes and extensions
using the settings ``factory``, ``factory_ext``, ``sysupgrade`` and
``sysupgrade_ext``, for example:
'''''''''''''''''''''''
.. code-block:: lua
By default, image files are expected to have the extension ``.bin``. In addition,
the images generated by OpenWrt have a suffix before the extension that defaults to
``-squashfs-factory`` and ``-squashfs-sysupgrade``.
{
factory = '-squashfs-combined',
factory_ext = '.img.gz',
sysupgrade = '-squashfs-combined',
sysupgrade_ext = '.img.gz',
}
This can be changed using the ``factory`` and ``sysupgrade`` commands, either at
the top of the file to set the defaults for all images, or for a single image. There
are three forms with 0 to 2 arguments (all work with ``sysupgrade`` as well)::
Only settings that differ from the defaults need to be passed. ``factory`` and
``sysupgrade`` can be set to ``false`` when no such images exist.
factory SUFFIX .EXT
factory .EXT
factory
For some device types, there are multiple factory images with different
extensions. ``factory_ext`` can be set to a table of strings to account for this
case:
When only an extension is given, the default suffix is retained. When no arguments
are given, this signals that no factory (or sysupgrade) image exists.
.. code-block:: lua
Aliases
'''''''
{
factory_ext = {'.img.gz', '.vmdk', '.vdi'},
}
Sometimes multiple models use the same OpenWrt images. In this case, the ``alias``
command can be used to create symlinks and additional entries in the autoupdater
manifest for the alternative models.
TODO: Extra images
Standalone images
'''''''''''''''''
Aliases and manifest aliases
~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Sometimes multiple devices exist that use the same OpenWrt images. To make it
easier to find these images, the ``aliases`` setting can be used to define
additional device names. Gluon will create symlinks for these names in the
image output directory.
On targets without *per-device rootfs* support in OpenWrt, the commands described above
can't be used. Instead, ``factory_image`` and ``sysupgrade_image`` are used::
.. code-block:: lua
factory_image PROFILE IMAGE .EXT
sysupgrade_image PROFILE IMAGE .EXT
device('aruba-ap-303', 'aruba_ap-303', {
factory = false,
aliases = {'aruba-instant-on-ap11'},
})
Again, the profile name must match the value printed by the aforementioned Lua
command. The image name must match the part between the target name and the extension
as generated by OpenWrt and is to be omitted when no such part exists.
The aliased name will also be added to the autoupdate manifest, allowing upgrade
images to be found under the different name on targets that perform model name
detection at runtime.
Packages
''''''''
It is also possible to add alternative names to the autoupdater manifest without
creating a symlink by using ``manifest_aliases`` instead of ``aliases``, which
should be done when the alternative name does not refer to a separate device.
This is particularly useful to allow the autoupdater to work when the model name
changed between Gluon versions.
The ``packages`` command takes an arbitrary number of arguments. Each argument
defines an additional package to include in the images in addition to the default
package sets defined by OpenWrt. When a package name is prefixed by a minus sign, the
packages are excluded instead.
Package lists
~~~~~~~~~~~~~
Gluon generates lists of packages that are installed in all images based on a
default list and the features and packages specified in the site configuration.
The ``packages`` command may be used at the top of a target definition to modify
the default package list for all images, or just for a single device (when the
target supports *per-default rootfs*).
In addition, OpenWrt defines additional per-device package lists. These lists
may be modified in Gluon's device definitions, for example to include additional
drivers and firmware, or to remove unneeded software. Packages to remove are
prefixed with a ``-`` character.
For many ath10k-based devices, this is used to replace the "CT" variant of
ath10k with the mainline-based version:
Configuration
'''''''''''''
.. code-block:: lua
The ``config`` command allows to add arbitrary target-specific OpenWrt configuration
to be emitted to ``.config``.
local ATH10K_PACKAGES_QCA9880 = {
'kmod-ath10k',
'-kmod-ath10k-ct',
'-kmod-ath10k-ct-smallbuffers',
'ath10k-firmware-qca988x',
'-ath10k-firmware-qca988x-ct',
}
device('openmesh-a40', 'openmesh_a40', {
packages = ATH10K_PACKAGES_QCA9880,
factory = false,
})
Notes
'''''
This example also shows how to define a local variable, allowing the package
list to be reused for multiple devices.
On devices with multiple WLAN adapters, care must also be taken that the primary MAC address is
configured correctly. ``/lib/gluon/core/sysconfig/primary_mac`` should contain the MAC address which
can be found on a label on most hardware; if it does not, ``/lib/gluon/upgrade/010-primary-mac``
in ``gluon-core`` might need a fix. (There have also been cases in which the address was incorrect
even on devices with only one WLAN adapter, in these cases a OpenWrt bug was the cause).
Device flags
~~~~~~~~~~~~
The settings ``class``, ``deprecated`` or ``broken`` should be set according to
the device support status. The default values are as follows:
Adding support for new hardware targets
---------------------------------------
.. code-block:: lua
Adding a new target is much more complex than adding a new profile. There are two basic steps
required for adding a new target:
{
class = 'standard',
deprecated = false,
broken = false,
}
Package adjustments
'''''''''''''''''''
- Device classes are described in :ref:`device-class-definition`
- Broken devices are untested or do not meet our requirements as given by the
device checklist
- Deprecated devices are slated for removal in a future Gluon version due to
hardware constraints
One package that may need adjustments for new targets is ``libplatforminfo`` (to be found in
`packages/gluon/libs/libplatforminfo <https://github.com/freifunk-gluon/packages/tree/master/libs/libplatforminfo>`_).
If the new platform works fine with the definitions found in ``default.c``, nothing needs to be done. Otherwise,
create a definition for the added target or subtarget, either by symlinking one of the files in the ``templates``
directory, or adding a new source file.
Global settings
~~~~~~~~~~~~~~~
There is a number of directives that can be used outside of a ``device()``
definition:
On many targets, Gluon's network setup scripts (mainly in the package ``gluon-core``)
won't run correctly without some adjustments, so better double check that everything is fine there (and the files
``primary_mac``, ``lan_ifname`` and ``wan_ifname`` in ``/lib/gluon/core/sysconfig/`` contain sensible values).
- ``include('filename')``: Include another file with global settings
- ``config(key, value)``: Set a config symbol in OpenWrt's ``.config``. Value
may be a string, number, boolean, or nil. Booleans and nil are used for
tristate symbols, where nil sets the symbol to ``m``.
- ``try_config(key, value)``: Like ``config()``, but do not fail if setting
the symbol is not possible (usually because its dependencies are not met)
- ``packages { 'package1', '-package2', ... }``: Define a list of packages to
add or remove for all devices of a target. Package lists passed to multiple
calls of ``packages`` will be aggregated.
- ``defaults { key = value, ... }``: Set default values for any of the
additional settings that can be passed to ``device()``.
Build system support
''''''''''''''''''''
Helper functions
~~~~~~~~~~~~~~~~
The following helpers can be used in the target configuration:
A definition for the new target must be created under ``targets``, and it must be added
to ``targets/targets.mk``. The ``GluonTarget`` macro takes one to three arguments:
the target name, the Gluon subtarget name (if the target has subtargets), and the
OpenWrt subtarget name (if it differs from the Gluon subtarget). The third argument
can be used to define multiple Gluon targets with different configuration for the
same OpenWrt target, like it is done for the ``ar71xx-tiny`` target.
- ``env.KEY`` allows to access environment variables
- ``istrue(value)`` returns true if the passed string is a positive number
(often used with ``env``, for example ``if istrue(env.GLUON_DEBUG) then ...``)
Hardware support in packages
----------------------------
In addition to the target configuration files, some device-specific changes may
be required in packages.
gluon-core
~~~~~~~~~~
- ``/lib/gluon/upgrade/010-primary-mac``: Override primary MAC address selection
Usually, the primary (label) MAC address is defined in OpenWrt's Device Trees.
For devices or targets where this is not the case, it is possible to specify
what interface to take the primary MAC address from in ``010-primary-mac``.
- ``/lib/gluon/upgrade/020-interfaces``: Override LAN/WAN interface assignment
On PoE-powered devices, the PoE input port should be "WAN".
- ``/usr/lib/lua/gluon/platform.lua``: Contains a list of outdoor devices
gluon-setup-mode
~~~~~~~~~~~~~~~~
- ``/lib/gluon/upgrade/320-setup-ifname``: Contains a list of devices that use
the WAN port for the config mode
On PoE-powered devices, the PoE input port should be used for the config
mode. This is handled correctly by default for outdoor devices listed in
``platform.lua``.
libplatforminfo
~~~~~~~~~~~~~~~
When adding support for a new target to Gluon, it may be necessary to adjust
libplatforminfo to define how autoupdater image names are derived from the
model name.
After this, is should be sufficient to call ``make GLUON_TARGET=<target>`` to build the images for the new target.

82
docs/dev/packages.rst
View File

@ -3,88 +3,6 @@ Package development
Gluon packages are OpenWrt packages and follow the same rules described at https://openwrt.org/docs/guide-developer/packages.
Development workflow
====================
When you are developing packages, it often happens that you iteratively want to deploy
and verify the state your development. There are two ways to verify your changes:
1)
One way is to rebuild the complete firmware, flash it, configure it and verify your
development then. This usually takes at least a few minutes to get your changes
working so you can test them. Especially if you iterate a lot, this becomes tedious.
2)
Another way is to rebuild only the package you are currently working on and
to deploy this package to your test system. Here not even a reboot is required.
This makes iterating relatively fast. Your test system could be real hardware or
even a qemu in most cases.
Gluon provides scripts to enhance workflow 2). Here is an example illustrating
the workflow using these scripts:
.. code-block:: shell
# start a local qemu instance
contrib/run_qemu.sh output/images/factory/[...]-x86-64.img
# apply changes to the desired package
vi package/gluon-ebtables/files/etc/init.d/gluon-ebtables
# rebuild and push the package to the qemu instance
contrib/push_pkg.sh package/gluon-ebtables/
# test your changes
...
# do more changes
...
# rebuild and push the package to the qemu instance
contrib/push_pkg.sh package/gluon-ebtables/
# test your changes
...
(and so on...)
# see help of the script for more information
contrib/push_pkg.sh -h
...
Features of ``push_pkg.sh``:
* Works with compiled and non-compiled packages.
* This means it can be used in the development of C-code, Lua-Code and mostly any other code.
* Works with native OpenWrt and Gluon packages.
* Pushes to remote machines or local qemu instances.
* Pushes multiple packages in in one call if desired.
* Performs site.conf checks.
Implementation details of ``push_pkg.sh``:
* First, the script builds an opkg package using the OpenWrt build system.
* This package is pushed to a *target machine* using scp:
* By default the *target machine* is a locally running x86 qemu started using ``run_qemu.sh``.
* The *target machine* can also be remote machine. (See the cli switch ``-r``)
* Remote machines are not limited to a specific architecture. All architectures supported by gluon can be used as remote machines.
* Finally opkg is used to install/update the packages in the target machine.
* While doing this, it will not override ``/etc/config`` with package defaults by default. (See the cli switch ``-P``).
* While doing this, opkg calls the ``check_site.lua`` from the package as post_install script to validate the ``site.conf``. This means that the ``site.conf`` of the target machine is used for this validation.
Note that:
* ``push_pkg.sh`` does neither build nor push dependencies of the packages automatically. If you want to update dependencies, you must explicitly specify them to be pushed.
* If you add new packages, you must run ``make update config GLUON_TARGET=...``.
* You can change the gluon target of the target machine via ``make config GLUON_TARGET=...``.
* If you want to update the ``site.conf`` of the target machine, use ``push_pkg.sh package/gluon-site/``.
* Sometimes when things break, you can heal them by compiling a package with its dependencies: ``cd openwrt; make package/gluon-ebtables/clean; make package/gluon-ebtables/compile; cd ..``.
* You can exit qemu by pressing ``CTRL + a`` and ``c`` afterwards.
Gluon package makefiles
=======================

15
docs/dev/uplink.rst → docs/dev/wan.rst
View File

@ -1,5 +1,5 @@
Uplink support
==============
WAN support
===========
As the WAN port of a node will be connected to a user's private network, it
is essential that the node only uses the WAN when it is absolutely necessary.
@ -11,12 +11,11 @@ There are two cases in which the WAN port is used:
After the VPN connection has been established, the node should be able to reach
the mesh's DNS servers and use these for all other name resolution.
If a device has only a single Ethernet port (or group of ports), it will be
used as an uplink port even when it is not labelled as "WAN" by default. This
behavior can be controlled using the ``interfaces.single.default_roles``
site.conf option. It is also possible to alter the interface assignment after
installation by modifying ``/etc/config/gluon`` and running
``gluon-reconfigure``.
If the device does not feature a WAN port, the LAN port is configured as WAN port.
In case such a device has multiple LAN ports, all these can be used as WAN.
Devices, which feature a "hybrid" port (labelled as WAN/LAN), this port is used as WAN.
This behavior can be reversed using the ``single_as_lan`` site.conf option.
Routing tables
~~~~~~~~~~~~~~

3
docs/dev/web/controller.rst
View File

@ -74,7 +74,8 @@ Useful functions:
- *header* (*key*, *value*): Adds an HTTP header to the reply to be sent to
the client. Has no effect when non-header data has already been written.
- *prepare_content* (*mime*): Sets the *Content-Type* header to the given MIME
type
type, potentially setting additional headers or modifying the MIME type to
accommodate browser quirks
- *write* (*data*, ...): Sends the given data to the client. If headers have not
been sent, it will be done before the data is written.

18
docs/features/autoupdater.rst
View File

@ -61,9 +61,9 @@ A fully automated nightly build could use the following commands:
git pull
# git -C site pull
make update
make clean GLUON_TARGET=ath79-generic
make clean GLUON_TARGET=ar71xx-generic
NUM_CORES_PLUS_ONE=$(expr $(nproc) + 1)
make -j$NUM_CORES_PLUS_ONE GLUON_TARGET=ath79-generic GLUON_RELEASE=$GLUON_RELEASE \
make -j$NUM_CORES_PLUS_ONE GLUON_TARGET=ar71xx-generic GLUON_RELEASE=$GLUON_RELEASE \
GLUON_AUTOUPDATER_BRANCH=experimental GLUON_AUTOUPDATER_ENABLED=1
make manifest GLUON_RELEASE=$GLUON_RELEASE GLUON_AUTOUPDATER_BRANCH=experimental
contrib/sign.sh $SECRETKEY output/images/sysupgrade/experimental.manifest
@ -99,16 +99,16 @@ These commands can be used on a node:
::
# Update with some probability
autoupdater
# Update with some probability
autoupdater
::
# Force update check, even when the updater is disabled
autoupdater -f
# Force update check, even when the updater is disabled
autoupdater -f
::
# If fallback is true the updater will perform an update only if the timespan
# PRIORITY days (as defined in the manifest) and another 24h have passed
autoupdater --fallback
# If fallback is true the updater will perform an update only if the timespan
# PRIORITY days (as defined in the manifest) and another 24h have passed
autoupdater --fallback

3
docs/features/configmode.rst
View File

@ -18,9 +18,6 @@ Config Mode by pressing and holding the RESET/WPS/DECT button for about three
seconds. The device should reboot (all LEDs will turn off briefly) and
Config Mode will be available.
If you have access to the console of the node, there is the
``gluon-enter-setup-mode`` command, which reboots a node into Config Mode.
Port Configuration
------------------

51
docs/features/dns-cache.rst
View File

@ -1,51 +0,0 @@
DNS caching
===========
User experience may be greatly improved when dns is accelerated. Also, it
seems like a good idea to keep the number of packages being exchanged
between node and gateway as small as possible. In order to do this, a
DNS cache may be used on a node. The dnsmasq instance listening on port
53 on the node will be reconfigured to answer requests, use a list of
upstream servers and a specific cache size if the options listed below are
added to site.conf. Upstream servers are the DNS servers which are normally
used by the nodes to resolve hostnames (e.g. gateways/supernodes).
There are the following settings:
servers
cacheentries
To use the node's DNS server, both options should be set. The node will cache at
most 'cacheentries' many DNS records in RAM. The 'servers' list will be used to
resolve the received DNS queries if the request cannot be answered from
cache. Gateways should announce the "next node" address via DHCP and RDNSS (if
any). Note that not setting 'servers' here will lead to DNS not working: Once
the gateways all announce the "next node" address for DNS, there is no way for
nodes to automatically determine DNS servers. They have to be baked into the
firmware.
If these settings do not exist, the cache is not initialized and RAM usage will
not increase.
When next_node.name is set, an A record and an AAAA record for the
next-node IP address are placed in the dnsmasq configuration. This means that
the content of next_node.name may be resolved even without upstream connectivity.
It is suggested to use the same name as the DNS server provides:
e.g. nextnode.location.community.example.org (This way the name also works if a
client uses static DNS Servers). Hint: If next_node.name does not contain a dot
some browsers would open the searchpage instead.
::
dns = {
cacheentries = 5000,
servers = { '2001:db8::1', },
},
next_node = {
name = { 'nextnode.location.community.example.org', 'nextnode', 'nn' },
ip6 = '2001:db8:8::1',
ip4 = '198.51.100.1',
}
Each cache entry will occupy about 90 bytes of RAM.

26
docs/features/dns-forwarder.rst Normal file
View File

@ -0,0 +1,26 @@
DNS forwarder
=============
A Gluon node can be configured to act as a DNS forwarder. Requests for the
next-node hostname(s) can be answered locally, without querying the upstream
resolver.
**Note:** While this reduces answer time and allows to use the next-node
hostname without upstream connectivity, this feature should not be used for
next-node hostnames that are FQDN when the zone uses DNSSEC.
One or more upstream resolvers can be configured in the *dns.servers* setting.
When *next_node.name* is set, A and/or AAAA records for the next-node IP
addresses are placed in the dnsmasq configuration.
::
dns = {
servers = { '2001:db8::1', },
},
next_node = {
name = { 'nextnode.location.community.example.org', 'nextnode', 'nn' },
ip6 = '2001:db8:8::1',
ip4 = '198.51.100.1',
}

2
docs/features/monitoring.rst
View File

@ -47,7 +47,7 @@ installed. Please note that at least one alfred daemon is required to run as
.. _alfred-json: https://github.com/ffnord/alfred-json
The following data types are used:
The following datatypes are used:
* `nodeinfo`: 158
* `statistics`: 159

202
docs/features/multidomain.rst
View File

@ -21,18 +21,18 @@ Overview
Multidomain support allows to build a single firmware with multiple,
switchable domain configurations. The nomenclature is as follows:
- ``site``: an aggregate over multiple domains
- ``domain``: mesh network with connectivity parameters that prevent
accidental bridging with other domains
- ``domain code``: unique domain identifier
- ``domain name``: pretty name for a domain code
- ``site``: an aggregate over multiple domains
- ``domain``: mesh network with connectivity parameters that prevent
accidental bridging with other domains
- ``domain code``: unique domain identifier
- ``domain name``: pretty name for a domain code
By default Gluon builds firmware with a single domain embedded into
``site.conf``. To use multiple domains, enable it in ``site.mk``:
::
GLUON_MULTIDOMAIN=1
GLUON_MULTIDOMAIN=1
In the site repository, create the ``domains/`` directory, which will
hold your domain configurations. Each domain configuration file is named
@ -41,26 +41,26 @@ supported.
::
site/
|-- site.conf
|-- site.mk
|-- i18n/
|-- domains/
|-- alpha_centauri.conf
|-- beta_centauri.conf
|-- gamma_centauri.conf
site/
|-- site.conf
|-- site.mk
|-- i18n/
|-- domains/
|-- alpha_centauri.conf
|-- beta_centauri.conf
|-- gamma_centauri.conf
The domain configuration ``alpha_centauri.conf`` could look like this.
::
{
domain_names = {
alpha_centauri = 'Alpha Centauri'
},
{
domain_names = {
alpha_centauri = 'Alpha Centauri'
},
-- more domain specific config follows below
}
-- more domain specific config follows below
}
In this example “Alpha Centauri” is the user-visible ``domain_name`` for the
domain_code ``alpha_centauri``. Also note that the domain code
@ -93,12 +93,12 @@ Via commandline
::
gluon-switch-domain 'newdomaincode'
gluon-switch-domain 'newdomaincode'
When the node is not in config mode, ``gluon-switch-domain`` will automatically
reboot the node by default. This can be suppressed by passing ``--no-reboot``::
gluon-switch-domain --no-reboot 'newdomaincode'
gluon-switch-domain --no-reboot 'newdomaincode'
Switching the domain without reboot is currently **experimental**.
@ -123,113 +123,115 @@ site or domain context.
site.conf only variables
^^^^^^^^^^^^^^^^^^^^^^^^
- Used in as initial default values, when the firmware was just flashed
and/or the config mode is skipped, so they do not make sense in a
domain specific way:
- Used in as initial default values, when the firmware was just flashed
and/or the config mode is skipped, so they do not make sense in a
domain specific way:
- authorized_keys
- default_domain
- poe_passthrough
- interfaces.*.default_roles
- setup_mode.skip
- autoupdater.branch
- mesh_vpn.enabled
- mesh_vpn.pubkey_privacy
- mesh_vpn.bandwidth_limit
- mesh_vpn.bandwidth_limit.enabled
- mesh_vpn.bandwidth_limit.ingress
- mesh_vpn.bandwidth_limit.egress
- authorized_keys
- default_domain
- poe_passthrough
- mesh_on_wan
- mesh_on_lan
- single_as_lan
- setup_mode.skip
- autoupdater.branch
- mesh_vpn.enabled
- mesh_vpn.pubkey_privacy
- mesh_vpn.bandwidth_limit
- mesh_vpn.bandwidth_limit.enabled
- mesh_vpn.bandwidth_limit.ingress
- mesh_vpn.bandwidth_limit.egress
- Variables that influence the appearance of the config mode,
domain-independent because they are relevant before a domain was selected.
- Variables that influence the appearance of the config mode,
domain-independent because they are relevant before a domain was selected.
- config_mode.geo_location.show_altitude
- config_mode.hostname.optional
- config_mode.remote_login
- config_mode.remote_login.show_password_form
- config_mode.remote_login.min_password_length
- hostname_prefix
- mesh_vpn.fastd.configurable
- roles.default
- roles.list
- config_mode.geo_location.show_altitude
- config_mode.hostname.optional
- config_mode.remote_login
- config_mode.remote_login.show_password_form
- config_mode.remote_login.min_password_length
- hostname_prefix
- mesh_vpn.fastd.configurable
- roles.default
- roles.list
- Specific to a firmware build itself:
- Specific to a firmware build itself:
- site_code
- site_name
- autoupdater.branches.*.name
- autoupdater.branches.*.good_signatures
- autoupdater.branches.*.pubkeys
- site_code
- site_name
- autoupdater.branches.*.name
- autoupdater.branches.*.good_signatures
- autoupdater.branches.*.pubkeys
- We simply do not see any reason, why these variables could be helpful
in a domain specific way:
- We simply do not see any reason, why these variables could be helpful
in a domain specific way:
- mesh_vpn.fastd.syslog_level
- timezone
- regdom
- mesh_vpn.fastd.syslog_level
- timezone
- regdom
domain.conf only variables
^^^^^^^^^^^^^^^^^^^^^^^^^^
- Obviously:
- Obviously:
- domain_names
- domain_names
- a table of domain codes to domain names
``domain_names = { foo = 'Foo Domain', bar = 'Bar Domain', baz = 'Baz Domain' }``
- a table of domain codes to domain names
``domain_names = { foo = 'Foo Domain', bar = 'Bar Domain', baz = 'Baz Domain' }``
- hide_domain
- hide_domain
- prevents a domain name(s) from appearing in config mode, either
boolean or array of domain codes
- prevents a domain name(s) from appearing in config mode, either
boolean or array of domain codes
- ``true``, ``false``
- ``{ 'foo', 'bar' }``
- ``true``, ``false``
- ``{ 'foo', 'bar' }``
- Because each domain is considered a separate layer 2 network, these
values should be different in each domain:
- Because each domain is considered as an own layer 2 network, these
values should be different in each domain:
- next_node.ip4
- next_node.ip6
- next_node.name
- prefix6
- prefix4
- extra_prefixes6
- next_node.ip4
- next_node.ip6
- next_node.name
- prefix6
- prefix4
- extra_prefixes6
- To prevent accidental bridging of different domains, all meshing
technologies should be separated:
- To prevent accidental bridging of different domains, all meshing
technologies should be separated:
- domain_seed (wired mesh)
- domain_seed (wired mesh)
- must be a random value used to derive the vxlan id for wired meshing
- must be a random value used to derive the vxlan id for wired meshing
- wifi*.mesh.id
- mesh_vpn.fastd.groups.*.peers.remotes
- mesh_vpn.fastd.groups.*.peers.key
- mesh_vpn.tunneldigger.brokers
- wifi*.mesh.id
- mesh_vpn.fastd.groups.*.peers.remotes
- mesh_vpn.fastd.groups.*.peers.key
- mesh_vpn.tunneldigger.brokers
- Clients consider WiFi networks sharing the same ESSID as if they were
the same L2 network and try to reconfirm and reuse previous
addressing. If multiple neighbouring domains shared the same ESSID,
the roaming experience of clients would degrade.
- Clients consider WiFi networks sharing the same ESSID as if they were
the same L2 network and try to reconfirm and reuse previous
addressing. If multiple neighbouring domains shared the same ESSID,
the roaming experience of clients would degrade.
- wifi*.ap.ssid
- wifi*.ap.ssid
- Some values should be only set in legacy domains and not in new domains.
- Some values should be only set in legacy domains and not in new domains.
- mesh.vxlan
- mesh.vxlan
- By default, this value is `true`. It should be only set to `false`
for one legacy domain, since vxlan prevents accidental wired
merges of domains. For old domains this value is still available
to keep compatibility between all nodes in one domain.
- By default, this value is `true`. It should be only set to `false`
for one legacy domain, since vxlan prevents accidental wired
merges of domains. For old domains this value is still available
to keep compatibility between all nodes in one domain.
- next_node.mac
- next_node.mac
- For new domains, the default value should be used, since there is
no need for a special mac (or domain specific mac). For old domains
this value is still available to keep compatibility between all
nodes in one domain.
- For new domains, the default value should be used, since there is
no need for a special mac (or domain specific mac). For old domains
this value is still available to keep compatibility between all
nodes in one domain.
Example config
--------------

4
docs/features/private-wlan.rst
View File

@ -1,8 +1,8 @@
Private WLAN
============
It is possible to set up a private WLAN that bridges the uplink port and is separated from the mesh network.
Please note that you should not enable Wired Mesh on the uplink port at the same time.
It is possible to set up a private WLAN that bridges the WAN port and is separated from the mesh network.
Please note that you should not enable ``mesh_on_wan`` simultaneously.
The private WLAN is encrypted using WPA2 by default. On devices with enough flash and a supported radio,
WPA3 or WPA2/WPA3 mixed-mode can be used instead of WPA2. For this to work, the ``wireless-encryption-wpa3``

221
docs/features/vpn.rst
View File

@ -1,212 +1,57 @@
Mesh VPN
Mesh-VPN
========
Gluon integrates several layer 2 tunneling protocols to
allow connections between local meshes through the internet.
Gluon integrates several OSI-Layer 2 tunneling protocols to
enable interconnects between local meshes and provide
internetwork access. Available protocols currently are:
Protocol handlers
^^^^^^^^^^^^^^^^^
- fastd
- L2TPv3 (via tunneldigger)
There are currently three protocol handlers which can be selected
via ``GLUON_FEATURES`` in ``site.mk``:
mesh-vpn-fastd
""""""""""""""
fastd is a lightweight userspace tunneling daemon that
fastd is a lightweight userspace tunneling daemon, that
implements cipher suites that are specifically designed
to work well on embedded devices. It offers encryption
and authentication.
The primary drawback of fastd's encrypted connection modes
is the necessary context switches when forwarding packets.
A kernel-supported L2TPv3 offloading option is available to
work around the context-switching bottleneck, but it comes
at the cost of losing the ability to protect tunnel connections
against eavesdropping or manipulation.
and authentication. Its primary drawback are the necessary
context-switches when forwarding packets.
mesh-vpn-tunneldigger
"""""""""""""""""""""
Tunneldigger always uses L2TPv3, generally achieving the same
performance as fastd with the ``null@l2tp`` method, but offering
no security.
Tunneldigger's primary drawback is the lack of IPv6 support.
It also provides less configurability than fastd.
mesh-vpn-wireguard
""""""""""""""""""
WireGuard is an encrypted in-kernel tunneling protocol that
provides encrypted transmission and at the same time offers
high throughput.
L2TPv3 is an in-kernel tunneling protocol that performs well,
but offers no security properties by itself.
The brokering of the tunnel happens through tunneldigger,
its primary drawback being the lack of IPv6 support.
fastd
^^^^^
-----
.. _VPN fastd methods:
Methods
"""""""
fastd offers various different connection "methods" with different
security properties that can be configured in the site configuration.
The following methods are currently recommended:
- ``salsa2012+umac``: Encrypted + authenticated
- ``null+salsa2012+umac``: Unencrypted, authenticated
- ``null@l2tp``: Unencrypted, unauthenticated
Multiple methods can be listed in ``site.conf``. The first listed method
supported by both the node and its peer will be used.
The use of the ``null@l2tp`` method with offloading enabled can provide a
considerable performance gain, especially on weaker embedded hardware.
For L2TP offloading, the ``mesh-vpn-fastd-l2tp`` feature needs to be enabled in
``site.mk``.
Configurable Cipher
^^^^^^^^^^^^^^^^^^^
.. _vpn-gateway-configuration:
Gateway / Supernode Configuration
"""""""""""""""""""""""""""""""""
When only using the ``null`` or ``null@l2tp`` methods without offloading,
simply add these methods to the front of the method list. ``null@l2tp``
should always appear before ``null`` in the configuration when both are enabled.
fastd v22 or newer is needed for the ``null@l2tp`` method.
It is often not necessary to enable L2TP offloading on supernodes for
performance reasons. Nodes using offloading can communicate with supernodes that
don't use offloading as long as both use the ``null@l2tp`` method.
.. _vpn-gateway-configuration-offloading:
Offloading on Gateways / Supernodes
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
To enable L2TP offloading on the supornodes, it is recommended to study the
fastd documentation section pertaining to the `offload configuration option
<https://fastd.readthedocs.io/en/stable/manual/config.html#option-offload>`_.
However, the important changes to the fastd config on your Supernode are:
- | Set ``mode multitap;``
| Every peer gets their own interface.
- | Replace ``interface "foo":`` with ``interface "peer-%k";``
| ``%k`` is substituted for a portion of the peers public key.
- | Set ``offload l2tp yes;``
| This tells fastd to use the l2tp kernel module.
- | Set ``persist interface no;``
| This tells fastd to only keep interfaces around while the connection is active.
Note that in ``multitap`` mode, which is required when using L2TP offloading,
fastd will create one interface per peer on the supernode's. This allows
offloading the L2TP forwarding into the kernel space. But this also means added
complexity with regards to handling those interfaces.
There are two main options on how you can handle this:
- create ``on up`` and ``on down`` hooks
- to handle interface setup and destruction
- preferably using the async keyword, so hooks are not blocking fastd
- use a daemon like systemd-networkd
Examples for both options can be found in the
`Wiki <https://github.com/freifunk-gluon/gluon/wiki/fastd-l2tp-offloading-on-supernodes>`_.
Configurable Method
"""""""""""""""""""
From the site configuration, fastd can be allowed to offer
From the site configuration fastd can be allowed to offer
toggleable encryption in the config mode with the intent to
increase throughput.
increase throughput, although in practice the gain is minimal.
There is also an older unprotected method ``null``. Use of the newer
``null@l2tp`` method is generally recommended over ``null``, as the
performance gains provided by the latter (compared to the encrypted
and authenticated methods) are very small.
**Site configuration:**
Site configuration
~~~~~~~~~~~~~~~~~~
1) Add the feature ``web-mesh-vpn-fastd`` in ``site.mk``
2) Set ``mesh_vpn.fastd.configurable = true`` in ``site.conf``
3) Optionally add ``null`` to the ``mesh_vpn.fastd.methods`` table if you want "Performance mode" as default (not recommended)
1)
Add the feature ``web-mesh-vpn-fastd`` in ``site.mk``
2)
Set ``mesh_vpn.fastd.configurable = true`` in ``site.conf``
3)
Optionally, add ``null@l2tp`` to the ``mesh_vpn.fastd.methods`` table if you want
"Performance mode" as default (not recommended)
**Gateway configuration:**
Config Mode
~~~~~~~~~~~
1) Prepend the ``null`` cipher in fastd's method list
**Config Mode:**
The resulting firmware will allow users to choose between secure (encrypted) and fast (unencrypted) transport.
.. image:: fastd_mode.gif
To confirm whether the correct cipher is being used, the log output
of fastd can be checked using ``logread``.
**Unix socket:**
To confirm whether the correct cipher is being used, fastd's unix
socket can be interrogated, after installing for example `socat`.
WireGuard
^^^^^^^^^
::
In order to support WireGuard in Gluon, a few technologies are glued together.
**VXLAN:** As Gluon typically relies on batman-adv, the Mesh VPN has to provide
OSI Layer 2 transport. But WireGuard is an OSI Layer 3 tunneling protocol, so
additional technology is necessary here. For this, we use VXLAN. In short, VXLAN
is a well-known technology to encapsulate ethernet packages into IP packages.
You can think of it as kind of similar to VLAN, but on a different layer. Here,
we use VXLAN to transport batman-adv traffic over WireGuard.
**wgpeerselector**: To connect all gluon nodes to each other, it is common to
create a topology where each gluon node is connected to one of the available
gateways via Mesh VPN respectively. To achieve this, the gluon node should be
able to select a random gateway to connect to. But such "random selection of a
peer" is not implemented in WireGuard by default. WireGuard only knows static
peers. Therefore the *wgpeerselector* has been developed. It randomly selects a
gateway, tries to establish a connection, and if it fails, tries to connect
to the next gateway. This approach has several advantages, such as load
balancing VPN connection attempts and avoiding problems with offline gateways.
More information about the wgpeerselector and its algorithm can be found
`here <https://github.com/freifunk-gluon/packages/blob/master/net/wgpeerselector/README.md>`__.
On the gluon node both VXLAN and the wgpeerselector are well integrated and no
explicit configuration of those tools is necessary, once the general WireGuard
support has been configured.
Attention must by paid to time synchronization. As WireGuard
performs checks on timestamps in order to avoid replay attacks, time must
be synchronized before the Mesh VPN connection is established. This means that
the NTP servers specified in your site.conf must be publicly available (and not
only through the mesh). Be aware that if you fail this, you may not directly see
negative effects. Only when a previously connected node reboots the effect
comes into play, as the gateway still knows about the old timestamp of the gluon
node.
gluon-mesh-vpn-key-translate
""""""""""""""""""""""""""""
Many communities already possess a collection of active fastd-keys when they
plan migrating their community to WireGuard.
These public keys known on the server-side can be derived into their WireGuard
equivalent using `gluon-mesh-vpn-key-translate <https://github.com/AiyionPrime/gluon-mesh-vpn-key-translate>`__.
The routers do the necessary reencoding of the private key seamlessly
when updating firmware from fastd to the WireGuard variant.
Gateway / Supernode Configuration
"""""""""""""""""""""""""""""""""
On the gateway side, a software called *wireguard-vxlan-glue* is necessary. It
is a small daemon that dynamically adds and removes forwarding rules for VXLAN
interfaces, so traffic is sent correctly into the WireGuard interface. Thereby
the forwarding rules are only installed if a client is connected, so
unnecessary traffic in the kernel is avoided. The source can be found
`here <https://github.com/freifunkh/wireguard-vxlan-glue/>`__.
opkg update
opkg install socat
socat - UNIX-CONNECT:/var/run/fastd.mesh_vpn.socket

82
docs/features/wired-mesh.rst
View File

@ -50,84 +50,38 @@ Configuration
Both Mesh-on-WAN and Mesh-on-LAN can be configured on the "Network" page
of the *Advanced settings* (if the package ``gluon-web-network`` is installed).
It is also possible to enable Mesh-on-WAN and Mesh-on-LAN by default by adding
the ``mesh`` role to the ``interfaces.*.default_roles`` options in your
:ref:`site.conf<user-site-interfaces>`.
.. _wired-mesh-commandline:
It is also possible to enable Mesh-on-WAN and Mesh-on-LAN by default by
adding ``mesh_on_wan = true`` and ``mesh_on_lan = true`` to ``site.conf``.
Commandline
===========
Starting with release 2022.1, the wired network configuration is rebuilt from ``/etc/config/gluon``
upon each ``gluon-reconfigure``.
Therefore the network configuration is overwritten at least with every firmware upgrade.
Every interface has a list of roles assigned to it which can be ``client``, ``mesh`` or ``uplink``.
When the client role is assigned to an interface in combination with other roles
(like 'client', 'mesh' in the Mesh-on-LAN example below), the other roles take
precedence, enabling mesh but not client in the previous example.
The setup/config-mode interface is every interface with the role ``client`` which makes removing
it from interfaces not only unnecessary, but generally unrecommended.
In order to make persistent changes to the router's configuration it's necessary to:
* change the sections in ``/etc/config/gluon`` e.g. using uci (see examples below)
* call ``gluon-reconfigure`` to re-generate ``/etc/config/network``
* apply the networking changes, either through executing ``service network restart`` or by performing a ``reboot``
Enable Mesh-on-WAN::
uci add_list gluon.iface_wan.role='mesh'
uci commit gluon
uci set network.mesh_wan.disabled=0
uci commit network
Disable Mesh-on-WAN::
uci del_list gluon.iface_wan.role='mesh'
uci commit gluon
uci set network.mesh_wan.disabled=1
uci commit network
Enable Mesh-on-LAN::
uci add_list gluon.iface_lan.role='mesh'
uci commit gluon
uci set network.mesh_lan.disabled=0
for ifname in $(cat /lib/gluon/core/sysconfig/lan_ifname); do
uci del_list network.client.ifname=$ifname
done
uci commit network
Disable Mesh-on-LAN::
uci del_list gluon.iface_lan.role='mesh'
uci commit gluon
uci set network.mesh_lan.disabled=1
for ifname in $(cat /lib/gluon/core/sysconfig/lan_ifname); do
uci add_list network.client.ifname=$ifname
done
uci commit network
For devices with a single interface, instead of `iface_lan` and `iface_wan` configuration is
done with `iface_single`.
Enable Mesh-on-Single::
uci add_list gluon.iface_single.role='mesh'
uci commit gluon
Disable Mesh-on-Single::
uci del_list gluon.iface_single.role='mesh'
uci commit gluon
Furthermore it is possible to make use of 802.1Q VLAN.
The following statements would create a VLAN with id 8 on ``eth0`` and join the mesh network with it::
uci set gluon.iface_lan_vlan8=interface
uci set gluon.iface_lan_vlan8.name='eth0.8'
uci add_list gluon.iface_lan_vlan8.role='mesh'
uci commit gluon
Other VLAN-interfaces could be configured on the same parent interface in order to have
all three roles available on ``eth0`` without having them interfere with each other.
This feature comes in especially handy for the persistent configuration of virtual machines
as offloader for bigger installations.
A ``reboot`` is not sufficient to apply an altered configuration; calling ``gluon-reconfigure`` before is
mandatory in order for changes to take effect.
Please note that this configuration has changed in Gluon 2022.1. Using
the old commands on 2022.1 and later will break the corresponding options
Please note that this configuration has changed in Gluon 2016.1. Using
the old commands on 2016.1 and later will break the corresponding options
in the *Advanced settings*.

6
docs/features/wlan-configuration.rst
View File

@ -16,10 +16,10 @@ by the user). This means that it is not possible to enable or disable an existin
configurations during upgrades.
During upgrades the wifi channel of the 2.4GHz and 5GHz radio will be restored to the channel
configured in the site.conf. The channel width will be reset to Gluon's default. If you need to preserve
these settings during upgrades you can configure this via the uci section ``gluon-core.wireless``::
configured in the site.conf. If you need to preserve a user defined wifi channel during upgrades
you can configure this via the uci section ``gluon-core.wireless``::
uci set gluon.wireless.preserve_channels='1'
uci set gluon-core.@wireless[0].preserve_channels='1'
When channels should be preserved, toggling the outdoor mode will have no effect on the channel settings.
Therefore, the Outdoor mode settings won't be displayed in config mode.

115
docs/index.rst
View File

@ -6,80 +6,79 @@ Several Freifunk communities in Germany use Gluon as the foundation of their Fre
.. toctree::
:caption: User Documentation
:maxdepth: 2
:caption: User Documentation
:maxdepth: 2
user/getting_started
user/site
user/supported_devices
user/x86
user/faq
user/mtu
user/getting_started
user/site
user/supported_devices
user/x86
user/faq
.. toctree::
:caption: Features
:maxdepth: 2
:caption: Features
:maxdepth: 2
features/configmode
features/autoupdater
features/wlan-configuration
features/private-wlan
features/wired-mesh
features/dns-cache
features/monitoring
features/multidomain
features/authorized-keys
features/roles
features/vpn
features/configmode
features/autoupdater
features/wlan-configuration
features/private-wlan
features/wired-mesh
features/dns-forwarder
features/monitoring
features/multidomain
features/authorized-keys
features/roles
features/vpn
.. toctree::
:caption: Developer Documentation
:maxdepth: 2
:caption: Developer Documentation
:maxdepth: 2
dev/basics
dev/hardware
dev/packages
dev/upgrade
dev/uplink
dev/mac_addresses
dev/site_library
dev/build
dev/debugging
dev/basics
dev/hardware
dev/packages
dev/upgrade
dev/wan
dev/mac_addresses
dev/site_library
dev/build
dev/debugging
.. toctree::
:caption: gluon-web Reference
:maxdepth: 1
:caption: gluon-web Reference
:maxdepth: 1
dev/web/controller
dev/web/model
dev/web/view
dev/web/i18n
dev/web/config-mode
dev/web/controller
dev/web/model
dev/web/view
dev/web/i18n
dev/web/config-mode
.. toctree::
:caption: Packages
:maxdepth: 1
:caption: Packages
:maxdepth: 1
package/gluon-client-bridge
package/gluon-config-mode-domain-select
package/gluon-ebtables-filter-multicast
package/gluon-ebtables-filter-ra-dhcp
package/gluon-ebtables-limit-arp
package/gluon-ebtables-source-filter
package/gluon-hoodselector
package/gluon-logging
package/gluon-mesh-batman-adv
package/gluon-mesh-wireless-sae
package/gluon-radv-filterd
package/gluon-scheduled-domain-switch
package/gluon-web-admin
package/gluon-web-logging
package/gluon-client-bridge
package/gluon-config-mode-domain-select
package/gluon-ebtables-filter-multicast
package/gluon-ebtables-filter-ra-dhcp
package/gluon-ebtables-limit-arp
package/gluon-ebtables-source-filter
package/gluon-hoodselector
package/gluon-logging
package/gluon-mesh-batman-adv
package/gluon-mesh-wireless-sae
package/gluon-radv-filterd
package/gluon-scheduled-domain-switch
package/gluon-web-admin
package/gluon-web-logging
.. toctree::
:caption: Releases
:maxdepth: 1
:caption: Releases
:maxdepth: 1
releases/index
releases/index
License
-------

2
docs/multidomain-site-example/site.conf
View File

@ -20,10 +20,10 @@
},
mesh_vpn = {
mtu = 1312,
fastd = {
methods = {'salsa2012+umac'},
mtu = 1312,
},
bandwidth_limit = {

3
docs/multidomain-site-example/site.mk
View File

@ -58,3 +58,6 @@ GLUON_REGION ?= eu
# Languages to include
GLUON_LANGS ?= en de
# Do not build images for deprecated devices
GLUON_DEPRECATED ?= 0

4
docs/package/gluon-mesh-batman-adv.rst
View File

@ -2,7 +2,7 @@ gluon-mesh-batman-adv
=====================
.. image:: gluon-mesh-batman-adv-logo.svg
:width: 300 px
:width: 300 px
B.A.T.M.A.N. Advanced (often referenced as batman-adv) is an implementation of
the B.A.T.M.A.N. routing protocol in form of a linux kernel module operating on layer 2.
@ -47,7 +47,7 @@ Multicast Architecture
----------------------
.. image:: gluon-mesh-batman-adv-multicast.svg
:width: 300 px
:width: 300 px
While generally broadcast capability is a nice feature of a layer 2
mesh protocol, it quickly reaches its limit.

18
docs/package/gluon-scheduled-domain-switch.rst
View File

@ -15,15 +15,15 @@ site.conf
All those settings have to be defined exclusively in the domain, not the site.
domain_switch : optional (needed for domains to switch)
target_domain :
- target domain to switch to
switch_after_offline_mins :
- amount of time without reachable gateway to switch unconditionally
switch_time :
- UNIX epoch after which domain will be switched
connection_check_targets :
- array of IPv6 addresses which are probed to determine if the node is
connected to the mesh
target_domain :
- target domain to switch to
switch_after_offline_mins :
- amount of time without reachable gateway to switch unconditionally
switch_time :
- UNIX epoch after which domain will be switched
connection_check_targets :
- array of IPv6 addresses which are probed to determine if the node is
connected to the mesh
Example::

170
docs/releases/index.rst
View File

@ -2,128 +2,118 @@ Release Notes
=============
.. toctree::
:caption: Gluon 2022.1
:maxdepth: 2
:caption: Gluon 2021.1
:maxdepth: 2
v2022.1.4
v2022.1.3
v2022.1.2
v2022.1.1
v2022.1
v2021.1.2
v2021.1.1
v2021.1
.. toctree::
:caption: Gluon 2021.1
:maxdepth: 2
:caption: Gluon 2020.2
:maxdepth: 2
v2021.1.2
v2021.1.1
v2021.1
v2020.2.3
v2020.2.2
v2020.2.1
v2020.2
.. toctree::
:caption: Gluon 2020.2
:maxdepth: 2
:caption: Gluon 2020.1
:maxdepth: 2
v2020.2.3
v2020.2.2
v2020.2.1
v2020.2
v2020.1.4
v2020.1.3
v2020.1.2
v2020.1.1
v2020.1
.. toctree::
:caption: Gluon 2020.1
:maxdepth: 2
:caption: Gluon 2019.1
:maxdepth: 2
v2020.1.4
v2020.1.3
v2020.1.2
v2020.1.1
v2020.1
v2019.1.3
v2019.1.2
v2019.1.1
v2019.1
.. toctree::
:caption: Gluon 2019.1
:maxdepth: 2
:caption: Gluon 2018.2
:maxdepth: 2
v2019.1.3
v2019.1.2
v2019.1.1
v2019.1
v2018.2.4
v2018.2.3
v2018.2.2
v2018.2.1
v2018.2
.. toctree::
:caption: Gluon 2018.2
:maxdepth: 2
:caption: Gluon 2018.1
:maxdepth: 2
v2018.2.4
v2018.2.3
v2018.2.2
v2018.2.1
v2018.2
v2018.1.4
v2018.1.3
v2018.1.2
v2018.1.1
v2018.1
.. toctree::
:caption: Gluon 2018.1
:maxdepth: 2
:caption: Gluon 2017.1
:maxdepth: 2
v2018.1.4
v2018.1.3
v2018.1.2
v2018.1.1
v2018.1
v2017.1.8
v2017.1.7
v2017.1.6
v2017.1.5
v2017.1.4
v2017.1.3
v2017.1.2
v2017.1.1
v2017.1
.. toctree::
:caption: Gluon 2017.1
:maxdepth: 2
:caption: Gluon 2016.2
:maxdepth: 2
v2017.1.8
v2017.1.7
v2017.1.6
v2017.1.5
v2017.1.4
v2017.1.3
v2017.1.2
v2017.1.1
v2017.1
v2016.2.7
v2016.2.6
v2016.2.5
v2016.2.4
v2016.2.3
v2016.2.2
v2016.2.1
v2016.2
.. toctree::
:caption: Gluon 2016.2
:maxdepth: 2
:caption: Gluon 2016.1
:maxdepth: 2
v2016.2.7
v2016.2.6
v2016.2.5
v2016.2.4
v2016.2.3
v2016.2.2
v2016.2.1
v2016.2
v2016.1.6
v2016.1.5
v2016.1.4
v2016.1.3
v2016.1.2
v2016.1.1
v2016.1
.. toctree::
:caption: Gluon 2016.1
:maxdepth: 2
:caption: Gluon 2015.1
:maxdepth: 2
v2016.1.6
v2016.1.5
v2016.1.4
v2016.1.3
v2016.1.2
v2016.1.1
v2016.1
v2015.1.2
v2015.1.1
v2015.1
.. toctree::
:caption: Gluon 2015.1
:maxdepth: 2
:caption: Gluon 2014.4
:maxdepth: 2
v2015.1.2
v2015.1.1
v2015.1
v2014.4
.. toctree::
:caption: Gluon 2014.4
:maxdepth: 2
:caption: Gluon 2014.3
:maxdepth: 2
v2014.4
.. toctree::
:caption: Gluon 2014.3
:maxdepth: 2
v2014.3.1
v2014.3
v2014.3.1
v2014.3

28
docs/releases/v2015.1.rst
View File

@ -170,16 +170,16 @@ Site changes
for example::
fastd_mesh_vpn = {
methods = {'salsa2012+umac'},
mtu = 1426,
groups = {
backbone = {
limit = 2,
peers = {
-- ...
}
methods = {'salsa2012+umac'},
mtu = 1426,
groups = {
backbone = {
limit = 2,
peers = {
-- ...
}
}
}
}
}
- ``config_mode``: The config mode messages aren't configured in ``site.conf`` anymore. Instead, they are
@ -190,11 +190,11 @@ Site changes
in the site i18n files. The ``site.conf`` section becomes::
roles = {
default = 'foo',
list = {
'foo',
'bar',
}
default = 'foo',
list = {
'foo',
'bar',
}
}
The display string use i18n message IDs like ``gluon-luci-node-role:role:foo`` and ``gluon-luci-node-role:role:bar``.

18
docs/releases/v2016.1.5.rst
View File

@ -9,21 +9,21 @@ ar71xx-generic
* OpenMesh
- MR600 (v1, v2)
- MR900 (v1, v2)
- OM2P (v1, v2)
- OM2P-HS (v1, v2)
- OM2P-LC
- OM5P
- OM5P-AN
- MR600 (v1, v2)
- MR900 (v1, v2)
- OM2P (v1, v2)
- OM2P-HS (v1, v2)
- OM2P-LC
- OM5P
- OM5P-AN
* Ubiquiti
- Rocket M XW
- Rocket M XW
* TP-LINK
- TL-WR841N/ND v11
- TL-WR841N/ND v11
Bugfixes
~~~~~~~~

2
docs/releases/v2017.1.rst
View File

@ -88,8 +88,6 @@ New features
* Add support for making nodes a DNS cache for clients
(`#1000 <https://github.com/freifunk-gluon/gluon/pull/1000>`_)
See also: :doc:`../features/dns-cache`
* Add L2TP via tunneldigger as an alternative VPN system
(`#978 <https://github.com/freifunk-gluon/gluon/pull/978>`_)

2
docs/releases/v2018.1.2.rst
View File

@ -28,7 +28,7 @@ Bugfixes
As the path to both config mode and status page were changed between versions
users could be affected by a redirect to a no more valid URL.
* batman-adv has received two bugfixes, which were `backported <https://github.com/openwrt/routing/commit/7bf62cc8b556b5046f9bbd37687376fe9ea175bb>`_ from v2018.4
* batman-adv has received two bugfixes, which were `backported <https://github.com/openwrt-routing/packages/commit/7bf62cc8b556b5046f9bbd37687376fe9ea175bb>`_ from v2018.4
Other changes
~~~~~~~~~~~~~

14
docs/releases/v2019.1.1.rst
View File

@ -30,15 +30,13 @@ Known issues
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
- | Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
| Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
| metric.
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
- | Throughput values are not correctly acquired for different interface types.
| (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
| This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)

14
docs/releases/v2019.1.2.rst
View File

@ -26,15 +26,13 @@ Known issues
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
- | Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
| Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
| metric.
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
- | Throughput values are not correctly acquired for different interface types.
| (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
| This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)

14
docs/releases/v2019.1.3.rst
View File

@ -36,15 +36,13 @@ Known issues
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
- | Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
| Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
| metric.
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
- | Throughput values are not correctly acquired for different interface types.
| (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
| This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)

40
docs/releases/v2019.1.rst
View File

@ -73,8 +73,8 @@ ramips-mt7621
.. note::
The ``ipq806x`` target has been flagged as broken, as none of its devices are fully supported in this OpenWrt
release yet. You might have to update your build scripts accordingly.
The ``ipq806x`` target has been flagged as broken, as none of its devices are fully supported in this OpenWrt
release yet. You might have to update your build scripts accordingly.
@ -109,20 +109,20 @@ have outdoor mode automatically enabled during their initial setup, specifically
* Ubiquiti
- Bullet M
- Litebeam M5
- Nanostation M5
- Nanostation M5 Loco
- Rocket M5
- Rocket M5 TI
- Unifi AC Mesh
- Unifi AC Mesh Pro
- Unifi Outdoor
- Bullet M
- Litebeam M5
- Nanostation M5
- Nanostation M5 Loco
- Rocket M5
- Rocket M5 TI
- Unifi AC Mesh
- Unifi AC Mesh Pro
- Unifi Outdoor
* TP-Link
- CPE510
- WBS510
- CPE510
- WBS510
See the :ref:`wifi5 <user-site-wifi5>` section for the *site.conf* configuration of this feature.
@ -253,15 +253,13 @@ Known issues
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
- | Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
| Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
| metric.
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
- | Throughput values are not correctly acquired for different interface types.
| (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
| This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)

14
docs/releases/v2020.1.1.rst
View File

@ -25,15 +25,13 @@ Known issues
- The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
- | Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
| Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
| metric.
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
- | Throughput values are not correctly acquired for different interface types.
| (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
| This affects virtual interface types like bridges and VXLAN.
- Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)

14
docs/releases/v2020.1.2.rst
View File

@ -50,15 +50,13 @@ Known issues
- The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
- | Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
| Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
| metric.
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
- | Throughput values are not correctly acquired for different interface types.
| (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
| This affects virtual interface types like bridges and VXLAN.
- Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)

14
docs/releases/v2020.1.3.rst
View File

@ -30,15 +30,13 @@ Known issues
- The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
- | Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
| Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
| metric.
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
- | Throughput values are not correctly acquired for different interface types.
| (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
| This affects virtual interface types like bridges and VXLAN.
- Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)

98
docs/releases/v2020.1.rst
View File

@ -11,80 +11,80 @@ Added hardware support
ath79-generic
~~~~~~~~~~~~~
- devolo WiFi pro 1200e
- devolo WiFi pro 1200i
- devolo WiFi pro 1750c
- devolo WiFi pro 1750e
- devolo WiFi pro 1750i
- devolo WiFi pro 1750x
- GL.iNet GL-AR300M-Lite
- OCEDO Raccoon
- TP-Link Archer C6 v2
- devolo WiFi pro 1200e
- devolo WiFi pro 1200i
- devolo WiFi pro 1750c
- devolo WiFi pro 1750e
- devolo WiFi pro 1750i
- devolo WiFi pro 1750x
- GL.iNet GL-AR300M-Lite
- OCEDO Raccoon
- TP-Link Archer C6 v2
ipq40xx-generic
~~~~~~~~~~~~~~~
- Aruba AP-303
- Aruba Instant On AP11
- AVM FRITZ!Repeater 1200
- Aruba AP-303
- Aruba Instant On AP11
- AVM FRITZ!Repeater 1200
ipq806x-generic
~~~~~~~~~~~~~~~
- Netgear R7800
- Netgear R7800
lantiq-xway
~~~~~~~~~~~
- AVM FRITZ!Box 7312
- AVM FRITZ!Box 7320
- AVM FRITZ!Box 7330
- AVM FRITZ!Box 7330 SL
- AVM FRITZ!Box 7312
- AVM FRITZ!Box 7320
- AVM FRITZ!Box 7330
- AVM FRITZ!Box 7330 SL
lantiq-xrx200
~~~~~~~~~~~~~
- AVM FRITZ!Box 7360 (v1, v2)
- AVM FRITZ!Box 7360 SL
- AVM FRITZ!Box 7362 SL
- AVM FRITZ!Box 7412
- AVM FRITZ!Box 7360 (v1, v2)
- AVM FRITZ!Box 7360 SL
- AVM FRITZ!Box 7362 SL
- AVM FRITZ!Box 7412
mpc85xx-p1020
~~~~~~~~~~~~~
- Enterasys WS-AP3710i
- OCEDO Panda
- Enterasys WS-AP3710i
- OCEDO Panda
ramips-mt7620
~~~~~~~~~~~~~
- TP-Link Archer C2 (v1)
- TP-Link Archer C20 (v1)
- TP-Link Archer C20i
- TP-Link Archer C50 (v1)
- Xiaomi MiWifi Mini
- TP-Link Archer C2 (v1)
- TP-Link Archer C20 (v1)
- TP-Link Archer C20i
- TP-Link Archer C50 (v1)
- Xiaomi MiWifi Mini
ramips-mt7621
~~~~~~~~~~~~~
- Netgear EX6150 (v1)
- Netgear R6220
- Netgear EX6150 (v1)
- Netgear R6220
ramips-mt76x8
~~~~~~~~~~~~~
- GL.iNet VIXMINI
- TP-Link TL-MR3020 (v3)
- TP-Link TL-WA801ND (v5)
- TP-Link TL-WR902AC (v3)
- GL.iNet VIXMINI
- TP-Link TL-MR3020 (v3)
- TP-Link TL-WA801ND (v5)
- TP-Link TL-WR902AC (v3)
Removed hardware support
------------------------
- ALFA Network Hornet-UB [#kernelpartition_too_small]_
- ALFA Network Tube2H [#kernelpartition_too_small]_
- ALFA Network N2 [#kernelpartition_too_small]_
- ALFA Network N5 [#kernelpartition_too_small]_
- ALFA Network Hornet-UB [#kernelpartition_too_small]_
- ALFA Network Tube2H [#kernelpartition_too_small]_
- ALFA Network N2 [#kernelpartition_too_small]_
- ALFA Network N5 [#kernelpartition_too_small]_
.. [#kernelpartition_too_small]
The kernel partition on this device is too small to build a working image.
@ -127,10 +127,10 @@ Renamed targets
Status Page
~~~~~~~~~~~
- Gateway nexthop information has been added to the status page when batman-adv
- Gateway nexthop information has been added to the statuspage when batman-adv
is used. This includes its MAC address and prettyname as well as the interface
name towards the selected gateway.
- The site name has been added to the status page. If the node is in a multidomain
- The site name has been added to the statuspage. If the node is in a multidomain
setup it will also show the domain name.
DECT button to enter config mode
@ -162,8 +162,8 @@ Site changes
site.mk
~~~~~~~
- The ``GLUON_WLAN_MESH`` variable can be dropped, as 802.11s is
the only supported wireless transport from now on.
- The ``GLUON_WLAN_MESH`` variable can be dropped, as 802.11s is
the only supported wireless transport from now on.
Internals
---------
@ -206,15 +206,13 @@ Known issues
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
- | Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
| Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
| metric.
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
- | Throughput values are not correctly acquired for different interface types.
| (`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
| This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)

2
docs/releases/v2020.2.3.rst
View File

@ -7,7 +7,7 @@ Bugfixes
- LEDs on the ASUS RT-AC51 are now fully functional.
- Netgear EX6150v1 randomly booting into failsafe mode has been fixed.
This happened dependent on the state of the mode setting switch.
This happened dependant on the state of the mode setting switch.
- Dnsmasq has been patched against multiple security issues in its DNS response validation.
See the OpenWrt advisory at https://openwrt.org/advisory/2021-01-19-1

4
docs/releases/v2021.1.1.rst
View File

@ -30,11 +30,11 @@ ramips-mt76x8
Bugfixes
--------
- Missing bandwidth limit settings resulted in a respondd crash for v2021.1.
- Missing bandwith limit settings resulted in a respondd crash for v2021.1.
- The Tunneldigger VPN provider was not registered with the Gluon VPN backend, resulting in broken Tunneldigger configurations.
- Disabling Radio interfaces in v2021.1 could lead to null pointer dereferences in the respondd airtime module, as the survey returns no data in this case.
- Disabling Radio interfaces in v2021.1 could lead to nullpointer dereferences in the respondd airtime module, as the survey returns no data in this case.
Known issues

85
docs/releases/v2022.1.1.rst
View File

@ -1,85 +0,0 @@
Gluon 2022.1.1
==============
Important notes
---------------
This release mitigates multiple flaws in the Linux wireless stack fixing RCE and DoS vulnerabilities.
Added hardware support
----------------------
ipq40xx-generic
~~~~~~~~~~~~~~~
- GL.iNet
- GL-AP1300
mpc85xx-p1010
~~~~~~~~~~~~~
- TP-Link
- TL-WDR4900 (v1)
ramips-mt7621
~~~~~~~~~~~~~
- ZyXEL
- NWA50AX
rockchip-armv8
~~~~~~~~~~~~~~
- FriendlyElec
- NanoPi R4S (4GB LPDDR4)
Bugfixes
--------
* Multiple mitigations for (`critical vulnerabilities <https://seclists.org/oss-sec/2022/q4/20>`_) in the Linux kernel WLAN stack. This only concerns Gluon v2022.1, older Gluon versions are unaffected.
* CVE-2022-41674
* CVE-2022-42719
* CVE-2022-42720
* CVE-2022-42721
* CVE-2022-42722
* Fixes `security issues in WolfSSL <https://openwrt.org/releases/22.03/notes-22.03.1#security_fixes>`_. People who have installed additional, non-Gluon packages which rely on WolfSSL's TLS 1.3 implementation might be affected. Firmwares using either gluon-mesh-wireless-sae or gluon-wireless-encryption-wpa3 are unaffected by these issues, since only WPA-Enterprise relies on the affected TLS functionality.
* CVE-2022-38152
* CVE-2022-39173
* Fixes the update path for GL-AR300M and NanoStation Loco M2/M5 (XW) devices.
Known issues
------------
* A workaround for Android devices not waking up to their MLD subscriptions was removed,
potentially breaking IPv6 connectivity for these devices after extended sleep periods.
(`#2672 <https://github.com/freifunk-gluon/gluon/issues/2672>`_)
* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the NAND flash which the NAND driver before this release does not handle well.
(`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).

37
docs/releases/v2022.1.2.rst
View File

@ -1,37 +0,0 @@
Gluon 2022.1.2
==============
Bugfixes
--------
* Various build-errors which sporadically occur when building with a large thread-count have been fixed
* Android devices do not lose their IPv6 connectivity after extended idle-time
* The 802.11s mesh network is now using 802.11ax HE-modes when supported by hardware
Known issues
------------
* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the NAND flash which the NAND driver before this release does not handle well.
(`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).

40
docs/releases/v2022.1.3.rst
View File

@ -1,40 +0,0 @@
Gluon 2022.1.3
==============
Bugfixes
--------
* Ipq40xx Wave2 devices temporarily use non-ct firmware again to work around 802.11s unicast package loss in ath10k-ct
(`#2692 <https://github.com/freifunk-gluon/gluon/issues/2692>`_)
* Modify kernel builds slightly to work around a boot hang on various devices based on the QCA9563 SoC - especially the Unifi AC-* devices
(`#2784 <https://github.com/freifunk-gluon/gluon/issues/2784>`_)
* Work around an issue with wifi setup timing by waiting a bit while device initialisation is ongoing
(`#2779 <https://github.com/freifunk-gluon/gluon/issues/2779>`_)
Known issues
------------
* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the NAND flash which the NAND driver before this release does not handle well.
(`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).

136
docs/releases/v2022.1.4.rst
View File

@ -1,136 +0,0 @@
Gluon 2022.1.4
==============
Added hardware support
----------------------
ath79-generic
~~~~~~~~~~~~~
- LibreRouter
- LibreRouter (v1)
- Teltonika
- RUT230 (v1)
ath79-nand
~~~~~~~~~~
- Aerohive
- HiveAP 121
- NETGEAR
- WNDR4300 (v1)
lantiq-xrx200
~~~~~~~~~~~~~
- Arcadyan
- o2 Box 6431
ramips-mt7621
~~~~~~~~~~~~~
- Cudy
- X6 (v1, v2)
- D-Link
- DAP-X1860 (A1)
- GL.iNet
- GL-MT1300
- Mercusys
- MR70X (v1)
- Xiaomi
- Mi Router 3G
ramips-mt76x8
~~~~~~~~~~~~~
- TP-Link
- RE200 (v3)
realtek-rtl838x
~~~~~~~~~~~~~~~
- D-Link
- DGS-1210-10P
ipq40xx-generic
~~~~~~~~~~~~~~~
- AVM
- FRITZBox 7520
ipq40xx-mikrotik
~~~~~~~~~~~~~~~~
- Mikrotik
- hAP ac2
Bugfixes
--------
* Enterasys WS-AP3705i now uses the correct image-name for use with the autoupdater
(`#2819 <https://github.com/freifunk-gluon/gluon/issues/2819>`_)
* Reduce memory Usage for ath10k on ZyXEL WRE6606 devices
(`#2842 <https://github.com/freifunk-gluon/gluon/issues/2842>`_)
* Replace the Workaround for failed boots on ath79 with a proper fix.
(`#2784 <https://github.com/freifunk-gluon/gluon/issues/2784#issuecomment-1452126501>`_)
* AVM FRITZ!Box 7360 v2 flashed with the incorrect image for v1 will automatically update to the correct image.
* Revert OOM inducing switch of ath79 Wave2 firmware back to -ct
(`#2879 <https://github.com/freifunk-gluon/gluon/pull/2879>`_)
Known issues
------------
* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the NAND flash which the NAND driver before this release does not handle well.
(`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).

417
docs/releases/v2022.1.rst
View File

@ -1,417 +0,0 @@
Gluon 2022.1
============
Important notes
---------------
Upgrades to v2022.1 and later releases are only supported from releases v2020.1 and later. This is due to migrations that have been removed to simplify maintenance.
Added hardware support
----------------------
ath79-generic
~~~~~~~~~~~~~
- D-Link
- DAP-2660 A1
- Enterasys
- WS-AP3705i
- Siemens
- WS-AP3610
- TP-Link
- Archer A7 v5
- CPE510 v2
- CPE510 v3
- CPE710 v1
- EAP225-Outdoor v1
- WBS210 v2
ath79-mikrotik
~~~~~~~~~~~~~~
- Mikrotik
- RB951Ui-2nD
ipq40xx-generic
~~~~~~~~~~~~~~~
- Aruba Networks
- AP-303H
- AP-365
- InstantOn AP11D
- InstantOn AP17
ipq40xx-mikrotik
~~~~~~~~~~~~~~~~
- Mikrotik
- SXTsq-5-AC
ramips-mt7620
~~~~~~~~~~~~~
- Xiaomi
- Mi Router 3G (v2)
ramips-mt7621
~~~~~~~~~~~~~
- Cudy
- WR2100
- Netgear
- R6260
- WAC104
- WAX202
- TP-Link
- RE500
- RE650 v1
- Ubiquiti
- UniFi 6 Lite
- Xiaomi
- Mi Router 4A (Gigabit Edition)
ramips-mt7622
~~~~~~~~~~~~~
- Linksys
- E8450
- Xiaomi
- AX3200
- Ubiquiti
- UniFi 6 LR
ramips-mt76x8
~~~~~~~~~~~~~
- GL.iNet
- microuter-N300
- Netgear
- R6020
- RAVPower
- RP-WD009
- TP-Link
- Archer C20 v4
- Archer C20 v5
- RE200 v2
- RE305 v1
- Xiaomi
- Mi Router 4C
- Mi Router 4A (100M Edition)
rockchip-armv8
~~~~~~~~~~~~~~
- FriendlyElec
- NanoPi R2S
mpc85xx-p1010
~~~~~~~~~~~~~
- Sophos
- RED 15w rev. 1
mpc85xx-p1020
~~~~~~~~~~~~~
- Extreme Networks
- WS-AP3825i
Removed Devices
---------------
This list contains devices which do not have enough memory or flash to
be operated with this Gluon release.
- D-Link
- DIR-615 (C1, D1, D2, D3, D4, H1)
- Linksys
- WRT160NL
- TP-Link
- TL-MR13U (v1)
- TL-MR3020 (v1)
- TL-MR3040 (v1, v2)
- TL-MR3220 (v1, v2)
- TL-MR3420 (v1, v2)
- TL-WA701N/ND (v1, v2)
- TL-WA730RE (v1)
- TL-WA750RE (v1)
- TL-WA801N/ND (v1, v2, v3)
- TL-WA830RE (v1, v2)
- TL-WA850RE (v1)
- TL-WA860RE (v1)
- TL-WA901N/ND (v1, v2, v3, v4, v5)
- TL-WA7210N (v2)
- TL-WA7510N (v1)
- TL-WR703N (v1)
- TL-WR710N (v1, v2)
- TL-WR740N (v1, v3, v4, v5)
- TL-WR741N/ND (v1, v2, v4, v5)
- TL-WR743N/ND (v1, v2)
- TL-WR840N (v2)
- TL-WR841N/ND (v3, v5, v7, v8, v9, v10, v11, v12)
- TL-WR841N/ND (v1, v2)
- TL-WR843N/ND (v1)
- TL-WR940N (v1, v2, v3, v4, v5, v6)
- TL-WR941ND (v2, v3, v4, v5, v6)
- TL-WR1043N/ND (v1)
- WDR4900
- Ubiquiti
- AirGateway
- AirGateway Pro
- AirRouter
- Bullet
- LS-SR71
- Nanostation XM
- Nanostation Loco XM
- Picostation
- Unknown
- A5-V11
- VoCore
- VoCore (8M, 16M)
Atheros target migration
------------------------
All Atheros MIPS devices built with the ``ar71xx-generic``,
``ar71xx-nand`` as well as ``ar71xx-tiny`` were deprecated upstream and
are therefore not available with Gluon anymore.
Many devices previously built with ``ar71xx-generic`` and
``ar71xx-nand`` are now available with the ``ath79-generic`` as well as
``ath79-nand`` target respectively.
Missing devices
~~~~~~~~~~~~~~~
The following devices have not yet been integrated into Gluons ath79
targets.
- 8Devices
- Carambola 2
- Aerohive
- HiveAP 121
- Allnet
- ALL0315
- Buffalo
- WZR-HP-G300NH2
- WZR-HP-G450H
- GL.iNet
- 6408A v1
- NETGEAR
- WNDR4300
- WNDRMAC
- WNDRMAC v2
- TP-Link
- WR2543
- Ubiquiti
- Rocket
- WD
- MyNet N600
- MyNet N750
- ZyXEL
- NB6616
- NB6716
Features
--------
WireGuard
~~~~~~~~~
Gluon got WireGuard support. This allows offloading **encrypted**
connections into kernel space, increasing performance by forwarding
packets without the need for context switches between user and kernel
space.
In order to reuse existing (already verified) fastd-keypairs for
WireGuard, a key derivation procedure is `currently being
developed <https://github.com/freifunk-gluon/gluon/pull/2601>`__. This
should ease migration from fastd to WireGuard in case whitelisting VPN
keys is desired.
fastd L2TP
~~~~~~~~~~
fastd can now act as a connection broker for unencrypted L2TP-based
tunneling within Gluons mesh-vpn framework. This new ``null@l2tp``
connection method allows for increased performance within existing
fastd setups.
In addition to a sufficiently
:ref:`configured fastd-based VPN server<vpn-gateway-configuration>`,
this requires further modifications to a sites :ref:`VPN fastd methods<VPN fastd methods>`.
Major changes
-------------
OpenWrt
~~~~~~~
This release is based on the newest OpenWrt 22.03 release branch.
It ships with Linux kernel 5.10 as well as wireless-backports 5.15.
Network changes (DSA / Upgrade-Behavior)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The ``ramips-mt7621`` and ``lantiq-xrx200`` targets now use the upstream DSA
subsystem instead of OpenWrt swconfig for managing ethernet switches.
Gluon detects the existing user-intent and automatically applies it over
to DSA syntax. See the section about network reconfiguration for more
details.
System reconfiguration
~~~~~~~~~~~~~~~~~~~~~~
The network and system-LED configurations are now re-generated after
each update / invocation of ``gluon-reconfigure``.
The user-intent is preserved within Gluons implemented functionality
(Wired-Mesh / Client access / WAN).
As an additional feature, Gluon now supports assigning roles to
interfaces. This behavior is explained
:ref:`here<wired-mesh-commandline>`.
Site changes
------------
VPN provider MTU
~~~~~~~~~~~~~~~~
To account for multiple VPN methods available for a site, the MTU used
for the VPN tunnel connection is now moved to the specific VPN provider
configuration. For fastd this means that ``mesh_vpn.mtu`` needs to be
moved to ``mesh_vpn.fastd.mtu``. (`#2352 <https://github.com/freifunk-gluon/gluon/pull/2352>`__)
Preconfigured Interfaces Roles
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Instead of ``mesh_on_wan`` and ``mesh_on_lan`` there is now an
``interfaces`` block to configure the default behavior of network
interfaces. Details can be found in the
:ref:`documentation<user-site-interfaces>`.
Minor changes
-------------
- The ``brcm2708-bcm2708`` ``brcm2708-bcm2709`` ``brcm2708-bcm2710``
targets were renamed to ``bcm27xx-bcm2708`` ``bcm27xx-bcm2709`` and
``bcm27xx-bcm2710``
- The GL.iNet GL-AR750S was moved to the ``ath79-nand`` subtarget
- Gluon now ships the ath10k-ct firmware derivation for
QCA9886 / QCA9888 / QCA9896 / QCA9898 / QCA9984 /
QCA9994 / IPQ4018 / IPQ4028 / IPQ4019 / IPQ4029
radios (`#2541 <https://github.com/freifunk-gluon/gluon/pull/2541>`__)
- WolfSSL instead of OpenSSL is now used when built with WPA3 support
- The option to configure the wireless-channel independent from the
site-selected channel was moved from
``gluon-core.wireless.preserve_channels`` to
``gluon.wireless.preserve_channels``
- ``gluon-info`` is a new command that provides information about the
current node
- ``GLUON_DEPRECATED`` is now set to 0 by default
- To reboot a running gluon-node into setup-mode, Gluon now offers the
``gluon-enter-setup-mode`` command
- Devices without WLAN do not show the private-wifi configuration
anymore
- The Autoupdater now uses the site default branch in case it is
configured to use a non-existent / invalid branch
Known issues
------------
* A workaround for Android devices not waking up to their MLD subscriptions was removed,
potentially breaking IPv6 connectivity for these devices after extended sleep periods.
(`#2672 <https://github.com/freifunk-gluon/gluon/issues/2672>`_)
* Upgrading EdgeRouter-X from versions before v2020.1.x may lead to a soft-bricked state due to bad blocks on the NAND flash which the NAND driver before this release does not handle well.
(`#1937 <https://github.com/freifunk-gluon/gluon/issues/1937>`_)
* The integration of the BATMAN_V routing algorithm is incomplete.
- Mesh neighbors don't appear on the status page. (`#1726 <https://github.com/freifunk-gluon/gluon/issues/1726>`_)
Many tools have the BATMAN_IV metric hardcoded, these need to be updated to account for the new throughput
metric.
- Throughput values are not correctly acquired for different interface types.
(`#1728 <https://github.com/freifunk-gluon/gluon/issues/1728>`_)
This affects virtual interface types like bridges and VXLAN.
* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown
(`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
Reducing the TX power in the Advanced Settings is recommended.
* In configurations without VXLAN, the MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled
(`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
This may lead to issues in environments where a fixed MAC address is expected (like VMware when promiscuous mode is disallowed).

2
docs/requirements.txt
View File

@ -1 +1 @@
sphinx-rtd-theme==1.2.0
sphinx-rtd-theme

4
docs/site-example/i18n/de.po
View File

@ -45,7 +45,7 @@ msgstr ""
"selbstverständlich vertraulich behandelt und nicht weitergegeben."
"</p>"
"<div class=\"the-key\">"
"# <%= pcdata(hostname) %><br>"
"# <%= pcdata(hostname) %><br />"
"<%= pubkey %>"
"</div>"
"<p>Dein Knoten startet gerade neu und wird anschließend versuchen, sich mit "
@ -58,7 +58,7 @@ msgid "gluon-config-mode:novpn"
msgstr ""
"<p><strong>Du hast ausgewählt die Internetverbindung (Mesh-VPN) nicht zu "
"nutzen</strong>. Dein Knoten kann also nur dann eine Verbindung zum "
"Freifunk-Netz aufbauen, wenn andere Freifunk-Knoten in WLAN-Reichweite sind.</p>"
"Freifunk-Netz aufbauen, wenn andere Freifunk-Knoten in WLAN-Reichweite sind."
"<p>Bitte schicke uns eine E-Mail mit dem Namen deines Knotens "
"(<em><%= pcdata(hostname) %></em>) und ein paar Informationen an <a href="
"\"mailto:freifunk-keys@lists.in-kiel.de?"

2
docs/site-example/i18n/en.po
View File

@ -41,7 +41,7 @@ msgstr ""
"\">keys@alpha-centauri.freifunk.net</a>. Of course, your e-mail address will "
"be treated confidentially and will not be passed on.</p>"
"<div class=\"the-key\">"
" # <%= pcdata(hostname) %><br>"
" # <%= pcdata(hostname) %><br />"
"<%= pubkey %>"
"</div>"
"<p>Your node <em><%= pcdata(hostname) %></em> is currently rebooting and will "

2
docs/site-example/i18n/fr.po
View File

@ -36,7 +36,7 @@ msgstr ""
"body=<%= urlencode('# ' .. hostname .. '\n' .. pubkey) %>\">keys@alpha-centauri.freifunk.net</a>."
"</p>"
"<div class=\"the-key\">"
" # <%= pcdata(hostname) %><br>"
" # <%= pcdata(hostname) %><br />"
"<%= pubkey %>"
"</div>"

7
docs/site-example/modules
View File

@ -9,13 +9,14 @@
#GLUON_SITE_FEEDS='my_own_packages'
## PACKAGES_$feedname_REPO
# the git repository from where to clone the package feed
# the git repository from where to clone the package feed
#PACKAGES_MY_OWN_PACKAGES_REPO=https://github.com/.../my-own-packages.git
## PACKAGES_$feedname_COMMIT
# the version/commit of the git repository to clone
#PACKAGES_MY_OWN_PACKAGES_COMMIT=123456789aabcda1a69b04278e4d38f2a3f57e49
## PACKAGES_$feedname_BRANCH
# the branch to check out
## PACKAGES_$feedname_BRANCH
# the branch to check out
#PACKAGES_MY_OWN_PACKAGES_BRANCH=my_branch

4
docs/site-example/site.conf
View File

@ -1,4 +1,4 @@
-- This is an example site configuration for Gluon v2022.1
-- This is an example site configuration for Gluon v2021.1.2
--
-- Take a look at the documentation located at
-- https://gluon.readthedocs.io/ for details.
@ -105,6 +105,7 @@
mesh_vpn = {
-- enabled = true,
mtu = 1312,
fastd = {
-- Refer to https://fastd.readthedocs.io/en/latest/ to better understand
@ -112,7 +113,6 @@
-- List of crypto-methods to use.
methods = {'salsa2012+umac'},
mtu = 1312,
-- configurable = true,
-- syslog_level = 'warn',

6
docs/site-example/site.mk
View File

@ -17,9 +17,6 @@ GLUON_FEATURES := \
web-advanced \
web-wizard
GLUON_FEATURES_standard := \
wireless-encryption-wpa3
## GLUON_SITE_PACKAGES
# Specify additional Gluon/OpenWrt packages to include here;
# A minus sign may be prepended to remove a packages from the
@ -55,3 +52,6 @@ GLUON_REGION ?= eu
# Languages to include
GLUON_LANGS ?= en de
# Do not build images for deprecated devices
GLUON_DEPRECATED ?= 0

81
docs/user/faq.rst
View File

@ -25,3 +25,84 @@ interface. This DNS server must be announced in router advertisements (using
on *batman-adv*. If your mesh does not have global IPv6 connectivity, you can setup
your *radvd* not to announce a default route by setting the *default lifetime* to 0;
in this case, the *radvd* is only used to announce the DNS server.
.. _faq-mtu:
What is a good MTU on the mesh-vpn?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Setting the MTU on the transport interface requires careful consideration, as
setting it too low will cause excessive fragmentation and setting it too high
may leave peers with a broken tunnel due to packet loss.
Consider these key values:
- Payload: Allow for the transport of IPv6 packets, by adhering to the minimum MTU
of 1280 Byte specified in RFC 2460
- and configure `MSS clamping`_ accordingly,
- and announce your link MTU via Router Advertisements and DHCP
.. _MSS clamping: https://www.tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.cookbook.mtu-mss.html
- Encapsulation: Account for the overhead created by the configured mesh protocol
encapsulating the payload, which is up to 32 Byte (14 Byte Ethernet + 18 Byte
batadv).
- PMTU: What MTU does the path between your gateway and each of its peers support?
For reference, the complete MTU stack looks like this:
.. image:: mtu-diagram_v5.png
Minimum MTU
-----------
Calculate the minimum transport MTU by adding the encapsulation overhead to the
minimum payload MTU required. This is the lowest recommended value, since going
lower would cause unnecessary fragmentation for clients which respect the announced
link MTU.
Example: Our network currently uses batman-adv v15, it therefore requires up
to 32 Bytes of encapsulation overhead on top of the minimal link MTU required for
transporting IPv6.::
\ 1312 1294 1280 0
\---------+-----------------+-------------+----------------------------------+
\TAP | batadv v15 | Ethernet | Payload |
\-------+-----------------+-------------+----------------------------------+
\ ^
|
MTU_LOW = 1280 Byte + 14 Byte + 18 Byte = 1312 Byte
Maximum MTU
-----------
Calculating the maximum transport MTU is interesting, because it increases the
throughput, by allowing larger payloads to be transported, but also more difficult
as you have to take into account the tunneling overhead and each peers PMTU, which
varies between providers.
The underlying reasons are mostly PPPoE, Tunneling and IPv6 transition technologies
like DS-Lite.
Example: The peer with the smallest MTU on your network is behind DS-Lite and can
transport IPv4 packets up to 1436 Bytes in size. Your tunnel uses IPv4 (20 Byte),
UDP (8 Byte), Fastd (24 byte) and you require TAP (14 Byte) for Layer 2 (Ethernet)
Tunneling.::
1436 1416 1408 1384 1370 \
+-------------------+--------+-----------------------+-------------+------\
| IP | UDP | Fastd | TAP | bat\
+-------------------+--------+-----------------------+-------------+--------\
^ \
|
MTU_HIGH = 1436 Byte - 20 Byte - 8 Byte - 24 Byte - 14 Byte = 1370 Byte
Conclusion
----------
Determining the maximum MTU can be a tedious process, especially since the PMTU
of peers could change at any time. The general recommendation for maximized
compatibility is therefore the minimum MTU of 1312 Byte, which works well with
both IPv4 and IPv6.

68
docs/user/getting_started.rst
View File

@ -8,7 +8,7 @@ Gluon's releases are managed using `Git tags`_. If you are just getting
started with Gluon we recommend to use the latest stable release of Gluon.
Take a look at the `list of gluon releases`_ and notice the latest release,
e.g. *v2022.1*. Always get Gluon using git and don't try to download it
e.g. *v2021.1.2*. Always get Gluon using git and don't try to download it
as a Zip archive as the archive will be missing version information.
Please keep in mind that there is no "default Gluon" build; a site configuration
@ -25,62 +25,60 @@ An example configuration can be found in the Gluon repository at *docs/site-exam
Dependencies
------------
To build Gluon, several packages need to be installed on the system. On a
freshly installed Debian Bullseye system the following packages are required:
freshly installed Debian Stretch system the following packages are required:
* `git` (to get Gluon and other dependencies)
* `python3`
* `subversion`
* `python` (Python 3 doesn't work)
* `build-essential`
* `ecdsautils` (to sign firmware, see `contrib/sign.sh`)
* `gawk`
* `unzip`
* `libncurses-dev` (actually `libncurses5-dev`)
* `libz-dev` (actually `zlib1g-dev`)
* `libssl-dev`
* `libelf-dev` (to build x86-64)
* `wget`
* `rsync`
* `time` (built-in `time` doesn't work)
* `qemu-utils`
We also provide a container environment that already tracks all these dependencies. It quickly gets you up and running, if you already have either Docker or Podman installed locally.
::
./scripts/container.sh
./scripts/container.sh
Building the images
-------------------
To build Gluon, first check out the repository. Replace *RELEASE* with the
version you'd like to checkout, e.g. *v2022.1*.
version you'd like to checkout, e.g. *v2021.1.2*.
::
git clone https://github.com/freifunk-gluon/gluon.git gluon -b RELEASE
git clone https://github.com/freifunk-gluon/gluon.git gluon -b RELEASE
This command will create a directory named *gluon/*.
It might also tell a scary message about being in a *detached state*.
**Don't panic!** Everything's fine.
Now, enter the freshly created directory::
cd gluon
cd gluon
It's time to add (or create) your site configuration. If you already
have a site repository, just clone it::
git clone https://github.com/freifunk-alpha-centauri/site-ffac.git site
git clone https://github.com/freifunk-alpha-centauri/site-ffac.git site
If you want to build a new site, create a new git repository *site/*::
mkdir site
cd site
git init
mkdir site
cd site
git init
Copy *site.conf*, *site.mk* and *i18n* from *docs/site-example*::
cp ../docs/site-example/site.conf .
cp ../docs/site-example/site.mk .
cp -r ../docs/site-example/i18n .
cp ../docs/site-example/site.conf .
cp ../docs/site-example/site.mk .
cp -r ../docs/site-example/i18n .
Edit these files as you see fit and commit them into the site repository.
Extensive documentation about the site configuration can be found at:
@ -88,25 +86,25 @@ Extensive documentation about the site configuration can be found at:
site directory should always be a git repository by itself; committing site-specific files
to the Gluon main repository should be avoided, as it will make updates more complicated.
Next go back to the top-level Gluon directory and build Gluon\ [#make_update]_::
Next go back to the top-level Gluon directory and build Gluon::
cd ..
make update # Get other repositories used by Gluon
make GLUON_TARGET=ath79-generic # Build Gluon
cd ..
make update # Get other repositories used by Gluon
make GLUON_TARGET=ar71xx-generic # Build Gluon
In case of errors read the messages carefully and try to fix the stated issues
(e.g. install missing tools not available or look for Troubleshooting_ in the wiki.
.. _Troubleshooting: https://github.com/freifunk-gluon/gluon/wiki/Troubleshooting
``ath79-generic`` is the most common target and will generate images for most of the supported hardware.
``ar71xx-generic`` is the most common target and will generate images for most of the supported hardware.
To see a complete list of supported targets, call ``make`` without setting ``GLUON_TARGET``.
To build all targets use a loop like this::
for TARGET in $(make list-targets); do
make GLUON_TARGET=$TARGET
done
for TARGET in $(make list-targets); do
make GLUON_TARGET=$TARGET
done
You should generally reserve 5GB of disk space and additionally about 10GB for each `GLUON_TARGET`.
@ -119,7 +117,7 @@ system.
of multiple copies of the same image. If your webserver's configuration prohibits following
symlinks, you can use the following command to resolve these links while copying the images::
cp -rL output/images /var/www
cp -rL output/images /var/www
The directory `output/debug` contains a compressed kernel image for each
architecture.
@ -127,29 +125,19 @@ These can be used for debugging and should be stored along with the images to
allow debugging of kernel problems on devices in the field.
See :ref:`Debugging <dev-debugging-kernel-oops>` for more information.
.. rubric:: Footnotes
.. [#make_update] ``make update`` only needs to be called again after updating the
Gluon repository (using ``git pull`` or similar) or after changing branches,
not for each build. Running it more often than necessary is undesirable, as
the update will take some time, and may undo manual modifications of the
external repositories while developing on Gluon.
See :ref:`working-with-repositories` for more information.
Cleaning the build tree
.......................
There are two levels of `make clean`::
make clean GLUON_TARGET=ath79-generic
make clean GLUON_TARGET=ar71xx-generic
will ensure all packages are rebuilt for a single target. This is usually not
necessary, but may fix certain kinds of build failures.
::
make dirclean
make dirclean
will clean the entire tree, so the toolchain will be rebuilt as well, which will take a while.
@ -215,7 +203,7 @@ GLUON_DEPRECATED
Usually, devices are deprecated because their flash size is insufficient to
support future Gluon versions. The recommended setting is ``0`` for new sites,
and ``upgrade`` for existing configurations (where upgrades for existing
deployments of low-flash devices are required). Defaults to ``0``.
deployments of low-flash devices are required).
GLUON_LANGS
Space-separated list of languages to include for the config mode/advanced settings. Defaults to ``en``.

223
docs/user/mtu.rst
View File

@ -1,223 +0,0 @@
MTU for Mesh-VPN
================
What is a good MTU on the mesh-vpn?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Setting the MTU on the transport interface requires careful consideration, as
setting it too low will cause excessive fragmentation and setting it too high
may leave peers with a broken tunnel due to packet loss.
Consider these key values:
- Payload: Allow for the transport of IPv6 packets, by adhering to the minimum MTU
of 1280 Byte specified in RFC 2460
- and configure `MSS clamping`_ accordingly,
- and announce your link MTU via Router Advertisements and DHCP
.. _MSS clamping: https://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.cookbook.mtu-mss.html
- Encapsulation: Account for the overhead created by the configured mesh protocol
encapsulating the payload, which is up to 32 Byte (14 Byte Ethernet + 18 Byte
batadv).
- PMTU: What MTU does the path between your gateway and each of its peers support?
For reference, the complete MTU stack looks like this:
.. image:: mtu-diagram_v5.png
Example for Minimum MTU
-----------------------
Calculate the minimum transport MTU by adding the encapsulation overhead to the
minimum payload MTU required. This is the lowest recommended value, since going
lower would cause unnecessary fragmentation for clients which respect the announced
link MTU.
.. editorconfig-checker-disable
Example: Our network currently uses batman-adv v15, it therefore requires up
to 32 Bytes of encapsulation overhead on top of the minimal link MTU required for
transporting IPv6.::
\ 1312 1294 1280 0
\---------+-----------------+-------------+----------------------------------+
\TAP | batadv v15 | Ethernet | Payload |
\-------+-----------------+-------------+----------------------------------+
\ ^
|
MTU_LOW = 1280 Byte + 14 Byte + 18 Byte = 1312 Byte
Example for Maximum MTU
-----------------------
Calculating the maximum transport MTU is interesting, because it increases the
throughput, by allowing larger payloads to be transported, but also more difficult
as you have to take into account the tunneling overhead and each peers PMTU, which
varies between providers.
The underlying reasons are mostly PPPoE, Tunneling and IPv6 transition technologies
like DS-Lite.
Example: The peer with the smallest MTU on your network is behind DS-Lite and can
transport IPv4 packets up to 1436 Bytes in size. Your tunnel uses IPv4 (20 Byte),
UDP (8 Byte), Fastd (24 byte) and you require TAP (14 Byte) for Layer 2 (Ethernet)
Tunneling.::
1436 1416 1408 1384 1370 \
+-------------------+--------+-----------------------+-------------+------\
| IP | UDP | Fastd | TAP | bat\
+-------------------+--------+-----------------------+-------------+--------\
^ \
|
MTU_HIGH = 1436 Byte - 20 Byte - 8 Byte - 24 Byte - 14 Byte = 1370 Byte
.. editorconfig-checker-enable
Tables for Different VPN Providers
----------------------------------
VPN Protocol Overhead (IPv4)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Overhead of the VPN protocol layers in bytes on top of an Ethernet frame.
+----------+-------+--------------+-----------+
| | fastd | Tunneldigger | Wireguard |
+==========+=======+==============+===========+
| IPv4 | 20 | 20 | 20 |
+----------+-------+--------------+-----------+
| UDP | 8 | 8 | 8 |
+----------+-------+--------------+-----------+
| Protocol | 24 | 8 | 32 |
+----------+-------+--------------+-----------+
| TAP | 14 | 14 | / |
+----------+-------+--------------+-----------+
| Sum | 66 | 50 | 60 |
+----------+-------+--------------+-----------+
Intermediate Layer Overhead
^^^^^^^^^^^^^^^^^^^^^^^^^^^
Overhead of additional layers on top of the VPN packet needed for different VPN
providers.
+------------+-------+--------------+-----------+
| | fastd | Tunneldigger | Wireguard |
+============+=======+==============+===========+
| IPv6 | / | / | 40 |
+------------+-------+--------------+-----------+
| vxlan | / | / | 16 |
+------------+-------+--------------+-----------+
| Ethernet | / | / | 14 |
+------------+-------+--------------+-----------+
| Batman v15 | 18 | 18 | 18 |
+------------+-------+--------------+-----------+
| Ethernet | 14 | 14 | 14 |
+------------+-------+--------------+-----------+
| Sum | 32 | 32 | 102 |
+------------+-------+--------------+-----------+
Minimum MTU
^^^^^^^^^^^
Calculation of different derived MTUs based on a 1280 byte payload to
avoid fragmentation.
Suggestions:
- This configuration is only suggested for fastd and Tunneldigger.
- For WireGuard, this configuration is **unsuitable**. To obtain a 1280 byte
payload with our protocol stack (see below), the Ethernet frame payload would
be 1442 bytes long (for IPv4). As we assume that the WAN network might have
a (worst case) MTU of only 1436 (with DSLite), this packet would be too long
for the WAN network.
+-------------------------------+-------+--------------+-----------+
| | fastd | Tunneldigger | Wireguard |
+===============================+=======+==============+===========+
| max unfragmented payload\* | 1280 | 1280 | 1280 |
+-------------------------------+-------+--------------+-----------+
| intermed layer overhead | 32 | 32 | 102 |
+-------------------------------+-------+--------------+-----------+
| VPN MTU\*\* | 1312 | 1312 | 1382 |
+-------------------------------+-------+--------------+-----------+
| protocol overhead (IPv4) | 66 | 50 | 60 |
+-------------------------------+-------+--------------+-----------+
| min acceptable WAN MTU (IPv4) | 1378 | 1362 | **1442** |
+-------------------------------+-------+--------------+-----------+
| min acceptable WAN MTU (IPv6) | 1398 | 1382 | 1462 |
+-------------------------------+-------+--------------+-----------+
\* Maximum size of payload going into the bat0 interface, that will not be
fragmented by batman.
\*\* This is the MTU that is set in the site.conf.
Maximum MTU
^^^^^^^^^^^
Calculation of different derived MTUs based on a maximum WAN MTU of 1436.
Suggestions:
- This configuration can be used for fastd and Tunneldigger.
- For WireGuard, this is the recommended configuration. batman-adv will
fragment larger packets transparently to avoid packet loss.
+-------------------------------+-------+--------------+-----------+
| | fastd | Tunneldigger | Wireguard |
+===============================+=======+==============+===========+
| min acceptable WAN MTU (IPv4) | 1436 | 1436 | 1436 |
+-------------------------------+-------+--------------+-----------+
| protocol overhead (IPv4) | 66 | 50 | 60 |
+-------------------------------+-------+--------------+-----------+
| VPN MTU\*\* | 1370 | 1386 | 1376 |
+-------------------------------+-------+--------------+-----------+
| intermed layer overhead | 32 | 32 | 102 |
+-------------------------------+-------+--------------+-----------+
| max unfragmented payload\* | 1338 | 1354 | 1274 |
+-------------------------------+-------+--------------+-----------+
| min acceptable WAN MTU (IPv6) | 1398 | 1382 | 1462 |
+-------------------------------+-------+--------------+-----------+
\* Maximum size of payload going into the bat0 interface, that will not be
fragmented by batman.
\*\* This is the MTU that is set in the site.conf.
Suggested MSS Values
^^^^^^^^^^^^^^^^^^^^
It is highly advised to use MSS clamping for TCP on the gateways/supernodes in
order to avoid the fragmentation mechanism of batman whenever possible.
Especially on small embedded devices, fragmentation costs performance.
As batmans fragmentation is transparent to the TCP layer, clamping the MSS
automatically to the PMTU does not work. Instead, the MSS must be specified
explicitly. In iptables, this is done via :code:`-j TCPMSS --set-mss X`,
whereby :code:`X` is the desired MSS.
Since the MSS is specified in terms of payload of a TCP packet, the MSS is
different for IPv4 and IPv6. Here are some examples for different max
unfragmented payloads:
+---------------------------------+------+------+------+------+
| max unfragmented payload | 1274 | 1280 | 1338 | 1354 |
+=================================+======+======+======+======+
| suggested MSS (IPv4, -40 bytes) | 1234 | 1240 | 1298 | 1314 |
+---------------------------------+------+------+------+------+
| suggested MSS (IPv6, -60 bytes) | 1214 | 1220 | 1278 | 1294 |
+---------------------------------+------+------+------+------+
Conclusion
^^^^^^^^^^
Determining the maximum MTU can be a tedious process, especially since the PMTU
of peers could change at any time. The general recommendation for maximized
compatibility is therefore an MTU of 1312 bytes (for fastd and tunneldigger)
and 1376 bytes (for WireGuard).

926
docs/user/site.rst
View File

File diff suppressed because it is too large Load Diff

356
docs/user/supported_devices.rst
View File

@ -1,80 +1,64 @@
Supported Devices & Architectures
=================================
ath79-generic
ar71xx-generic
--------------
* 8devices
- Carambola 2
* ALFA Network
- AP121 [#deprecated]_ [#device-class-tiny]_
- AP121F
- AP121U [#deprecated]_ [#device-class-tiny]_
* Allnet
- ALL0315N
* AVM
- FRITZ!WLAN Repeater 300E [#avmflash]_
- Fritz!WLAN Repeater 450E [#avmflash]_
- Fritz!Box 4020 [#avmflash]_
- Fritz!WLAN Repeater 300E [#avmflash]_
- Fritz!WLAN Repeater 450E [#avmflash]_
* Buffalo
- WZR-HP-AG300H / WZR-600DHP
- WZR-HP-G300NH (rtl8366s)
* devolo
- WiFi pro 1200e [#lan_as_wan]_
- WiFi pro 1200i
- WiFi pro 1750c
- WiFi pro 1750e [#lan_as_wan]_
- WiFi pro 1750i
- WiFi pro 1750x
- WZR-HP-G300NH
- WZR-HP-G300NH2
- WZR-HP-G450H
* D-Link
- DAP-1330 A1 [#lan_as_wan]_
- DAP-1365 A1 [#lan_as_wan]_
- DAP-2660 A1 [#lan_as_wan]_
- DIR-505 A1 [#lan_as_wan]_
- DIR-505 A2 [#lan_as_wan]_
- DIR-825 B1
* Enterasys
- WS-AP3705i
* Extreme Networks
- WS-AP3805i
- DAP-1330 (A1)
- DIR-505 (A1, A2)
- DIR-825 (B1)
* GL.iNet
- 6408A
- 6416A
- GL-AR150
- GL-AR300M-Lite
- GL-AR300M
- GL-AR750
- GL-USB150 (Microuter)
* Joy-IT
* Linksys
- JT-OR750i
* LibreRouter
- LibreRouter v1 [#missing_radios]_
- WRT160NL [#device-class-tiny]_
* Netgear
- WNDR3700 (v1, v2)
- WNDR3800
- WNR2200 (8M, 16M)
- WNDRMAC (v2)
* OCEDO
- Koala
- Raccoon
* Onion
- Omega [#modular_ethernet]_
* OpenMesh
@ -87,83 +71,147 @@ ath79-generic
- OM2P-HS (v1, v2, v3, v4)
- OM2P-LC
- OM5P
- OM5P-AC (v1, v2)
- OM5P-AN
* Plasma Cloud
- PA300
- PA300E
* Siemens
- WS-AP3610
* Teltonika
- RUT230 (v1)
- OM5P-AC (v1, v2)
* TP-Link
- Archer A7 (v5)
- Archer C5 (v1)
- Archer C6 (v2 EU/RU/JP)
- Archer C7 (v2, v4, v5)
- Archer C59 (v1)
- CPE210 (v1.0, v1.1, v2.0, v3.0, v3.1, v3.20)
- CPE220 (v3.0)
- CPE510 (v1.0, v1.1, v2.0, v3.0)
- CPE710 (v1.0)
- EAP225-Outdoor (v1)
- RE450 (v1)
- Archer C7 (v2, v4, v5)
- CPE210 (v1.0, v1.1, v2.0, v3.0)
- CPE220 (v1.1)
- CPE510 (v1.0, v1.1)
- CPE520 (v1.1)
- RE450 (v1) [#device-class-tiny]_
- TD-W8970 (v1) [#lan_as_wan]_
- TL-WDR3500 (v1)
- TL-WDR3600 (v1)
- TL-WDR4300 (v1)
- TL-WR710N (v1, v2.1)
- TL-WR810N (v1)
- TL-WR842N/ND (v3)
- TL-WR1043N/ND (v2, v3, v4, v5)
- WBS210 (v1.20, v2.0)
- TL-WR842N/ND (v1, v2, v3)
- TL-WR1043N/ND (v1, v2, v3, v4, v5)
- TL-WR2543N/ND (v1)
- WBS210 (v1.20)
- WBS510 (v1.20)
* Ubiquiti
- NanoBeam M5 (XW)
- NanoStation Loco M2/M5 (XW)
- NanoStation M2/M5 (XW)
- UniFi AC Lite
- UniFi AC LR
- Air Gateway [#device-class-tiny]_
- Air Gateway LR [#device-class-tiny]_
- Air Gateway PRO [#device-class-tiny]_
- Air Router [#device-class-tiny]_
- Bullet M2/M5 [#device-class-tiny]_
- Loco M2/M5 [#device-class-tiny]_
- Loco M2/M5 XW
- Nanostation M2/M5 [#device-class-tiny]_
- Nanostation M2/M5 XW
- Picostation M2 [#device-class-tiny]_
- Rocket M2
- Rocket M2 Ti
- Rocket M2 XW
- UniFi AC Mesh
- UniFi AC Mesh Pro
- UniFi AC Pro
- UniFi AP
- UniFi AP AC Lite
- UniFi AP AC LR
- UniFi AP AC Pro
- UniFi AP LR
- UniFi AP Pro
- UniFi AP Outdoor
- UniFi AP Outdoor+
- UniFi AP PRO
ath79-nand
----------
* Western Digital
- My Net N600
- My Net N750
* ZyXEL
- NBG6616
ar71xx-nand
-----------
* Aerohive
- HiveAP 121
* GL.iNet
- GL-AR300M
- GL-AR750S
- GL-XE300
* Netgear
- WNDR3700 (v4)
- WNDR4300 (v1)
ath79-mikrotik
* ZyXEL
- NBG6716
ar71xx-tiny [#deprecated]_ [#device-class-tiny]_
------------------------------------------------
* D-Link
- DIR-615 (C1)
* TP-Link
- TL-MR13U (v1)
- TL-MR3020 (v1)
- TL-MR3040 (v1, v2)
- TL-MR3220 (v1, v2)
- TL-MR3420 (v1, v2)
- TL-WA701N/ND (v1, v2)
- TL-WA730RE (v1)
- TL-WA750RE (v1)
- TL-WA801N/ND (v1, v2, v3)
- TL-WA830RE (v1, v2)
- TL-WA850RE (v1)
- TL-WA860RE (v1)
- TL-WA901N/ND (v1, v2, v3, v4, v5)
- TL-WA7210N (v2)
- TL-WA7510N (v1)
- TL-WR703N (v1)
- TL-WR710N (v2)
- TL-WR740N (v1, v3, v4, v5)
- TL-WR741N/ND (v1, v2, v4, v5)
- TL-WR743N/ND (v1, v2)
- TL-WR840N (v2)
- TL-WR841N/ND (v3, v5, v7, v8, v9, v10, v11, v12)
- TL-WR843N/ND (v1)
- TL-WR940N (v1, v2, v3, v4, v5, v6)
- TL-WR941ND (v2, v3, v4, v5, v6)
ath79-generic
--------------
* Mikrotik
* devolo
- RB951Ui-2nD (hAP)
- WiFi pro 1200e [#lan_as_wan]_
- WiFi pro 1200i
- WiFi pro 1750c
- WiFi pro 1750e [#lan_as_wan]_
- WiFi pro 1750i
- WiFi pro 1750x
* GL.iNet
- GL-AR300M-Lite
- GL-AR750S
* OCEDO
- Raccoon
* Plasma Cloud
- PA300
- PA300E
* TP-Link
- Archer C6 (v2)
- CPE220 (v3.0)
brcm2708-bcm2708
----------------
@ -182,17 +230,12 @@ ipq40xx-generic
* Aruba
- AP-303
- AP-303H
- AP-365
- Instant On AP11
- Instant On AP11D
- Instant On AP17
* AVM
- FRITZ!Box 4040 [#avmflash]_
- FRITZ!Box 7520 (v1) [#eva_ramboot]_ [#lan_as_wan]_
- FRITZ!Box 7530 [#eva_ramboot]_ [#lan_as_wan]_
- FRITZ!Box 7530 [#eva_ramboot]_
- FRITZ!Repeater 1200 [#eva_ramboot]_
* EnGenius
@ -201,7 +244,6 @@ ipq40xx-generic
* GL.iNet
- GL-AP1300
- GL-B1300
* Linksys
@ -228,15 +270,6 @@ ipq40xx-generic
- NBG6617
- WRE6606 [#device-class-tiny]_
ipq40xx-mikrotik
----------------
* Mikrotik
- DISC Lite5 ac (RBDiscG-5acD)
- hAP ac2
- SXTsq 5 ac (RBSXTsqG-5acD)
ipq806x-generic
---------------
@ -247,10 +280,6 @@ ipq806x-generic
lantiq-xrx200
-------------
* Arcadyan
- VGV7510KW22 (o2 Box 6431)
* AVM
- FRITZ!Box 7360 (v1, v2) [#avmflash]_ [#lan_as_wan]_
@ -258,10 +287,6 @@ lantiq-xrx200
- FRITZ!Box 7362 SL [#eva_ramboot]_ [#lan_as_wan]_
- FRITZ!Box 7412 [#eva_ramboot]_
* TP-Link
- TD-W8970 (v1) [#lan_as_wan]_
lantiq-xway
-----------
@ -273,28 +298,9 @@ lantiq-xway
- DGN3500B [#lan_as_wan]_
mediatek-mt7622
mpc85xx-generic
---------------
* Linksys
- E8450
* Ubiquiti
- UniFi 6 LR
* Xiaomi
- AX3200 (RB03)
mpc85xx-p1010
-------------
* Sophos
- RED 15w Rev.1
* TP-Link
- TL-WDR4900 (v1)
@ -310,10 +316,6 @@ mpc85xx-p1020
- WS-AP3710i
* Extreme Networks
- WS-AP3825i
* OCEDO
- Panda
@ -321,10 +323,6 @@ mpc85xx-p1020
ramips-mt7620
-------------
* ASUS
- RT-AC51U
* GL.iNet
- GL-MT300A
@ -358,62 +356,25 @@ ramips-mt7621
- RT-AC57U
* Cudy
- WR1300 (v1)
- WR2100
- X6 (v1, v2)
* D-Link
- DAP-X1860 (A1)
- DIR-860L (B1)
* GL.iNet
- GL-MT1300
* Mercusys
- MR70X (v1)
* NETGEAR
- EX6150 (v1)
- R6220
- R6260
- WAC104
- WAX202
* TP-Link
- RE500 (v1)
- RE650 (v1)
* Ubiquiti
- EdgeRouter X
- EdgeRouter X-SFP
- UniFi 6 Lite
* Wavlink
- WS-WN572HP3 (4G)
* ZBT
- WG3526-16M
- WG3526-32M
* ZyXEL
- NWA50AX
* Xiaomi
- Xiaomi Mi Router 4A (Gigabit Edition)
- Xiaomi Mi Router 3G (v1, v2)
ramips-mt76x8
-------------
@ -424,24 +385,16 @@ ramips-mt76x8
* GL.iNet
- GL-MT300N (v2)
- microuter-N300
- VIXMINI
* NETGEAR
- R6020
- R6120
* RAVPower
- RP-WD009
* TP-Link
- Archer C20 (v4, v5)
- Archer C50 (v3, v4)
- RE200 (v2, v3)
- RE305 (v1) [#device-class-tiny]
- Archer C50 (v3)
- Archer C50 (v4)
- TL-MR3020 (v3)
- TL-MR3420 (v5)
- TL-WA801ND (v5)
@ -455,23 +408,19 @@ ramips-mt76x8
* Xiaomi
- Xiaomi Mi Router 4A (100M Edition)
- Xiaomi Mi Router 4A (100M International Edition)
- Xiaomi Mi Router 4C
realtek-rtl838x
---------------
ramips-rt305x [#deprecated]_ [#device-class-tiny]_
---------------------------------------------------
* A5-V11
* D-Link
- DGS-1210-10P (F1)
- DIR-615 (D1, D2, D3, D4, H1)
rockchip-armv8
--------------
* VoCore
* FriendlyElec
- NanoPi R2S
- NanoPi R4S (4GB LPDDR4)
- VoCore (8M, 16M)
sunxi-cortexa7
--------------
@ -508,14 +457,18 @@ See also: :doc:`x86`
Footnotes
---------
.. [#deprecated]
The device or target is reaching its end of life soon. This means that support
in the next major release of Gluon is doubtful.
.. [#device-class-tiny]
These devices only support a subset of Gluons capabilities due to flash or memory
size constraints. Devices are classified as tiny if they provide less than 7M of usable
size constraints. Devices are classified as tiny in they provide less than 7M of usable
flash space or have a low amount of system memory. For more information, see the
developer documentation: :ref:`device-class-definition`.
.. [#avmflash]
For instructions on how to flash AVM devices, visit https://fritz-tools.readthedocs.io
For instructions on how to flash AVM devices, visit https://fritzfla.sh
.. [#eva_ramboot]
For instructions on how to flash AVM NAND devices, see the respective
@ -523,14 +476,3 @@ Footnotes
.. [#lan_as_wan]
All LAN ports on this device are used as WAN.
.. [#missing_radios]
This device contains more than two WLAN radios, which is currently
unsupported by Gluon. Only the first two radios will work.
.. [#modular_ethernet]
These devices follow a modular principle,
which means even basic functionality like ethernet is provided by an expansion-board,
that may not be bundled with the device itself.
Such expansions are recommended for the config mode, but are not strictly necessary,
as exposed serial ports may grant sufficient access as well.

2
docs/user/x86.rst
View File

@ -15,7 +15,7 @@ The following targets for x86 images exist:
There are three images:
* `generic` (compressed "raw" image, can be written to a disk directly or booted with qemu)
* `generic` (compressed "raw" image, can written to a disk directly or booted with qemu)
* `virtualbox` (VDI image)
* `vmware` (VMDK image)

15
modules
View File

@ -1,16 +1,17 @@
GLUON_FEEDS='packages routing gluon'
OPENWRT_REPO=https://github.com/openwrt/openwrt.git
OPENWRT_BRANCH=openwrt-22.03
OPENWRT_COMMIT=e500494771537b9f42f78e4d907bed18b6383606
OPENWRT_BRANCH=openwrt-19.07
OPENWRT_COMMIT=ecbbb373edf7be017e546be2443e6c422cb9c220
PACKAGES_PACKAGES_REPO=https://github.com/openwrt/packages.git
PACKAGES_PACKAGES_BRANCH=openwrt-22.03
PACKAGES_PACKAGES_COMMIT=55eed1761207f4dfdb8e7d79138f6f65c8849b50
PACKAGES_PACKAGES_BRANCH=openwrt-19.07
PACKAGES_PACKAGES_COMMIT=1c5e4c80f49bfddaee1998636fd8efe915fee7fc
PACKAGES_ROUTING_REPO=https://github.com/openwrt/routing.git
PACKAGES_ROUTING_BRANCH=openwrt-22.03
PACKAGES_ROUTING_COMMIT=1cc7676b9f32acc30ec47f15fcb70380d5d6ef01
PACKAGES_ROUTING_BRANCH=openwrt-19.07
PACKAGES_ROUTING_COMMIT=8f23999365de1bf2617e03d3f536e4542258d985
PACKAGES_GLUON_REPO=https://github.com/freifunk-gluon/packages.git
PACKAGES_GLUON_COMMIT=29912ec6308fd10b47763b4cf28a638d07f59973
PACKAGES_GLUON_BRANCH=v2021.1.x
PACKAGES_GLUON_COMMIT=f9ef3fc7d9d7b270de893e80cf6fba916c06bf45

7
package/features
View File

@ -16,12 +16,7 @@ when(_'web-wizard' and _'autoupdater', {
'gluon-config-mode-autoupdater',
})
when(_'web-wizard' and (
_'mesh-vpn-fastd' or
_'mesh-vpn-fastd-l2tp' or
_'mesh-vpn-tunneldigger' or
_'mesh-vpn-wireguard'
), {
when(_'web-wizard' and (_'mesh-vpn-fastd' or _'mesh-vpn-tunneldigger'), {
'gluon-config-mode-mesh-vpn',
})

2
package/gluon-alfred/Makefile
View File

@ -1,6 +1,8 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=gluon-alfred
PKG_VERSION:=1
PKG_RELEASE:=1
include ../gluon.mk

1
package/gluon-authorized-keys/Makefile
View File

@ -1,6 +1,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=gluon-authorized-keys
PKG_VERSION:=2
include ../gluon.mk

Some files were not shown because too many files have changed in this diff Show More