OpenWrt/kenzok8-package
1
0
Fork 0
mirror of https://github.com/kenzok8/small-package synced 2025-04-04 03:01:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

update 2025-01-09 19:54:09

Browse Source
This commit is contained in:
kenzok8 2025-01-09 19:54:09 +08:00
parent a74b68a601
commit c83c93b101
127 changed files with 7931 additions and 3560 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
base-files/Makefile
View File

@ -39,10 +39,14 @@ endif
define Package/base-files
SECTION:=base
CATEGORY:=Base system
DEPENDS:=+netifd +libc +jsonfilter +SIGNED_PACKAGES:usign +SIGNED_PACKAGES:openwrt-keyring +NAND_SUPPORT:ubi-utils +fstools +fwtool
DEPENDS:= \
+netifd +libc +jsonfilter +SIGNED_PACKAGES:usign +SIGNED_PACKAGES:openwrt-keyring \
+NAND_SUPPORT:ubi-utils +fstools +fwtool \
+SELINUX:procd-selinux +!SELINUX:procd +USE_SECCOMP:procd-seccomp \
+SELINUX:busybox-selinux +!SELINUX:busybox
TITLE:=Base filesystem for OpenWrt
URL:=http://openwrt.org/
VERSION:=$(PKG_RELEASE)-$(REVISION)
VERSION:=$(PKG_RELEASE)~$(lastword $(subst -, ,$(REVISION)))
endef
define Package/base-files/conffiles
@ -77,7 +81,7 @@ endef
define ImageConfigOptions
mkdir -p $(1)/lib/preinit
echo 'pi_suppress_stderr="$(CONFIG_TARGET_PREINIT_SUPPRESS_STDERR)"' >$(1)/lib/preinit/00_preinit.conf
echo 'fs_failsafe_wait_timeout=$(if $(CONFIG_TARGET_PREINIT_TIMEOUT),$(CONFIG_TARGET_PREINIT_TIMEOUT),2)' >>$(1)/lib/preinit/00_preinit.conf
echo 'fs_failsafe_wait_timeout=$(if $(CONFIG_TARGET_PREINIT_TIMEOUT),$(CONFIG_TARGET_PREINIT_TIMEOUT),4)' >>$(1)/lib/preinit/00_preinit.conf
echo 'pi_init_path="$(TARGET_INIT_PATH)"' >>$(1)/lib/preinit/00_preinit.conf
echo 'pi_init_env=$(if $(CONFIG_TARGET_INIT_ENV),$(CONFIG_TARGET_INIT_ENV),"")' >>$(1)/lib/preinit/00_preinit.conf
echo 'pi_init_cmd=$(if $(CONFIG_TARGET_INIT_CMD),$(CONFIG_TARGET_INIT_CMD),"/sbin/init")' >>$(1)/lib/preinit/00_preinit.conf
@ -108,11 +112,22 @@ define Build/Prepare
mkdir -p $(PKG_BUILD_DIR)
endef
define Build/Quilt
endef
define Build/Compile/Default
endef
Build/Compile = $(Build/Compile/Default)
ifneq ($(CONFIG_USE_APK),)
ifndef CONFIG_BUILDBOT
define Package/base-files/install-key
mkdir -p $(1)/etc/apk/keys
$(CP) $(BUILD_KEY_APK_PUB) $(1)/etc/apk/keys/
endef
endif
else
ifdef CONFIG_SIGNED_PACKAGES
define Build/Configure
[ -s $(BUILD_KEY) -a -s $(BUILD_KEY).pub ] || \
@ -127,10 +142,10 @@ ifndef CONFIG_BUILDBOT
define Package/base-files/install-key
mkdir -p $(1)/etc/opkg/keys
$(CP) $(BUILD_KEY).pub $(1)/etc/opkg/keys/`$(STAGING_DIR_HOST)/bin/usign -F -p $(BUILD_KEY).pub`
endef
endif
endif
endif
ifeq ($(CONFIG_NAND_SUPPORT),)
define Package/base-files/nand-support
@ -196,7 +211,8 @@ define Package/base-files/install
$(1)/usr/lib \
$(1)/usr/bin \
$(1)/sys \
$(1)/www \
$(1)/www
mkdir -p -m 750 \
$(1)/root
$(LN) /proc/mounts $(1)/etc/mtab
@ -230,15 +246,24 @@ endif
cat $(BIN_DIR)/feeds.buildinfo >>$(1)/etc/build.feeds; \
cat $(BIN_DIR)/version.buildinfo >>$(1)/etc/build.version)
$(if $(CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE), \
rm -f $(1)/etc/banner.failsafe,)
ifneq ($(CONFIG_USE_APK),)
mkdir -p $(1)/etc/apk/
$(call FeedSourcesAppendAPK,$(1)/etc/apk/repositories)
$(VERSION_SED_SCRIPT) $(1)/etc/apk/repositories
rm -f $(1)/etc/uci-defaults/13_fix-group-user
rm -f $(1)/sbin/pkg_check
else
$(if $(CONFIG_CLEAN_IPKG),, \
mkdir -p $(1)/etc/opkg; \
$(call FeedSourcesAppend,$(1)/etc/opkg/distfeeds.conf); \
$(call FeedSourcesAppendOPKG,$(1)/etc/opkg/distfeeds.conf); \
$(VERSION_SED_SCRIPT) $(1)/etc/opkg/distfeeds.conf)
$(if $(CONFIG_IPK_FILES_CHECKSUMS),, \
rm -f $(1)/sbin/pkg_check)
$(if $(CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE), \
rm -f $(1)/etc/banner.failsafe,)
endif
endef
ifneq ($(DUMP),1)

7
base-files/files/bin/config_generate
View File

@ -314,7 +314,7 @@ generate_static_system() {
set system.@system[-1].hostname='OpenWrt'
set system.@system[-1].timezone='UTC'
set system.@system[-1].ttylogin='0'
set system.@system[-1].log_size='64'
set system.@system[-1].log_size='128'
set system.@system[-1].urandom_seed='0'
delete system.ntp
@ -341,6 +341,11 @@ generate_static_system() {
uci -q set "system.@system[-1].compat_version=1.0"
fi
local timezone
if json_get_var timezone timezone; then
uci -q set "system.@system[-1].timezone=$timezone"
fi
if json_is_a ntpserver array; then
local keys key
json_get_keys keys ntpserver

199
base-files/files/bin/ipcalc.sh
View File

@ -1,88 +1,143 @@
#!/usr/bin/awk -f
#!/bin/sh
function bitcount(c) {
c=and(rshift(c, 1),0x55555555)+and(c,0x55555555)
c=and(rshift(c, 2),0x33333333)+and(c,0x33333333)
c=and(rshift(c, 4),0x0f0f0f0f)+and(c,0x0f0f0f0f)
c=and(rshift(c, 8),0x00ff00ff)+and(c,0x00ff00ff)
c=and(rshift(c,16),0x0000ffff)+and(c,0x0000ffff)
return c
. /lib/functions/ipv4.sh
PROG="$(basename "$0")"
# wrapper to convert an integer to an address, unless we're using
# decimal output format.
# hook for library function
_ip2str() {
local var="$1" n="$2"
assert_uint32 "$n" || exit 1
if [ "$decimal" -ne 0 ]; then
export -- "$var=$n"
elif [ "$hexadecimal" -ne 0 ]; then
export -- "$var=$(printf "%x" "$n")"
else
ip2str "$@"
fi
}
function ip2int(ip) {
ret=0
n=split(ip,a,"\\.")
for (x=1;x<=n;x++)
ret=or(lshift(ret,8),a[x])
return ret
usage() {
echo "Usage: $PROG [ -d | -x ] address/prefix [ start limit ]" >&2
exit 1
}
function int2ip(ip,ret,x) {
ret=and(ip,255)
ip=rshift(ip,8)
for(;x<3;x++) {
ret=and(ip,255)"."ret
ip=rshift(ip,8)
}
return ret
}
decimal=0
hexadecimal=0
if [ "$1" = "-d" ]; then
decimal=1
shift
elif [ "$1" = "-x" ]; then
hexadecimal=1
shift
fi
function compl32(v) {
ret=xor(v, 0xffffffff)
return ret
}
if [ $# -eq 0 ]; then
usage
fi
BEGIN {
slpos=index(ARGV[1],"/")
if (slpos == 0) {
ipaddr=ip2int(ARGV[1])
dotpos=index(ARGV[2],".")
if (dotpos == 0)
netmask=compl32(2**(32-int(ARGV[2]))-1)
else
netmask=ip2int(ARGV[2])
} else {
ipaddr=ip2int(substr(ARGV[1],0,slpos-1))
netmask=compl32(2**(32-int(substr(ARGV[1],slpos+1)))-1)
ARGV[4]=ARGV[3]
ARGV[3]=ARGV[2]
}
case "$1" in
*/*.*)
# data is n.n.n.n/m.m.m.m format, like on a Cisco router
str2ip ipaddr "${1%/*}" || exit 1
str2ip netmask "${1#*/}" || exit 1
netmask2prefix prefix "$netmask" || exit 1
shift
;;
*/*)
# more modern prefix notation of n.n.n.n/p
str2ip ipaddr "${1%/*}" || exit 1
prefix="${1#*/}"
assert_uint32 "$prefix" || exit 1
if [ "$prefix" -gt 32 ]; then
printf "Prefix out of range (%s)\n" "$prefix" >&2
exit 1
fi
prefix2netmask netmask "$prefix" || exit 1
shift
;;
*)
# address and netmask as two separate arguments
str2ip ipaddr "$1" || exit 1
str2ip netmask "$2" || exit 1
netmask2prefix prefix "$netmask" || exit 1
shift 2
;;
esac
network=and(ipaddr,netmask)
prefix=32-bitcount(compl32(netmask))
broadcast=or(network,compl32(netmask))
# we either have no arguments left, or we have a range start and length
if [ $# -ne 0 ] && [ $# -ne 2 ]; then
usage
fi
print "IP="int2ip(ipaddr)
print "NETMASK="int2ip(netmask)
print "BROADCAST="int2ip(broadcast)
print "NETWORK="int2ip(network)
print "PREFIX="prefix
# complement of the netmask, i.e. the hostmask
hostmask=$((netmask ^ 0xffffffff))
network=$((ipaddr & netmask))
broadcast=$((network | hostmask))
count=$((hostmask + 1))
# range calculations:
# ipcalc <ip> <netmask> <start> <num>
_ip2str IP "$ipaddr"
_ip2str NETMASK "$netmask"
_ip2str NETWORK "$network"
if (ARGC <= 3)
exit(0)
echo "IP=$IP"
echo "NETMASK=$NETMASK"
# don't include this-network or broadcast addresses
if [ "$prefix" -le 30 ]; then
_ip2str BROADCAST "$broadcast"
echo "BROADCAST=$BROADCAST"
fi
echo "NETWORK=$NETWORK"
echo "PREFIX=$prefix"
echo "COUNT=$count"
start=or(network,and(ip2int(ARGV[3]),compl32(netmask)))
limit=network+1
if (start<limit) start=limit
if (start==ipaddr) start=ipaddr+1
# if there's no range, we're done
[ $# -eq 0 ] && exit 0
[ -z "$1$2" ] && exit 0
end=start+ARGV[4]
limit=or(network,compl32(netmask))-1
if (end>limit) end=limit
if (end==ipaddr) end=ipaddr-1
if [ "$prefix" -le 30 ]; then
lower=$((network + 1))
else
lower="$network"
fi
if (start>end) {
print "network ("int2ip(network)"/"prefix") too small" > "/dev/stderr"
exit(1)
}
start="$1"
assert_uint32 "$start" || exit 1
start=$((network | (start & hostmask)))
[ "$start" -lt "$lower" ] && start="$lower"
[ "$start" -eq "$ipaddr" ] && start=$((start + 1))
if (ipaddr > start && ipaddr < end) {
print "warning: ipaddr inside range - this might not be supported in future releases of Openwrt" > "/dev/stderr"
}
if [ "$prefix" -le 30 ]; then
upper=$(((network | hostmask) - 1))
elif [ "$prefix" -eq 31 ]; then
upper=$((network | hostmask))
else
upper="$network"
fi
print "START="int2ip(start)
print "END="int2ip(end)
}
range="$2"
assert_uint32 "$range" || exit 1
end=$((start + range - 1))
[ "$end" -gt "$upper" ] && end="$upper"
[ "$end" -eq "$ipaddr" ] && end=$((end - 1))
if [ "$start" -gt "$end" ]; then
echo "network ($NETWORK/$prefix) too small" >&2
exit 1
fi
_ip2str START "$start"
_ip2str END "$end"
if [ "$start" -le "$ipaddr" ] && [ "$ipaddr" -le "$end" ]; then
echo "error: address $IP inside range $START..$END" >&2
exit 1
fi
echo "START=$START"
echo "END=$END"
exit 0

3
base-files/files/etc/hotplug.d/leds/00-init Normal file
View File

@ -0,0 +1,3 @@
#!/bin/sh
[ "$ACTION" = "add" ] && /etc/init.d/led start "$DEVICENAME"

12
base-files/files/etc/init.d/boot
View File

@ -10,7 +10,6 @@ uci_apply_defaults() {
cd /etc/uci-defaults || return 0
files="$(ls)"
[ -z "$files" ] && return 0
mkdir -p /tmp/.uci
for file in $files; do
( . "./$(basename $file)" ) && rm -f "$file"
done
@ -25,6 +24,8 @@ boot() {
chmod 1777 /var/lock
mkdir -p /var/log
mkdir -p /var/run
ln -s /var/run /run
ln -s /var/lock /run/lock
mkdir -p /var/state
mkdir -p /var/tmp
mkdir -p /tmp/.uci
@ -34,11 +35,12 @@ boot() {
mkdir -p /tmp/resolv.conf.d
touch /tmp/resolv.conf.d/resolv.conf.auto
ln -sf /tmp/resolv.conf.d/resolv.conf.auto /tmp/resolv.conf
grep -q debugfs /proc/filesystems && /bin/mount -o noatime -t debugfs debugfs /sys/kernel/debug
grep -q debugfs /proc/filesystems && /bin/mount -o nosuid,nodev,noexec,noatime -t debugfs debugfs /sys/kernel/debug
grep -q bpf /proc/filesystems && /bin/mount -o nosuid,nodev,noexec,noatime,mode=0700 -t bpf bpffs /sys/fs/bpf
grep -q pstore /proc/filesystems && /bin/mount -o noatime -t pstore pstore /sys/fs/pstore
grep -q pstore /proc/filesystems && /bin/mount -o nosuid,nodev,noexec,noatime -t pstore pstore /sys/fs/pstore
[ "$FAILSAFE" = "true" ] && touch /tmp/.failsafe
touch /tmp/.config_pending
/sbin/kmodloader
[ ! -f /etc/config/wireless ] && {
@ -46,7 +48,11 @@ boot() {
sleep 1
}
mkdir -p /tmp/.uci
[ -f /etc/uci-defaults/30_uboot-envtools ] && (. /etc/uci-defaults/30_uboot-envtools)
/bin/config_generate
rm -f /tmp/.config_pending
/sbin/wifi config
uci_apply_defaults
sync

71
base-files/files/etc/init.d/led
View File

@ -3,6 +3,39 @@
START=96
led_color_set() {
local cfg="$1"
local sysfs="$2"
local max_b
local colors
local color
local multi_intensity
local value
local write
[ -e /sys/class/leds/${sysfs}/multi_intensity ] || return
[ -e /sys/class/leds/${sysfs}/multi_index ] || return
max_b="$(cat /sys/class/leds/${sysfs}/max_brightness)"
colors="$(cat /sys/class/leds/${sysfs}/multi_index | tr " " "\n")"
multi_intensity=""
for color in $colors; do
config_get value $1 "color_${color}" "0"
[ "$value" -gt 0 ] && write=1
[ "$value" -gt "$max_b" ] && value="$max_b"
multi_intensity="${multi_intensity}${value} "
done
# Check if any color is configured
[ "$write" = 1 ] || return
# Remove last whitespace
multi_intensity="${multi_intensity:0:-1}"
echo "setting '${name}' led color to '${multi_intensity}'"
echo "${multi_intensity}" > /sys/class/leds/${sysfs}/multi_intensity
}
load_led() {
local name
local sysfs
@ -31,6 +64,8 @@ load_led() {
config_get gpio $1 gpio "0"
config_get_bool inverted $1 inverted "0"
[ "$2" ] && [ "$sysfs" != "$2" ] && return
# execute application led trigger
[ -f "/usr/libexec/led-trigger/${trigger}" ] && {
. "/usr/libexec/led-trigger/${trigger}"
@ -49,21 +84,29 @@ load_led() {
[ -e /sys/class/leds/${sysfs}/brightness ] && {
echo "setting up led ${name}"
printf "%s %s %d\n" \
printf "%s %s %d" \
"$sysfs" \
"$(sed -ne 's/^.*\[\(.*\)\].*$/\1/p' /sys/class/leds/${sysfs}/trigger)" \
"$(cat /sys/class/leds/${sysfs}/brightness)" \
>> /var/run/led.state
# Save default color if supported
[ -e /sys/class/leds/${sysfs}/multi_intensity ] && {
printf " %s" \
"$(sed 's/\ /:/g' /sys/class/leds/${sysfs}/multi_intensity)" \
>> /var/run/led.state
}
printf "\n" >> /var/run/led.state
[ "$default" = 0 ] &&
echo 0 >/sys/class/leds/${sysfs}/brightness
echo $trigger > /sys/class/leds/${sysfs}/trigger 2> /dev/null
ret="$?"
[ $default = 1 ] &&
cat /sys/class/leds/${sysfs}/max_brightness > /sys/class/leds/${sysfs}/brightness
led_color_set "$1" "$sysfs"
echo $trigger > /sys/class/leds/${sysfs}/trigger 2> /dev/null
ret="$?"
[ $ret = 0 ] || {
echo >&2 "Skipping trigger '$trigger' for led '$name' due to missing kernel module"
return 1
@ -80,7 +123,7 @@ load_led() {
[ -e "/sys/class/leds/${sysfs}/$m" ] && \
echo 1 > /sys/class/leds/${sysfs}/$m
done
echo $interval > /sys/class/leds/${sysfs}/interval
echo $interval > /sys/class/leds/${sysfs}/interval 2>/dev/null
}
;;
@ -128,18 +171,28 @@ load_led() {
start() {
[ -e /sys/class/leds/ ] && {
[ -s /var/run/led.state ] && {
local led trigger brightness
while read led trigger brightness; do
local led trigger brightness color
while read led trigger brightness color; do
[ "$1" ] && [ "$1" != "$led" ] && continue
[ -e "/sys/class/leds/$led/trigger" ] && \
echo "$trigger" > "/sys/class/leds/$led/trigger"
[ -e "/sys/class/leds/$led/brightness" ] && \
echo "$brightness" > "/sys/class/leds/$led/brightness"
[ -e "/sys/class/leds/$led/multi_intensity" ] && \
echo "$color" | sed 's/:/\ /g' > \
"/sys/class/leds/$led/multi_intensity"
done < /var/run/led.state
rm /var/run/led.state
if [ "$1" ]; then
grep -v "^$1 " /var/run/led.state > /var/run/led.state.new
mv /var/run/led.state.new /var/run/led.state
else
rm /var/run/led.state
fi
}
config_load system
config_foreach load_led led
config_foreach load_led led "$1"
}
}

4
base-files/files/etc/rc.common
View File

@ -100,10 +100,6 @@ service_triggers() {
return 0
}
service_data() {
return 0
}
service_running() {
local instance="${1:-*}"

3
base-files/files/etc/sysctl.conf
View File

@ -1 +1,2 @@
# Defaults are configured in /etc/sysctl.d/* and can be customized in this file
# User defined entries should be added to this file not to /etc/sysctl.d/* as
# that directory is not backed-up by default and will not survive a reimage

49
base-files/files/etc/uci-defaults/11_network-migrate-bridges Normal file
View File

@ -0,0 +1,49 @@
. /lib/functions.sh
migrate_ports() {
local config="$1"
local type ports ifname
config_get type "$config" type
[ "$type" != "bridge" ] && return
config_get ports "$config" ports
[ -n "$ports" ] && return
config_get ifname "$config" ifname
[ -z "$ifname" ] && return
for port in $ifname; do
uci add_list network.$config.ports="$port"
done
uci delete network.$config.ifname
}
migrate_bridge() {
local config="$1"
local type ifname
config_get type "$config" type
[ "$type" != "bridge" ] && return
config_get ifname "$config" ifname
uci -q batch <<-EOF
add network device
set network.@device[-1].name='br-$config'
set network.@device[-1].type='bridge'
EOF
for port in $ifname; do
uci add_list network.@device[-1].ports="$port"
done
uci -q batch <<-EOF
delete network.$config.type
delete network.$config.ifname
set network.$config.device='br-$config'
EOF
}
config_load network
config_foreach migrate_ports device
config_foreach migrate_bridge interface

6
base-files/files/etc/uci-defaults/12_network-generate-ula
View File

@ -1,11 +1,7 @@
[ "$(uci -q get network.globals.ula_prefix)" != "auto" ] && exit 0
r1=$(dd if=/dev/urandom bs=1 count=1 |hexdump -e '1/1 "%02x"')
r2=$(dd if=/dev/urandom bs=2 count=1 |hexdump -e '2/1 "%02x"')
r3=$(dd if=/dev/urandom bs=2 count=1 |hexdump -e '2/1 "%02x"')
uci -q batch <<-EOF >/dev/null
set network.globals.ula_prefix=fd$r1:$r2:$r3::/48
set network.globals.ula_prefix="$(hexdump -vn 5 -e '"fd" 1/1 "%02x:" 2/2 "%x:"' /dev/urandom):/48"
commit network
EOF

3
base-files/files/etc/uci-defaults/13_fix-group-user
View File

@ -1,5 +1,8 @@
. /lib/functions.sh
# Skip if we don't have /usr/lib/opkg/info (APK installation)
[ -d /usr/lib/opkg/info ] || exit 0
for file in $(grep -sl Require-User /usr/lib/opkg/info/*.control); do
file="${file##*/}"
file="${file%.control}"

18
base-files/files/etc/uci-defaults/50-root-passwd Normal file
View File

@ -0,0 +1,18 @@
. /usr/share/libubox/jshn.sh
json_init
json_load "$(cat /etc/board.json)"
if json_is_a credentials object; then
json_select credentials
json_get_vars root_password_hash root_password_hash
if [ -n "$root_password_hash" ]; then
sed -i "s|^root:[^:]*|root:$root_password_hash|g" /etc/shadow
fi
json_get_vars root_password_plain root_password_plain
if [ -n "$root_password_plain" ]; then
(echo "$root_password_plain"; sleep 1; echo "$root_password_plain") | passwd root
fi
json_select ..
fi

116
base-files/files/lib/functions.sh
View File

@ -32,6 +32,30 @@ xor() {
printf "%0${retlen}x" "$ret"
}
data_2bin() {
local data=$1
local len=${#1}
local bin_data
for i in $(seq 0 2 $(($len - 1))); do
bin_data="${bin_data}\x${data:i:2}"
done
echo -ne $bin_data
}
data_2xor_val() {
local data=$1
local len=${#1}
local xor_data
for i in $(seq 0 4 $(($len - 1))); do
xor_data="${xor_data}${data:i:4} "
done
echo -n ${xor_data:0:-1}
}
append() {
local var="$1"
local value="$2"
@ -40,6 +64,14 @@ append() {
eval "export ${NO_EXPORT:+-n} -- \"$var=\${$var:+\${$var}\${value:+\$sep}}\$value\""
}
prepend() {
local var="$1"
local value="$2"
local sep="${3:- }"
eval "export ${NO_EXPORT:+-n} -- \"$var=\$value\${$var:+\${sep}\${$var}}\""
}
list_contains() {
local var="$1"
local str="$2"
@ -179,8 +211,10 @@ config_list_foreach() {
default_prerm() {
local root="${IPKG_INSTROOT}"
local pkgname="$(basename ${1%.*})"
[ -z "$pkgname" ] && local pkgname="$(basename ${1%.*})"
local ret=0
local filelist="${root}/usr/lib/opkg/info/${pkgname}.list"
[ -f "$root/lib/apk/packages/${pkgname}.list" ] && filelist="$root/lib/apk/packages/${pkgname}.list"
if [ -f "$root/usr/lib/opkg/info/${pkgname}.prerm-pkg" ]; then
( . "$root/usr/lib/opkg/info/${pkgname}.prerm-pkg" )
@ -188,7 +222,7 @@ default_prerm() {
fi
local shell="$(command -v bash)"
for i in $(grep -s "^/etc/init.d/" "$root/usr/lib/opkg/info/${pkgname}.list"); do
for i in $(grep -s "^/etc/init.d/" "$filelist"); do
if [ -n "$root" ]; then
${shell:-/bin/sh} "$root/etc/rc.common" "$root$i" disable
else
@ -203,8 +237,11 @@ default_prerm() {
}
add_group_and_user() {
local pkgname="$1"
[ -z "$pkgname" ] && local pkgname="$(basename ${1%.*})"
local rusers="$(sed -ne 's/^Require-User: *//p' $root/usr/lib/opkg/info/${pkgname}.control 2>/dev/null)"
if [ -f "$root/lib/apk/packages/${pkgname}.rusers" ]; then
local rusers="$(cat $root/lib/apk/packages/${pkgname}.rusers)"
fi
if [ -n "$rusers" ]; then
local tuple oIFS="$IFS"
@ -254,13 +291,71 @@ add_group_and_user() {
fi
}
update_alternatives() {
local root="${IPKG_INSTROOT}"
local action="$1"
local pkgname="$2"
if [ -f "$root/lib/apk/packages/${pkgname}.alternatives" ]; then
for pkg_alt in $(cat $root/lib/apk/packages/${pkgname}.alternatives); do
local best_prio=0;
local best_src="/bin/busybox";
pkg_prio=${pkg_alt%%:*};
pkg_target=${pkg_alt#*:};
pkg_target=${pkg_target%:*};
pkg_src=${pkg_alt##*:};
if [ -e "$root/$target" ]; then
for alts in $root/lib/apk/packages/*.alternatives; do
for alt in $(cat $alts); do
prio=${alt%%:*};
target=${alt#*:};
target=${target%:*};
src=${alt##*:};
if [ "$target" = "$pkg_target" ] &&
[ "$src" != "$pkg_src" ] &&
[ "$best_prio" -lt "$prio" ]; then
best_prio=$prio;
best_src=$src;
fi
done
done
fi
case "$action" in
install)
if [ "$best_prio" -lt "$pkg_prio" ]; then
ln -sf "$pkg_src" "$root/$pkg_target"
echo "add alternative: $pkg_target -> $pkg_src"
fi
;;
remove)
if [ "$best_prio" -lt "$pkg_prio" ]; then
ln -sf "$best_src" "$root/$pkg_target"
echo "add alternative: $pkg_target -> $best_src"
fi
;;
esac
done
fi
}
default_postinst() {
local root="${IPKG_INSTROOT}"
local pkgname="$(basename ${1%.*})"
local filelist="/usr/lib/opkg/info/${pkgname}.list"
[ -z "$pkgname" ] && local pkgname="$(basename ${1%.*})"
local filelist="${root}/usr/lib/opkg/info/${pkgname}.list"
[ -f "$root/lib/apk/packages/${pkgname}.list" ] && filelist="$root/lib/apk/packages/${pkgname}.list"
local ret=0
add_group_and_user "${pkgname}"
if [ -e "${root}/usr/lib/opkg/info/${pkgname}.list" ]; then
filelist="${root}/usr/lib/opkg/info/${pkgname}.list"
add_group_and_user "${pkgname}"
fi
if [ -e "${root}/lib/apk/packages/${pkgname}.list" ]; then
filelist="${root}/lib/apk/packages/${pkgname}.list"
update_alternatives install "${pkgname}"
fi
if [ -d "$root/rootfs-overlay" ]; then
cp -R $root/rootfs-overlay/. $root/
@ -293,7 +388,7 @@ default_postinst() {
fi
local shell="$(command -v bash)"
for i in $(grep -s "^/etc/init.d/" "$root$filelist"); do
for i in $(grep -s "^/etc/init.d/" "$filelist"); do
if [ -n "$root" ]; then
${shell:-/bin/sh} "$root/etc/rc.common" "$root$i" enable
else
@ -315,6 +410,11 @@ include() {
done
}
ipcalc() {
set -- $(ipcalc.sh "$@")
[ $? -eq 0 ] && export -- "$@"
}
find_mtd_index() {
local PART="$(grep "\"$1\"" /proc/mtd | awk -F: '{print $1}')"
local INDEX="${PART##mtd}"
@ -433,4 +533,4 @@ cmdline_get_var() {
done
}
[ -z "$IPKG_INSTROOT" ] && [ -f /lib/config/uci.sh ] && . /lib/config/uci.sh
[ -z "$IPKG_INSTROOT" ] && [ -f /lib/config/uci.sh ] && . /lib/config/uci.sh || true

100
base-files/files/lib/functions/caldata.sh
View File

@ -70,7 +70,7 @@ caldata_extract_reverse() {
local caldata
mtd=$(find_mtd_chardev "$part")
reversed=$(hexdump -v -s $offset -n $count -e '/1 "%02x "' $mtd)
reversed=$(hexdump -v -s $offset -n $count -e '1/1 "%02x "' $mtd)
for byte in $reversed; do
caldata="\x${byte}${caldata}"
@ -122,49 +122,43 @@ caldata_valid() {
return $?
}
caldata_patch_chksum() {
local mac=$1
local mac_offset=$(($2))
caldata_patch_data() {
local data=$1
local data_count=$((${#1} / 2))
local data_offset=$(($2))
local chksum_offset=$(($3))
local target=$4
local xor_mac
local xor_fw_mac
local xor_fw_chksum
local fw_data
local fw_chksum
xor_mac=${mac//:/}
xor_mac="${xor_mac:0:4} ${xor_mac:4:4} ${xor_mac:8:4}"
xor_fw_mac=$(hexdump -v -n 6 -s $mac_offset -e '/1 "%02x"' /lib/firmware/$FIRMWARE)
xor_fw_mac="${xor_fw_mac:0:4} ${xor_fw_mac:4:4} ${xor_fw_mac:8:4}"
xor_fw_chksum=$(hexdump -v -n 2 -s $chksum_offset -e '/1 "%02x"' /lib/firmware/$FIRMWARE)
xor_fw_chksum=$(xor $xor_fw_chksum $xor_fw_mac $xor_mac)
printf "%b" "\x${xor_fw_chksum:0:2}\x${xor_fw_chksum:2:2}" | \
dd of=$target conv=notrunc bs=1 seek=$chksum_offset count=2
}
caldata_patch_mac() {
local mac=$1
local mac_offset=$(($2))
local chksum_offset=$3
local target=$4
[ -z "$mac" -o -z "$mac_offset" ] && return
[ -z "$data" -o -z "$data_offset" ] && return
[ -n "$target" ] || target=/lib/firmware/$FIRMWARE
[ -n "$chksum_offset" ] && caldata_patch_chksum "$mac" "$mac_offset" "$chksum_offset" "$target"
fw_data=$(hexdump -v -n $data_count -s $data_offset -e '1/1 "%02x"' $target)
macaddr_2bin $mac | dd of=$target conv=notrunc oflag=seek_bytes bs=6 seek=$mac_offset count=1 || \
caldata_die "failed to write MAC address to eeprom file"
if [ "$data" != "$fw_data" ]; then
if [ -n "$chksum_offset" ]; then
fw_chksum=$(hexdump -v -n 2 -s $chksum_offset -e '1/1 "%02x"' $target)
fw_chksum=$(xor $fw_chksum $(data_2xor_val $fw_data) $(data_2xor_val $data))
data_2bin $fw_chksum | \
dd of=$target conv=notrunc bs=1 seek=$chksum_offset count=2 || \
caldata_die "failed to write chksum to eeprom file"
fi
data_2bin $data | \
dd of=$target conv=notrunc bs=1 seek=$data_offset count=$data_count || \
caldata_die "failed to write data to eeprom file"
fi
}
ath9k_patch_mac() {
local mac=$1
local target=$2
caldata_patch_mac "$mac" 0x2 "" "$target"
caldata_patch_data "${mac//:/}" 0x2 "" "$target"
}
ath9k_patch_mac_crc() {
@ -173,12 +167,52 @@ ath9k_patch_mac_crc() {
local chksum_offset=$((mac_offset - 10))
local target=$4
caldata_patch_mac "$mac" "$mac_offset" "$chksum_offset" "$target"
caldata_patch_data "${mac//:/}" "$mac_offset" "$chksum_offset" "$target"
}
ath10k_patch_mac() {
local mac=$1
local target=$2
caldata_patch_mac "$mac" 0x6 0x2 "$target"
caldata_patch_data "${mac//:/}" 0x6 0x2 "$target"
}
ath11k_patch_mac() {
local mac=$1
# mac_id from 0 to 5
local mac_id=$2
local target=$3
[ -z "$mac_id" ] && return
caldata_patch_data "${mac//:/}" $(printf "0x%x" $(($mac_id * 0x6 + 0xe))) 0xa "$target"
}
ath10k_remove_regdomain() {
local target=$1
caldata_patch_data "0000" 0xc 0x2 "$target"
}
ath11k_remove_regdomain() {
local target=$1
local regdomain
local regdomain_data
regdomain=$(hexdump -v -n 2 -s 0x34 -e '1/1 "%02x"' $target)
caldata_patch_data "0000" 0x34 0xa "$target"
for offset in 0x450 0x458 0x500 0x5a8; do
regdomain_data=$(hexdump -v -n 2 -s $offset -e '1/1 "%02x"' $target)
if [ "$regdomain" == "$regdomain_data" ]; then
caldata_patch_data "0000" $offset 0xa "$target"
fi
done
}
ath11k_set_macflag() {
local target=$1
caldata_patch_data "0100" 0x3e 0xa "$target"
}

268
base-files/files/lib/functions/ipv4.sh Normal file
View File

@ -0,0 +1,268 @@
uint_max=4294967295
d_10_0_0_0=167772160
d_10_255_255_255=184549375
d_172_16_0_0=2886729728
d_172_31_255_255=2887778303
d_192_168_0_0=3232235520
d_192_168_255_255=3232301055
d_169_254_0_0=2851995648
d_169_254_255_255=2852061183
d_127_0_0_0=2130706432
d_127_255_255_255=2147483647
d_224_0_0_0=3758096384
d_239_255_255_255=4026531839
# check that $1 is only base 10 digits, and that it doesn't
# exceed 2^32-1
assert_uint32() {
local __n="$1"
if [ -z "$__n" -o -n "${__n//[0-9]/}" ]; then
printf "Not a decimal integer (%s)\n" "$__n ">&2
return 1
fi
if [ "$__n" -gt $uint_max ]; then
printf "Out of range (%s)\n" "$__n" >&2
return 1
fi
if [ "$((__n + 0))" != "$__n" ]; then
printf "Not normalized notation (%s)\n" "$__n" >&2
return 1
fi
return 0
}
# return a count of the number of bits set in $1
bitcount() {
local __var="$1" __c="$2"
assert_uint32 "$__c" || return 1
__c=$((((__c >> 1) & 0x55555555) + (__c & 0x55555555)))
__c=$((((__c >> 2) & 0x33333333) + (__c & 0x33333333)))
__c=$((((__c >> 4) & 0x0f0f0f0f) + (__c & 0x0f0f0f0f)))
__c=$((((__c >> 8) & 0x00ff00ff) + (__c & 0x00ff00ff)))
__c=$((((__c >> 16) & 0x0000ffff) + (__c & 0x0000ffff)))
export -- "$__var=$__c"
}
# tedious but portable with busybox's limited shell
# we check each octet to be in the range of 0..255,
# and also make sure there's no extaneous characters.
str2ip() {
local __var="$1" __ip="$2" __n __val=0
case "$__ip" in
[0-9].*)
__n="${__ip:0:1}"
__ip="${__ip:2}"
;;
[1-9][0-9].*)
__n="${__ip:0:2}"
__ip="${__ip:3}"
;;
1[0-9][0-9].*|2[0-4][0-9].*|25[0-5].*)
__n="${__ip:0:3}"
__ip="${__ip:4}"
;;
*)
printf "Not a dotted quad (%s)\n" "$2" >&2
return 1
;;
esac
__val=$((__n << 24))
case "$__ip" in
[0-9].*)
__n="${__ip:0:1}"
__ip="${__ip:2}"
;;
[1-9][0-9].*)
__n="${__ip:0:2}"
__ip="${__ip:3}"
;;
1[0-9][0-9].*|2[0-4][0-9].*|25[0-5].*)
__n="${__ip:0:3}"
__ip="${__ip:4}"
;;
*)
printf "Not a dotted quad (%s)\n" "$2" >&2
return 1
;;
esac
__val=$((__val + (__n << 16)))
case "$__ip" in
[0-9].*)
__n="${__ip:0:1}"
__ip="${__ip:2}"
;;
[1-9][0-9].*)
__n="${__ip:0:2}"
__ip="${__ip:3}"
;;
1[0-9][0-9].*|2[0-4][0-9].*|25[0-5].*)
__n="${__ip:0:3}"
__ip="${__ip:4}"
;;
*)
printf "Not a dotted quad (%s)\n" "$2" >&2
return 1
;;
esac
__val=$((__val + (__n << 8)))
case "$__ip" in
[0-9])
__n="${__ip:0:1}"
__ip="${__ip:1}"
;;
[1-9][0-9])
__n="${__ip:0:2}"
__ip="${__ip:2}"
;;
1[0-9][0-9]|2[0-4][0-9]|25[0-5])
__n="${__ip:0:3}"
__ip="${__ip:3}"
;;
*)
printf "Not a dotted quad (%s)\n" "$2" >&2
return 1
;;
esac
__val=$((__val + __n))
if [ -n "$__ip" ]; then
printf "Not a dotted quad (%s)\n" "$2" >&2
return 1
fi
export -- "$__var=$__val"
return 0
}
# convert back from an integer to dotted-quad.
ip2str() {
local __var="$1" __n="$2"
assert_uint32 "$__n" || return 1
export -- "$__var=$((__n >> 24)).$(((__n >> 16) & 255)).$(((__n >> 8) & 255)).$((__n & 255))"
}
# convert prefix into an integer bitmask
prefix2netmask() {
local __var="$1" __n="$2"
assert_uint32 "$__n" || return 1
if [ "$__n" -gt 32 ]; then
printf "Prefix out-of-range (%s)" "$__n" >&2
return 1
fi
export -- "$__var=$(((~(uint_max >> __n)) & uint_max))"
}
_is_contiguous() {
local __x="$1" # no checking done
local __y=$((~__x & uint_max))
local __z=$(((__y + 1) & uint_max))
[ $((__z & __y)) -eq 0 ]
}
# check argument as being contiguous upper bits (and yes,
# 0 doesn't have any discontiguous bits).
is_contiguous() {
local __var="$1" __x="$2" __val=0
assert_uint32 "$__x" || return 1
local __y=$((~__x & uint_max))
local __z=$(((__y + 1) & uint_max))
[ $((__z & __y)) -eq 0 ] && __val=1
export -- "$__var=$__val"
}
# convert mask to prefix, validating that it's a conventional
# (contiguous) netmask.
netmask2prefix() {
local __var="$1" __n="$2" __cont __bits
assert_uint32 "$__n" || return 1
is_contiguous __cont "$__n" || return 1
if [ $__cont -eq 0 ]; then
printf "Not a contiguous netmask (%08x)\n" "$__n" >&2
return 1
fi
bitcount __bits "$__n" # already checked
export -- "$__var=$__bits"
}
# check the argument as being an rfc-1918 address
is_rfc1918() {
local __var="$1" __x="$2" __val=0
assert_uint32 "$__x" || return 1
if [ $d_10_0_0_0 -le $__x ] && [ $__x -le $d_10_255_255_255 ]; then
__val=1
elif [ $d_172_16_0_0 -le $__x ] && [ $__x -le $d_172_31_255_255 ]; then
__val=1
elif [ $d_192_168_0_0 -le $__x ] && [ $__x -le $d_192_168_255_255 ]; then
__val=1
fi
export -- "$__var=$__val"
}
# check the argument as being an rfc-3927 address
is_rfc3927() {
local __var="$1" __x="$2" __val=0
assert_uint32 "$__x" || return 1
if [ $d_169_254_0_0 -le $__x ] && [ $__x -le $d_169_254_255_255 ]; then
__val=1
fi
export -- "$__var=$__val"
}
# check the argument as being an rfc-1122 loopback address
is_loopback() {
local __var="$1" __x="$2" __val=0
assert_uint32 "$__x" || return 1
if [ $d_127_0_0_0 -le $__x ] && [ $__x -le $d_127_255_255_255 ]; then
__val=1
fi
export -- "$__var=$__val"
}
# check the argument as being a multicast address
is_multicast() {
local __var="$1" __x="$2" __val=0
assert_uint32 "$__x" || return 1
if [ $d_224_0_0_0 -le $__x ] && [ $__x -le $d_239_255_255_255 ]; then
__val=1
fi
export -- "$__var=$__val"
}

8
base-files/files/lib/functions/system.sh
View File

@ -66,7 +66,7 @@ get_mac_ascii() {
local key="$2"
local mac_dirty
mac_dirty=$(strings "$part" | sed -n 's/^'"$key"'=//p')
mac_dirty=$(strings "$part" | tr -d ' \t' | sed -n 's/^'"$key"'=//p' | head -n 1)
# "canonicalize" mac
[ -n "$mac_dirty" ] && macaddr_canonicalize "$mac_dirty"
@ -279,12 +279,6 @@ macaddr_random() {
echo "$(macaddr_unsetbit_mc "$(macaddr_setbit_la "${randsrc}")")"
}
macaddr_2bin() {
local mac=$1
echo -ne \\x${mac//:/\\x}
}
macaddr_canonicalize() {
local mac="$1"
local canon=""

124
base-files/files/lib/functions/uci-defaults.sh
View File

@ -106,20 +106,33 @@ ucidef_set_bridge_mac() {
json_select ..
}
ucidef_set_network_device_mac() {
_ucidef_set_network_device_common() {
json_select_object "network_device"
json_select_object "${1}"
json_add_string macaddr "${2}"
json_add_string "${2}" "${3}"
json_select ..
json_select ..
}
ucidef_set_network_device_mac() {
_ucidef_set_network_device_common $1 macaddr $2
}
ucidef_set_network_device_path() {
json_select_object "network_device"
json_select_object "$1"
json_add_string path "$2"
json_select ..
json_select ..
_ucidef_set_network_device_common $1 path $2
}
ucidef_set_network_device_path_port() {
_ucidef_set_network_device_common $1 path $2
_ucidef_set_network_device_common $1 port $3
}
ucidef_set_network_device_gro() {
_ucidef_set_network_device_common $1 gro $2
}
ucidef_set_network_device_conduit() {
_ucidef_set_network_device_common $1 conduit $2
}
_ucidef_add_switch_port() {
@ -634,6 +647,92 @@ ucidef_set_hostname() {
json_select ..
}
ucidef_set_timezone() {
local timezone="$1"
json_select_object system
json_add_string timezone "$timezone"
json_select ..
}
ucidef_set_wireless() {
local band="$1"
local ssid="$2"
local encryption="$3"
local key="$4"
case "$band" in
all|2g|5g|6g) ;;
*) return;;
esac
[ -z "$ssid" ] && return
json_select_object wlan
json_select_object defaults
json_select_object ssids
json_select_object "$band"
json_add_string ssid "$ssid"
[ -n "$encryption" ] && json_add_string encryption "$encryption"
[ -n "$key" ] && json_add_string key "$key"
json_select ..
json_select ..
json_select ..
json_select ..
}
ucidef_set_country() {
local country="$1"
json_select_object wlan
json_select_object defaults
json_add_string country "$country"
json_select ..
json_select ..
}
ucidef_set_wireless_mac_count() {
local band="$1"
local mac_count="$2"
case "$band" in
2g|5g|6g) ;;
*) return;;
esac
[ -z "$mac_count" ] && return
json_select_object wlan
json_select_object defaults
json_select_object ssids
json_select_object "$band"
json_add_string mac_count "$mac_count"
json_select ..
json_select ..
json_select ..
json_select ..
}
ucidef_set_root_password_plain() {
local passwd="$1"
json_select_object credentials
json_add_string root_password_plain "$passwd"
json_select ..
}
ucidef_set_root_password_hash() {
local passwd="$1"
json_select_object credentials
json_add_string root_password_hash "$passwd"
json_select ..
}
ucidef_set_ssh_authorized_key() {
local ssh_key="$1"
json_select_object credentials
json_select_array ssh_authorized_keys
json_add_string "" "$ssh_key"
json_select ..
json_select ..
}
ucidef_set_ntpserver() {
local server
@ -646,6 +745,17 @@ ucidef_set_ntpserver() {
json_select ..
}
ucidef_set_poe() {
json_select_object poe
json_add_string "budget" "$1"
json_select_array ports
for port in $2; do
json_add_string "" "$port"
done
json_select ..
json_select ..
}
ucidef_add_wlan() {
local path="$1"; shift

7
base-files/files/lib/preinit/10_indicate_failsafe
View File

@ -9,9 +9,14 @@ indicate_failsafe_led () {
indicate_failsafe() {
[ "$pi_preinit_no_failsafe" = "y" ] && return
echo "- failsafe -"
local consoles="$(cat /sys/class/tty/console/active)"
[ -n "$consoles" ] || consoles=console
for console in $consoles; do
[ -c "/dev/$console" ] && echo "- failsafe -" >"/dev/$console"
done
preinit_net_echo "Entering Failsafe!\n"
indicate_failsafe_led
echo OpenWrt-failsafe > /proc/sys/kernel/hostname
}
boot_hook_add failsafe indicate_failsafe

20
base-files/files/lib/preinit/10_indicate_preinit
View File

@ -65,12 +65,27 @@ preinit_config_switch() {
preinit_config_port() {
local original
local dev_port
local netdev="$1"
local path="$2"
local port="$3"
[ -d "/sys/devices/$path/net" ] || return
original="$(ls "/sys/devices/$path/net" | head -1)"
if [ -z "$port" ]; then
original="$(ls "/sys/devices/$path/net" | head -1)"
else
for device in /sys/devices/$path/net/*; do
dev_port="$(cat "$device/dev_port")"
if [ "$dev_port" = "$port" ]; then
original="${device##*/}"
break
fi
done
[ -z "$original" ] && return
fi
[ "$netdev" = "$original" ] && return
@ -109,7 +124,8 @@ preinit_config_board() {
json_select "network_device"
json_select "$netdev"
json_get_vars path path
[ -n "$path" ] && preinit_config_port "$netdev" "$path"
json_get_vars port port
[ -n "$path" ] && preinit_config_port "$netdev" "$path" "$port"
json_select ..
json_select ..
done

5
base-files/files/lib/preinit/30_failsafe_wait
View File

@ -40,7 +40,7 @@ fs_wait_for_key () {
rm -f $keypress_wait
} &
local consoles="$(sed -e 's/ /\n/g' /proc/cmdline | grep '^console=' | sed -e 's/^console=//' -e 's/,.*//')"
local consoles="$(cat /sys/class/tty/console/active)"
[ -n "$consoles" ] || consoles=console
for console in $consoles; do
[ -c "/dev/$console" ] || continue
@ -78,6 +78,9 @@ fs_wait_for_key () {
keypressed=1
[ "$(cat $keypress_true)" = "true" ] && keypressed=0
trap - INT
trap - USR1
rm -f $keypress_true
rm -f $keypress_wait
rm -f $keypress_sec

21
base-files/files/lib/preinit/80_mount_root
View File

@ -14,8 +14,27 @@ missing_lines() {
IFS="$oIFS"
}
# Rootfs mount options can be passed by declaring in the kernel
# cmdline as much options as needed prefixed with "rootfs_mount_options."
#
# Example:
# rootfs_mount_options.compress_algorithm=zstd rootfs_mount_options.noinline_data
#
compose_rootfs_mount_options() {
local mount_options
local cmdlinevar
for cmdlinevar in $(cat /proc/cmdline); do
if [ "$cmdlinevar" != "${cmdlinevar#rootfs_mount_options\.}" ]; then
append mount_options "${cmdlinevar#rootfs_mount_options\.}"
fi
done
echo $mount_options
}
do_mount_root() {
mount_root
mount_root start "$(compose_rootfs_mount_options)"
boot_run_hook preinit_mount_root
[ -f /sysupgrade.tgz -o -f /tmp/sysupgrade.tar ] && {
echo "- config restore -"

18
base-files/files/lib/preinit/99_10_failsafe_login
View File

@ -2,14 +2,22 @@
# Copyright (C) 2010 Vertical Communications
failsafe_shell() {
local consoles="$(sed -e 's/ /\n/g' /proc/cmdline | grep '^console=' | sed -e 's/^console=//' -e 's/,.*//')"
local consoles="$(cat /sys/class/tty/console/active)"
[ -n "$consoles" ] || consoles=console
for console in $consoles; do
[ -c "/dev/$console" ] && while true; do
ash --login <"/dev/$console" >"/dev/$console" 2>"/dev/$console"
sleep 1
done &
case "$console" in
console|tty[0-9]*)
term=${TERM:-linux}
;;
*)
term=vt102
;;
esac
# Running asynchronously via the shell's & would ignore SIGINT,
# breaking ^C. Use start-stop-daemon instead.
[ -c "/dev/$console" ] && start-stop-daemon -Sb -p /dev/null -- env -i ash -c "while true; do setsid -c env -i USER=root LOGNAME=root SHELL=/bin/ash TERM="$term" ash --login <\"/dev/$console\" >\"/dev/$console\" 2>\"/dev/$console\"; sleep 1; done"
done
}
boot_hook_add failsafe failsafe_shell

13
base-files/files/lib/upgrade/emmc.sh
View File

@ -16,15 +16,22 @@ emmc_upgrade_tar() {
tar tf "$tar_file" ${board_dir}/kernel 1>/dev/null 2>/dev/null && has_kernel=1
tar tf "$tar_file" ${board_dir}/root 1>/dev/null 2>/dev/null && has_rootfs=1
[ "$has_kernel" = 1 -a "$EMMC_KERN_DEV" ] &&
export EMMC_KERNEL_BLOCKS=$(($(tar xf "$tar_file" ${board_dir}/kernel -O | dd of="$EMMC_KERN_DEV" bs=512 2>&1 | grep "records out" | cut -d' ' -f1)))
[ "$has_rootfs" = 1 -a "$EMMC_ROOT_DEV" ] && {
# Invalidate kernel image while rootfs is being written
[ "$has_kernel" = 1 -a "$EMMC_KERN_DEV" ] && {
dd if=/dev/zero of="$EMMC_KERN_DEV" bs=512 count=8
sync
}
export EMMC_ROOTFS_BLOCKS=$(($(tar xf "$tar_file" ${board_dir}/root -O | dd of="$EMMC_ROOT_DEV" bs=512 2>&1 | grep "records out" | cut -d' ' -f1)))
# Account for 64KiB ROOTDEV_OVERLAY_ALIGN in libfstools
EMMC_ROOTFS_BLOCKS=$(((EMMC_ROOTFS_BLOCKS + 127) & ~127))
sync
}
[ "$has_kernel" = 1 -a "$EMMC_KERN_DEV" ] &&
export EMMC_KERNEL_BLOCKS=$(($(tar xf "$tar_file" ${board_dir}/kernel -O | dd of="$EMMC_KERN_DEV" bs=512 2>&1 | grep "records out" | cut -d' ' -f1)))
if [ -z "$UPGRADE_BACKUP" ]; then
if [ "$EMMC_DATA_DEV" ]; then
dd if=/dev/zero of="$EMMC_DATA_DEV" bs=512 count=8

103
base-files/files/lib/upgrade/nand.sh
View File

@ -57,11 +57,11 @@ nand_find_ubi() {
}
nand_get_magic_long() {
(${3}cat "$1" | dd bs=4 "skip=${2:-0}" count=1 | hexdump -v -n 4 -e '1/1 "%02x"') 2> /dev/null
($2 < "$1" | dd bs=4 "skip=${3:-0}" count=1 | hexdump -v -n 4 -e '1/1 "%02x"') 2> /dev/null
}
get_magic_long_tar() {
(tar xO${3}f "$1" "$2" | dd bs=4 count=1 | hexdump -v -n 4 -e '1/1 "%02x"') 2> /dev/null
($2 < "$1" | tar xOf - "$3" | dd bs=4 count=1 | hexdump -v -n 4 -e '1/1 "%02x"') 2> /dev/null
}
identify() {
@ -73,7 +73,7 @@ identify_tar() {
}
identify_if_gzip() {
if [ "$(identify "$1")" = gzip ]; then echo -n z; fi
if [ "$(identify "$1" "cat")" = gzip ]; then echo -n z; fi
}
nand_restore_config() {
@ -111,7 +111,7 @@ nand_remove_ubiblock() {
local ubiblk="ubiblock${ubivol:3}"
if [ -e "/dev/$ubiblk" ]; then
umount "/dev/$ubiblk" && echo "unmounted /dev/$ubiblk" || :
umount "/dev/$ubiblk" 2>/dev/null && echo "unmounted /dev/$ubiblk" || :
if ! ubiblock -r "/dev/$ubivol"; then
echo "cannot remove $ubiblk"
return 1
@ -259,64 +259,64 @@ nand_upgrade_prepare_ubi() {
# Write the UBI image to MTD ubi partition
nand_upgrade_ubinized() {
local ubi_file="$1"
local gz="$2"
local cmd="$2"
local ubi_length=$( (${gz}cat "$ubi_file" | wc -c) 2> /dev/null)
local ubi_length=$( ($cmd < "$ubi_file" | wc -c) 2> /dev/null)
nand_detach_ubi "$CI_UBIPART" || return 1
local mtdnum="$( find_mtd_index "$CI_UBIPART" )"
${gz}cat "$ubi_file" | ubiformat "/dev/mtd$mtdnum" -S "$ubi_length" -y -f - && ubiattach -m "$mtdnum"
$cmd < "$ubi_file" | ubiformat "/dev/mtd$mtdnum" -S "$ubi_length" -y -f - && ubiattach -m "$mtdnum"
}
# Write the UBIFS image to UBI rootfs volume
nand_upgrade_ubifs() {
local ubifs_file="$1"
local gz="$2"
local cmd="$2"
local ubifs_length=$( (${gz}cat "$ubifs_file" | wc -c) 2> /dev/null)
local ubifs_length=$( ($cmd < "$ubifs_file" | wc -c) 2> /dev/null)
nand_upgrade_prepare_ubi "$ubifs_length" "ubifs" "" "" || return 1
local ubidev="$( nand_find_ubi "$CI_UBIPART" )"
local root_ubivol="$(nand_find_volume $ubidev "$CI_ROOTPART")"
${gz}cat "$ubifs_file" | ubiupdatevol /dev/$root_ubivol -s "$ubifs_length" -
$cmd < "$ubifs_file" | ubiupdatevol /dev/$root_ubivol -s "$ubifs_length" -
}
# Write the FIT image to UBI kernel volume
nand_upgrade_fit() {
local fit_file="$1"
local gz="$2"
local cmd="$2"
local fit_length=$( (${gz}cat "$fit_file" | wc -c) 2> /dev/null)
local fit_length=$( ($cmd < "$fit_file" | wc -c) 2> /dev/null)
nand_upgrade_prepare_ubi "" "" "$fit_length" "1" || return 1
local fit_ubidev="$(nand_find_ubi "$CI_UBIPART")"
local fit_ubivol="$(nand_find_volume $fit_ubidev "$CI_KERNPART")"
${gz}cat "$fit_file" | ubiupdatevol /dev/$fit_ubivol -s "$fit_length" -
$cmd < "$fit_file" | ubiupdatevol /dev/$fit_ubivol -s "$fit_length" -
}
# Write images in the TAR file to MTD partitions and/or UBI volumes as required
nand_upgrade_tar() {
local tar_file="$1"
local gz="$2"
local cmd="${2:-cat}"
local jffs2_markers="${CI_JFFS2_CLEAN_MARKERS:-0}"
# WARNING: This fails if tar contains more than one 'sysupgrade-*' directory.
local board_dir="$(tar t${gz}f "$tar_file" | grep -m 1 '^sysupgrade-.*/$')"
local board_dir="$($cmd < "$tar_file" | tar tf - | grep -m 1 '^sysupgrade-.*/$')"
board_dir="${board_dir%/}"
local kernel_mtd kernel_length
if [ "$CI_KERNPART" != "none" ]; then
kernel_mtd="$(find_mtd_index "$CI_KERNPART")"
kernel_length=$( (tar xO${gz}f "$tar_file" "$board_dir/kernel" | wc -c) 2> /dev/null)
kernel_length=$( ($cmd < "$tar_file" | tar xOf - "$board_dir/kernel" | wc -c) 2> /dev/null)
[ "$kernel_length" = 0 ] && kernel_length=
fi
local rootfs_length=$( (tar xO${gz}f "$tar_file" "$board_dir/root" | wc -c) 2> /dev/null)
local rootfs_length=$( ($cmd < "$tar_file" | tar xOf - "$board_dir/root" | wc -c) 2> /dev/null)
[ "$rootfs_length" = 0 ] && rootfs_length=
local rootfs_type
[ "$rootfs_length" ] && rootfs_type="$(identify_tar "$tar_file" "$board_dir/root" "$gz")"
[ "$rootfs_length" ] && rootfs_type="$(identify_tar "$tar_file" "$cmd" "$board_dir/root")"
local ubi_kernel_length
if [ "$kernel_length" ]; then
@ -337,23 +337,23 @@ nand_upgrade_tar() {
if [ "$rootfs_length" ]; then
local ubidev="$( nand_find_ubi "${CI_ROOT_UBIPART:-$CI_UBIPART}" )"
local root_ubivol="$( nand_find_volume $ubidev "$CI_ROOTPART" )"
tar xO${gz}f "$tar_file" "$board_dir/root" | \
$cmd < "$tar_file" | tar xOf - "$board_dir/root" | \
ubiupdatevol /dev/$root_ubivol -s "$rootfs_length" -
fi
if [ "$kernel_length" ]; then
if [ "$kernel_mtd" ]; then
if [ "$jffs2_markers" = 1 ]; then
flash_erase -j "/dev/mtd${kernel_mtd}" 0 0
tar xO${gz}f "$tar_file" "$board_dir/kernel" | \
$cmd < "$tar_file" | tar xOf - "$board_dir/kernel" | \
nandwrite "/dev/mtd${kernel_mtd}" -
else
tar xO${gz}f "$tar_file" "$board_dir/kernel" | \
$cmd < "$tar_file" | tar xOf - "$board_dir/kernel" | \
mtd write - "$CI_KERNPART"
fi
else
local ubidev="$( nand_find_ubi "${CI_KERN_UBIPART:-$CI_UBIPART}" )"
local kern_ubivol="$( nand_find_volume $ubidev "$CI_KERNPART" )"
tar xO${gz}f "$tar_file" "$board_dir/kernel" | \
$cmd < "$tar_file" | tar xOf - "$board_dir/kernel" | \
ubiupdatevol /dev/$kern_ubivol -s "$kernel_length" -
fi
fi
@ -363,9 +363,9 @@ nand_upgrade_tar() {
nand_verify_if_gzip_file() {
local file="$1"
local gz="$2"
local cmd="$2"
if [ "$gz" = z ]; then
if [ "$cmd" = zcat ]; then
echo "verifying compressed sysupgrade file integrity"
if ! gzip -t "$file"; then
echo "corrupted compressed sysupgrade file"
@ -376,10 +376,10 @@ nand_verify_if_gzip_file() {
nand_verify_tar_file() {
local file="$1"
local gz="$2"
local cmd="$2"
echo "verifying sysupgrade tar file integrity"
if ! tar xO${gz}f "$file" > /dev/null; then
if ! $cmd < "$file" | tar xOf - > /dev/null; then
echo "corrupted sysupgrade tar file"
return 1
fi
@ -387,28 +387,30 @@ nand_verify_tar_file() {
nand_do_flash_file() {
local file="$1"
local cmd="$2"
local file_type
local gz="$(identify_if_gzip "$file")"
local file_type="$(identify "$file" "" "$gz")"
[ -z "$cmd" ] && cmd="$(identify_if_gzip "$file")cat"
file_type="$(identify "$file" "$cmd" "")"
[ ! "$(find_mtd_index "$CI_UBIPART")" ] && CI_UBIPART=rootfs
case "$file_type" in
"fit")
nand_verify_if_gzip_file "$file" "$gz" || return 1
nand_upgrade_fit "$file" "$gz"
nand_verify_if_gzip_file "$file" "$cmd" || return 1
nand_upgrade_fit "$file" "$cmd"
;;
"ubi")
nand_verify_if_gzip_file "$file" "$gz" || return 1
nand_upgrade_ubinized "$file" "$gz"
nand_verify_if_gzip_file "$file" "$cmd" || return 1
nand_upgrade_ubinized "$file" "$cmd"
;;
"ubifs")
nand_verify_if_gzip_file "$file" "$gz" || return 1
nand_upgrade_ubifs "$file" "$gz"
nand_verify_if_gzip_file "$file" "$cmd" || return 1
nand_upgrade_ubifs "$file" "$cmd"
;;
*)
nand_verify_tar_file "$file" "$gz" || return 1
nand_upgrade_tar "$file" "$gz"
nand_verify_tar_file "$file" "$cmd" || return 1
nand_upgrade_tar "$file" "$cmd"
;;
esac
}
@ -419,11 +421,26 @@ nand_do_restore_config() {
}
# Recognize type of passed file and start the upgrade process
#
# Supported firmware containers:
# 1. Raw file
# 2. Gzip
# 3. Custom (requires passing extracting command)
#
# Supported data formats:
# 1. Tar with kernel/rootfs
# 2. UBI image (built using "ubinized")
# 3. UBIFS image (to update UBI volume with)
# 4. FIT image (to update UBI volume with)
#
# $(1): firmware file path
# $(2): (optional) pipe command to extract firmware
nand_do_upgrade() {
local file="$1"
local cmd="$2"
sync
nand_do_flash_file "$file" && nand_do_upgrade_success
nand_do_flash_file "$file" "$cmd" && nand_do_upgrade_success
nand_do_upgrade_failed
}
@ -460,18 +477,18 @@ nand_do_platform_check() {
local board_name="$1"
local file="$2"
local gz="$(identify_if_gzip "$file")"
local file_type="$(identify "$file" "" "$gz")"
local control_length=$( (tar xO${gz}f "$file" "sysupgrade-${board_name//,/_}/CONTROL" | wc -c) 2> /dev/null)
local cmd="$(identify_if_gzip "$file")cat"
local file_type="$(identify "$file" "$cmd" "")"
local control_length=$( ($cmd < "$file" | tar xOf - "sysupgrade-${board_name//,/_}/CONTROL" | wc -c) 2> /dev/null)
if [ "$control_length" = 0 ]; then
control_length=$( (tar xO${gz}f "$file" "sysupgrade-${board_name//_/,}/CONTROL" | wc -c) 2> /dev/null)
control_length=$( ($cmd < "$file" | tar xOf - "sysupgrade-${board_name//_/,}/CONTROL" | wc -c) 2> /dev/null)
fi
if [ "$control_length" != 0 ]; then
nand_verify_tar_file "$file" "$gz" || return 1
nand_verify_tar_file "$file" "$cmd" || return 1
else
nand_verify_if_gzip_file "$file" "$gz" || return 1
nand_verify_if_gzip_file "$file" "$cmd" || return 1
if [ "$file_type" != "fit" -a "$file_type" != "ubi" -a "$file_type" != "ubifs" ]; then
echo "invalid sysupgrade file"
return 1

71
base-files/files/lib/upgrade/tar.sh Normal file
View File

@ -0,0 +1,71 @@
# SPDX-License-Identifier: GPL-2.0-or-later OR MIT
# Example usage:
#
# {
# tar_print_member "date.txt" "It's $(date +"%Y")"
# tar_print_trailer
# } > test.tar
__tar_print_padding() {
dd if=/dev/zero bs=1 count=$1 2>/dev/null
}
tar_print_member() {
local name="$1"
local content="$2"
local mtime="${3:-$(date +%s)}"
local mode=644
local uid=0
local gid=0
local size=${#content}
local type=0
local link=""
local username="root"
local groupname="root"
# 100 byte of padding bytes, using 0x01 since the shell does not tolerate null bytes in strings
local pad=$'\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1\1'
# validate name (strip leading slash if present)
name=${name#/}
# truncate string header values to their maximum length
name=${name:0:100}
link=${link:0:100}
username=${username:0:32}
groupname=${groupname:0:32}
# construct header part before checksum field
local header1="${name}${pad:0:$((100 - ${#name}))}"
header1="${header1}$(printf '%07d\1' $mode)"
header1="${header1}$(printf '%07o\1' $uid)"
header1="${header1}$(printf '%07o\1' $gid)"
header1="${header1}$(printf '%011o\1' $size)"
header1="${header1}$(printf '%011o\1' $mtime)"
# construct header part after checksum field
local header2="$(printf '%d' $type)"
header2="${header2}${link}${pad:0:$((100 - ${#link}))}"
header2="${header2}ustar ${pad:0:1}"
header2="${header2}${username}${pad:0:$((32 - ${#username}))}"
header2="${header2}${groupname}${pad:0:$((32 - ${#groupname}))}"
# calculate checksum over header fields
local checksum=0
for byte in $(printf '%s%8s%s' "$header1" "" "$header2" | tr '\1' '\0' | hexdump -ve '1/1 "%u "'); do
checksum=$((checksum + byte))
done
# print member header, padded to 512 byte
printf '%s%06o\0 %s' "$header1" $checksum "$header2" | tr '\1' '\0'
__tar_print_padding 183
# print content data, padded to multiple of 512 byte
printf "%s" "$content"
__tar_print_padding $((512 - (size % 512)))
}
tar_print_trailer() {
__tar_print_padding 1024
}

200
base-files/files/sbin/sysupgrade
View File

@ -4,27 +4,35 @@
. /lib/functions/system.sh
. /usr/share/libubox/jshn.sh
# initialize defaults
# File-local constants
CONF_TAR=/tmp/sysupgrade.tgz
ETCBACKUP_DIR=/etc/backup
INSTALLED_PACKAGES=${ETCBACKUP_DIR}/installed_packages.txt
COMMAND=/lib/upgrade/do_stage2
# File-local globals
SAVE_OVERLAY=0
SAVE_OVERLAY_PATH=
SAVE_PARTITIONS=1
SAVE_INSTALLED_PKGS=0
SKIP_UNCHANGED=0
CONF_IMAGE=
CONF_BACKUP_LIST=0
CONF_BACKUP=
CONF_RESTORE=
NEED_IMAGE=
HELP=0
TEST=0
# Globals accessed in other files
export MTD_ARGS=""
export MTD_CONFIG_ARGS=""
export INTERACTIVE=0
export VERBOSE=1
export SAVE_CONFIG=1
export SAVE_OVERLAY=0
export SAVE_OVERLAY_PATH=
export SAVE_PARTITIONS=1
export SAVE_INSTALLED_PKGS=0
export SKIP_UNCHANGED=0
export CONF_IMAGE=
export CONF_BACKUP_LIST=0
export CONF_BACKUP=
export CONF_RESTORE=
export IGNORE_MINOR_COMPAT=0
export NEED_IMAGE=
export HELP=0
export FORCE=0
export TEST=0
export UMOUNT_ETCBACKUP_DIR=0
export CONFFILES=/tmp/sysupgrade.conffiles
# parse options
while [ -n "$1" ]; do
@ -33,18 +41,18 @@ while [ -n "$1" ]; do
-v) export VERBOSE="$(($VERBOSE + 1))";;
-q) export VERBOSE="$(($VERBOSE - 1))";;
-n) export SAVE_CONFIG=0;;
-c) export SAVE_OVERLAY=1 SAVE_OVERLAY_PATH=/etc;;
-o) export SAVE_OVERLAY=1 SAVE_OVERLAY_PATH=/;;
-p) export SAVE_PARTITIONS=0;;
-k) export SAVE_INSTALLED_PKGS=1;;
-u) export SKIP_UNCHANGED=1;;
-b|--create-backup) export CONF_BACKUP="$2" NEED_IMAGE=1; shift;;
-r|--restore-backup) export CONF_RESTORE="$2" NEED_IMAGE=1; shift;;
-l|--list-backup) export CONF_BACKUP_LIST=1;;
-f) export CONF_IMAGE="$2"; shift;;
-c) SAVE_OVERLAY=1 SAVE_OVERLAY_PATH=/etc;;
-o) SAVE_OVERLAY=1 SAVE_OVERLAY_PATH=/;;
-p) SAVE_PARTITIONS=0;;
-k) SAVE_INSTALLED_PKGS=1;;
-u) SKIP_UNCHANGED=1;;
-b|--create-backup) CONF_BACKUP="$2" NEED_IMAGE=1; shift;;
-r|--restore-backup) CONF_RESTORE="$2" NEED_IMAGE=1; shift;;
-l|--list-backup) CONF_BACKUP_LIST=1;;
-f) CONF_IMAGE="$2"; shift;;
-F|--force) export FORCE=1;;
-T|--test) export TEST=1;;
-h|--help) export HELP=1; break;;
-T|--test) TEST=1;;
-h|--help) HELP=1; break;;
--ignore-minor-compat-version) export IGNORE_MINOR_COMPAT=1;;
-*)
echo "Invalid option: $1" >&2
@ -55,14 +63,7 @@ while [ -n "$1" ]; do
shift;
done
export CONFFILES=/tmp/sysupgrade.conffiles
export CONF_TAR=/tmp/sysupgrade.tgz
export ETCBACKUP_DIR=/etc/backup
export INSTALLED_PACKAGES=${ETCBACKUP_DIR}/installed_packages.txt
IMAGE="$1"
[ -z "$IMAGE" -a -z "$NEED_IMAGE" -a $CONF_BACKUP_LIST -eq 0 -o $HELP -gt 0 ] && {
print_help() {
cat <<EOF
Usage: $0 [<upgrade-option>...] <image file or URL>
$0 [-q] [-i] [-c] [-u] [-o] [-k] <backup-command> <file>
@ -102,9 +103,20 @@ backup-command:
sysupgrade -b. Does not create a backup file.
EOF
exit 1
}
IMAGE="$1"
if [ $HELP -gt 0 ]; then
print_help
exit 0
fi
if [ -z "$IMAGE" -a -z "$NEED_IMAGE" -a $CONF_BACKUP_LIST -eq 0 ]; then
print_help
exit 1
fi
[ -n "$IMAGE" -a -n "$NEED_IMAGE" ] && {
cat <<-EOF
-b|--create-backup and -r|--restore-backup do not perform a firmware upgrade.
@ -118,12 +130,20 @@ EOF
list_conffiles() {
awk '
BEGIN { conffiles = 0 }
/^Conffiles:/ { conffiles = 1; next }
!/^ / { conffiles = 0; next }
conffiles == 1 { print }
' /usr/lib/opkg/status
if [ -f /usr/lib/opkg/status ]; then
awk '
BEGIN { conffiles = 0 }
/^Conffiles:/ { conffiles = 1; next }
!/^ / { conffiles = 0; next }
conffiles == 1 { print }
' /usr/lib/opkg/status
elif [ -d /lib/apk/packages ]; then
conffiles=""
for file in /lib/apk/packages/*.conffiles_static; do
conffiles="$(echo -e "$(cat $file)\n$conffiles")"
done
echo "$conffiles"
fi
}
list_changed_conffiles() {
@ -143,7 +163,7 @@ list_static_conffiles() {
\( -type f -o -type l \) $filter 2>/dev/null
}
add_conffiles() {
build_list_of_backup_config_files() {
local file="$1"
( list_static_conffiles "$find_filter"; list_changed_conffiles ) |
@ -151,7 +171,7 @@ add_conffiles() {
return 0
}
add_overlayfiles() {
build_list_of_backup_overlay_files() {
local file="$1"
local packagesfiles=$1.packagesfiles
@ -203,12 +223,12 @@ add_overlayfiles() {
if [ $SAVE_OVERLAY = 1 ]; then
[ ! -d /overlay/upper/etc ] && {
echo "Cannot find '/overlay/upper/etc', required for '-c'" >&2
echo "Cannot find '/overlay/upper/etc', required for '-c' or '-o'" >&2
exit 1
}
sysupgrade_init_conffiles="add_overlayfiles"
sysupgrade_init_conffiles="build_list_of_backup_overlay_files"
else
sysupgrade_init_conffiles="add_conffiles"
sysupgrade_init_conffiles="build_list_of_backup_config_files"
fi
find_filter=""
@ -222,53 +242,69 @@ fi
include /lib/upgrade
do_save_conffiles() {
create_backup_archive() {
local conf_tar="$1"
local disabled
local err
[ "$(rootfs_type)" = "tmpfs" ] && {
echo "Cannot save config while running from ramdisk." >&2
ask_bool 0 "Abort" && exit
rm -f "$conf_tar"
return 0
}
run_hooks "$CONFFILES" $sysupgrade_init_conffiles
ask_bool 0 "Edit config file list" && vi "$CONFFILES"
if [ "$SAVE_INSTALLED_PKGS" -eq 1 ]; then
echo "${INSTALLED_PACKAGES}" >> "$CONFFILES"
mkdir -p "$ETCBACKUP_DIR"
# Avoid touching filesystem on each backup
RAMFS="$(mktemp -d -t sysupgrade.XXXXXX)"
mkdir -p "$RAMFS/upper" "$RAMFS/work"
mount -t overlay overlay -o lowerdir=$ETCBACKUP_DIR,upperdir=$RAMFS/upper,workdir=$RAMFS/work $ETCBACKUP_DIR &&
UMOUNT_ETCBACKUP_DIR=1 || {
echo "Cannot mount '$ETCBACKUP_DIR' as tmpfs to avoid touching disk while saving the list of installed packages." >&2
ask_bool 0 "Abort" && exit
}
# Format: pkg-name<TAB>{rom,overlay,unkown}
# rom is used for pkgs in /rom, even if updated later
find /usr/lib/opkg/info -name "*.control" \( \
\( -exec test -f /rom/{} \; -exec echo {} rom \; \) -o \
\( -exec test -f /overlay/upper/{} \; -exec echo {} overlay \; \) -o \
\( -exec echo {} unknown \; \) \
\) | sed -e 's,.*/,,;s/\.control /\t/' > ${INSTALLED_PACKAGES}
fi
[ "$conf_tar" != "-" ] || conf_tar=""
v "Saving config files..."
[ "$VERBOSE" -gt 1 ] && TAR_V="v" || TAR_V=""
tar c${TAR_V}zf "$conf_tar" -T "$CONFFILES" 2>/dev/null
if [ "$?" -ne 0 ]; then
sed -i -e 's,^/,,' "$CONFFILES"
set -o pipefail
{
local ret=0
if [ $ret -eq 0 ]; then
for service in /etc/init.d/*; do
if ! $service enabled; then
disabled="$disabled$service disable\n"
fi
done
disabled="$disabled\nexit 0"
tar_print_member "/etc/uci-defaults/10_disable_services" "$(echo -e $disabled)" || ret=1
fi
# Part of archive with installed packages info
if [ $ret -eq 0 ]; then
if [ "$SAVE_INSTALLED_PKGS" -eq 1 ]; then
# Format: pkg-name<TAB>{rom,overlay,unknown}
# rom is used for pkgs in /rom, even if updated later
tar_print_member "$INSTALLED_PACKAGES" "$(find /usr/lib/opkg/info -name "*.control" \( \
\( -exec test -f /rom/{} \; -exec echo {} rom \; \) -o \
\( -exec test -f /overlay/upper/{} \; -exec echo {} overlay \; \) -o \
\( -exec echo {} unknown \; \) \
\) | sed -e 's,.*/,,;s/\.control /\t/')" || ret=1
fi
fi
# Rest of archive with config files and ending padding
if [ $ret -eq 0 ]; then
tar c${TAR_V} -C / -T "$CONFFILES" || ret=1
fi
[ $ret -eq 0 ]
} | gzip > "${conf_tar:-/proc/self/fd/1}"
err=$?
set +o pipefail
if [ "$err" -ne 0 ]; then
echo "Failed to create the configuration backup."
rm -f "$conf_tar"
exit 1
[ -f "$conf_tar" ] && rm -f "$conf_tar"
fi
[ "$UMOUNT_ETCBACKUP_DIR" -eq 1 ] && {
umount "$ETCBACKUP_DIR"
rm -rf "$RAMFS"
}
rm -f "$CONFFILES"
return "$err"
}
if [ $CONF_BACKUP_LIST -eq 1 ]; then
@ -280,8 +316,8 @@ if [ $CONF_BACKUP_LIST -eq 1 ]; then
fi
if [ -n "$CONF_BACKUP" ]; then
do_save_conffiles "$CONF_BACKUP"
exit $?
create_backup_archive "$CONF_BACKUP"
exit
fi
if [ -n "$CONF_RESTORE" ]; then
@ -292,7 +328,11 @@ if [ -n "$CONF_RESTORE" ]; then
[ "$VERBOSE" -gt 1 ] && TAR_V="v" || TAR_V=""
v "Restoring config files..."
tar -C / -x${TAR_V}zf "$CONF_RESTORE"
if [ "$(type -t platform_restore_backup)" == 'platform_restore_backup' ]; then
platform_restore_backup "$TAR_V"
else
tar -C / -x${TAR_V}zf "$CONF_RESTORE"
fi
exit $?
fi
@ -350,7 +390,7 @@ if [ -n "$CONF_IMAGE" ]; then
get_image "$CONF_IMAGE" "cat" > "$CONF_TAR"
export SAVE_CONFIG=1
elif ask_bool $SAVE_CONFIG "Keep config files over reflash"; then
[ $TEST -eq 1 ] || do_save_conffiles "$CONF_TAR"
[ $TEST -eq 1 ] || create_backup_archive "$CONF_TAR" || exit
export SAVE_CONFIG=1
else
[ $TEST -eq 1 ] || rm -f "$CONF_TAR"
@ -364,8 +404,6 @@ fi
install_bin /sbin/upgraded
v "Commencing upgrade. Closing all shell sessions."
COMMAND='/lib/upgrade/do_stage2'
if [ -n "$FAILSAFE" ]; then
printf '%s\x00%s\x00%s' "$RAM_ROOT" "$IMAGE" "$COMMAND" >/tmp/sysupgrade
lock -u /tmp/.failsafe

271
base-files/files/sbin/wifi
View File

@ -1,271 +0,0 @@
#!/bin/sh
# Copyright (C) 2006 OpenWrt.org
. /lib/functions.sh
. /usr/share/libubox/jshn.sh
usage() {
cat <<EOF
Usage: $0 [config|up|down|reconf|reload|status|isup]
enables (default), disables or configures devices not yet configured.
EOF
exit 1
}
ubus_wifi_cmd() {
local cmd="$1"
local dev="$2"
json_init
[ -n "$dev" ] && json_add_string device "$dev"
ubus call network.wireless "$cmd" "$(json_dump)"
}
wifi_isup() {
local dev="$1"
json_load "$(ubus_wifi_cmd "status" "$dev")"
json_get_keys devices
for device in $devices; do
json_select "$device"
json_get_var up up
[ $up -eq 0 ] && return 1
json_select ..
done
return 0
}
find_net_config() {(
local vif="$1"
local cfg
local ifname
config_get cfg "$vif" network
[ -z "$cfg" ] && {
include /lib/network
scan_interfaces
config_get ifname "$vif" ifname
cfg="$(find_config "$ifname")"
}
[ -z "$cfg" ] && return 0
echo "$cfg"
)}
bridge_interface() {(
local cfg="$1"
[ -z "$cfg" ] && return 0
include /lib/network
scan_interfaces
for cfg in $cfg; do
config_get iftype "$cfg" type
[ "$iftype" = bridge ] && config_get "$cfg" ifname
prepare_interface_bridge "$cfg"
return $?
done
)}
prepare_key_wep() {
local key="$1"
local hex=1
echo -n "$key" | grep -qE "[^a-fA-F0-9]" && hex=0
[ "${#key}" -eq 10 -a $hex -eq 1 ] || \
[ "${#key}" -eq 26 -a $hex -eq 1 ] || {
[ "${key:0:2}" = "s:" ] && key="${key#s:}"
key="$(echo -n "$key" | hexdump -ve '1/1 "%02x" ""')"
}
echo "$key"
}
wifi_fixup_hwmode() {
local device="$1"
local default="$2"
local hwmode hwmode_11n
config_get channel "$device" channel
config_get hwmode "$device" hwmode
case "$hwmode" in
11bg) hwmode=bg;;
11a) hwmode=a;;
11ad) hwmode=ad;;
11b) hwmode=b;;
11g) hwmode=g;;
11n*)
hwmode_11n="${hwmode##11n}"
case "$hwmode_11n" in
a|g) ;;
default) hwmode_11n="$default"
esac
config_set "$device" hwmode_11n "$hwmode_11n"
;;
*)
hwmode=
if [ "${channel:-0}" -gt 0 ]; then
if [ "${channel:-0}" -gt 14 ]; then
hwmode=a
else
hwmode=g
fi
else
hwmode="$default"
fi
;;
esac
config_set "$device" hwmode "$hwmode"
}
_wifi_updown() {
for device in ${2:-$DEVICES}; do (
config_get disabled "$device" disabled
[ "$disabled" = "1" ] && {
echo "'$device' is disabled"
set disable
}
config_get iftype "$device" type
if eval "type ${1}_$iftype" 2>/dev/null >/dev/null; then
eval "scan_$iftype '$device'"
eval "${1}_$iftype '$device'" || echo "$device($iftype): ${1} failed"
elif [ ! -f /lib/netifd/wireless/$iftype.sh ]; then
echo "$device($iftype): Interface type not supported"
fi
); done
}
wifi_updown() {
cmd=down
[ enable = "$1" ] && {
_wifi_updown disable "$2"
ubus_wifi_cmd "$cmd" "$2"
ubus call network reload
scan_wifi
cmd=up
}
[ reconf = "$1" ] && {
ubus call network reload
scan_wifi
cmd=reconf
}
ubus_wifi_cmd "$cmd" "$2"
_wifi_updown "$@"
}
wifi_reload_legacy() {
_wifi_updown "disable" "$1"
scan_wifi
_wifi_updown "enable" "$1"
}
wifi_reload() {
ubus call network reload
wifi_reload_legacy
}
wifi_detect_notice() {
>&2 echo "WARNING: Wifi detect is deprecated. Use wifi config instead"
>&2 echo "For more information, see commit 5f8f8a366136a07df661e31decce2458357c167a"
exit 1
}
wifi_config() {
[ ! -f /etc/config/wireless ] && touch /etc/config/wireless
for driver in $DRIVERS; do (
if eval "type detect_$driver" 2>/dev/null >/dev/null; then
eval "detect_$driver" || echo "$driver: Detect failed" >&2
else
echo "$driver: Hardware detection not supported" >&2
fi
); done
}
start_net() {(
local iface="$1"
local config="$2"
local vifmac="$3"
[ -f "/var/run/$iface.pid" ] && kill "$(cat /var/run/${iface}.pid)" 2>/dev/null
[ -z "$config" ] || {
include /lib/network
scan_interfaces
for config in $config; do
setup_interface "$iface" "$config" "" "$vifmac"
done
}
)}
set_wifi_up() {
local cfg="$1"
local ifname="$2"
uci_set_state wireless "$cfg" up 1
uci_set_state wireless "$cfg" ifname "$ifname"
}
set_wifi_down() {
local cfg="$1"
local vifs vif vifstr
[ -f "/var/run/wifi-${cfg}.pid" ] &&
kill "$(cat "/var/run/wifi-${cfg}.pid")" 2>/dev/null
uci_revert_state wireless "$cfg"
config_get vifs "$cfg" vifs
for vif in $vifs; do
uci_revert_state wireless "$vif"
done
}
scan_wifi() {
local cfgfile="$1"
DEVICES=
config_cb() {
local type="$1"
local section="$2"
# section start
case "$type" in
wifi-device)
append DEVICES "$section"
config_set "$section" vifs ""
config_set "$section" ht_capab ""
;;
esac
# section end
config_get TYPE "$CONFIG_SECTION" TYPE
case "$TYPE" in
wifi-iface)
config_get device "$CONFIG_SECTION" device
config_get vifs "$device" vifs
append vifs "$CONFIG_SECTION"
config_set "$device" vifs "$vifs"
;;
esac
}
config_load "${cfgfile:-wireless}"
}
DEVICES=
DRIVERS=
include /lib/wifi
scan_wifi
case "$1" in
down) wifi_updown "disable" "$2";;
detect) wifi_detect_notice ;;
config) wifi_config ;;
status) ubus_wifi_cmd "status" "$2";;
isup) wifi_isup "$2"; exit $?;;
reload) wifi_reload "$2";;
reload_legacy) wifi_reload_legacy "$2";;
--help|help) usage;;
reconf) wifi_updown "reconf" "$2";;
''|up) wifi_updown "enable" "$2";;
*) usage; exit 1;;
esac

1
base-files/files/usr/lib/os-release
View File

@ -16,3 +16,4 @@ OPENWRT_DEVICE_MANUFACTURER_URL="%m"
OPENWRT_DEVICE_PRODUCT="%P"
OPENWRT_DEVICE_REVISION="%h"
OPENWRT_RELEASE="%D %V %C"
OPENWRT_BUILD_DATE="%B"

14
base-files/files/usr/libexec/login.sh
View File

@ -1,5 +1,17 @@
#!/bin/sh
[ "$(uci -q get system.@system[0].ttylogin)" = 1 ] || exec /bin/ash --login
[ -t 0 ] && {
tty_dev=$(readlink /proc/self/fd/0)
case "$tty_dev" in
/dev/console|/dev/tty[0-9]*)
export TERM=${TERM:-linux}
;;
/dev/*)
export TERM=vt102
;;
esac
}
[ "$(uci -q get system.@system[0].ttylogin)" = 1 ] || exec /bin/login -f root
exec /bin/login

4
base-files/image-config.in
View File

@ -44,7 +44,7 @@ config TARGET_PREINIT_DISABLE_FAILSAFE
config TARGET_PREINIT_TIMEOUT
int
prompt "Failsafe/Debug wait timeout" if PREINITOPT
default 2
default 4
help
How long to wait for failsafe mode to be entered or for
a debug option to be pressed before continuing with a
@ -190,7 +190,7 @@ if VERSIONOPT
config VERSION_REPO
string
prompt "Release repository"
default "https://downloads.openwrt.org/releases/23.05-SNAPSHOT"
default "https://downloads.openwrt.org/releases/24.10-SNAPSHOT"
help
This is the repository address embedded in the image, it defaults
to the trunk snapshot repo; the url may contain the following placeholders:

2
cgroupfs-mount/Makefile
View File

@ -7,7 +7,7 @@ PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/tianon/$(PKG_NAME)
PKG_SOURCE_VERSION:=0549428171605eae3097a3e21bf7664845eac9e8
PKG_SOURCE_DATE:=2020-06-26
PKG_MIRROR_HASH:=ca217ffff5aa938149d2d8adfe15d800903d2fec180acb2400c36d62905988ea
PKG_MIRROR_HASH:=cd8518bfd3180a448ab253972b23f34118caafd229ba895dd80688326e9cd96d
PKG_MAINTAINER:=Gerard Ryan <G.M0N3Y.2503@gmail.com>
PKG_CPE_ID:=cpe:/a:cgroupfs-mount_project:cgroupfs-mount

149
ddns-scripts/Makefile
View File

@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=ddns-scripts
PKG_VERSION:=2.8.2
PKG_RELEASE:=43
PKG_RELEASE:=52
PKG_LICENSE:=GPL-2.0
@ -109,7 +109,7 @@ define Package/ddns-scripts-freedns
endef
define Package/ddns-scripts-freedns/description
Dynamic DNS Client scripts extension for "freedns.42.pl".
Dynamic DNS Client scripts extension for 'freedns.42.pl'.
endef
@ -121,7 +121,7 @@ define Package/ddns-scripts-godaddy
endef
define Package/ddns-scripts-godaddy/description
Dynamic DNS Client scripts extension for "godaddy.com API v1".
Dynamic DNS Client scripts extension for 'godaddy.com API v1'.
endef
@ -133,14 +133,14 @@ define Package/ddns-scripts-digitalocean
endef
define Package/ddns-scripts-digitalocean/description
Dynamic DNS Client scripts extension for "digitalocean.com API v2".
Dynamic DNS Client scripts extension for digitalocean.com API v2.
The script directly updates a DNS record using the DO API.
It requires:
"option dns_server" to be set to the server to be used by nsupdate.
"option domain" the dns domain to update the record for (eg. A-record: home.<example.com>)
"option username" the dns record name to update (eg. A-record: <home>.example.com)
"option param_opt" the id of the dns record to update (check using chrome inspector in the DO dns tab)
"option password" the api token generated in the DO panel
'option dns_server' to be set to the server to be used by nsupdate.
'option domain' the dns domain to update the record for (eg. A-record: home.<example.com>)
'option username' the dns record name to update (eg. A-record: <home>.example.com)
'option param_opt' the id of the dns record to update (check using chrome inspector in the DO dns tab)
'option password' the api token generated in the DO panel
endef
@ -163,7 +163,7 @@ define Package/ddns-scripts-noip
endef
define Package/ddns-scripts-noip/description
Dynamic DNS Client scripts extension for "no-ip.com".
Dynamic DNS Client scripts extension for 'no-ip.com'.
endef
define Package/ddns-scripts-ns1
@ -173,10 +173,10 @@ define Package/ddns-scripts-ns1
endef
define Package/ddns-scripts-ns1/description
Dynamic DNS Client scripts extension for "ns1.com".
Dynamic DNS Client scripts extension for 'ns1.com'.
It requires:
"option username" to be a valid zone for ns1.com
"option password" to be a valid API key for ns1.com
'option username' to be a valid zone for ns1.com
'option password' to be a valid API key for ns1.com
endef
@ -192,9 +192,9 @@ define Package/ddns-scripts-nsupdate/description
The script directly updates a PowerDNS (or maybe bind server) via nsupdate
from bind-client package.
It requires:
"option dns_server" to be set to the server to be used by nsupdate.
"option username" should be set to the key name and
"option password" to the base64 encoded shared secret.
'option dns_server' to be set to the server to be used by nsupdate.
'option username' should be set to the key name and
'option password' to the base64 encoded shared secret.
endef
@ -206,12 +206,12 @@ define Package/ddns-scripts-route53
endef
define Package/ddns-scripts-route53/description
Dynamic DNS Client scripts extension for Amazon AWS "route53 API v1".
Dynamic DNS Client scripts extension for Amazon AWS 'route53 API v1'.
Note: You must also install ca-certificate or ca-bundle.
It requires:
"option username" to be a valid AWS access key id
"option password" to be the matching AWS secret key id
"option domain" to contain the hosted zone ID
'option username' to be a valid AWS access key id
'option password' to be the matching AWS secret key id
'option domain' to contain the hosted zone ID
endef
@ -223,11 +223,11 @@ define Package/ddns-scripts-cnkuai
endef
define Package/ddns-scripts-cnkuai/description
Dynamic DNS Client scripts extension for "cnkuai.cn".
Dynamic DNS Client scripts extension for 'cnkuai.cn'.
It requires:
"option username" to be a valid CnKuai control panel id
"option password" to be the matching CnKuai control panel password
"option domain" to contain the domain
'option username' to be a valid CnKuai control panel id
'option password' to be the matching CnKuai control panel password
'option domain' to contain the domain
endef
@ -238,10 +238,10 @@ define Package/ddns-scripts-gandi
endef
define Package/ddns-scripts-gandi/description
Dynamic DNS Client scripts extension for "gandi.net".
Dynamic DNS Client scripts extension for 'gandi.net'.
It requires:
"option username" to be a valid subdomain for gandi.net
"option password" to be a valid API key for gandi.net
'option username' to be a valid subdomain for gandi.net
'option password' to be a valid API key for gandi.net
endef
@ -252,11 +252,11 @@ define Package/ddns-scripts-pdns
endef
define Package/ddns-scripts-pdns/description
Dynamic DNS Client scripts extension for "PowerDNS" via API.
Dynamic DNS Client scripts extension for 'PowerDNS' via API.
It requires:
"option param_opt(Optional Parameter)" to be a valid root URL for the PowerDNS webserver
"option username" to be a valid subdomain for the PowerDNS domain
"option password" to be a valid API key for the PowerDNS webserver
'option param_opt(Optional Parameter)' to be a valid root URL for the PowerDNS webserver
'option username' to be a valid subdomain for the PowerDNS domain
'option password' to be a valid API key for the PowerDNS webserver
endef
@ -267,14 +267,14 @@ define Package/ddns-scripts-transip
endef
define Package/ddns-scripts-transip/description
Dynamic DNS Client scripts extension for "transip.nl".
Dynamic DNS Client scripts extension for 'transip.nl'.
Note: You must also install ca-certificate or ca-bundle.
It requires:
"option username" to be a valid username for transip.nl
"option password" to be a valid matching private key
"option domain" to contain the base domain
"option param_enc" to contain the name of the DNS record to update
"option param_opt" to contain the TTL of the DNS record to update
'option username' to be a valid username for transip.nl
'option password' to be a valid matching private key
'option domain' to contain the base domain
'option param_enc' to contain the name of the DNS record to update
'option param_opt' to contain the TTL of the DNS record to update
endef
define Package/ddns-scripts-one
@ -284,14 +284,39 @@ define Package/ddns-scripts-one
endef
define Package/ddns-scrtips-one/description
Dynamic DNS Client scripts extension for "one.com".
Dynamic DNS Client scripts extension for 'one.com'.
It requires:
"option username" to be a valid Email for one.com Control Panel
"option password" to be the matching one.com Control Panel password
"option domain" to contain the domain / subdomain
'option username' to be a valid Email for one.com Control Panel
'option password' to be the matching one.com Control Panel password
'option domain' to contain the domain / subdomain
endef
define Package/ddns-scripts-porkbun
$(call Package/ddns-scripts/Default)
TITLE:=Extension for porkbun.com API v3
DEPENDS:=ddns-scripts +curl
PROVIDES:=ddns-scripts_porkbun.com-v3
endef
define Package/ddns-scripts-porkbun/description
Dynamic DNS Client scripts extension for porkbun.com API v3 (require curl)
It requires:
'option username' to be a Porkbun API key
'option password' to be the corresponding Porkbun API secret key
'option domain' to be the FQDN for which to configure DDNS
endef
define Package/ddns-scripts-huaweicloud
$(call Package/ddns-scripts/Default)
TITLE:=Extension for huaweicloud.com API
DEPENDS:=ddns-scripts +curl +openssl-util
endef
define Package/ddns-scripts-huaweicloud/description
Dynamic DNS Client scripts extension for huaweicloud.com API (require curl and openssl)
endef
define Build/Configure
endef
@ -369,6 +394,8 @@ define Package/ddns-scripts-services/install
rm $(1)/usr/share/ddns/default/transip.nl.json
rm $(1)/usr/share/ddns/default/ns1.com.json
rm $(1)/usr/share/ddns/default/one.com.json
rm $(1)/usr/share/ddns/default/porkbun.com-v3.json
rm $(1)/usr/share/ddns/default/huaweicloud.com.json
endef
@ -685,6 +712,44 @@ exit 0
endef
define Package/ddns-scripts-porkbun/install
$(INSTALL_DIR) $(1)/usr/lib/ddns
$(INSTALL_BIN) ./files/usr/lib/ddns/update_porkbun_v3.sh \
$(1)/usr/lib/ddns
$(INSTALL_DIR) $(1)/usr/share/ddns/default
$(INSTALL_DATA) ./files/usr/share/ddns/default/porkbun.com-v3.json \
$(1)/usr/share/ddns/default/
endef
define Package/ddns-scripts-porkbun/prerm
#!/bin/sh
if [ -z "$${IPKG_INSTROOT}" ]; then
/etc/init.d/ddns stop
fi
exit 0
endef
define Package/ddns-scripts-huaweicloud/install
$(INSTALL_DIR) $(1)/usr/lib/ddns
$(INSTALL_BIN) ./files/usr/lib/ddns/update_huaweicloud_com.sh \
$(1)/usr/lib/ddns
$(INSTALL_DIR) $(1)/usr/share/ddns/default
$(INSTALL_DATA) ./files/usr/share/ddns/default/huaweicloud.com.json \
$(1)/usr/share/ddns/default/
endef
define Package/ddns-scripts-huaweicloud/prerm
#!/bin/sh
if [ -z "$${IPKG_INSTROOT}" ]; then
/etc/init.d/ddns stop
fi
exit 0
endef
$(eval $(call BuildPackage,ddns-scripts))
$(eval $(call BuildPackage,ddns-scripts-services))
$(eval $(call BuildPackage,ddns-scripts-utils))
@ -704,3 +769,5 @@ $(eval $(call BuildPackage,ddns-scripts-pdns))
$(eval $(call BuildPackage,ddns-scripts-transip))
$(eval $(call BuildPackage,ddns-scripts-ns1))
$(eval $(call BuildPackage,ddns-scripts-one))
$(eval $(call BuildPackage,ddns-scripts-porkbun))
$(eval $(call BuildPackage,ddns-scripts-huaweicloud))

2
ddns-scripts/files/usr/lib/ddns/dynamic_dns_functions.sh
View File

@ -72,7 +72,7 @@ IPV6_REGEX="\(\([0-9A-Fa-f]\{1,4\}:\)\{1,\}\)\(\([0-9A-Fa-f]\{1,4\}\)\{0,1\}\)\(
SHELL_ESCAPE="[\"\'\`\$\!();><{}?|\[\]\*\\\\]"
# dns character set. "-" must be the last character
DNS_CHARSET="[@a-zA-Z0-9._-]"
DNS_CHARSET="[@a-zA-Z0-9.:_-]"
# domains can have * for wildcard. "-" must be the last character
DNS_CHARSET_DOMAIN="[@a-zA-Z0-9._*-]"

5
ddns-scripts/files/usr/lib/ddns/dynamic_dns_updater.sh
View File

@ -89,7 +89,7 @@ case "$1" in
exit 1
;;
reload)
killall -1 dynamic_dns_updater.sh 2>/dev/null
killall dynamic_dns_updater.sh 2>/dev/null
exit $?
;;
*) usage_err "unknown command - $1";;
@ -322,9 +322,6 @@ else
write_log 7 "last update: $(eval $EPOCH_TIME)"
fi
# verify DNS server
[ -n "$dns_server" ] && verify_dns "$dns_server"
# verify Proxy server and set environment
[ -n "$proxy" ] && {
verify_proxy "$proxy" && {

152
ddns-scripts/files/usr/lib/ddns/update_huaweicloud_com.sh Normal file
View File

@ -0,0 +1,152 @@
#!/bin/sh
#
# script for sending updates to huaweicloud.com
# 2023-2024 sxlehua <sxlehua at qq dot com>
# API documentation at https://support.huaweicloud.com/api-dns/dns_api_62003.html
# API signature documentation at https://support.huaweicloud.com/api-dns/dns_api_30003.html
#
# This script is parsed by dynamic_dns_functions.sh inside send_update() function
#
# useage:
# using following options from /etc/config/ddns
# option username - huaweicloud Access Key Id
# option password - huaweicloud Secret Access KeyAK、SK documentation from https://support.huaweicloud.com/devg-apisign/api-sign-provide-aksk.html
# option domain - "hostname@yourdomain.TLD" # syntax changed to remove split_FQDN() function and tld_names.dat.gz
#
# Check inputs
[ -z "$username" ] && write_log 14 "Configuration error! [username] cannot be empty"
[ -z "$password" ] && write_log 14 "Configuration error! [password] cannot be empty"
[ -z "$CURL" ] && [ -z "$CURL_SSL" ] && write_log 14 "huaweicloud API require cURL with SSL support. Please install"
command -v openssl >/dev/null 2>&1 || write_log 14 "huaweicloud API require openssl-util support. Please install"
# public variable
local __HOST __DOMAIN __TYPE __ZONE_ID __RECORD_ID
local __ENDPOINT="dns.cn-north-1.myhuaweicloud.com"
local __TTL=120
[ $use_ipv6 -eq 0 ] && __TYPE="A" || __TYPE="AAAA"
# Get host and domain from $domain
[ "${domain:0:2}" == "@." ] && domain="${domain/./}" # host
[ "$domain" == "${domain/@/}" ] && domain="${domain/./@}" # host with no sperator
__HOST="${domain%%@*}"
__DOMAIN="${domain#*@}"
[ -z "$__HOST" -o "$__HOST" == "$__DOMAIN" ] && __HOST="@"
hcloud_transfer() {
local method=$1
local path=$2
local query=$3
local body=$4
local timestamp=$(date -u +'%Y%m%dT%H%M%SZ')
local contentType=""
if [ ! "$method" = "GET" ]; then
contentType="application/json"
fi
local _H_Content_Type=""
local canonicalUri="${path}"
# add / if need
echo $canonicalUri | grep -qE "/$" || canonicalUri="$canonicalUri/"
local canonicalQuery="$query" # for extend
local canonicalHeaders="host:$__ENDPOINT\nx-sdk-date:$timestamp\n"
local signedHeaders="host;x-sdk-date"
if [ ! "$contentType" = "" ]; then
canonicalHeaders="content-type:$contentType\n${canonicalHeaders}"
signedHeaders="content-type;$signedHeaders"
_H_Content_Type="Content-Type: ${contentType}"
fi
local hexencode=$(printf "%s" "$body" | openssl dgst -sha256 -hex 2>/dev/null | sed 's/^.* //')
local canonicalRequest="$method\n$canonicalUri\n$canonicalQuery\n$canonicalHeaders\n$signedHeaders\n$hexencode"
canonicalRequest="$(printf "$canonicalRequest%s")"
local stringToSign="SDK-HMAC-SHA256\n$timestamp\n$(printf "%s" "$canonicalRequest" | openssl dgst -sha256 -hex 2>/dev/null | sed 's/^.* //')"
stringToSign="$(printf "$stringToSign%s")"
local signature=$(printf "%s" "$stringToSign" | openssl dgst -sha256 -hmac "$password" 2>/dev/null | sed 's/^.* //')
authorization="SDK-HMAC-SHA256 Access=$username, SignedHeaders=$signedHeaders, Signature=$signature"
reqUrl="$__ENDPOINT$path"
if [ ! -z "$query" ]; then
reqUrl="$reqUrl""?$query"
fi
curl -s -X "${method}" \
-H "Host: $__ENDPOINT" \
-H "$_H_Content_Type" \
-H "Authorization: $authorization" \
-H "X-Sdk-Date: $timestamp" \
-d "${body}" \
"https://$reqUrl"
if [ $? -ne 0 ]; then
write_log 14 "rest api error"
fi
}
get_zone() {
local resp=`hcloud_transfer GET /v2/zones "name=$__DOMAIN.&search_mode=equal" ""`
__ZONE_ID=`printf "%s" $resp | grep -Eo '"id":"[a-z0-9]+"' | cut -d':' -f2 | tr -d '"'`
if [ "$__ZONE_ID" = "" ]; then
write_log 14 "error, no zone"
fi
}
upd_record() {
local body="{\"name\":\"$__HOST.$__DOMAIN.\",\"type\":\"$__TYPE\",\"records\":[\"$__IP\"],\"ttl\":$__TTL}"
local resp=`hcloud_transfer PUT /v2/zones/"$__ZONE_ID"/recordsets/$__RECORD_ID "" "$body"`
local recordId=`printf "%s" $resp | grep -Eo '"id":"[a-z0-9]+"' | cut -d':' -f2 | tr -d '"'`
if [ ! "$recordId" = "" ]; then
write_log 7 "upd [$recordId] success [$__TYPE] [$__IP]"
else
write_log 14 "upd ecord error [$resp]"
fi
}
add_record() {
local body="{\"name\":\"$__HOST.$__DOMAIN.\",\"type\":\"$__TYPE\",\"records\":[\"$__IP\"],\"ttl\":$__TTL}"
local resp=`hcloud_transfer POST /v2/zones/"$__ZONE_ID"/recordsets "" "$body"`
local recordId=`printf "%s" $resp | grep -Eo '"id":"[a-z0-9]+"' | cut -d':' -f2 | tr -d '"'`
if [ ! "$recordId" = "" ]; then
write_log 7 "add [$recordId] success [$__TYPE] [$__IP]"
else
write_log 14 "add record error [$resp]"
fi
}
# Get DNS record
get_record() {
local ret=0
local resp=`hcloud_transfer GET /v2/zones/$__ZONE_ID/recordsets "name=$__HOST.$__DOMAIN.&search_mode=equal" ""`
__RECORD_ID=`printf "%s" $resp | grep -Eo '"id":"[a-z0-9]+"' | cut -d':' -f2 | tr -d '"' | head -1`
if [ "$__RECORD_ID" = "" ]; then
# Record needs to be add
ret=1
else
local remoteIp=`printf "%s" $resp | grep -Eo '"records":\[[^]]+]' | cut -d ':' -f 2-10 | tr -d '[' | tr -d ']' | tr -d '"' | head -1`
if [ ! "$remoteIp" = "$__IP" ]; then
# Record needs to be updated
ret=2
fi
fi
return $ret
}
get_zone
get_record
ret=$?
if [ $ret -eq 0 ]; then
write_log 7 "nochg [$__IP]"
fi
if [ $ret -eq 1 ]; then
add_record
fi
if [ $ret -eq 2 ]; then
upd_record
fi

163
ddns-scripts/files/usr/lib/ddns/update_porkbun_v3.sh Normal file
View File

@ -0,0 +1,163 @@
#
# Distributed under the terms of the GNU General Public License (GPL) version 2.0
# 2024 Ansel Horn <dev@cahorn.net>
#
# Script for DDNS support via Porkbun's v3 API for the OpenWRT ddns-scripts package.
#
# Will attempt to create a new or edit an existing A or AAAA record for the
# given domain and subdomain. Existing CNAME and ALIAS records WILL NOT BE
# EDITED OR DELETED! "username" and "password" configurations should be set to
# Porkbun API key and secret key, respectively.
#
# Porkbun API documentation:
# https://porkbun.com/api/json/v3/documentation#DNS%20Create%20Record
#
# Source JSON parser
. /usr/share/libubox/jshn.sh
# Set API base URL
# Porkbun has warned it may change API hostname in the future:
# https://porkbun.com/api/json/v3/documentation#apiHost
__API="https://api.porkbun.com/api/json/v3"
# Check availability of cURL with SSL
[ -z "$CURL" ] && [ -z "$CURL_SSL" ] && write_log 14 "cURL with SSL support required! Please install"
# Validate configuration
[ -z "$domain" ] && write_log 14 "Service section not configured correctly! Missing 'domain'"
[ -z "$username" ] && write_log 14 "Service section not configured correctly! Missing 'username'"
[ -z "$password" ] && write_log 14 "Service section not configured correctly! Missing 'password'"
# Split FQDN into domain and subdomain(s)
__DOMAIN_REGEX='^\(\(.*\)\.\)\?\([^.]\+\.[^.]\+\)$'
echo $domain | grep "$__DOMAIN_REGEX" > /dev/null || write_log 14 "Invalid domain! Check 'domain' config"
__DOMAIN=$(echo $domain | sed -e "s/$__DOMAIN_REGEX/\3/")
__SUBDOMAIN=$(echo $domain | sed -e "s/$__DOMAIN_REGEX/\2/")
# Determine IPv4 or IPv6 address and record type
if [ "$use_ipv6" -eq 1 ]; then
expand_ipv6 "$__IP" __ADDR
__TYPE="AAAA"
else
__ADDR="$__IP"
__TYPE="A"
fi
# Inject authentication into API request JSON payload
function json_authenticate() {
json_add_string "apikey" "$username"
json_add_string "secretapikey" "$password"
}
# Make Porkbun API call
# $1 - Porkbun API endpoint
# $2 - request JSON payload
function api_call() {
local response url
url="$__API/$1"
write_log 7 "API endpoint URL: $url"
write_log 7 "API request JSON payload: $2"
response=$($CURL --data "$2" "$url")
write_log 7 "API response JSON payload: $response"
echo "$response"
}
# Check Porkbun API response status
function json_check_status() {
local status
json_get_var status "status"
[ "$status" == "SUCCESS" ] || write_log 14 "API request failed!"
}
# Review DNS record and, if it is the record we're looking for, get its id
function callback_review_record() {
local id name type
json_select "$2"
json_get_var id "id"
json_get_var name "name"
json_get_var type "type"
[ "$name" == "$domain" -a "$type" == "$__TYPE" ] && echo "$id"
json_select ..
}
# Retrieve all DNS records, find the first appropriate A/AAAA record, and get its id
function find_existing_record_id() {
local request response
json_init
json_authenticate
request=$(json_dump)
response=$(api_call "/dns/retrieve/$__DOMAIN" "$request")
json_load "$response"
json_check_status
json_for_each_item callback_review_record "records"
}
# Create a new A/AAAA record
function create_record() {
local request response
json_init
json_authenticate
json_add_string "name" "$__SUBDOMAIN"
json_add_string "type" "$__TYPE"
json_add_string "content" "$__ADDR"
request=$(json_dump)
response=$(api_call "/dns/create/$__DOMAIN" "$request")
json_load "$response"
json_check_status
}
# Retrieve an existing record and get its content
# $1 - record id to retrieve
function retrieve_record_content() {
local content request response
json_init
json_authenticate
request=$(json_dump)
response=$(api_call "/dns/retrieve/$__DOMAIN/$1" "$request")
json_load "$response"
json_check_status
json_select "records"
json_select 1
json_get_var content "content"
echo "$content"
}
# Edit an existing A/AAAA record
# $1 - record id to edit
function edit_record() {
local request response
json_init
json_authenticate
json_add_string "name" "$__SUBDOMAIN"
json_add_string "type" "$__TYPE"
json_add_string "content" "$__ADDR"
request=$(json_dump)
response=$(api_call "/dns/edit/$__DOMAIN/$1" "$request")
json_load "$response"
json_check_status
}
# Try to identify an appropriate existing DNS record to update
if [ -z $rec_id]; then
write_log 7 "Retrieving DNS $__TYPE record"
__ID=$(find_existing_record_id)
else
write_log 7 "Using user-supplied DNS record id: $rec_id"
__ID=$rec_id
fi
# Create or update DNS record with current IP address
if [ -z "$__ID" ]; then
write_log 7 "Creating new DNS $__TYPE record"
create_record
else
write_log 7 "Updating existing DNS $__TYPE record"
if [ "$(retrieve_record_content $__ID)" == "$__ADDR" ]; then
write_log 7 "Skipping Porkbun-unsupported forced noop update"
else
edit_record "$__ID"
fi
fi

9
ddns-scripts/files/usr/share/ddns/default/huaweicloud.com.json Normal file
View File

@ -0,0 +1,9 @@
{
"name": "huaweicloud.com",
"ipv4": {
"url": "update_huaweicloud_com.sh"
},
"ipv6": {
"url": "update_huaweicloud_com.sh"
}
}

6
ddns-scripts/files/usr/share/ddns/default/ovh.com.json
View File

@ -1,7 +1,11 @@
{
"name": "ovh.com",
"ipv4": {
"url": "http://[USERNAME]:[PASSWORD]@www.ovh.com/nic/update?system=dyndns&hostname=[DOMAIN]&myip=[IP]",
"url": "https://[USERNAME]:[PASSWORD]@dns.eu.ovhapis.com/nic/update?system=dyndns&hostname=[DOMAIN]&myip=[IP]",
"answer": "good|nochg"
},
"ipv6": {
"url": "https://[USERNAME]:[PASSWORD]@dns.eu.ovhapis.com/nic/update?system=dyndns&hostname=[DOMAIN]&myip=[IP]",
"answer": "good|nochg"
}
}

9
ddns-scripts/files/usr/share/ddns/default/porkbun.com-v3.json Normal file
View File

@ -0,0 +1,9 @@
{
"name": "porkbun.com-v3",
"ipv4": {
"url": "update_porkbun_v3.sh"
},
"ipv6": {
"url": "update_porkbun_v3.sh"
}
}

11
ddns-scripts/files/usr/share/ddns/default/servercow.de.json Normal file
View File

@ -0,0 +1,11 @@
{
"name": "servercow.de",
"ipv4": {
"url": "http://www.servercow.de/dnsupdate/update.php?username=[USERNAME]&pass=[PASSWORD]&hostname=[DOMAIN]&ipaddr=[IP]",
"answer": "OKv4"
},
"ipv6": {
"url": "http://www.servercow.de/dnsupdate/update.php?username=[USERNAME]&pass=[PASSWORD]&hostname=[DOMAIN]&ip6addr=[IP]",
"answer": "OKv6"
}
}

1
ddns-scripts/files/usr/share/ddns/list
View File

@ -54,6 +54,7 @@ ovh.com
regfish.de
schokokeks.org
selfhost.de
servercow.de
simply.com
sitelutions.com
spdyn.de

2
dnsmasq/Makefile
View File

@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=dnsmasq
PKG_UPSTREAM_VERSION:=2.90
PKG_VERSION:=$(subst test,~~test,$(subst rc,~rc,$(PKG_UPSTREAM_VERSION)))
PKG_RELEASE:=2
PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_UPSTREAM_VERSION).tar.xz
PKG_SOURCE_URL:=https://thekelleys.org.uk/dnsmasq/

118
dnsmasq/files/dnsmasq.init
View File

@ -12,6 +12,7 @@ ADD_WAN_FQDN=0
ADD_LOCAL_FQDN=""
BASECONFIGFILE="/var/etc/dnsmasq.conf"
EXTRACONFFILE="extraconfig.conf"
BASEHOSTFILE="/tmp/hosts/dhcp"
TRUSTANCHORSFILE="/usr/share/dnsmasq/trust-anchors.conf"
TIMEVALIDFILE="/var/state/dnsmasqsec"
@ -68,7 +69,7 @@ xappend() {
local opt="${value%%=*}"
if ! dnsmasq_ignore_opt "$opt"; then
echo "$value" >>$CONFIGFILE_TMP
echo "$value" >>"$CONFIGFILE_TMP"
fi
}
@ -353,7 +354,7 @@ dhcp_host_add() {
config_get_bool dns "$cfg" dns 0
[ "$dns" = "1" ] && [ -n "$ip" ] && [ -n "$name" ] && {
echo "$ip $name${DOMAIN:+.$DOMAIN}" >> $HOSTFILE_TMP
echo "$ip $name${DOMAIN:+.$DOMAIN}" >> "$HOSTFILE_TMP"
}
config_get mac "$cfg" mac
@ -502,14 +503,13 @@ dhcp_boot_add() {
[ -n "$serveraddress" ] && [ ! -n "$servername" ] && return 0
xappend "--dhcp-boot=${networkid:+net:$networkid,}${filename}${servername:+,$servername}${serveraddress:+,$serveraddress}"
xappend "--dhcp-boot=${networkid:+tag:$networkid,}${filename}${servername:+,$servername}${serveraddress:+,$serveraddress}"
config_get_bool force "$cfg" force 0
dhcp_option_add "$cfg" "$networkid" "$force"
}
dhcp_add() {
local cfg="$1"
local dhcp6range="::"
@ -540,8 +540,13 @@ dhcp_add() {
# Do not support non-static interfaces for now
[ static = "$proto" ] || return 0
ipaddr="${subnet%%/*}"
prefix_or_netmask="${subnet##*/}"
# Override interface netmask with dhcp config if applicable
config_get netmask "$cfg" netmask "${subnet##*/}"
config_get netmask "$cfg" netmask
[ -n "$netmask" ] && prefix_or_netmask="$netmask"
#check for an already active dhcp server on the interface, unless 'force' is set
config_get_bool force "$cfg" force 0
@ -567,6 +572,7 @@ dhcp_add() {
config_get ra_management "$cfg" ra_management
config_get ra_preference "$cfg" ra_preference
config_get dns "$cfg" dns
config_get dns_sl "$cfg" domain
config_list_foreach "$cfg" "interface_name" append_interface_name "$ifname"
@ -582,12 +588,8 @@ dhcp_add() {
nettag="${networkid:+set:${networkid},}"
if [ "$limit" -gt 0 ] ; then
limit=$((limit-1))
fi
# make sure the DHCP range is not empty
if [ "$dhcpv4" != "disabled" ] && eval "$(ipcalc.sh "${subnet%%/*}" "$netmask" "$start" "$limit")" ; then
if [ "$dhcpv4" != "disabled" ] && ipcalc "$ipaddr/$prefix_or_netmask" "$start" "$limit" ; then
[ "$dynamicdhcpv4" = "0" ] && END="static"
xappend "--dhcp-range=$tags$nettag$START,$END,$NETMASK,$leasetime${options:+ $options}"
@ -650,6 +652,13 @@ dhcp_add() {
fi
dhcp_option_append "option6:dns-server,$dnss" "$networkid"
if [ -n "$dns_sl" ]; then
ddssl=""
for dd in $dns_sl; do append ddssl "$dd" ","; done
fi
dhcp_option_append "option6:domain-search,$ddssl" "$networkid"
fi
dhcp_option_add "$cfg" "$networkid" 0
@ -705,7 +714,7 @@ dhcp_domain_add() {
record="${record:+$record }$name"
done
echo "$ip $record" >> $HOSTFILE_TMP
echo "$ip $record" >> "$HOSTFILE_TMP"
}
dhcp_srv_add() {
@ -779,6 +788,29 @@ dhcp_hostrecord_add() {
xappend "--host-record=$record"
}
dhcp_dnsrr_add() {
#This adds arbitrary resource record types (of IN class) whose optional data must be hex
local cfg="$1"
local rrname rrnumber hexdata
config_get rrname "$cfg" rrname
[ -n "$rrname" ] || return 0
config_get rrnumber "$cfg" rrnumber
[ -n "$rrnumber" ] && [ "$rrnumber" -gt 0 ] || return 0
config_get hexdata "$cfg" hexdata
# dnsmasq accepts colon XX:XX:.., space XX XX .., or contiguous XXXX.. hex forms or mixtures thereof
if [ -n "${hexdata//[0-9a-fA-F\:\ ]/}" ]; then
# is invalid hex literal
echo "dnsmasq: \"$hexdata\" is malformed hexadecimal (separate hex with colon, space or not at all)." >&2
return 1
fi
xappend "--dns-rr=${rrname},${rrnumber}${hexdata:+,$hexdata}"
}
dhcp_relay_add() {
local cfg="$1"
local local_addr server_addr interface
@ -854,7 +886,7 @@ dnsmasq_start()
{
local cfg="$1"
local disabled user_dhcpscript logfacility
local resolvfile resolvdir localuse=0
local resolvfile resolvdir localuse=1
config_get_bool disabled "$cfg" disabled 0
[ "$disabled" -gt 0 ] && return 0
@ -873,13 +905,13 @@ dnsmasq_start()
# before we can call xappend
umask u=rwx,g=rx,o=rx
mkdir -p /var/run/dnsmasq/
mkdir -p $(dirname $CONFIGFILE)
mkdir -p "$(dirname "$CONFIGFILE")"
mkdir -p "$HOSTFILE_DIR"
mkdir -p /var/lib/misc
chown dnsmasq:dnsmasq /var/run/dnsmasq
echo "# auto-generated config file from /etc/config/dhcp" > $CONFIGFILE_TMP
echo "# auto-generated config file from /etc/config/dhcp" > $HOSTFILE_TMP
echo "# auto-generated config file from /etc/config/dhcp" > "$CONFIGFILE_TMP"
echo "# auto-generated config file from /etc/config/dhcp" > "$HOSTFILE_TMP"
local dnsmasqconffile="/etc/dnsmasq.${cfg}.conf"
if [ ! -r "$dnsmasqconffile" ]; then
@ -965,8 +997,11 @@ dnsmasq_start()
append_bool "$cfg" rapidcommit "--dhcp-rapid-commit"
append_bool "$cfg" scriptarp "--script-arp"
# deprecate or remove filter-X in favor of filter-rr?
append_bool "$cfg" filter_aaaa "--filter-AAAA"
append_bool "$cfg" filter_a "--filter-A"
append_parm "$cfg" filter_rr "--filter-rr"
append_parm "$cfg" cache_rr "--cache-rr"
append_parm "$cfg" logfacility "--log-facility"
config_get logfacility "$cfg" "logfacility"
@ -1051,7 +1086,7 @@ dnsmasq_start()
config_get resolvfile "$cfg" resolvfile /tmp/resolv.conf.d/resolv.conf.auto
[ -n "$resolvfile" ] && [ ! -e "$resolvfile" ] && touch "$resolvfile"
xappend "--resolv-file=$resolvfile"
[ "$resolvfile" = "/tmp/resolv.conf.d/resolv.conf.auto" ] && localuse=1
[ "$resolvfile" != "/tmp/resolv.conf.d/resolv.conf.auto" ] && localuse=0
resolvdir="$(dirname "$resolvfile")"
fi
config_get_bool localuse "$cfg" localuse "$localuse"
@ -1100,6 +1135,9 @@ dnsmasq_start()
[ "$addmac" = "1" ] && addmac=
xappend "--add-mac${addmac:+="$addmac"}"
}
append_bool "$cfg" stripmac "--strip-mac"
append_parm "$cfg" addsubnet "--add-subnet"
append_bool "$cfg" stripsubnet "--strip-subnet"
dhcp_option_add "$cfg" "" 0
dhcp_option_add "$cfg" "" 2
@ -1107,13 +1145,21 @@ dnsmasq_start()
xappend "--dhcp-broadcast=tag:needs-broadcast"
config_get dnsmasqconfdir "$cfg" confdir "/tmp/dnsmasq.d"
xappend "--conf-dir=$dnsmasqconfdir"
dnsmasqconfdir="${dnsmasqconfdir%%,*}"
[ ! -d "$dnsmasqconfdir" ] && mkdir -p $dnsmasqconfdir
xappend "--user=dnsmasq"
xappend "--group=dnsmasq"
echo >> $CONFIGFILE_TMP
# Create a dnsmasq.d dir for each instance
config_get dnsmasqconfdir "$cfg" confdir "/tmp/dnsmasq${cfg:+.$cfg}.d"
# Ensure dnsmasqconfdir is an absolute path
[ "${dnsmasqconfdir:0:1}" = '/' ] && {
xappend "--conf-dir=$dnsmasqconfdir"
dnsmasqconfdir="${dnsmasqconfdir%%,*}"
[ ! -d "$dnsmasqconfdir" ] && mkdir -p "$dnsmasqconfdir"
xappend "--user=dnsmasq"
xappend "--group=dnsmasq"
echo >> "$CONFIGFILE_TMP"
# EXTRACONFFILE allows new dnsmasq parameters before they are natively handled in this init file
config_get extraconftext "$cfg" extraconftext
[ -n "$extraconftext" ] && echo -e "$extraconftext" > "$dnsmasqconfdir"/"$EXTRACONFFILE"
}
config_get_bool enable_tftp "$cfg" enable_tftp 0
[ "$enable_tftp" -gt 0 ] && {
@ -1122,7 +1168,7 @@ dnsmasq_start()
}
config_foreach filter_dnsmasq host dhcp_host_add "$cfg"
echo >> $CONFIGFILE_TMP
echo >> "$CONFIGFILE_TMP"
config_get_bool dhcpbogushostname "$cfg" dhcpbogushostname 1
[ "$dhcpbogushostname" -gt 0 ] && {
@ -1141,12 +1187,13 @@ dnsmasq_start()
config_foreach filter_dnsmasq match dhcp_match_add "$cfg"
config_foreach filter_dnsmasq domain dhcp_domain_add "$cfg"
config_foreach filter_dnsmasq hostrecord dhcp_hostrecord_add "$cfg"
config_foreach filter_dnsmasq dnsrr dhcp_dnsrr_add "$cfg"
[ -n "$BOOT" ] || config_foreach filter_dnsmasq relay dhcp_relay_add "$cfg"
echo >> $CONFIGFILE_TMP
echo >> "$CONFIGFILE_TMP"
config_foreach filter_dnsmasq srvhost dhcp_srv_add "$cfg"
config_foreach filter_dnsmasq mxhost dhcp_mx_add "$cfg"
echo >> $CONFIGFILE_TMP
echo >> "$CONFIGFILE_TMP"
config_get_bool boguspriv "$cfg" boguspriv 1
[ "$boguspriv" -gt 0 ] && {
@ -1168,16 +1215,16 @@ dnsmasq_start()
fi
echo >> $CONFIGFILE_TMP
echo >> "$CONFIGFILE_TMP"
config_foreach filter_dnsmasq cname dhcp_cname_add "$cfg"
echo >> $CONFIGFILE_TMP
echo >> "$CONFIGFILE_TMP"
echo >> $CONFIGFILE_TMP
echo >> "$CONFIGFILE_TMP"
config_foreach filter_dnsmasq ipset dnsmasq_ipset_add "$cfg"
echo >> $CONFIGFILE_TMP
echo >> "$CONFIGFILE_TMP"
mv -f $CONFIGFILE_TMP $CONFIGFILE
mv -f $HOSTFILE_TMP $HOSTFILE
mv -f "$CONFIGFILE_TMP" "$CONFIGFILE"
mv -f "$HOSTFILE_TMP" "$HOSTFILE"
[ "$localuse" -gt 0 ] && {
rm -f /tmp/resolv.conf
@ -1222,12 +1269,12 @@ dnsmasq_start()
dnsmasq_stop()
{
local cfg="$1"
local noresolv resolvfile localuse=0
local noresolv resolvfile localuse=1
config_get_bool noresolv "$cfg" noresolv 0
config_get resolvfile "$cfg" "resolvfile"
[ "$noresolv" = 0 ] && [ "$resolvfile" = "/tmp/resolv.conf.d/resolv.conf.auto" ] && localuse=1
[ "$noresolv" = 0 ] && [ "$resolvfile" != "/tmp/resolv.conf.d/resolv.conf.auto" ] && localuse=0
config_get_bool localuse "$cfg" localuse "$localuse"
[ "$localuse" -gt 0 ] && ln -sf "/tmp/resolv.conf.d/resolv.conf.auto" /tmp/resolv.conf
@ -1236,10 +1283,11 @@ dnsmasq_stop()
add_interface_trigger()
{
local interface ignore
local interface ifname ignore
config_get interface "$1" interface
config_get_bool ignore "$1" ignore 0
network_get_device ifname "$interface" || ignore=0
[ -n "$interface" ] && [ $ignore -eq 0 ] && procd_add_interface_trigger "interface.*" "$interface" /etc/init.d/dnsmasq reload
}

8
firewall/Makefile
View File

@ -9,13 +9,13 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=firewall
PKG_RELEASE:=3
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=$(PROJECT_GIT)/project/firewall3.git
PKG_SOURCE_DATE:=2022-02-17
PKG_SOURCE_VERSION:=4cd7d4f36bea731bf901cb067456f1d460294926
PKG_MIRROR_HASH:=ce9e8ac1bcf22afbb0a80c3da1a8e8e887851299681097e3dfbfc347f2c4c80f
PKG_SOURCE_DATE:=2024-10-18
PKG_SOURCE_VERSION:=1aef9791a21e3d15d4357060f09a7bb9ed3d6e4e
PKG_MIRROR_HASH:=61a4f03a34edf5bf25c13b7ae04e4be40ecbaebff77b9f2d1e730dcaa2c77143
PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
PKG_LICENSE:=ISC

8
firewall4/Makefile
View File

@ -9,9 +9,9 @@ PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=$(PROJECT_GIT)/project/firewall4.git
PKG_SOURCE_DATE:=2023-09-01
PKG_SOURCE_VERSION:=598d9fbb5179667aa0c525040eaa41bc7f2dc015
PKG_MIRROR_HASH:=038b5b5611425e3c0fcc3ef4a0aea37296733300766d787909a689d16d4f39b4
PKG_SOURCE_DATE:=2024-12-18
PKG_SOURCE_VERSION:=18fc0ead19faf06b8ce7ec5be84957278e942dfa
PKG_MIRROR_HASH:=123d1b5d00cdbbfa77813b3eb694d00949171037a0fa26e6d36a75a37066ba48
PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
PKG_LICENSE:=ISC
@ -26,7 +26,7 @@ define Package/firewall4
+kmod-nft-nat \
+nftables-json \
+ucode +ucode-mod-fs +ucode-mod-ubus +ucode-mod-uci
EXTRA_DEPENDS:=ucode (>= 2022-03-22)
EXTRA_DEPENDS:=ucode (>=2022.03.22)
PROVIDES:=uci-firewall
endef

47
luci-app-nekobox/htdocs/nekobox/singbox.php
View File

@ -95,6 +95,15 @@ wget -O "\$CONFIG_FILE" "\$SUBSCRIBE_URL" >> "\$LOG_FILE" 2>&1
if [ \$? -eq 0 ]; then
echo "\$(date): 配置文件更新成功,保存路径: \$CONFIG_FILE" >> "\$LOG_FILE"
sed -i 's/"outbounds":\s*\[\s*"Proxy"\s*\]/"outbounds": ["DIRECT"]/g' "\$CONFIG_FILE"
if [ \$? -eq 0 ]; then
echo "\$(date): 配置文件中的 Proxy 已成功替换为 DIRECT。" >> "\$LOG_FILE"
else
echo "\$(date): 替换 Proxy 为 DIRECT 失败,请检查配置文件。" >> "\$LOG_FILE"
exit 1
fi
else
echo "\$(date): 配置文件更新失败,请检查链接或网络。" >> "\$LOG_FILE"
exit 1
@ -155,16 +164,13 @@ EOL;
<div class="alert alert-info">
<h4 class="alert-heading">帮助信息</h4>
<p>
请选择一个模板以生成配置文件:根据订阅节点信息选择相应的模板。若选择带有地区分组的模板,请确保您的节点包含以下线路。
请选择一个模板以生成配置文件
</p>
<ul>
<li><strong>模板 1</strong>:无地区 无分组 通用。</li>
<li><strong>模板 2</strong>:无地区 带分流规则 通用。</li>
<li><strong>模板 3</strong>:香港 日本 美国 分组 带分流规则。</li>
<li><strong>模板 4</strong>:香港 新加坡 日本 美国 分组 带分流规则。</li>
<li><strong>模板 5</strong>:新加坡 日本 美国 韩国 分组 带分流规则。</li>
<li><strong>模板 6</strong>:香港 台湾 新加坡 日本 美国 韩国 分组 带分流规则。</li>
<li><strong>模板 7</strong>:同上多规则。</li>
<li><strong>模板 1</strong>:无地区 无分组 </li>
<li><strong>模板 2</strong>:无地区 带分流规则 </li>
<li><strong>模板 3</strong>:香港 台湾 新加坡 日本 美国 韩国 分组 带分流规则。</li>
<li><strong>模板 4</strong>:同上多规则。</li>
</ul>
</div>
<form method="post" action="">
@ -201,15 +207,7 @@ EOL;
</div>
<div class="col">
<input type="radio" class="form-check-input" id="useDefaultTemplate5" name="defaultTemplate" value="5">
<label class="form-check-label" for="useDefaultTemplate5">模板 5</label>
</div>
<div class="col">
<input type="radio" class="form-check-input" id="useDefaultTemplate6" name="defaultTemplate" value="6">
<label class="form-check-label" for="useDefaultTemplate6">模板 6</label>
</div>
<div class="col">
<input type="radio" class="form-check-input" id="useDefaultTemplate7" name="defaultTemplate" value="7">
<label class="form-check-label" for="useDefaultTemplate7">模板 7</label>
<label class="form-check-label" for="useDefaultTemplate4">模板 5</label>
</div>
</div>
<div class="mt-3">
@ -327,11 +325,9 @@ EOL;
$defaultTemplates = [
'1' => "https://raw.githubusercontent.com/Thaolga/Rules/main/Clash/json/config_7.json",
'2' => "https://raw.githubusercontent.com/Thaolga/Rules/main/Clash/json/config_6.json",
'3' => "https://raw.githubusercontent.com/Thaolga/Rules/main/Clash/json/config_9.json",
'4' => "https://raw.githubusercontent.com/Thaolga/Rules/main/Clash/json/config_10.json",
'5' => "https://raw.githubusercontent.com/Thaolga/Rules/main/Clash/json/config_11.json",
'6' => "https://raw.githubusercontent.com/Thaolga/Rules/main/Clash/json/config_8.json",
'7' => "https://raw.githubusercontent.com/Thaolga/Rules/main/Clash/json/config_12.json"
'3' => "https://raw.githubusercontent.com/Thaolga/Rules/main/Clash/json/config_8.json",
'4' => "https://raw.githubusercontent.com/Thaolga/Rules/main/Clash/json/config_12.json",
'5' => "https://raw.githubusercontent.com/Thaolga/Rules/main/Clash/json/config_2.json"
];
$templateUrlEncoded = urlencode($defaultTemplates[$_POST['defaultTemplate']] ?? '');
@ -362,6 +358,13 @@ EOL;
if ($downloadedContent === false) {
$logMessages[] = "无法读取下载的文件内容";
} else {
$downloadedContent = preg_replace_callback(
'/\{\s*"tag":\s*"(.*?)",\s*"type":\s*"selector",\s*"outbounds":\s*\[\s*"Proxy"\s*\]\s*\}/s',
function ($matches) {
return str_replace('"Proxy"', '"DIRECT"', $matches[0]);
},
$downloadedContent
);
if (isset($_POST['defaultTemplate']) && $_POST['defaultTemplate'] == '0') {
$replacement = '

674
luci-app-tailscale/LICENSE Normal file
View File

@ -0,0 +1,674 @@
GNU GENERAL PUBLIC LICENSE
Version 3, 29 June 2007
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU General Public License is a free, copyleft license for
software and other kinds of works.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
the GNU General Public License is intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users. We, the Free Software Foundation, use the
GNU General Public License for most of our software; it applies also to
any other work released this way by its authors. You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
To protect your rights, we need to prevent others from denying you
these rights or asking you to surrender the rights. Therefore, you have
certain responsibilities if you distribute copies of the software, or if
you modify it: responsibilities to respect the freedom of others.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must pass on to the recipients the same
freedoms that you received. You must make sure that they, too, receive
or can get the source code. And you must show them these terms so they
know their rights.
Developers that use the GNU GPL protect your rights with two steps:
(1) assert copyright on the software, and (2) offer you this License
giving you legal permission to copy, distribute and/or modify it.
For the developers' and authors' protection, the GPL clearly explains
that there is no warranty for this free software. For both users' and
authors' sake, the GPL requires that modified versions be marked as
changed, so that their problems will not be attributed erroneously to
authors of previous versions.
Some devices are designed to deny users access to install or run
modified versions of the software inside them, although the manufacturer
can do so. This is fundamentally incompatible with the aim of
protecting users' freedom to change the software. The systematic
pattern of such abuse occurs in the area of products for individuals to
use, which is precisely where it is most unacceptable. Therefore, we
have designed this version of the GPL to prohibit the practice for those
products. If such problems arise substantially in other domains, we
stand ready to extend this provision to those domains in future versions
of the GPL, as needed to protect the freedom of users.
Finally, every program is threatened constantly by software patents.
States should not allow patents to restrict development and use of
software on general-purpose computers, but in those that do, we wish to
avoid the special danger that patents applied to a free program could
make it effectively proprietary. To prevent this, the GPL assures that
patents cannot be used to render the program non-free.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Use with the GNU Affero General Public License.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU Affero General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the special requirements of the GNU Affero General Public License,
section 13, concerning interaction through a network will apply to the
combination as such.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If the program does terminal interaction, make it output a short
notice like this when it starts in an interactive mode:
<program> Copyright (C) <year> <name of author>
This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.
This is free software, and you are welcome to redistribute it
under certain conditions; type `show c' for details.
The hypothetical commands `show w' and `show c' should show the appropriate
parts of the General Public License. Of course, your program's commands
might be different; for a GUI interface, you would use an "about box".
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU GPL, see
<https://www.gnu.org/licenses/>.
The GNU General Public License does not permit incorporating your program
into proprietary programs. If your program is a subroutine library, you
may consider it more useful to permit linking proprietary applications with
the library. If this is what you want to do, use the GNU Lesser General
Public License instead of this License. But first, please read
<https://www.gnu.org/licenses/why-not-lgpl.html>.

15
luci-app-tailscale/Makefile Normal file
View File

@ -0,0 +1,15 @@
# SPDX-License-Identifier: GPL-3.0-only
#
# Copyright (C) 2024 asvow
include $(TOPDIR)/rules.mk
LUCI_TITLE:=LuCI for Tailscale
LUCI_DEPENDS:=+tailscale
LUCI_PKGARCH:=all
PKG_VERSION:=1.2.3
include $(TOPDIR)/feeds/luci/luci.mk
# call BuildPackage - OpenWrt buildroot signature

46
luci-app-tailscale/README.md Normal file
View File

@ -0,0 +1,46 @@
# luci-app-tailscale
Tailscale is a zero config VPN for building secure networks.
[![GitHub release (latest by date)](https://img.shields.io/github/v/release/asvow/luci-app-tailscale?style=flat-square)](https://github.com/asvow/luci-app-tailscale/releases)
[![GitHub stars](https://img.shields.io/github/stars/asvow/luci-app-tailscale?style=flat-square)](https://github.com/asvow/luci-app-tailscale/stargazers)
[![GitHub forks](https://img.shields.io/github/forks/asvow/luci-app-tailscale?style=flat-square)](https://github.com/asvow/luci-app-tailscale/network/members)
[![License](https://img.shields.io/github/license/asvow/luci-app-tailscale?style=flat-square)](LICENSE)
[![GitHub All Releases](https://img.shields.io/github/downloads/asvow/luci-app-tailscale/total?style=flat-square)](https://github.com/asvow/luci-app-tailscale/releases)
## How to build
- Only compatible with luci2 version
- Enter in your openwrt dir
*1. replace the default startup script and configuration of Tailscale.*
```shell
sed -i '/\/etc\/init\.d\/tailscale/d;/\/etc\/config\/tailscale/d;' feeds/packages/net/tailscale/Makefile
```
*2. get luci-app-tailscale source & building*
```shell
git clone https://github.com/asvow/luci-app-tailscale package/luci-app-tailscale
make menuconfig # choose LUCI -> Applications -> luci-app-tailscale
make package/luci-app-tailscale/compile V=s # luci-app-tailscale
```
--------------
## How to install prebuilt packages
- Upload the prebuilt ipk package to the /tmp directory of OpenWrt
- Login OpenWrt terminal (SSH)
```shell
opkg update
opkg install --force-overwrite /tmp/luci-*-tailscale*.ipk
```
--------------
## Thanks
- [Carseason/openwrt-tailscale](https://github.com/Carseason/openwrt-tailscale)
- [immortalwrt/luci-app-zerotier](https://github.com/immortalwrt/luci/blob/master/applications/luci-app-zerotier)

135
luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js Normal file
View File

@ -0,0 +1,135 @@
/* SPDX-License-Identifier: GPL-3.0-only
*
* Copyright (C) 2022 ImmortalWrt.org
* Copyright (C) 2024 asvow
*/
'use strict';
'require dom';
'require fs';
'require poll';
'require ui';
'require view';
return view.extend({
load: function() {
return fs.exec('/sbin/ifconfig').then(function(res) {
if (res.code !== 0 || !res.stdout || res.stdout.trim() === '') {
ui.addNotification(null, E('p', {}, _('Unable to get interface info: %s.').format(res.message)));
return '';
}
var interfaces = res.stdout.match(/tailscale[0-9]+/g);
if (!interfaces || interfaces.length === 0)
return 'No interface online.';
var promises = interfaces.map(function(name) {
return fs.exec('/sbin/ifconfig', [name]);
});
return Promise.all(promises).then(function(results) {
var data = results.map(function(res, index) {
if (res.code !== 0 || !res.stdout || res.stdout.trim() === '') {
ui.addNotification(null, E('p', {}, _('Unable to get interface %s info: %s.').format(interfaces[index], res.message)));
return null;
}
return {
name: interfaces[index],
stdout: res.stdout.trim()
};
}).filter(Boolean);
return data.map(function(info) {
var lines = info.stdout.split('\n');
var parsedInfo = {
name: info.name
};
lines.forEach(function(line) {
if (line.includes('inet addr:')) {
parsedInfo.ipv4 = line.split('inet addr:')[1].trim().split(' ')[0];
} else if (line.includes('inet6 addr:')) {
parsedInfo.ipv6 = line.split('inet6 addr:')[1].trim().split('/')[0];
} else if (line.includes('MTU:')) {
parsedInfo.mtu = line.split('MTU:')[1].trim().split(' ')[0];
} else if (line.includes('RX bytes:')) {
var rxMatch = line.match(/RX bytes:\d+ \(([\d.]+\s*[a-zA-Z]+)\)/);
if (rxMatch && rxMatch[1]) {
parsedInfo.rxBytes = rxMatch[1];
}
var txMatch = line.match(/TX bytes:\d+ \(([\d.]+\s*[a-zA-Z]+)\)/);
if (txMatch && txMatch[1]) {
parsedInfo.txBytes = txMatch[1];
}
}
});
return parsedInfo;
});
});
});
},
pollData: function (container) {
poll.add(L.bind(function () {
return this.load().then(L.bind(function (data) {
dom.content(container, this.renderContent(data));
}, this));
}, this));
},
renderContent: function (data) {
if (!Array.isArray(data)) {
return E('div', {}, _('No interface online.'));
}
var rows = data.flatMap(function(interfaceData) {
return [
E('th', {class: 'th', colspan: '2'}, _('Network Interface Information')),
E('tr', {class: 'tr'}, [
E('td', {class: 'td left', width: '25%'}, _('Interface Name')),
E('td', {class: 'td left', width: '25%'}, interfaceData.name)
]),
E('tr', {class: 'tr'}, [
E('td', {class: 'td left', width: '25%'}, _('IPv4 Address')),
E('td', {class: 'td left', width: '25%'}, interfaceData.ipv4)
]),
E('tr', {class: 'tr'}, [
E('td', {class: 'td left', width: '25%'}, _('IPv6 Address')),
E('td', {class: 'td left', width: '25%'}, interfaceData.ipv6)
]),
E('tr', {class: 'tr'}, [
E('td', {class: 'td left', width: '25%'}, _('MTU')),
E('td', {class: 'td left', width: '25%'}, interfaceData.mtu)
]),
E('tr', {class: 'tr'}, [
E('td', {class: 'td left', width: '25%'}, _('Total Download')),
E('td', {class: 'td left', width: '25%'}, interfaceData.rxBytes)
]),
E('tr', {class: 'tr'}, [
E('td', {class: 'td left', width: '25%'}, _('Total Upload')),
E('td', {class: 'td left', width: '25%'}, interfaceData.txBytes)
])
];
});
return E('table', { 'class': 'table' }, rows);
},
render: function(data) {
var content = E([], [
E('h2', {class: 'content'}, _('Tailscale')),
E('div', {class: 'cbi-map-descr'}, _('Tailscale is a cross-platform and easy to use virtual LAN.')),
E('div')
]);
var container = content.lastElementChild;
dom.content(container, this.renderContent(data));
this.pollData(container);
return content;
},
handleSaveApply: null,
handleSave: null,
handleReset: null
});

93
luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/log.js Normal file
View File

@ -0,0 +1,93 @@
'use strict';
'require fs';
'require poll';
'require ui';
'require view';
return view.extend({
retrieveLog: async function() {
return Promise.all([
L.resolveDefault(fs.stat('/sbin/logread'), null),
L.resolveDefault(fs.stat('/usr/sbin/logread'), null)
]).then(function(stat) {
var logger = stat[0] ? stat[0].path : stat[1] ? stat[1].path : null;
return fs.exec_direct(logger, [ '-e', 'tailscale' ]).then(logdata => {
var statusMappings = {
'daemon.err': { status: 'StdErr', startIndex: 9 },
'daemon.notice': { status: 'Info', startIndex: 10 }
};
const loglines = logdata.trim().split(/\n/).map(function(log) {
var logParts = log.split(' ').filter(Boolean);
if (logParts.length >= 6) {
var formattedTime = logParts[1] + ' ' + logParts[2] + ' - ' + logParts[3];
var status = logParts[5];
var mapping = statusMappings[status] || { status: status, startIndex: 9 };
status = mapping.status;
var startIndex = mapping.startIndex;
var message = logParts.slice(startIndex).join(' ');
return formattedTime + ' [ ' + status + ' ] - ' + message;
} else {
return 'Log is empty.';
}
}).filter(Boolean);
return { value: loglines.join('\n'), rows: loglines.length + 1 };
}).catch(function(err) {
ui.addNotification(null, E('p', {}, _('Unable to load log data: ' + err.message)));
return '';
});
});
},
pollLog: async function() {
const element = document.getElementById('syslog');
if (element) {
const log = await this.retrieveLog();
element.value = log.value;
element.rows = log.rows;
}
},
load: async function() {
poll.add(this.pollLog.bind(this));
return await this.retrieveLog();
},
render: function(loglines) {
var scrollDownButton = E('button', {
'id': 'scrollDownButton',
'class': 'cbi-button cbi-button-neutral'
}, _('Scroll to tail', 'scroll to bottom (the tail) of the log file')
);
scrollDownButton.addEventListener('click', function() {
scrollUpButton.scrollIntoView();
});
var scrollUpButton = E('button', {
'id' : 'scrollUpButton',
'class': 'cbi-button cbi-button-neutral'
}, _('Scroll to head', 'scroll to top (the head) of the log file')
);
scrollUpButton.addEventListener('click', function() {
scrollDownButton.scrollIntoView();
});
return E([], [
E('div', { 'id': 'content_syslog' }, [
E('div', {'style': 'padding-bottom: 20px'}, [scrollDownButton]),
E('textarea', {
'id': 'syslog',
'style': 'font-size:12px',
'readonly': 'readonly',
'wrap': 'off',
'rows': loglines.rows,
}, [ loglines.value ]),
E('div', {'style': 'padding-bottom: 20px'}, [scrollUpButton])
])
]);
},
handleSaveApply: null,
handleSave: null,
handleReset: null
});

291
luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js Normal file
View File

@ -0,0 +1,291 @@
/* SPDX-License-Identifier: GPL-3.0-only
*
* Copyright (C) 2024 asvow
*/
'use strict';
'require form';
'require fs';
'require poll';
'require rpc';
'require uci';
'require view';
var callServiceList = rpc.declare({
object: 'service',
method: 'list',
params: ['name'],
expect: { '': {} }
});
function callInterfaceStatus(interfaceName) {
return rpc.declare({
object: `network.interface.${interfaceName}`,
method: 'status',
params: ['name'],
expect: { '': {} }
});
}
function getInterfaceSubnets(interfaces = ['lan', 'wan']) {
const calculateSubnetAndCIDR = (ip, cidr) => {
const cidrInt = parseInt(cidr, 10);
const maskBinary = '1'.repeat(cidrInt).padEnd(32, '0');
const ipBinary = (ip) =>
ip.split('.').map(octet => parseInt(octet, 10).toString(2).padStart(8, '0'))
.join('');
const subnetBinary = ipBinary(ip).split('').map((bit, index) =>
(bit === '1' && maskBinary[index] === '1') ? '1' : '0'
).join('');
const subnet = [
parseInt(subnetBinary.slice(0, 8), 2),
parseInt(subnetBinary.slice(8, 16), 2),
parseInt(subnetBinary.slice(16, 24), 2),
parseInt(subnetBinary.slice(24, 32), 2)
].join('.');
return `${subnet}/${cidrInt}`;
};
const rpcCalls = interfaces.map(interfaceName => {
const callStatus = callInterfaceStatus(interfaceName);
return callStatus('ipv4-address').catch(() => ({ 'ipv4-address': [] }));
});
return Promise.all(rpcCalls)
.then(res => {
const interfaceSubnets = res.flatMap(status =>
(status['ipv4-address'] || []).map(addr => {
return calculateSubnetAndCIDR(addr.address, addr.mask)
})
);
return [...new Set(interfaceSubnets)];
})
.catch(() => []);
}
function getStatus() {
var status = {
isRunning: false,
backendState: undefined,
authURL: undefined,
displayName: undefined,
onlineExitNodes: [],
subnetRoutes: []
};
return Promise.resolve(callServiceList('tailscale')).then(res => {
try {
status.isRunning = res['tailscale']['instances']['instance1']['running'];
} catch (e) {
return status;
}
return fs.exec("/usr/sbin/tailscale", ["status", "--json"]).then(res => {
const tailscaleStatus = JSON.parse(res.stdout.replace(/("\w+"):\s*(\d+)/g, '$1:"$2"'));
if (!tailscaleStatus.AuthURL && tailscaleStatus.BackendState === "NeedsLogin") {
fs.exec("/usr/sbin/tailscale", ["login"]);
}
status.backendState = tailscaleStatus.BackendState;
status.authURL = tailscaleStatus.AuthURL;
status.displayName = (status.backendState === "Running") ? tailscaleStatus.User[tailscaleStatus.Self.UserID].DisplayName : undefined;
status.onlineExitNodes = Object.values(tailscaleStatus.Peer)
.flatMap(peer => (peer.ExitNodeOption && peer.Online) ? [peer.HostName] : []);
status.subnetRoutes = Object.values(tailscaleStatus.Peer)
.flatMap(peer => peer.PrimaryRoutes || []);
return status;
});
}).catch(() => status);
}
function renderStatus(isRunning) {
var spanTemp = '<em><span style="color:%s"><strong>%s %s</strong></span></em>';
var renderHTML;
if (isRunning) {
renderHTML = String.format(spanTemp, 'green', _('Tailscale'), _('RUNNING'));
} else {
renderHTML = String.format(spanTemp, 'red', _('Tailscale'), _('NOT RUNNING'));
}
return renderHTML;
}
function renderLogin(loginStatus, authURL, displayName) {
var spanTemp = '<span style="color:%s">%s</span>';
var renderHTML;
if (loginStatus == "NeedsLogin") {
renderHTML = String.format('<a href="%s" target="_blank">%s</a>', authURL, _('Needs Login'));
} else if (loginStatus == "Running") {
renderHTML = String.format('<a href="%s" target="_blank">%s</a>', 'https://login.tailscale.com/admin/machines', displayName);
renderHTML += String.format('<br><a style="color:green" id="logout_button">%s</a>', _('Logout and Unbind'));
} else {
renderHTML = String.format(spanTemp, 'orange', _('NOT RUNNING'));
}
return renderHTML;
}
return view.extend({
load: function() {
return Promise.all([
uci.load('tailscale'),
getStatus(),
getInterfaceSubnets()
]);
},
render: function(data) {
var m, s, o;
var statusData = data[1];
var interfaceSubnets = data[2];
var onlineExitNodes = statusData.onlineExitNodes;
var subnetRoutes = statusData.subnetRoutes;
m = new form.Map('tailscale', _('Tailscale'), _('Tailscale is a cross-platform and easy to use virtual LAN.'));
s = m.section(form.TypedSection);
s.anonymous = true;
s.render = function () {
poll.add(function() {
return Promise.resolve(getStatus()).then(function(res) {
var service_view = document.getElementById("service_status");
var login_view = document.getElementById("login_status_div");
service_view.innerHTML = renderStatus(res.isRunning);
login_view.innerHTML = renderLogin(res.backendState, res.authURL, res.displayName);
var logoutButton = document.getElementById('logout_button');
if (logoutButton) {
logoutButton.onclick = function() {
if (confirm(_('Are you sure you want to logout and unbind the current device?'))) {
fs.exec("/usr/sbin/tailscale", ["logout"]);
}
}
}
});
});
return E('div', { class: 'cbi-section', id: 'status_bar' }, [
E('p', { id: 'service_status' }, _('Collecting data ...'))
]);
}
s = m.section(form.NamedSection, 'settings', 'config');
s.tab('basic', _('Basic Settings'));
o = s.taboption('basic', form.Flag, 'enabled', _('Enable'));
o.default = o.disabled;
o.rmempty = false;
o = s.taboption('basic', form.DummyValue, 'login_status', _('Login Status'));
o.depends('enabled', '1');
o.renderWidget = function(section_id, option_id) {
return E('div', { 'id': 'login_status_div' }, _('Collecting data ...'));
};
o = s.taboption('basic', form.Value, 'port', _('Port'), _('Set the Tailscale port number.'));
o.datatype = 'port';
o.default = '41641';
o.rmempty = false;
o = s.taboption('basic', form.Value, 'config_path', _('Workdir'), _('The working directory contains config files, audit logs, and runtime info.'));
o.default = '/etc/tailscale';
o.rmempty = false;
o = s.taboption('basic', form.ListValue, 'fw_mode', _('Firewall Mode'));
o.value('nftables', 'nftables');
o.value('iptables', 'iptables');
o.default = 'nftables';
o.rmempty = false;
o = s.taboption('basic', form.Flag, 'log_stdout', _('StdOut Log'), _('Logging program activities.'));
o.default = o.enabled;
o.rmempty = false;
o = s.taboption('basic', form.Flag, 'log_stderr', _('StdErr Log'), _('Logging program errors and exceptions.'));
o.default = o.enabled;
o.rmempty = false;
s.tab('advance', _('Advanced Settings'));
o = s.taboption('advance', form.Flag, 'acceptRoutes', _('Accept Routes'), _('Accept subnet routes that other nodes advertise.'));
o.default = o.disabled;
o.rmempty = false;
o = s.taboption('advance', form.Value, 'hostname', _('Device Name'), _("Leave blank to use the device's hostname."));
o.default = '';
o.rmempty = true;
o = s.taboption('advance', form.Flag, 'acceptDNS', _('Accept DNS'), _('Accept DNS configuration from the Tailscale admin console.'));
o.default = o.enabled;
o.rmempty = false;
o = s.taboption('advance', form.Flag, 'advertiseExitNode', _('Exit Node'), _('Offer to be an exit node for outbound internet traffic from the Tailscale network.'));
o.default = o.disabled;
o.rmempty = false;
o = s.taboption('advance', form.ListValue, 'exitNode', _('Online Exit Nodes'), _('Select an online machine name to use as an exit node.'));
if (onlineExitNodes.length > 0) {
o.value('', _('-- Please choose --'));
onlineExitNodes.forEach(function(node) {
o.value(node, node);
});
} else {
o.value('', _('No Available Exit Nodes'));
o.readonly = true;
}
o.default = '';
o.depends('advertiseExitNode', '0');
o.rmempty = true;
o = s.taboption('advance', form.DynamicList, 'advertiseRoutes', _('Expose Subnets'), _('Expose physical network routes into Tailscale, e.g. <code>10.0.0.0/24</code>.'));
if (interfaceSubnets.length > 0) {
interfaceSubnets.forEach(function(subnet) {
o.value(subnet, subnet);
});
}
o.default = '';
o.rmempty = true;
o = s.taboption('advance', form.Flag, 's2s', _('Site To Site'), _('Use site-to-site layer 3 networking to connect subnets on the Tailscale network.'));
o.default = o.disabled;
o.depends('acceptRoutes', '1');
o.rmempty = false;
o = s.taboption('advance', form.DynamicList, 'subnetRoutes', _('Subnet Routes'), _('Select subnet routes advertised by other nodes in Tailscale network.'));
if (subnetRoutes.length > 0) {
subnetRoutes.forEach(function(route) {
o.value(route, route);
});
} else {
o.value('', _('No Available Subnet Routes'));
o.readonly = true;
}
o.default = '';
o.depends('s2s', '1');
o.rmempty = true;
o = s.taboption('advance', form.MultiValue, 'access', _('Access Control'));
o.value('tsfwlan', _('Tailscale access LAN'));
o.value('tsfwwan', _('Tailscale access WAN'));
o.value('lanfwts', _('LAN access Tailscale'));
o.value('wanfwts', _('WAN access Tailscale'));
o.default = "tsfwlan tsfwwan lanfwts";
o.rmempty = true;
s.tab('extra', _('Extra Settings'));
o = s.taboption('extra', form.DynamicList, 'flags', _('Additional Flags'), String.format(_('List of extra flags. Format: --flags=value, e.g. <code>--exit-node=10.0.0.1</code>. <br> %s for enabling settings upon the initiation of Tailscale.'), '<a href="https://tailscale.com/kb/1241/tailscale-up" target="_blank">' + _('Available flags') + '</a>'));
o.default = '';
o.rmempty = true;
s = m.section(form.NamedSection, 'settings', 'config');
s.title = _('Custom Server Settings');
s.description = String.format(_('Use %s to deploy a private server.'), '<a href="https://github.com/juanfont/headscale" target="_blank">headscale</a>');
o = s.option(form.Value, 'loginServer', _('Server Address'));
o.default = '';
o.rmempty = true;
o = s.option(form.Value, 'authKey', _('Auth Key'));
o.default = '';
o.rmempty = true;
return m.render();
}
});

291
luci-app-tailscale/po/templates/tailscale.pot Normal file
View File

@ -0,0 +1,291 @@
msgid ""
msgstr "Content-Type: text/plain; charset=UTF-8"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:224
msgid "-- Please choose --"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:214
msgid "Accept DNS"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:214
msgid "Accept DNS configuration from the Tailscale admin console."
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:206
msgid "Accept Routes"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:206
msgid "Accept subnet routes that other nodes advertise."
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:263
msgid "Access Control"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:273
msgid "Additional Flags"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:204
msgid "Advanced Settings"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:155
msgid "Are you sure you want to logout and unbind the current device?"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:285
msgid "Auth Key"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:273
msgid "Available flags"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:169
msgid "Basic Settings"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:164
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:178
msgid "Collecting data ..."
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:278
msgid "Custom Server Settings"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:210
msgid "Device Name"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:171
msgid "Enable"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:218
msgid "Exit Node"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:236
msgid "Expose Subnets"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:236
msgid "Expose physical network routes into Tailscale, e.g. <code>10.0.0.0/24</code>."
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:271
msgid "Extra Settings"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:190
msgid "Firewall Mode"
msgstr ""
#: luci-app-tailscale/root/usr/share/luci/menu.d/luci-app-tailscale.json:14
msgid "Global Settings"
msgstr ""
#: luci-app-tailscale/root/usr/share/rpcd/acl.d/luci-app-tailscale.json:3
msgid "Grant access to Tailscale configuration"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:93
msgid "IPv4 Address"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:97
msgid "IPv6 Address"
msgstr ""
#: luci-app-tailscale/root/usr/share/luci/menu.d/luci-app-tailscale.json:22
msgid "Interface Info"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:89
msgid "Interface Name"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:266
msgid "LAN access Tailscale"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:210
msgid "Leave blank to use the device's hostname."
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:273
msgid "List of extra flags. Format: --flags=value, e.g. <code>--exit-node=10.0.0.1</code>. <br> %s for enabling settings upon the initiation of Tailscale."
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:196
msgid "Logging program activities."
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:200
msgid "Logging program errors and exceptions."
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:175
msgid "Login Status"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:117
msgid "Logout and Unbind"
msgstr ""
#: luci-app-tailscale/root/usr/share/luci/menu.d/luci-app-tailscale.json:30
msgid "Logs"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:101
msgid "MTU"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:104
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:119
msgid "NOT RUNNING"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:114
msgid "Needs Login"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:87
msgid "Network Interface Information"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:229
msgid "No Available Exit Nodes"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:256
msgid "No Available Subnet Routes"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:83
msgid "No interface online."
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:218
msgid "Offer to be an exit node for outbound internet traffic from the Tailscale network."
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:222
msgid "Online Exit Nodes"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:181
msgid "Port"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:102
msgid "RUNNING"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/log.js:69
msgctxt "scroll to top (the head) of the log file"
msgid "Scroll to head"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/log.js:60
msgctxt "scroll to bottom (the tail) of the log file"
msgid "Scroll to tail"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:222
msgid "Select an online machine name to use as an exit node."
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:250
msgid "Select subnet routes advertised by other nodes in Tailscale network."
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:281
msgid "Server Address"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:181
msgid "Set the Tailscale port number."
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:245
msgid "Site To Site"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:200
msgid "StdErr Log"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:196
msgid "StdOut Log"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:250
msgid "Subnet Routes"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:120
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:102
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:104
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:141
#: luci-app-tailscale/root/usr/share/luci/menu.d/luci-app-tailscale.json:3
msgid "Tailscale"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:264
msgid "Tailscale access LAN"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:265
msgid "Tailscale access WAN"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:121
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:141
msgid "Tailscale is a cross-platform and easy to use virtual LAN."
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:186
msgid "The working directory contains config files, audit logs, and runtime info."
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:105
msgid "Total Download"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:109
msgid "Total Upload"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:33
msgid "Unable to get interface %s info: %s."
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:18
msgid "Unable to get interface info: %s."
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/log.js:36
msgid "Unable to load log data:"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:279
msgid "Use %s to deploy a private server."
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:245
msgid "Use site-to-site layer 3 networking to connect subnets on the Tailscale network."
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:267
msgid "WAN access Tailscale"
msgstr ""
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:186
msgid "Workdir"
msgstr ""

1
luci-app-tailscale/po/zh-cn Symbolic link
View File

@ -0,0 +1 @@
zh_Hans

297
luci-app-tailscale/po/zh_Hans/tailscale.po Normal file
View File

@ -0,0 +1,297 @@
msgid ""
msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Last-Translator: Automatically generated\n"
"Language-Team: none\n"
"Language: zh_Hans\n"
"MIME-Version: 1.0\n"
"Content-Transfer-Encoding: 8bit\n"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:224
msgid "-- Please choose --"
msgstr "-- 请选择 --"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:214
msgid "Accept DNS"
msgstr "允许DNS"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:214
msgid "Accept DNS configuration from the Tailscale admin console."
msgstr "使用 Tailscale 管理控制台的 DNS 配置。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:206
msgid "Accept Routes"
msgstr "启用路由"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:206
msgid "Accept subnet routes that other nodes advertise."
msgstr "接受其他节点广播的子网路由。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:263
msgid "Access Control"
msgstr "访问控制"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:273
msgid "Additional Flags"
msgstr "参数列表"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:204
msgid "Advanced Settings"
msgstr "高级设置"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:155
msgid "Are you sure you want to logout and unbind the current device?"
msgstr "是否注销当前登录并且解绑当前设备?"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:285
msgid "Auth Key"
msgstr "认证密钥"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:273
msgid "Available flags"
msgstr "可用参数"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:169
msgid "Basic Settings"
msgstr "基础设置"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:164
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:178
msgid "Collecting data ..."
msgstr "正在收集数据..."
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:278
msgid "Custom Server Settings"
msgstr "自定义服务器"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:210
msgid "Device Name"
msgstr "设备名称"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:171
msgid "Enable"
msgstr "启用"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:218
msgid "Exit Node"
msgstr "出口节点"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:236
msgid "Expose Subnets"
msgstr "公开网段"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:236
msgid "Expose physical network routes into Tailscale, e.g. <code>10.0.0.0/24</code>."
msgstr "广播子网路由至 Tailscale例如<code>10.0.0.0/24</code>。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:271
msgid "Extra Settings"
msgstr "附加设置"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:190
msgid "Firewall Mode"
msgstr "防火墙模式"
#: luci-app-tailscale/root/usr/share/luci/menu.d/luci-app-tailscale.json:14
msgid "Global Settings"
msgstr "全局设置"
#: luci-app-tailscale/root/usr/share/rpcd/acl.d/luci-app-tailscale.json:3
msgid "Grant access to Tailscale configuration"
msgstr "授予访问 Tailscale 配置的权限"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:93
msgid "IPv4 Address"
msgstr "IPv4地址"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:97
msgid "IPv6 Address"
msgstr "IPv6地址"
#: luci-app-tailscale/root/usr/share/luci/menu.d/luci-app-tailscale.json:22
msgid "Interface Info"
msgstr "接口信息"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:89
msgid "Interface Name"
msgstr "接口名称"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:266
msgid "LAN access Tailscale"
msgstr "本地局域网访问虚拟局域网"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:210
msgid "Leave blank to use the device's hostname."
msgstr "留空以使用设备的主机名。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:273
msgid "List of extra flags. Format: --flags=value, e.g. <code>--exit-node=10.0.0.1</code>. <br> %s for enabling settings upon the initiation of Tailscale."
msgstr "额外参数的列表。格式:--flags=value例如 <code>--exit-node=10.0.0.1</code>。<br> 在 Tailscale 启动时的%s。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:196
msgid "Logging program activities."
msgstr "记录程序运行信息。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:200
msgid "Logging program errors and exceptions."
msgstr "记录程序错误和警告信息。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:175
msgid "Login Status"
msgstr "已绑定用户"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:117
msgid "Logout and Unbind"
msgstr "注销登录并解除绑定"
#: luci-app-tailscale/root/usr/share/luci/menu.d/luci-app-tailscale.json:30
msgid "Logs"
msgstr "日志"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:101
msgid "MTU"
msgstr "MTU"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:104
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:119
msgid "NOT RUNNING"
msgstr "未运行"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:114
msgid "Needs Login"
msgstr "未登录"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:87
msgid "Network Interface Information"
msgstr "网络接口信息"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:229
msgid "No Available Exit Nodes"
msgstr "没有可用的出口节点"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:256
msgid "No Available Subnet Routes"
msgstr "没有可用的子网路由"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:83
msgid "No interface online."
msgstr "无在线接口。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:218
msgid "Offer to be an exit node for outbound internet traffic from the Tailscale network."
msgstr "作为 Tailscale 广域网出口节点。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:222
msgid "Online Exit Nodes"
msgstr "可用出口节点"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:181
msgid "Port"
msgstr "端口"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:102
msgid "RUNNING"
msgstr "运行中"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/log.js:69
msgctxt "scroll to top (the head) of the log file"
msgid "Scroll to head"
msgstr "滚动到顶部"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/log.js:60
msgctxt "scroll to bottom (the tail) of the log file"
msgid "Scroll to tail"
msgstr "滚动到底部"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:222
msgid "Select an online machine name to use as an exit node."
msgstr "选择一个可用的节点名称作为出口节点使用。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:250
msgid "Select subnet routes advertised by other nodes in Tailscale network."
msgstr "选择非本设备广播的子网路由。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:281
msgid "Server Address"
msgstr "服务器地址"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:181
msgid "Set the Tailscale port number."
msgstr "设置 Tailscale 端口号。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:245
msgid "Site To Site"
msgstr "子网互通"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:200
msgid "StdErr Log"
msgstr "错误日志"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:196
msgid "StdOut Log"
msgstr "运行日志"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:250
msgid "Subnet Routes"
msgstr "子网路由"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:120
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:102
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:104
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:141
#: luci-app-tailscale/root/usr/share/luci/menu.d/luci-app-tailscale.json:3
msgid "Tailscale"
msgstr "Tailscale"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:264
msgid "Tailscale access LAN"
msgstr "虚拟局域网访问本地局域网"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:265
msgid "Tailscale access WAN"
msgstr "虚拟局域网访问本地广域网"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:121
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:141
msgid "Tailscale is a cross-platform and easy to use virtual LAN."
msgstr "Tailscale 是一个跨平台且易于使用的虚拟局域网 VPN。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:186
msgid "The working directory contains config files, audit logs, and runtime info."
msgstr "工作目录包含配置文件、审计日志和运行时信息。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:105
msgid "Total Download"
msgstr "总下载量"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:109
msgid "Total Upload"
msgstr "总上传量"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:33
msgid "Unable to get interface %s info: %s."
msgstr "无法获取接口 %s 的信息:%s。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:18
msgid "Unable to get interface info: %s."
msgstr "无法获取接口信息:%s。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/log.js:36
msgid "Unable to load log data:"
msgstr "无法读取日志数据:"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:279
msgid "Use %s to deploy a private server."
msgstr "使用 %s 部署私有服务器"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:245
msgid "Use site-to-site layer 3 networking to connect subnets on the Tailscale network."
msgstr "使用站点到站点的三层网络连接 Tailscale 中的子网。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:267
msgid "WAN access Tailscale"
msgstr "本地广域网访问虚拟局域网"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:186
msgid "Workdir"
msgstr "工作目录"

297
luci-app-tailscale/po/zh_Hant/tailscale.po Normal file
View File

@ -0,0 +1,297 @@
msgid ""
msgstr ""
"Content-Type: text/plain; charset=UTF-8\n"
"Last-Translator: Automatically generated\n"
"Language-Team: none\n"
"Language: zh_Hant\n"
"MIME-Version: 1.0\n"
"Content-Transfer-Encoding: 8bit\n"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:224
msgid "-- Please choose --"
msgstr "-- 請選擇 --"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:214
msgid "Accept DNS"
msgstr "允許DNS"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:214
msgid "Accept DNS configuration from the Tailscale admin console."
msgstr "使用 Tailscale 管理控制台的 DNS 設定。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:206
msgid "Accept Routes"
msgstr "啟用路由"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:206
msgid "Accept subnet routes that other nodes advertise."
msgstr "接受其他節點廣播的子網路由。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:263
msgid "Access Control"
msgstr "訪問控制"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:273
msgid "Additional Flags"
msgstr "參數列表"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:204
msgid "Advanced Settings"
msgstr "高級設置"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:155
msgid "Are you sure you want to logout and unbind the current device?"
msgstr "是否註銷當前登錄並且解綁當前設備?"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:285
msgid "Auth Key"
msgstr "認證密鑰"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:273
msgid "Available flags"
msgstr "可用參數"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:169
msgid "Basic Settings"
msgstr "基礎設置"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:164
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:178
msgid "Collecting data ..."
msgstr "正在收集數據..."
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:278
msgid "Custom Server Settings"
msgstr "自定義伺服器"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:210
msgid "Device Name"
msgstr "設備名稱"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:171
msgid "Enable"
msgstr "啟用"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:218
msgid "Exit Node"
msgstr "出口節點"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:236
msgid "Expose Subnets"
msgstr "公開網段"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:236
msgid "Expose physical network routes into Tailscale, e.g. <code>10.0.0.0/24</code>."
msgstr "廣播子網路由至 Tailscale例如<code>10.0.0.0/24</code>。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:271
msgid "Extra Settings"
msgstr "附加設置"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:190
msgid "Firewall Mode"
msgstr "防火牆模式"
#: luci-app-tailscale/root/usr/share/luci/menu.d/luci-app-tailscale.json:14
msgid "Global Settings"
msgstr "全局設置"
#: luci-app-tailscale/root/usr/share/rpcd/acl.d/luci-app-tailscale.json:3
msgid "Grant access to Tailscale configuration"
msgstr "授予訪問 Tailscale 配置的權限"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:93
msgid "IPv4 Address"
msgstr "IPv4地址"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:97
msgid "IPv6 Address"
msgstr "IPv6地址"
#: luci-app-tailscale/root/usr/share/luci/menu.d/luci-app-tailscale.json:22
msgid "Interface Info"
msgstr "接口信息"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:89
msgid "Interface Name"
msgstr "接口名稱"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:266
msgid "LAN access Tailscale"
msgstr "本地局域網訪問虛擬局域網"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:210
msgid "Leave blank to use the device's hostname."
msgstr "留空以使用設備的主機名。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:273
msgid "List of extra flags. Format: --flags=value, e.g. <code>--exit-node=10.0.0.1</code>. <br> %s for enabling settings upon the initiation of Tailscale."
msgstr "額外參數的列表。格式:--flags=value例如 <code>--exit-node=10.0.0.1</code>。<br> 在 Tailscale 啟動時的%s。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:196
msgid "Logging program activities."
msgstr "記錄程式運行信息。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:200
msgid "Logging program errors and exceptions."
msgstr "記錄程式錯誤和警告信息。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:175
msgid "Login Status"
msgstr "已綁定用戶"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:117
msgid "Logout and Unbind"
msgstr "註銷登錄並解除綁定"
#: luci-app-tailscale/root/usr/share/luci/menu.d/luci-app-tailscale.json:30
msgid "Logs"
msgstr "日誌"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:101
msgid "MTU"
msgstr "MTU"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:104
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:119
msgid "NOT RUNNING"
msgstr "未運行"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:114
msgid "Needs Login"
msgstr "未登錄"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:87
msgid "Network Interface Information"
msgstr "網絡接口信息"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:229
msgid "No Available Exit Nodes"
msgstr "没有可用的出口節點"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:256
msgid "No Available Subnet Routes"
msgstr "沒有可用的子網路由"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:83
msgid "No interface online."
msgstr "無在線接口。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:218
msgid "Offer to be an exit node for outbound internet traffic from the Tailscale network."
msgstr "作為 Tailscale 廣域網出口節點。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:222
msgid "Online Exit Nodes"
msgstr "可用出口節點"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:181
msgid "Port"
msgstr "端口"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:102
msgid "RUNNING"
msgstr "運行中"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/log.js:69
msgctxt "scroll to top (the head) of the log file"
msgid "Scroll to head"
msgstr "捲動到頂部"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/log.js:60
msgctxt "scroll to bottom (the tail) of the log file"
msgid "Scroll to tail"
msgstr "捲動到尾部"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:222
msgid "Select an online machine name to use as an exit node."
msgstr "選擇一個可用的節點名稱作為出口節點使用。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:250
msgid "Select subnet routes advertised by other nodes in Tailscale network."
msgstr "選擇非本設備廣播的子網路由。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:281
msgid "Server Address"
msgstr "伺服器地址"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:181
msgid "Set the Tailscale port number."
msgstr "設置 Tailscale 端口號。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:245
msgid "Site To Site"
msgstr "子網互通"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:200
msgid "StdErr Log"
msgstr "錯誤日誌"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:196
msgid "StdOut Log"
msgstr "運行日誌"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:250
msgid "Subnet Routes"
msgstr "子網路由"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:120
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:102
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:104
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:141
#: luci-app-tailscale/root/usr/share/luci/menu.d/luci-app-tailscale.json:3
msgid "Tailscale"
msgstr "Tailscale"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:264
msgid "Tailscale access LAN"
msgstr "虛擬局域網訪問本地局域網"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:265
msgid "Tailscale access WAN"
msgstr "虛擬局域網訪問本地廣域網"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:121
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:141
msgid "Tailscale is a cross-platform and easy to use virtual LAN."
msgstr "Tailscale 是一個跨平台且易於使用的虛擬局域網 VPN。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:186
msgid "The working directory contains config files, audit logs, and runtime info."
msgstr "工作目錄包含配置文件、審計日誌和運行時信息。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:105
msgid "Total Download"
msgstr "總下載量"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:109
msgid "Total Upload"
msgstr "總上傳量"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:33
msgid "Unable to get interface %s info: %s."
msgstr "無法獲取接口 %s 的信息:%s。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/interface.js:18
msgid "Unable to get interface info: %s."
msgstr "無法獲取接口信息:%s。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/log.js:36
msgid "Unable to load log data:"
msgstr "無法載入日誌檔:"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:279
msgid "Use %s to deploy a private server."
msgstr "使用 %s 部署私有伺服器"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:245
msgid "Use site-to-site layer 3 networking to connect subnets on the Tailscale network."
msgstr "使用站點到站點的三層網路連線 Tailscale 中的子網。"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:267
msgid "WAN access Tailscale"
msgstr "本地廣域網訪問虛擬局域網"
#: luci-app-tailscale/htdocs/luci-static/resources/view/tailscale/setting.js:186
msgid "Workdir"
msgstr "工作目錄"

2
luci-app-tailscale/root/etc/config/tailscale Normal file
View File

@ -0,0 +1,2 @@
config tailscale 'settings'
option enabled '0'

8
luci-app-tailscale/root/etc/hotplug.d/iface/40-tailscale Executable file
View File

@ -0,0 +1,8 @@
#!/bin/sh
tailscale_enable="$(uci get tailscale.settings.enabled)"
[ "$ACTION" = ifup -o "$ACTION" = ifupdate ] || exit 0
[ "$ACTION" = ifupdate -a -z "$IFUPDATE_ADDRESSES" -a -z "$IFUPDATE_DATA" ] && exit 0
[ "$tailscale_enable" -eq "1" ] || exit 0
/etc/init.d/tailscale start > /tmp/tailscale.log 2>&1 &

254
luci-app-tailscale/root/etc/init.d/tailscale Executable file
View File

@ -0,0 +1,254 @@
#!/bin/sh /etc/rc.common
START=90
USE_PROCD=1
PROG=/usr/sbin/tailscale
PROGD=/usr/sbin/tailscaled
CONFIG_PATH=/var/lib/tailscale
service_triggers() {
procd_add_reload_trigger "tailscale"
procd_add_interface_trigger "interface.*.up" wan /etc/init.d/tailscale reload
}
section_enabled() {
config_get_bool enabled "$1" 'enabled' 0
[ $enabled -gt 0 ]
}
custom_instance() {
local cfg="$1"
local acceptRoutes hostname acceptDNS advertiseExitNode exitNode advertiseRoutes s2s subnetRoutes flags loginServer authkey std_out std_err
local ARGS=" up --reset"
if ! section_enabled "$cfg"; then
echo "disabled in config"
return 1
fi
config_get_bool acceptRoutes $cfg 'acceptRoutes'
config_get hostname $cfg 'hostname'
config_get_bool acceptDNS $cfg 'acceptDNS'
config_get_bool advertiseExitNode $cfg 'advertiseExitNode'
config_get exitNode $cfg 'exitNode'
config_get advertiseRoutes $cfg 'advertiseRoutes'
config_get_bool s2s $cfg 's2s'
config_get flags $cfg 'flags'
config_get loginServer $cfg 'loginServer'
config_get authkey $cfg 'authkey'
config_get_bool std_out $cfg 'log_stdout'
config_get_bool std_err $cfg 'log_stderr'
[ "$acceptRoutes" = "1" ] && ARGS="$ARGS --accept-routes=true"
[ -n "$hostname" ] && ARGS="$ARGS --hostname=$hostname"
[ "$acceptDNS" = "0" ] && ARGS="$ARGS --accept-dns=false"
[ "$advertiseExitNode" = "1" ] && ARGS="$ARGS --advertise-exit-node"
[ -n "$exitNode" ] && ARGS="$ARGS --exit-node=$exitNode --exit-node-allow-lan-access=true"
[ -n "$advertiseRoutes" ] && ARGS="$ARGS --advertise-routes=$(echo $advertiseRoutes | tr ' ' ',')"
[ "$s2s" = "1" ] && ARGS="$ARGS --snat-subnet-routes=false"
[ -n "$flags" ] && ARGS="$ARGS $flags"
[ -n "$loginServer" ] && ARGS="$ARGS --login-server=$loginServer"
[ -n "$authkey" ] && ARGS="$ARGS --authkey=$authkey"
procd_open_instance
procd_set_param command $PROG $ARGS
procd_set_param stdout "$std_out"
procd_set_param stderr "$std_err"
procd_close_instance
(
[ -f "/var/run/tailscale.wait.pid" ] && return
touch /var/run/tailscale.wait.pid
count=0
while [ -z "$(ifconfig | grep 'tailscale' | awk '{print $1}')" ] || [ -z "$(tailscale ip -4)" ]
do
sleep 2
let count++
[ "${count}" -ge 5 ] && { rm /var/run/tailscale.wait.pid; exit 19; }
done
if [ "$acceptDNS" = "1" ]; then
MagicDNSSuffix=$(tailscale status --json | awk -F'"' '/"MagicDNSSuffix"/ {last=$(NF-1)} END {print last}')
sed -i '/100.100.100.100/d' /etc/dnsmasq.conf
echo "server=/$MagicDNSSuffix/100.100.100.100" >> /etc/dnsmasq.conf
/etc/init.d/dnsmasq reload
fi
ts0=$(ifconfig | grep 'tailscale' | awk '{print $1}')
if [ -z "$(uci -q get network.tailscale)" ]; then
uci set network.tailscale='interface'
if [ "$ts0" = *$'\n'* ]; then
uci set network.ts_lan='device'
uci set network.ts_lan.type='bridge'
uci set network.ts_lan.name='ts-lan'
for port in "${ts0}"; do
uci add_list network.ts_lan.ports=$port
done
uci set network.tailscale.proto='none'
uci set network.tailscale.device='ts-lan'
else
ts_ip=$(tailscale ip -4)
uci set network.tailscale.proto='static'
uci set network.tailscale.ipaddr=$ts_ip
uci set network.tailscale.netmask='255.0.0.0'
uci set network.tailscale.device=$ts0
fi
fi
lan2wan=$(uci show firewall | grep "firewall.@forwarding\[[0-9]\+\]\.src='lan'" -B 1 -A 1 | grep "firewall.@forwarding\[[0-9]\+\]\.dest='wan'" | grep -o '[0-9]\+')
if [ -n "$exitNode" ]; then
uci set firewall.@defaults[0].forward='REJECT'
[ -n $lan2wan ] && uci set firewall.@forwarding[$lan2wan].enabled='0'
else
uci -q delete firewall.@forwarding[$lan2wan].enabled
fi
config_get subnetRoutes $cfg 'subnetRoutes'
if [ -n "$subnetRoutes" ]; then
i=1
ts_ip=$(tailscale ip -4)
for route in $subnetRoutes; do
uci set network.ts_subnet$i='route'
uci set network.ts_subnet$i.interface='tailscale'
uci set network.ts_subnet$i.target=$route
uci set network.ts_subnet$i.gateway=$ts_ip
let i++
done
else
for route in $(uci show network | grep 'network.ts_subnet[0-9]\+=route' | grep -o 'network.ts_subnet[0-9]\+'); do
uci -q delete $route
done
fi
config_get access $cfg 'access'
if [ -n "$access" ]; then
if [ -z "$(uci -q get firewall.tszone)" ]; then
uci set firewall.tszone='zone'
uci set firewall.tszone.input='ACCEPT'
uci set firewall.tszone.output='ACCEPT'
uci set firewall.tszone.forward='ACCEPT'
uci set firewall.tszone.masq='1'
uci set firewall.tszone.mtu_fix='1'
uci set firewall.tszone.name='tailscale'
uci set firewall.tszone.network='tailscale'
fi
else
uci -q delete firewall.tszone
fi
if [ "${access//tsfwlan/}" != "$access" ]; then
uci set firewall.tsfwlan=forwarding
uci set firewall.tsfwlan.dest='lan'
uci set firewall.tsfwlan.src='tailscale'
else
uci -q delete firewall.tsfwlan
fi
if [ "${access//tsfwwan/}" != "$access" ]; then
uci set firewall.tsfwwan=forwarding
uci set firewall.tsfwwan.dest='wan'
uci set firewall.tsfwwan.src='tailscale'
else
uci -q delete firewall.tsfwwan
fi
if [ "${access//lanfwts/}" != "$access" ]; then
uci set firewall.lanfwts=forwarding
uci set firewall.lanfwts.dest='tailscale'
uci set firewall.lanfwts.src='lan'
else
uci -q delete firewall.lanfwts
fi
if [ "${access//wanfwts/}" != "$access" ]; then
uci set firewall.wanfwts=forwarding
uci set firewall.wanfwts.dest='tailscale'
uci set firewall.wanfwts.src='wan'
else
uci -q delete firewall.wanfwts
fi
[ -n "$(uci changes network)" ] && uci commit network && /etc/init.d/network reload
[ -n "$(uci changes firewall)" ] && uci commit firewall && /etc/init.d/firewall reload
rm /var/run/tailscale.wait.pid
) &
}
start_instance() {
local cfg="$1"
local port config_path fw_mode std_out std_err state_file
local ARGS=""
if ! section_enabled "$cfg"; then
echo "disabled in config"
return 1
fi
config_get port $cfg 'port'
config_get config_path $cfg 'config_path'
config_get fw_mode $cfg 'fw_mode'
config_get_bool std_out $cfg 'log_stdout'
config_get_bool std_err $cfg 'log_stderr'
[ -d $config_path ] || mkdir -p $config_path
[ -d $CONFIG_PATH ] || mkdir -p $CONFIG_PATH
state_file=$config_path/tailscaled.state
/usr/sbin/tailscaled --cleanup
[ -n "$port" ] && ARGS="$ARGS --port $port"
[ -n "$state_file" ] && ARGS="$ARGS --state $state_file"
procd_open_instance
procd_set_param command $PROGD $ARGS
procd_set_param env TS_DEBUG_FIREWALL_MODE="$fw_mode"
procd_set_param respawn
procd_set_param stdout "$std_out"
procd_set_param stderr "$std_err"
procd_close_instance
}
start_service() {
config_load 'tailscale'
config_foreach start_instance 'tailscale'
config_foreach custom_instance 'tailscale'
}
stop_instance() {
local cfg="$1"
/usr/sbin/tailscaled --cleanup
# Remove dnsmasq settings
sed -i '/100.100.100.100/d' /etc/dnsmasq.conf
/etc/init.d/dnsmasq reload
# Remove network settings
uci -q delete network.tailscale
uci -q delete network.ts_lan
for route in $(uci show network | grep 'network.ts_subnet[0-9]\+=route' | grep -o 'network.ts_subnet[0-9]\+'); do
uci -q delete $route
done
# Remove firewall settings
lan2wan=$(uci show firewall | grep "firewall.@forwarding\[[0-9]\+\]\.src='lan'" -B 1 -A 1 | grep "firewall.@forwarding\[[0-9]\+\]\.dest='wan'" | grep -o '[0-9]\+')
uci -q delete firewall.@forwarding[$lan2wan].enabled
uci -q delete firewall.tszone
uci -q delete firewall.tsfwlan
uci -q delete firewall.tsfwwan
uci -q delete firewall.lanfwts
uci -q delete firewall.wanfwts
[ -n "$(uci changes network)" ] && uci commit network && /etc/init.d/network reload
[ -n "$(uci changes firewall)" ] && uci commit firewall && /etc/init.d/firewall reload
# Remove existing link or folder
rm -rf $CONFIG_PATH
}
stop_service() {
config_load 'tailscale'
config_foreach stop_instance 'tailscale'
}
reload_service() {
stop
start
}

9
luci-app-tailscale/root/etc/uci-defaults/40_luci-tailscale Executable file
View File

@ -0,0 +1,9 @@
#!/bin/sh
uci -q batch <<-EOF >/dev/null
delete ucitrack.@tailscale[-1]
commit ucitrack
EOF
rm -f /tmp/luci-indexcache
exit 0

37
luci-app-tailscale/root/usr/share/luci/menu.d/luci-app-tailscale.json Normal file
View File

@ -0,0 +1,37 @@
{
"admin/services/tailscale": {
"title": "Tailscale",
"order": 90,
"action": {
"type": "firstchild"
},
"depends": {
"acl": [ "luci-app-tailscale" ],
"uci": { "tailscale": true }
}
},
"admin/services/tailscale/setting": {
"title": "Global Settings",
"order": 10,
"action": {
"type": "view",
"path": "tailscale/setting"
}
},
"admin/services/tailscale/interface": {
"title": "Interface Info",
"order": 20,
"action": {
"type": "view",
"path": "tailscale/interface"
}
},
"admin/services/tailscale/log": {
"title": "Logs",
"order": 30,
"action": {
"type": "view",
"path": "tailscale/log"
}
}
}

21
luci-app-tailscale/root/usr/share/rpcd/acl.d/luci-app-tailscale.json Normal file
View File

@ -0,0 +1,21 @@
{
"luci-app-tailscale": {
"description": "Grant access to Tailscale configuration",
"read": {
"file": {
"/sbin/ifconfig": [ "exec" ],
"/sbin/logread": [ "exec" ],
"/usr/sbin/tailscale": [ "exec" ]
},
"ubus": {
"service": [ "list" ],
"network.interface.lan": [ "status" ],
"network.interface.wan": [ "status" ]
},
"uci": [ "tailscale" ]
},
"write": {
"uci": [ "tailscale" ]
}
}
}

10
nginx/Config_ssl.in
View File

@ -175,6 +175,11 @@ config NGINX_HTTP_V2
prompt "Enable HTTP_V2 module"
default y
config NGINX_HTTP_QUIC
bool
prompt "Enable QUIC support"
default n
config NGINX_PCRE
bool
prompt "Enable PCRE library usage"
@ -195,4 +200,9 @@ config NGINX_HTTP_SUB
prompt "Enable HTTP sub module"
default n
config NGINX_STREAM_REAL_IP
bool
prompt "Enable STREAM real ip module"
default n
endmenu

813
nginx/Makefile
View File

@ -8,22 +8,42 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=nginx
PKG_VERSION:=1.25.0
PKG_RELEASE:=4
PKG_VERSION:=1.26.1
PKG_RELEASE:=1
PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://nginx.org/download/
PKG_HASH:=5ed44d45943272a4e8a5bcf4434237210f2de31b903fca5e381c1bbd7eee1e8c
PKG_HASH:=f9187468ff2eb159260bfd53867c25ff8e334726237acf227b9e870e53d3e36b
PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de> \
Ansuel Smith <ansuelsmth@gmail.com>
Christian Marangi <ansuelsmth@gmail.com>
PKG_LICENSE:=2-clause BSD-like license
PKG_CPE_ID:=cpe:/a:nginx:nginx
PKG_FIXUP:=autoreconf
PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
PKG_BUILD_FLAGS:=gc-sections
PKG_BUILD_FLAGS:=gc-sections lto
# 3rd-party modules
PKG_MOD_EXTRA := \
geoip2 \
lua \
lua-resty-core \
lua-resty-lrucache \
rtmp \
dav-ext \
naxsi \
brotli \
headers-more \
ts \
ubus \
njs
# official and 3rd-party modules
PKG_MOD_ALL := \
$(PKG_MOD_EXTRA) \
stream
PKG_MOD_PATCHED := $(shell find patches -mindepth 1 -maxdepth 1 -type d -name 'nginx-mod-*' | sed -E 's,^patches/nginx-mod-,,')
PKG_CONFIG_DEPENDS := \
CONFIG_NGINX_DAV \
@ -59,11 +79,14 @@ PKG_CONFIG_DEPENDS := \
CONFIG_NGINX_HTTP_UPSTREAM_ZONE \
CONFIG_NGINX_HTTP_CACHE \
CONFIG_NGINX_HTTP_V2 \
CONFIG_NGINX_HTTP_QUIC \
CONFIG_NGINX_PCRE \
CONFIG_NGINX_HTTP_REAL_IP \
CONFIG_NGINX_HTTP_SECURE_LINK \
CONFIG_NGINX_STREAM_REAL_IP \
CONFIG_OPENSSL_ENGINE \
CONFIG_OPENSSL_WITH_NPN
CONFIG_OPENSSL_WITH_NPN \
$(foreach m,$(PKG_MOD_EXTRA),CONFIG_PACKAGE_$(m))
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/nls.mk
@ -75,8 +98,7 @@ define Package/nginx/default
TITLE:=Nginx web server
URL:=http://nginx.org/
DEPENDS:=+libopenssl +libpthread
# TODO: add PROVIDES when removing nginx
# PROVIDES:=nginx
PROVIDES:=nginx
endef
define Package/nginx/description
@ -84,14 +106,18 @@ define Package/nginx/description
written by Igor Sysoev.
endef
define Package/nginx/conffiles
/etc/nginx/
endef
define Package/nginx-ssl
$(Package/nginx/default)
TITLE += with SSL support
VARIANT:=ssl
DEPENDS+= +NGINX_PCRE:libpcre \
DEPENDS+= +NGINX_PCRE:libpcre2 \
+NGINX_PCRE:nginx-ssl-util +!NGINX_PCRE:nginx-ssl-util-nopcre \
+NGINX_HTTP_GZIP:zlib +NGINX_DAV:libxml2
EXTRA_DEPENDS:=nginx-ssl-util$(if $(CONFIG_NGINX_PCRE),,-nopcre) (>=1.5-1) (<2)
EXTRA_DEPENDS:=nginx-ssl-util$(if $(CONFIG_NGINX_PCRE),,-nopcre) (>=1.5-r1)
CONFLICTS:=nginx-full
endef
@ -99,327 +125,20 @@ Package/nginx-ssl/description = $(Package/nginx/description) \
This variant is compiled with SSL support enabled. To enable additional module \
select them in the nginx default configuration menu.
define Package/nginx-full
$(Package/nginx/default)
TITLE += with ALL module selected
DEPENDS+=+libpcre +nginx-ssl-util +zlib +libxml2
EXTRA_DEPENDS:=nginx-ssl-util (>=1.5-1) (<2)
VARIANT:=all-module
PROVIDES += nginx-ssl
endef
Package/nginx-full/description = $(Package/nginx/description) \
This variant is compiled with ALL module selected.
define Package/nginx-ssl/config
source "$(SOURCE)/Config_ssl.in"
endef
config_files=mime.types
define Package/nginx/conffiles
/etc/nginx/
endef
Package/nginx-ssl/conffiles = $(Package/nginx/conffiles)
Package/nginx-full/conffiles = $(Package/nginx/conffiles)
ADDITIONAL_MODULES:= --with-http_ssl_module
IsEnabled = $(or $(filter full,$(BUILD_VARIANT)),$(CONFIG_$(1)))
IsDisabled = $(if $(call IsEnabled,$(1)),,1)
ifneq ($(BUILD_VARIANT),all-module)
ifneq ($(CONFIG_NGINX_HTTP_CACHE),y)
ADDITIONAL_MODULES += --without-http-cache
endif
ifneq ($(CONFIG_NGINX_PCRE),y)
ADDITIONAL_MODULES += --without-pcre
endif
ifneq ($(CONFIG_NGINX_HTTP_CHARSET),y)
ADDITIONAL_MODULES += --without-http_charset_module
else
config_files += koi-utf koi-win win-utf
endif
ifneq ($(CONFIG_NGINX_HTTP_GZIP),y)
ADDITIONAL_MODULES += --without-http_gzip_module
endif
ifeq ($(CONFIG_NGINX_HTTP_GZIP_STATIC),y)
ADDITIONAL_MODULES += --with-http_gzip_static_module
endif
ifneq ($(CONFIG_NGINX_HTTP_SSI),y)
ADDITIONAL_MODULES += --without-http_ssi_module
endif
ifneq ($(CONFIG_NGINX_HTTP_USERID),y)
ADDITIONAL_MODULES += --without-http_userid_module
endif
ifneq ($(CONFIG_NGINX_HTTP_ACCESS),y)
ADDITIONAL_MODULES += --without-http_access_module
endif
ifneq ($(CONFIG_NGINX_HTTP_AUTH_BASIC),y)
ADDITIONAL_MODULES += --without-http_auth_basic_module
endif
ifneq ($(CONFIG_NGINX_HTTP_AUTOINDEX),y)
ADDITIONAL_MODULES += --without-http_autoindex_module
endif
ifneq ($(CONFIG_NGINX_HTTP_GEO),y)
ADDITIONAL_MODULES += --without-http_geo_module
endif
ifneq ($(CONFIG_NGINX_HTTP_MAP),y)
ADDITIONAL_MODULES += --without-http_map_module
endif
ifneq ($(CONFIG_NGINX_HTTP_SPLIT_CLIENTS),y)
ADDITIONAL_MODULES += --without-http_split_clients_module
endif
ifneq ($(CONFIG_NGINX_HTTP_REFERER),y)
ADDITIONAL_MODULES += --without-http_referer_module
endif
ifneq ($(CONFIG_NGINX_HTTP_REWRITE),y)
ADDITIONAL_MODULES += --without-http_rewrite_module
endif
ifneq ($(CONFIG_NGINX_HTTP_PROXY),y)
ADDITIONAL_MODULES += --without-http_proxy_module
endif
ifneq ($(CONFIG_NGINX_HTTP_FASTCGI),y)
ADDITIONAL_MODULES += --without-http_fastcgi_module
else
config_files += fastcgi_params
endif
ifneq ($(CONFIG_NGINX_HTTP_UWSGI),y)
ADDITIONAL_MODULES += --without-http_uwsgi_module
else
config_files += uwsgi_params
endif
ifneq ($(CONFIG_NGINX_HTTP_SCGI),y)
ADDITIONAL_MODULES += --without-http_scgi_module
else
config_files += scgi_params
endif
ifneq ($(CONFIG_NGINX_HTTP_MEMCACHED),y)
ADDITIONAL_MODULES += --without-http_memcached_module
endif
ifneq ($(CONFIG_NGINX_HTTP_LIMIT_CONN),y)
ADDITIONAL_MODULES += --without-http_limit_conn_module
endif
ifneq ($(CONFIG_NGINX_HTTP_LIMIT_REQ),y)
ADDITIONAL_MODULES += --without-http_limit_req_module
endif
ifneq ($(CONFIG_NGINX_HTTP_EMPTY_GIF),y)
ADDITIONAL_MODULES += --without-http_empty_gif_module
endif
ifneq ($(CONFIG_NGINX_HTTP_BROWSER),y)
ADDITIONAL_MODULES += --without-http_browser_module
endif
ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_HASH),y)
ADDITIONAL_MODULES += --without-http_upstream_hash_module
endif
ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_IP_HASH),y)
ADDITIONAL_MODULES += --without-http_upstream_ip_hash_module
endif
ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_LEAST_CONN),y)
ADDITIONAL_MODULES += --without-http_upstream_least_conn_module
endif
ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_KEEPALIVE),y)
ADDITIONAL_MODULES += --without-http_upstream_keepalive_module
endif
ifeq ($(CONFIG_IPV6),y)
ADDITIONAL_MODULES += --with-ipv6
endif
ifeq ($(CONFIG_NGINX_STUB_STATUS),y)
ADDITIONAL_MODULES += --with-http_stub_status_module
endif
ifeq ($(CONFIG_NGINX_FLV),y)
ADDITIONAL_MODULES += --with-http_flv_module
endif
ifeq ($(CONFIG_NGINX_DAV),y)
ADDITIONAL_MODULES += --with-http_dav_module
endif
ifeq ($(CONFIG_NGINX_HTTP_AUTH_REQUEST),y)
ADDITIONAL_MODULES += --with-http_auth_request_module
endif
ifeq ($(CONFIG_NGINX_HTTP_V2),y)
ADDITIONAL_MODULES += --with-http_v2_module
endif
ifeq ($(CONFIG_NGINX_HTTP_REAL_IP),y)
ADDITIONAL_MODULES += --with-http_realip_module
endif
ifeq ($(CONFIG_NGINX_HTTP_SECURE_LINK),y)
ADDITIONAL_MODULES += --with-http_secure_link_module
endif
ifeq ($(CONFIG_NGINX_HTTP_SUB),y)
ADDITIONAL_MODULES += --with-http_sub_module
endif
else
ADDITIONAL_MODULES += --with-ipv6 --with-http_stub_status_module --with-http_flv_module \
--with-http_dav_module \
--with-http_auth_request_module --with-http_v2_module --with-http_realip_module \
--with-http_secure_link_module --with-http_sub_module
config_files += koi-utf koi-win win-utf fastcgi_params uwsgi_params
endif
ifneq ($(CONFIG_PACKAGE_nginx-mod-naxsi),)
ADDITIONAL_MODULES += --add-dynamic-module=$(PKG_BUILD_DIR)/nginx-naxsi/naxsi_src
endif
ifneq ($(CONFIG_PACKAGE_nginx-mod-lua),)
ADDITIONAL_MODULES += --add-dynamic-module=$(PKG_BUILD_DIR)/lua-nginx
endif
ifneq ($(CONFIG_PACKAGE_nginx-mod-dav-ext),)
ADDITIONAL_MODULES += --add-dynamic-module=$(PKG_BUILD_DIR)/nginx-dav-ext-module
endif
ifneq ($(CONFIG_PACKAGE_nginx-mod-stream),)
ADDITIONAL_MODULES += --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module
endif
ifneq ($(CONFIG_PACKAGE_nginx-mod-ubus),)
ADDITIONAL_MODULES += --add-dynamic-module=$(PKG_BUILD_DIR)/nginx-ubus-module
endif
ifneq ($(CONFIG_PACKAGE_nginx-mod-headers-more),)
ADDITIONAL_MODULES += --add-dynamic-module=$(PKG_BUILD_DIR)/nginx-headers-more
endif
ifneq ($(CONFIG_PACKAGE_nginx-mod-brotli),)
ADDITIONAL_MODULES += --add-dynamic-module=$(PKG_BUILD_DIR)/nginx-brotli
endif
ifneq ($(CONFIG_PACKAGE_nginx-mod-rtmp),)
ADDITIONAL_MODULES += --add-dynamic-module=$(PKG_BUILD_DIR)/nginx-rtmp
endif
ifneq ($(CONFIG_PACKAGE_nginx-mod-ts),)
ADDITIONAL_MODULES += --add-dynamic-module=$(PKG_BUILD_DIR)/nginx-ts
endif
ifeq ($(CONFIG_NGINX_GEOIP_MODULE),y)
ADDITIONAL_MODULES += --with-http_geoip_module=dynamic
endif
define Package/nginx-mod-luci
TITLE:=Nginx on LuCI
SECTION:=net
CATEGORY:=Network
SUBMENU:=Web Servers/Proxies
TITLE:=Support file for Nginx
URL:=http://nginx.org/
DEPENDS:=+uwsgi +uwsgi-luci-support +nginx +nginx-mod-ubus
# TODO: add PROVIDES when removing nginx-mod-luci-ssl
# PROVIDES:=nginx-mod-luci-ssl
endef
define Package/nginx-mod-luci/description
Support file for LuCI in nginx. Include custom nginx configuration, autostart script for uwsgi.
endef
NGINX_MODULES :=
# $(1) module name
# $(2) module additional dependency
# $(3) module so name (stripped of the finaly _module.so)
# $(4) module description
define module
define Package/nginx-mod-$(strip $(1))
$(call Package/nginx/default)
DEPENDS:=+nginx-ssl $(2)
TITLE:=Nginx $(1) module
endef
define Package/nginx-mod-$(strip $(1))/description
$(4)
endef
define Package/nginx-mod-$(strip $(1))/install
$(INSTALL_DIR) $$(1)/usr/lib/nginx/modules
$(INSTALL_BIN) $$(PKG_INSTALL_DIR)/usr/lib/nginx/modules/$(3)_module.so $$(1)/usr/lib/nginx/modules
endef
NGINX_MODULES += nginx-mod-$(strip $(1))
endef
define brotli
define Package/nginx-mod-brotli
$(call Package/nginx/default)
DEPENDS:=+nginx-ssl
TITLE:=Nginx Brotli module
endef
define Package/nginx-mod-brotli/description
Add support for brotli compression module.
endef
define Package/nginx-mod-brotli/install
$(INSTALL_DIR) $$(1)/usr/lib/nginx/modules
$(INSTALL_BIN) $$(PKG_INSTALL_DIR)/usr/lib/nginx/modules/ngx_http_brotli_filter_module.so $$(1)/usr/lib/nginx/modules
$(INSTALL_BIN) $$(PKG_INSTALL_DIR)/usr/lib/nginx/modules/ngx_http_brotli_static_module.so $$(1)/usr/lib/nginx/modules
endef
NGINX_MODULES += nginx-mod-brotli
endef
define naxsi
define Package/nginx-mod-naxsi
$(call Package/nginx/default)
DEPENDS:=+nginx-ssl
TITLE:=Nginx naxsi module
endef
define Package/nginx-mod-naxsi/description
Enable NAXSI module.
endef
define Package/nginx-mod-naxsi/install
$(INSTALL_DIR) $$(1)/usr/lib/nginx/modules
$(INSTALL_BIN) $$(PKG_INSTALL_DIR)/usr/lib/nginx/modules/ngx_http_naxsi_module.so $$(1)/usr/lib/nginx/modules
$(INSTALL_DIR) $$(1)/etc/nginx
$(INSTALL_BIN) $$(PKG_BUILD_DIR)/nginx-naxsi/naxsi_config/naxsi_core.rules $$(1)/etc/nginx
chmod 0640 $$(1)/etc/nginx/naxsi_core.rules
$(INSTALL_BIN) $$(PKG_BUILD_DIR)/nginx-naxsi/naxsi_config/naxsi_core.rules $$(1)/etc/nginx
chmod 0640 $$(1)/etc/nginx/naxsi_core.rules
endef
NGINX_MODULES += nginx-mod-naxsi
endef
$(eval $(call module,lua, +luajit,ngx_http_lua, Enable Lua module))
$(eval $(call module,stream, +@NGINX_STREAM_CORE_MODULE,ngx_stream, Add support for NGINX request streaming.))
$(eval $(call module,ubus, +libubus +libjson-c +libblobmsg-json +@NGINX_UBUS,ngx_http_ubus, Enable UBUS api support directly from the server.))
$(eval $(call module,dav-ext, +@NGINX_DAV +libxml2,ngx_http_dav_ext, Enable the WebDAV methods PROPFIND OPTIONS LOCK UNLOCK.))
$(eval $(call module,headers-more,,ngx_http_headers_more_filter, Set and clear input and output headers...more than "add"!))
$(eval $(call module,rtmp,,ngx_rtmp, Add support for NGINX-based Media Streaming Server module. \
DASH enhanced - https://github.com/ut0mt8/nginx-rtmp-module))
$(eval $(call module, ts,,ngx_http_ts, Add support for MPEG-TS Live Module module.))
$(eval $(call brotli))
$(eval $(call naxsi))
PKG_CONFIG_DEPENDS += $(patsubst %,CONFIG_PACKAGE_%,$(NGINX_MODULES))
TARGET_CFLAGS += -DNGX_LUA_NO_BY_LUA_BLOCK
ifneq ($(CONFIG_PACKAGE_nginx-mod-lua),)
CONFIGURE_VARS += LUAJIT_INC=$(STAGING_DIR)/usr/include/luajit-* \
LUAJIT_LIB=$(STAGING_DIR)/usr/lib
endif
CONFIGURE_VARS += CONFIG_BIG_ENDIAN=$(CONFIG_BIG_ENDIAN)
CONFIGURE_ARGS += \
--crossbuild=Linux::$(ARCH) \
--prefix=/usr \
--conf-path=/etc/nginx/nginx.conf \
--modules-path=/usr/lib/nginx/modules \
--with-compat \
$(ADDITIONAL_MODULES) \
--error-log-path=stderr \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--http-log-path=/var/log/nginx/access.log \
--http-client-body-temp-path=/var/lib/nginx/body \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--with-cc="$(TARGET_CC)" \
--with-cc-opt="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS)" \
--with-ld-opt="$(TARGET_LDFLAGS)" \
--without-http_upstream_zone_module \
--without-pcre2
define Package/nginx-mod-luci/install
$(INSTALL_DIR) $(1)/etc/nginx/conf.d
$(INSTALL_CONF) ./files-luci-support/luci.locations $(1)/etc/nginx/conf.d/
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_BIN) ./files-luci-support/60_nginx-luci-support $(1)/etc/uci-defaults/60_nginx-luci-support
endef
config_files := mime.types \
$(if $(call IsEnabled,NGINX_HTTP_CHARSET),koi-utf koi-win win-utf) \
$(if $(call IsEnabled,NGINX_HTTP_FASTCGI),fastcgi_params) \
$(if $(call IsEnabled,NGINX_HTTP_UWSGI),uwsgi_params) \
$(if $(call IsEnabled,NGINX_HTTP_SCGI),scgi_params)
define Package/nginx-ssl/install
$(INSTALL_DIR) $(1)/usr/sbin
@ -431,8 +150,6 @@ define Package/nginx-ssl/install
$(INSTALL_BIN) ./files/nginx.init $(1)/etc/init.d/nginx
endef
Package/nginx-full/install = $(Package/nginx-ssl/install)
define Package/nginx-ssl/prerm
#!/bin/sh
[ -z "$${IPKG_INSTROOT}" ] || exit 0
@ -444,140 +161,214 @@ rm -f "$$(uci get "nginx.$${LAN_NAME}.ssl_certificate_key")"
exit 0
endef
define Package/nginx-full
$(Package/nginx/default)
TITLE += with ALL config selected
DEPENDS+=+libpcre2 +nginx-ssl-util +zlib +libxml2
EXTRA_DEPENDS:=nginx-ssl-util (>=1.5-r1)
VARIANT:=full
PROVIDES += nginx-ssl
endef
Package/nginx-full/description = $(Package/nginx/description) \
This variant is compiled with ALL config selected.
Package/nginx-full/install = $(Package/nginx-ssl/install)
Package/nginx-full/prerm = $(Package/nginx-ssl/prerm)
define Download/nginx-headers-more
Package/nginx-full/conffiles = $(Package/nginx/conffiles)
define Package/nginx-mod-luci
TITLE:=Nginx on LuCI
SECTION:=net
CATEGORY:=Network
SUBMENU:=Web Servers/Proxies
TITLE:=Support file for Nginx
URL:=http://nginx.org/
DEPENDS:=+uwsgi +uwsgi-luci-support +nginx-ssl +nginx-mod-ubus
# TODO: add PROVIDES when removing nginx-mod-luci-ssl
# PROVIDES:=nginx-mod-luci-ssl
endef
define Package/nginx-mod-luci/description
Support file for LuCI in nginx. Include custom nginx configuration, autostart script for uwsgi.
endef
define Package/nginx-mod-luci/preinst
#!/bin/sh
grep -r -l ngx_http_ubus_module.so /etc/nginx/module.d | grep -v ngx_http_ubus.module | while read file; do
echo "Removing old LuCI module load file for 'ngx_http_ubus.so' in $$file."
rm -f $$file
done
exit 0
endef
define Package/nginx-mod-luci/install
$(INSTALL_DIR) $(1)/etc/nginx/conf.d
$(INSTALL_CONF) ./files-luci-support/luci.locations $(1)/etc/nginx/conf.d/
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_BIN) ./files-luci-support/60_nginx-luci-support $(1)/etc/uci-defaults/60_nginx-luci-support
endef
define Download/nginx-mod-geoip2
SOURCE_DATE:=2020-01-22
VERSION:=1cabd8a1f68ea3998f94e9f3504431970f848fbf
URL:=https://github.com/leev/ngx_http_geoip2_module.git
MIRROR_HASH:=f3d2a1af5c34812b5a34453457ba6a4d8093c92085aa7f76c46a1c4185c9735c
PROTO:=git
endef
define Package/nginx-mod-lua-resty-lrucache
$(call Package/nginx/default)
DEPENDS:=@HAS_LUAJIT_ARCH +luajit2
TITLE:=Nginx Lua OpenResty lrucache module
endef
define Package/nginx-mod-lua-resty-core
$(call Package/nginx/default)
DEPENDS:=+nginx-mod-lua-resty-lrucache
TITLE:=Nginx Lua OpenResty core module
endef
define Package/nginx-mod-lua-resty-lrucache/install
$(INSTALL_DIR) $(1)/usr/lib/lua/resty/lrucache
$(INSTALL_BIN) $(PKG_BUILD_DIR)/nginx-mod-lua-resty-lrucache/lib/resty/*.lua $(1)/usr/lib/lua/resty
$(INSTALL_BIN) $(PKG_BUILD_DIR)/nginx-mod-lua-resty-lrucache/lib/resty/lrucache/*.lua $(1)/usr/lib/lua/resty/lrucache
endef
define Package/nginx-mod-lua-resty-core/install
$(INSTALL_DIR) $(1)/usr/lib/lua/ngx/ssl
$(INSTALL_DIR) $(1)/usr/lib/lua/resty/core
$(INSTALL_BIN) $(PKG_BUILD_DIR)/nginx-mod-lua-resty-core/lib/ngx/*.lua $(1)/usr/lib/lua/ngx
$(INSTALL_BIN) $(PKG_BUILD_DIR)/nginx-mod-lua-resty-core/lib/ngx/ssl/*.lua $(1)/usr/lib/lua/ngx/ssl
$(INSTALL_BIN) $(PKG_BUILD_DIR)/nginx-mod-lua-resty-core/lib/resty/*.lua $(1)/usr/lib/lua/resty
$(INSTALL_BIN) $(PKG_BUILD_DIR)/nginx-mod-lua-resty-core/lib/resty/core/*.lua $(1)/usr/lib/lua/resty/core
endef
define Download/nginx-mod-headers-more
SOURCE_DATE:=2022-07-17
VERSION:=bea1be3bbf6af28f6aa8cf0c01c07ee1637e2bd0
SUBDIR:=nginx-headers-more
FILE:=headers-more-nginx-module-$$(VERSION).tar.xz
URL:=https://github.com/openresty/headers-more-nginx-module.git
MIRROR_HASH:=3617bbf7a935208a1d8d5f86a8f9b770f6987e4d2b5663a9ab1b777217e3066b
MIRROR_HASH:=569abadc137b5b52bdcc33b00aa21f6d266cb84fb891795da2c4e101c4898abe
PROTO:=git
endef
define Prepare/nginx-headers-more
$(eval $(Download/nginx-headers-more))
xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
endef
define Download/nginx-brotli
VERSION:=e505dce68acc190cc5a1e780a3b0275e39f160ca
SUBDIR:=nginx-brotli
FILE:=ngx-brotli-module-$$(VERSION).tar.xz
define Download/nginx-mod-brotli
SOURCE_DATE:=2020-04-23
VERSION:=25f86f0bac1101b6512135eac5f93c49c63609e3
URL:=https://github.com/google/ngx_brotli.git
MIRROR_HASH:=04847f11ef808fed50f44b2af0ef3abf59ff0ffc06dfc7394d9ab51d53fef31f
MIRROR_HASH:=680c56be79e7327cb8df271646119333d2f6965a3472bc7043721625fa4488f5
PROTO:=git
endef
define Prepare/nginx-brotli
$(eval $(Download/nginx-brotli))
xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
endef
define Download/nginx-rtmp
define Download/nginx-mod-rtmp
SOURCE_DATE:=2018-12-07
VERSION:=f0ea62342a4eca504b311cd5df910d026c3ea4cf
SUBDIR:=nginx-rtmp
FILE:=ngx-rtmp-module-$$(VERSION).tar.xz
URL:=https://github.com/ut0mt8/nginx-rtmp-module.git
MIRROR_HASH:=d3f58066f0f858ed79f7f2b0c9b89de2ccc512c94ab3d0625f6dcff3df0b72c1
MIRROR_HASH:=9c98d886ae4ea3708bb0bca55f8df803418a407e0ffc6df56341bd76ad39cba8
PROTO:=git
endef
define Prepare/nginx-rtmp
$(eval $(Download/nginx-rtmp))
xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
endef
define Download/nginx-ts
define Download/nginx-mod-ts
SOURCE_DATE:=2017-12-04
VERSION:=ef2f874d95cc75747eb625a292524a702aefb0fd
SUBDIR:=nginx-ts
FILE:=ngx-ts-module-$$(VERSION).tar.xz
URL:=https://github.com/arut/nginx-ts-module.git
MIRROR_HASH:=73938950bb286d40d9e54b0994d1a63827340c1156c72eb04d7041b25b20ec18
MIRROR_HASH:=3f144d4615a4aaa1215435cd06ae4054ea12206d5b38306321420f7acc62aca8
PROTO:=git
endef
define Prepare/nginx-ts
$(eval $(Download/nginx-ts))
xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
endef
define Download/nginx-naxsi
VERSION:=951123ad456bdf5ac94e8d8819342fe3d49bc002
SUBDIR:=nginx-naxsi
FILE:=nginx-naxsi-module-$$(VERSION).tar.xz
define Download/nginx-mod-naxsi
SOURCE_DATE:=2022-09-14
VERSION:=d714f1636ea49a9a9f4f06dba14aee003e970834
URL:=https://github.com/nbs-system/naxsi.git
MIRROR_HASH:=c734cae19a596affadd62a2df1b58d3df8d1364093a4e80a7cd1ab4555963535
MIRROR_HASH:=b0cef5fbf842f283eb5f0686ddd1afcd07d83abd7027c8cfb3e84a2223a34797
PROTO:=git
endef
define Prepare/nginx-naxsi
$(eval $(Download/nginx-naxsi))
xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
endef
define Download/lua-nginx
VERSION:=68acad14e4a8f42e31d4a4bb5ed44d6f5b55fc1c
SUBDIR:=lua-nginx
FILE:=lua-nginx-module-$$(VERSION).tar.xz
define Download/nginx-mod-lua
SOURCE_DATE:=2023-08-19
VERSION:=c89469e920713d17d703a5f3736c9335edac22bf
URL:=https://github.com/openresty/lua-nginx-module.git
MIRROR_HASH:=366f24e1ba6221e34f6ba20ab29146438438f88c89fd71f9500d169b3f5aedf0
MIRROR_HASH:=c3bdf1b23f0a63991b5dcbd1f8ee150e6f893b43278e8600e4e0bb42a6572db4
PROTO:=git
endef
define Prepare/lua-nginx
$(eval $(Download/lua-nginx))
xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
define Download/nginx-mod-lua-resty-core
SOURCE_DATE:=2023-09-09
VERSION:=2e2b2adaa61719972fe4275fa4c3585daa0dcd84
URL:=https://github.com/openresty/lua-resty-core.git
MIRROR_HASH:=c5f3df92fd72eac5b54497c039aca0f0d9ea1d87223f1e3a54365ba565991874
PROTO:=git
endef
define Download/nginx-dav-ext-module
define Download/nginx-mod-lua-resty-lrucache
SOURCE_DATE:=2023-08-06
VERSION:=52f5d00403c8b7aa8a4d4f3779681976b10a18c1
URL:=https://github.com/openresty/lua-resty-lrucache.git
MIRROR_HASH:=0833e0114948af4edb216c5c34b3f1919f534b298f4fa29739544f7c9bb8a08d
PROTO:=git
endef
define Download/nginx-mod-dav-ext
SOURCE_DATE:=2018-12-17
VERSION:=f5e30888a256136d9c550bf1ada77d6ea78a48af
SUBDIR:=nginx-dav-ext-module
FILE:=nginx-dav-ext-module-$$(VERSION).tar.xz
URL:=https://github.com/arut/nginx-dav-ext-module.git
MIRROR_HASH:=70bb4c3907f4b783605500ba494e907aede11f8505702e370012abb3c177dc5b
MIRROR_HASH:=c574e60ffab5f6e5d8bea18aab0799c19cd9a84f3d819b787e9af4f0e7867b52
PROTO:=git
endef
define Prepare/nginx-dav-ext-module
$(eval $(Download/nginx-dav-ext-module))
xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
endef
define Download/nginx-ubus-module
define Download/nginx-mod-ubus
SOURCE_DATE:=2020-09-06
VERSION:=b2d7260dcb428b2fb65540edb28d7538602b4a26
SUBDIR:=nginx-ubus-module
FILE:=nginx-ubus-module-$$(VERSION).tar.xz
URL:=https://github.com/Ansuel/nginx-ubus-module.git
MIRROR_HASH:=472cef416d25effcac66c85417ab6596e634a7a64d45b709bb090892d567553c
MIRROR_HASH:=515bb9d355ad80916f594046a45c190a68fb6554d6795a54ca15cab8bdd12fda
PROTO:=git
endef
define Prepare/nginx-ubus-module
$(eval $(Download/nginx-ubus-module))
xzcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
define Download/nginx-mod-njs
SOURCE_DATE:=2024-10-03
VERSION:=c5a29a7af8894ee1ec44ebda71ef0ea1f2a31af6
URL:=https://github.com/nginx/njs.git
MIRROR_HASH:=69bc424d4bfd8b7a0a70feeb4787ff8b503ac893fb730f07f3244e35fde876e4
PROTO:=git
endef
define Module/Download
define Download/nginx-mod-$(1) +=
SUBDIR:=nginx-mod-$(1)
FILE:=nginx-mod-$(1)-$$$$(subst -,.,$$$$(SOURCE_DATE))~$$$$(call version_abbrev,$$$$(VERSION)).tar.zst
endef
endef
$(foreach m,$(PKG_MOD_EXTRA),$(eval $(call Module/Download,$(m))))
define Module/nginx-mod-naxsi/install
$(INSTALL_DIR) $(1)/etc/nginx
$(INSTALL_CONF) $(PKG_BUILD_DIR)/nginx-mod-naxsi/naxsi_config/naxsi_core.rules $(1)/etc/nginx
endef
define Quilt/Refresh/Package
$(call Quilt/RefreshDir,$(PKG_BUILD_DIR),$(PATCH_DIR)/nginx,nginx/)
$(foreach m,$(PKG_MOD_PATCHED),
$(call Quilt/RefreshDir,$(PKG_BUILD_DIR),$(PATCH_DIR)/nginx-mod-$(m),nginx-mod-$(m)/)
)
endef
define Build/Patch
$(if $(QUILT),rm -rf $(PKG_BUILD_DIR)/patches; mkdir -p $(PKG_BUILD_DIR)/patches)
$(call PatchDir,$(PKG_BUILD_DIR),$(PATCH_DIR)/nginx,nginx/)
ifneq "$(or $(CONFIG_PACKAGE_nginx-mod-dav-ext),$(QUILT))" ""
$(call PatchDir,$(PKG_BUILD_DIR),$(PATCH_DIR)/dav-nginx,dav-nginx/)
endif
ifneq "$(or $(CONFIG_PACKAGE_nginx-mod-lua),$(QUILT))" ""
$(call PatchDir,$(PKG_BUILD_DIR),$(PATCH_DIR)/lua-nginx,lua-nginx/)
endif
ifneq "$(or $(CONFIG_PACKAGE_nginx-mod-rtmp),$(QUILT))" ""
$(call PatchDir,$(PKG_BUILD_DIR),$(PATCH_DIR)/rtmp-nginx,rtmp-nginx/)
endif
$(foreach m,$(PKG_MOD_PATCHED),$(if $(or $(CONFIG_PACKAGE_nginx-mod-$(m)),$(QUILT)),
$(call PatchDir,$(PKG_BUILD_DIR),$(PATCH_DIR)/nginx-mod-$(m),nginx-mod-$(m)/)
))
$(if $(QUILT),touch $(PKG_BUILD_DIR)/.quilt_used)
endef
define Quilt/Refresh/Package
$(call Quilt/RefreshDir,$(PKG_BUILD_DIR),$(PATCH_DIR)/nginx,nginx/)
$(call Quilt/RefreshDir,$(PKG_BUILD_DIR),$(PATCH_DIR)/dav-nginx,dav-nginx/)
$(call Quilt/RefreshDir,$(PKG_BUILD_DIR),$(PATCH_DIR)/lua-nginx,lua-nginx/)
$(call Quilt/RefreshDir,$(PKG_BUILD_DIR),$(PATCH_DIR)/rtmp-nginx,rtmp-nginx/)
define Module/Build/Prepare
$(eval $(call Download,nginx-mod-$(1)))
$(eval $(Download/nginx-mod-$(1)))
mkdir -p $(PKG_BUILD_DIR)/nginx-mod-$(1)
zstdcat $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR)/nginx-mod-$(1) $(TAR_OPTIONS) --strip-components 1
endef
define Build/Prepare
@ -585,79 +376,139 @@ define Build/Prepare
mkdir -p $(PKG_BUILD_DIR)
$(PKG_UNPACK)
ifneq ($(CONFIG_PACKAGE_nginx-mod-naxsi),)
$(eval $(call Download,nginx-naxsi))
$(Prepare/nginx-naxsi)
endif
ifneq "$(or $(CONFIG_PACKAGE_nginx-mod-lua),$(QUILT))" ""
$(eval $(call Download,lua-nginx))
$(Prepare/lua-nginx)
endif
ifneq ($(CONFIG_PACKAGE_nginx-mod-brotli),)
$(eval $(call Download,nginx-brotli))
$(Prepare/nginx-brotli)
endif
ifneq ($(CONFIG_PACKAGE_nginx-mod-headers-more),)
$(eval $(call Download,nginx-headers-more))
$(Prepare/nginx-headers-more)
endif
ifneq "$(or $(CONFIG_PACKAGE_nginx-mod-rtmp),$(QUILT))" ""
$(eval $(call Download,nginx-rtmp))
$(Prepare/nginx-rtmp)
endif
ifneq ($(CONFIG_PACKAGE_nginx-mod-ts),)
$(eval $(call Download,nginx-ts))
$(Prepare/nginx-ts)
endif
ifneq "$(or $(CONFIG_PACKAGE_nginx-mod-dav-ext),$(QUILT))" ""
$(eval $(call Download,nginx-dav-ext-module))
$(Prepare/nginx-dav-ext-module)
endif
ifneq ($(CONFIG_PACKAGE_nginx-mod-ubus),)
$(eval $(call Download,nginx-ubus-module))
$(Prepare/nginx-ubus-module)
endif
$(foreach m,$(filter-out $(PKG_MOD_PATCHED),$(PKG_MOD_EXTRA)),$(if $(CONFIG_PACKAGE_nginx-mod-$(m)),
$(call Module/Build/Prepare,$(m))
))
$(foreach m,$(PKG_MOD_PATCHED),$(if $(or $(CONFIG_PACKAGE_nginx-mod-$(m)),$(QUILT)),
$(call Module/Build/Prepare,$(m))
))
$(Build/Patch)
endef
# $(1) module name
# $(2) module additional dependency
# $(3) module so name (stripped of the finaly _module.so)
# $(4) module description
define BuildModule
define Package/nginx-mod-$(1)
$(call Package/nginx/default)
DEPENDS:=+nginx-ssl $(2)
TITLE:=Nginx $(1) module
endef
define Package/nginx-mod-$(1)/description
$(strip $(4))
endef
define Package/nginx-mod-$(1)/install
$(INSTALL_DIR) $$(1)/usr/lib/nginx/modules
$(INSTALL_DIR) $$(1)/etc/nginx/module.d
$(foreach m,$(3),
$(CP) $$(PKG_INSTALL_DIR)/usr/lib/nginx/modules/$(m)_module.so $$(1)/usr/lib/nginx/modules && \
echo "load_module /usr/lib/nginx/modules/$(m)_module.so;" > $$(1)/etc/nginx/module.d/$(m).module
)
$(call Module/nginx-mod-$(1)/install,$$(1))
endef
$$(eval $$(call BuildPackage,nginx-mod-$(1)))
endef
TARGET_CFLAGS += -DNGX_LUA_NO_BY_LUA_BLOCK
ifneq ($(CONFIG_PACKAGE_nginx-mod-lua),)
CONFIGURE_VARS += LUAJIT_INC=$(STAGING_DIR)/usr/include/luajit-* \
LUAJIT_LIB=$(STAGING_DIR)/usr/lib
endif
CONFIGURE_VARS += LIBXML2_INC=$(STAGING_DIR)/usr/include/libxml2 \
CONFIG_BIG_ENDIAN=$(CONFIG_BIG_ENDIAN)
CONFIGURE_ARGS += \
--crossbuild=Linux::$(ARCH) \
--prefix=/usr \
--conf-path=/etc/nginx/nginx.conf \
--modules-path=/usr/lib/nginx/modules \
--error-log-path=stderr \
--pid-path=/var/run/nginx.pid \
--lock-path=/var/lock/nginx.lock \
--http-log-path=/var/log/nginx/access.log \
--http-client-body-temp-path=/var/lib/nginx/body \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--with-cc="$(TARGET_CC)" \
--with-ld-opt="$(TARGET_LDFLAGS)" \
--without-http_upstream_zone_module \
--with-compat \
--with-http_ssl_module \
$(if $(call IsDisabled,NGINX_HTTP_CACHE),--without-http-cache) \
$(if $(call IsDisabled,NGINX_PCRE),--without-pcre) \
$(if $(call IsDisabled,NGINX_HTTP_CHARSET),--without-http_charset_module) \
$(if $(call IsDisabled,NGINX_HTTP_GZIP),--without-http_gzip_module) \
$(if $(call IsDisabled,NGINX_HTTP_SSI),--without-http_ssi_module) \
$(if $(call IsDisabled,NGINX_HTTP_USERID),--without-http_userid_module) \
$(if $(call IsDisabled,NGINX_HTTP_ACCESS),--without-http_access_module) \
$(if $(call IsDisabled,NGINX_HTTP_AUTH_BASIC),--without-http_auth_basic_module) \
$(if $(call IsDisabled,NGINX_HTTP_AUTOINDEX),--without-http_autoindex_module) \
$(if $(call IsDisabled,NGINX_HTTP_GEO),--without-http_geo_module) \
$(if $(call IsDisabled,NGINX_HTTP_MAP),--without-http_map_module) \
$(if $(call IsDisabled,NGINX_HTTP_SPLIT_CLIENTS),--without-http_split_clients_module) \
$(if $(call IsDisabled,NGINX_HTTP_REFERER),--without-http_referer_module) \
$(if $(call IsDisabled,NGINX_HTTP_REWRITE),--without-http_rewrite_module) \
$(if $(call IsDisabled,NGINX_HTTP_PROXY),--without-http_proxy_module) \
$(if $(call IsDisabled,NGINX_HTTP_FASTCGI),--without-http_fastcgi_module) \
$(if $(call IsDisabled,NGINX_HTTP_UWSGI),--without-http_uwsgi_module) \
$(if $(call IsDisabled,NGINX_HTTP_SCGI),--without-http_scgi_module) \
$(if $(call IsDisabled,NGINX_HTTP_MEMCACHED),--without-http_memcached_module) \
$(if $(call IsDisabled,NGINX_HTTP_LIMIT_CONN),--without-http_limit_conn_module) \
$(if $(call IsDisabled,NGINX_HTTP_LIMIT_REQ),--without-http_limit_req_module) \
$(if $(call IsDisabled,NGINX_HTTP_EMPTY_GIF),--without-http_empty_gif_module) \
$(if $(call IsDisabled,NGINX_HTTP_BROWSER),--without-http_browser_module) \
$(if $(call IsDisabled,NGINX_HTTP_UPSTREAM_HASH),--without-http_upstream_hash_module) \
$(if $(call IsDisabled,NGINX_HTTP_UPSTREAM_IP_HASH),--without-http_upstream_ip_hash_module) \
$(if $(call IsDisabled,NGINX_HTTP_UPSTREAM_LEAST_CONN),--without-http_upstream_least_conn_module) \
$(if $(call IsDisabled,NGINX_HTTP_UPSTREAM_KEEPALIVE),--without-http_upstream_keepalive_module) \
$(if $(call IsEnabled,IPV6),--with-ipv6) \
$(if $(call IsEnabled,NGINX_HTTP_GZIP_STATIC),--with-http_gzip_static_module) \
$(if $(call IsEnabled,NGINX_STUB_STATUS),--with-http_stub_status_module) \
$(if $(call IsEnabled,NGINX_FLV),--with-http_flv_module) \
$(if $(call IsEnabled,NGINX_DAV),--with-http_dav_module) \
$(if $(call IsEnabled,NGINX_HTTP_AUTH_REQUEST),--with-http_auth_request_module) \
$(if $(call IsEnabled,NGINX_HTTP_QUIC),--with-http_v3_module) \
$(if $(call IsEnabled,NGINX_HTTP_V2),--with-http_v2_module) \
$(if $(call IsEnabled,NGINX_HTTP_REAL_IP),--with-http_realip_module) \
$(if $(call IsEnabled,NGINX_HTTP_SECURE_LINK),--with-http_secure_link_module) \
$(if $(call IsEnabled,NGINX_HTTP_SUB),--with-http_sub_module) \
$(if $(CONFIG_PACKAGE_nginx-mod-stream),--with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module) \
$(if $(call IsEnabled,NGINX_STREAM_REAL_IP),--with-stream_realip_module) \
$(if $(CONFIG_PACKAGE_nginx-mod-naxsi),--add-dynamic-module=$(PKG_BUILD_DIR)/nginx-mod-naxsi/naxsi_src) \
$(if $(CONFIG_PACKAGE_nginx-mod-njs),--add-dynamic-module=$(PKG_BUILD_DIR)/nginx-mod-njs/nginx) \
$(foreach m,$(filter-out lua-resty-core lua-resty-lrucache naxsi njs,$(PKG_MOD_EXTRA)), \
$(if $(CONFIG_PACKAGE_nginx-mod-$(m)),--add-dynamic-module=$(PKG_BUILD_DIR)/nginx-mod-$(m)))
$(eval $(call BuildPackage,nginx-ssl))
$(eval $(call BuildPackage,nginx-full))
$(eval $(call BuildPackage,nginx-mod-luci))
$(foreach m,$(NGINX_MODULES),$(eval $(call BuildPackage,$(m))))
# TODO: remove after a transition period (together with pkg nginx-util):
# It is for smoothly substituting nginx and nginx-mod-luci-ssl (by nginx-ssl
# respectively nginx-mod-luci). Add above commented PROVIDES when removing.
define Package/nginx
TITLE:=Dummy package for transition when upgrading.
DEPENDS:=+nginx-ssl
PKGARCH:=all
endef
define Package/nginx/install
$(INSTALL_DIR) $(1)/usr/bin
endef
$(eval $(call BuildPackage,nginx))
define Package/nginx-mod-luci-ssl
TITLE:=Dummy package for transition when upgrading.
DEPENDS:=+nginx-mod-luci
PKGARCH:=all
endef
define Package/nginx-mod-luci-ssl/install
$(INSTALL_DIR) $(1)/usr/bin
endef
$(eval $(call BuildPackage,nginx-mod-luci-ssl))
$(eval $(call BuildPackage,nginx-mod-lua-resty-lrucache))
$(eval $(call BuildPackage,nginx-mod-lua-resty-core))
$(eval $(call BuildModule,stream,+@NGINX_STREAM_CORE_MODULE, \
ngx_stream, Add support for NGINX request streaming.))
$(eval $(call BuildModule,lua,+nginx-mod-lua-resty-core,ngx_http_lua, \
Enable Lua module (luajit2 based, OpenResty patches)))
$(eval $(call BuildModule,ubus,+libubus +libjson-c +libblobmsg-json +@NGINX_UBUS, \
ngx_http_ubus,Enable UBUS api support directly from the server.))
$(eval $(call BuildModule,dav-ext,+@NGINX_DAV +libxml2,ngx_http_dav_ext, \
Enable the WebDAV methods PROPFIND OPTIONS LOCK UNLOCK.))
$(eval $(call BuildModule,headers-more,,ngx_http_headers_more_filter, \
Set and clear input and output headers...more than "add"!))
$(eval $(call BuildModule,rtmp,,ngx_rtmp, \
Add support for NGINX-based Media Streaming Server module. DASH enhanced))
$(eval $(call BuildModule,ts,,ngx_http_ts, \
Add support for MPEG-TS Live Module module.))
$(eval $(call BuildModule,brotli,,ngx_http_brotli_filter ngx_http_brotli_static, \
Add support for brotli compression module.))
$(eval $(call BuildModule,naxsi,,ngx_http_naxsi, \
Enable NAXSI module.))
$(eval $(call BuildModule,geoip2,+@NGINX_STREAM_CORE_MODULE +nginx-mod-stream +libmaxminddb,ngx_http_geoip2 ngx_stream_geoip2, \
Enable MaxMind GeoIP2 module.))
$(eval $(call BuildModule,njs,+zlib +libxml2 +libxslt +libpcre2,ngx_http_js, \
Enable NJS module.))

7
nginx/files-luci-support/60_nginx-luci-support
View File

@ -12,11 +12,8 @@ location /ubus {
EOT
fi
if [ ! -f "/etc/nginx/module.d/luci.module" ]; then
cat <<EOT >> /etc/nginx/module.d/luci.module
load_module /usr/lib/nginx/modules/ngx_http_ubus_module.so;
EOT
fi
# Drop old reference of luci.module as we migrated to a more automatic approach
[ -f "/etc/nginx/module.d/luci.module" ] && rm /etc/nginx/module.d/luci.module
fi
grep -q /var/run/ubus.sock /etc/nginx/conf.d/luci.locations &&

2
nginx/files/nginx.init
View File

@ -11,7 +11,7 @@ NGINX_UTIL="/usr/bin/nginx-util"
UCI_CONF_TEMPLATE="/etc/nginx/uci.conf.template"
LATEST_UCI_CONF_VERSION="1.2"
eval $("${NGINX_UTIL}" get_env)
[ -f "${NGINX_UTIL}" ] && eval $("${NGINX_UTIL}" get_env)
CONF=""

4
nginx/patches/dav-nginx/100-drop-libxslt-dep.patch → nginx/patches/nginx-mod-dav-ext/100-drop-libxslt-dep.patch
View File

@ -1,5 +1,5 @@
--- a/nginx-dav-ext-module/config
+++ b/nginx-dav-ext-module/config
--- a/nginx-mod-dav-ext/config
+++ b/nginx-mod-dav-ext/config
@@ -8,9 +8,8 @@ ngx_module_name=ngx_http_dav_ext_module
# building nginx with the xslt module, in which case libxslt will
# be linked anyway. In other cases libxslt is just redundant.

389
nginx/patches/nginx-mod-lua-resty-core/001-feature_support_pcre2.patch Normal file
View File

@ -0,0 +1,389 @@
From f72675beb5835b4ac31d7476de1580be767209d8 Mon Sep 17 00:00:00 2001
From: swananan <jt26wzz@gmail.com>
Date: Thu, 31 Aug 2023 00:12:07 +0800
Subject: [PATCH] feature: support pcre2
---
.travis.yml | 26 +++++++++++++-----------
lib/resty/core/regex.lua | 43 ++++++++++++++++++++++++++++++----------
t/re-base.t | 25 +++++++++++++++++------
t/re-gmatch.t | 10 +++++++---
t/re-match.t | 7 +++++--
t/re-opt.t | 9 +++++++--
t/stream/re-base.t | 27 +++++++++++++++++++------
t/stream/re-gmatch.t | 10 +++++++---
t/stream/re-match.t | 7 +++++--
t/stream/re-opt.t | 9 +++++++--
10 files changed, 125 insertions(+), 48 deletions(-)
--- a/nginx-mod-lua-resty-core/.travis.yml
+++ b/nginx-mod-lua-resty-core/.travis.yml
@@ -34,9 +34,13 @@ env:
- LUA_INCLUDE_DIR=$LUAJIT_INC
- LUA_CMODULE_DIR=/lib
- PCRE_VER=8.45
+ - PCRE2_VER=10.37
- PCRE_PREFIX=/opt/pcre
+ - PCRE2_PREFIX=/opt/pcre2
- PCRE_LIB=$PCRE_PREFIX/lib
+ - PCRE2_LIB=$PCRE2_PREFIX/lib
- PCRE_INC=$PCRE_PREFIX/include
+ - PCRE2_INC=$PCRE2_PREFIX/include
- OPENSSL_PREFIX=/opt/ssl
- OPENSSL_LIB=$OPENSSL_PREFIX/lib
- OPENSSL_INC=$OPENSSL_PREFIX/include
@@ -45,7 +49,7 @@ env:
- TEST_NGINX_RANDOMIZE=1
- LUACHECK_VER=0.21.1
matrix:
- - NGINX_VERSION=1.25.1 OPENSSL_VER=1.1.1u OPENSSL_PATCH_VER=1.1.1f
+ - NGINX_VERSION=1.25.1 OPENSSL_VER=1.1.1u OPENSSL_PATCH_VER=1.1.1f USE_PCRE2=Y
- NGINX_VERSION=1.21.4 OPENSSL_VER=1.1.1u OPENSSL_PATCH_VER=1.1.1f
services:
@@ -61,11 +65,12 @@ before_install:
install:
- if [ ! -d download-cache ]; then mkdir download-cache; fi
- if [ ! -f download-cache/openssl-$OPENSSL_VER.tar.gz ]; then wget -P download-cache https://www.openssl.org/source/openssl-$OPENSSL_VER.tar.gz || wget -P download-cache https://www.openssl.org/source/old/${OPENSSL_VER//[a-z]/}/openssl-$OPENSSL_VER.tar.gz; fi
- - if [ ! -f download-cache/pcre-$PCRE_VER.tar.gz ]; then wget -P download-cache http://ftp.cs.stanford.edu/pub/exim/pcre/pcre-$PCRE_VER.tar.gz; fi
+ - if [ "$USE_PCRE2" != "Y" ] && [ ! -f download-cache/pcre-$PCRE_VER.tar.gz ]; then wget -P download-cache http://ftp.cs.stanford.edu/pub/exim/pcre/pcre-$PCRE_VER.tar.gz; fi
+ - if [ "$USE_PCRE2" = "Y" ] && [ ! -f download-cache/pcre2-$PCRE2_VER.tar.gz ]; then wget -P download-cache https://downloads.sourceforge.net/project/pcre/pcre2/${PCRE2_VER}/pcre2-${PCRE2_VER}.tar.gz; fi
- git clone https://github.com/openresty/openresty.git ../openresty
- git clone https://github.com/openresty/openresty-devel-utils.git
- git clone https://github.com/simpl/ngx_devel_kit.git ../ndk-nginx-module
- - git clone https://github.com/openresty/lua-nginx-module.git ../lua-nginx-module
+ - git clone https://github.com/swananan/lua-nginx-module.git -b support_pcre2 ../lua-nginx-module
- git clone https://github.com/openresty/no-pool-nginx.git ../no-pool-nginx
- git clone https://github.com/openresty/echo-nginx-module.git ../echo-nginx-module
- git clone https://github.com/openresty/lua-resty-lrucache.git
@@ -73,8 +78,8 @@ install:
- git clone -b v2.1-agentzh https://github.com/openresty/luajit2.git luajit2
- git clone https://github.com/openresty/set-misc-nginx-module.git ../set-misc-nginx-module
- git clone https://github.com/openresty/mockeagain.git
- - git clone https://github.com/openresty/test-nginx.git
- - git clone https://github.com/openresty/stream-lua-nginx-module.git ../stream-lua-nginx-module
+ - git clone https://github.com/swananan/test-nginx.git -b support_pcre2
+ - git clone https://github.com/swananan/stream-lua-nginx-module.git -b support_pcre2 ../stream-lua-nginx-module
script:
- cd luajit2/
@@ -89,12 +94,8 @@ script:
- make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1)
- sudo make PATH=$PATH install_sw > build.log 2>&1 || (cat build.log && exit 1)
- cd ../mockeagain/ && make CC=$CC -j$JOBS && cd ..
- - tar zxf download-cache/pcre-$PCRE_VER.tar.gz
- - cd pcre-$PCRE_VER/
- - ./configure --prefix=$PCRE_PREFIX --enable-jit --enable-utf --enable-unicode-properties > build.log 2>&1 || (cat build.log && exit 1)
- - make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1)
- - sudo PATH=$PATH make install > build.log 2>&1 || (cat build.log && exit 1)
- - cd ..
+ - if [ "$USE_PCRE2" != "Y" ]; then tar zxf download-cache/pcre-$PCRE_VER.tar.gz; cd pcre-$PCRE_VER/; ./configure --prefix=$PCRE_PREFIX --enable-jit --enable-utf --enable-unicode-properties > build.log 2>&1 || (cat build.log && exit 1); make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1); sudo PATH=$PATH make install > build.log 2>&1 || (cat build.log && exit 1); cd ..; fi
+ - if [ "$USE_PCRE2" = "Y" ]; then tar zxf download-cache/pcre2-$PCRE2_VER.tar.gz; cd pcre2-$PCRE2_VER/; ./configure --prefix=$PCRE2_PREFIX --enable-jit --enable-utf > build.log 2>&1 || (cat build.log && exit 1); make -j$JOBS > build.log 2>&1 || (cat build.log && exit 1); sudo PATH=$PATH make install > build.log 2>&1 || (cat build.log && exit 1); cd ..; fi
- export PATH=$PWD/work/nginx/sbin:$PWD/openresty-devel-utils:$PATH
- export LD_PRELOAD=$PWD/mockeagain/mockeagain.so
- export LD_LIBRARY_PATH=$PWD/mockeagain:$LD_LIBRARY_PATH
@@ -104,7 +105,8 @@ script:
- export disable_pcre2=--without-pcre2
- answer=`util/ver-ge "$NGINX_VERSION" 1.25.1`
- if [ "$OPENSSL_VER" = "1.1.0l" ] || [ "$answer" = "N" ]; then add_http3_module=""; fi
- - if [ "$answer" = "N" ]; then disable_pcre2=""; fi
+ - if [ "$answer" = "N" ] || [ "$USE_PCRE2" = "Y" ]; then disable_pcre2=""; fi
+ - if [ "$USE_PCRE2" = "Y" ]; then PCRE_INC=$PCRE2_INC; PCRE_LIB=$PCRE2_LIB; fi
- ngx-build $NGINX_VERSION --with-ipv6 $disable_pcre2 $add_http3_module --with-http_realip_module --with-http_ssl_module --with-pcre-jit --with-cc-opt="-I$OPENSSL_INC -I$PCRE_INC" --with-ld-opt="-L$OPENSSL_LIB -Wl,-rpath,$OPENSSL_LIB -L$PCRE_LIB -Wl,-rpath,$PCRE_LIB" --add-module=../ndk-nginx-module --add-module=../echo-nginx-module --add-module=../set-misc-nginx-module --add-module=../headers-more-nginx-module --add-module=../lua-nginx-module --with-debug --with-stream_ssl_module --with-stream --with-ipv6 --add-module=../stream-lua-nginx-module > build.log 2>&1 || (cat build.log && exit 1)
- nginx -V
- ldd `which nginx`|grep -E 'luajit|ssl|pcre'
--- a/nginx-mod-lua-resty-core/lib/resty/core/regex.lua
+++ b/nginx-mod-lua-resty-core/lib/resty/core/regex.lua
@@ -82,7 +82,7 @@ if not pcall(function() pcre_ver = ffi_s
end
-local MAX_ERR_MSG_LEN = 128
+local MAX_ERR_MSG_LEN = 256
local FLAG_COMPILE_ONCE = 0x01
@@ -102,6 +102,7 @@ local PCRE_DUPNAMES = 0x0080000
local PCRE_JAVASCRIPT_COMPAT = 0x2000000
+-- PCRE2_ERROR_NOMATCH uses the same value
local PCRE_ERROR_NOMATCH = -1
@@ -135,22 +136,44 @@ local ngx_lua_ffi_script_eval_data
-- TODO: improve this workaround when PCRE allows for unspecifying the MAP_JIT
-- option.
local no_jit_in_init
+local pcre_ver_num
-if jit.os == "OSX" then
- local maj, min = string.match(pcre_ver, "^(%d+)%.(%d+)")
- if maj and min then
- local pcre_ver_num = tonumber(maj .. min)
-
- if pcre_ver_num >= 843 then
- no_jit_in_init = true
- end
+local maj, min = string.match(pcre_ver, "^(%d+)%.(%d+)")
+if maj and min then
+ pcre_ver_num = tonumber(maj .. min)
+end
- else
+if jit.os == "OSX" then
+ if pcre_ver_num == nil then
-- assume this version is faulty as well
no_jit_in_init = true
+
+ -- PCRE2 is also subject to this issue on macOS
+ elseif pcre_ver_num >= 843 then
+ no_jit_in_init = true
end
end
+-- pcre2
+if pcre_ver_num > 845 then
+ -- option
+ PCRE_CASELESS = 0x00000008
+ PCRE_MULTILINE = 0x00000400
+ PCRE_DOTALL = 0x00000020
+ PCRE_EXTENDED = 0x00000080
+ PCRE_ANCHORED = 0x80000000
+ PCRE_UTF8 = 0x00080000
+ PCRE_DUPNAMES = 0x00000040
+ -- In the pcre2, The PCRE_JAVASCRIPT_COMPAT option has been split into
+ -- independent functional options PCRE2_ALT_BSUX, PCRE2_ALLOW_EMPTY_CLASS,
+ -- and PCRE2_MATCH_UNSET_BACKREF.
+ local PCRE2_ALT_BSUX = 0x00000002
+ local PCRE2_ALLOW_EMPTY_CLASS = 0x00000001
+ local PCRE2_MATCH_UNSET_BACKREF = 0x00000200
+ PCRE_JAVASCRIPT_COMPAT = bor(PCRE2_ALT_BSUX, PCRE2_ALLOW_EMPTY_CLASS)
+ PCRE_JAVASCRIPT_COMPAT = bor(PCRE2_MATCH_UNSET_BACKREF,
+ PCRE_JAVASCRIPT_COMPAT)
+end
if subsystem == 'http' then
ffi.cdef[[
--- a/nginx-mod-lua-resty-core/t/re-base.t
+++ b/nginx-mod-lua-resty-core/t/re-base.t
@@ -26,8 +26,11 @@ __DATA__
}
--- request
GET /re
---- response_body
-error: pcre_compile() failed: missing ) in "(abc"
+--- response_body eval
+$Test::Nginx::Util::PcreVersion == 2 ?
+"error: pcre2_compile() failed: missing closing parenthesis in \"(abc\"\n"
+:
+"error: pcre_compile() failed: missing ) in \"(abc\"\n"
--- no_error_log
[error]
@@ -63,8 +66,11 @@ error: pcre_compile() failed: missing )
}
--- request
GET /t
---- response_body_like chop
-error: pcre_exec\(\) failed: -10
+--- response_body eval
+$Test::Nginx::Util::PcreVersion == 2 ?
+"error: pcre_exec\(\) failed: -4\n"
+:
+"error: pcre_exec\(\) failed: -10\n"
--- no_error_log
[error]
@@ -128,6 +134,7 @@ probe process("$LIBPCRE_PATH").function(
printf("exec opts: %x\n", $options)
}
+# TODO: PCRE2 use different option values from PCRE
--- stap_out
compile opts: 800
exec opts: 0
@@ -172,8 +179,14 @@ end
--- request
GET /re
---- response_body
-error: pcre_exec() failed: -8
+--- response_body eval
+# lua_regex_match_limit uses pcre_extra->match_limit in the PCRE,
+# but PCRE2 replaces this with pcre2_set_match_limit interface,
+# which has different effects.
+$Test::Nginx::Util::PcreVersion == 2 ?
+"failed to match\n"
+:
+"error: pcre_exec() failed: -8\n"
--- a/nginx-mod-lua-resty-core/t/re-gmatch.t
+++ b/nginx-mod-lua-resty-core/t/re-gmatch.t
@@ -446,9 +446,13 @@ matched: nil
}
--- request
GET /re
---- response_body
-error: pcre_exec() failed: -10
-not matched
+--- response_body eval
+# PCRE2_ERROR_UTF8_ERR2 (-4)
+# PCRE_ERROR_BADUTF8 (-10)
+$Test::Nginx::Util::PcreVersion == 2 ?
+"error: pcre_exec\(\) failed: -4\nnot matched\n"
+:
+"error: pcre_exec\(\) failed: -10\nnot matched\n"
--- no_error_log
[error]
--- a/nginx-mod-lua-resty-core/t/re-match.t
+++ b/nginx-mod-lua-resty-core/t/re-match.t
@@ -306,8 +306,11 @@ NYI
}
--- request
GET /re
---- response_body_like chop
-error: pcre_compile\(\) failed: two named subpatterns have the same name
+--- response_body eval
+$Test::Nginx::Util::PcreVersion == 2 ?
+"error: pcre2_compile\(\) failed: two named subpatterns have the same name \(PCRE2_DUPNAMES not set\) in \"\(\?<first>[a-z])\(\?<first>[a-z]+\), [0-9]+\" at \"[a-z]+\), [0-9]+\"\n"
+:
+"error: pcre_compile\(\) failed: two named subpatterns have the same name in \"\(\?<first>[a-z])\(\?<first>[a-z]+\), [0-9]+\" at \">[a-z]+\), [0-9]+\"\n"
--- error_log eval
qr/\[TRACE\s+\d+/
--- a/nginx-mod-lua-resty-core/t/re-opt.t
+++ b/nginx-mod-lua-resty-core/t/re-opt.t
@@ -39,8 +39,13 @@ __DATA__
}
--- request
GET /re
---- response_body
-error: pcre_exec() failed: -27
+--- response_body eval
+# PCRE2_ERROR_JIT_STACKLIMIT (-46)
+# PCRE_ERROR_JIT_STACKLIMIT (-27)
+$Test::Nginx::Util::PcreVersion == 2 ?
+"error: pcre_exec\(\) failed: -46\n"
+:
+"error: pcre_exec\(\) failed: -27\n"
--- no_error_log
[error]
--- timeout: 10
--- a/nginx-mod-lua-resty-core/t/stream/re-base.t
+++ b/nginx-mod-lua-resty-core/t/stream/re-base.t
@@ -22,8 +22,11 @@ __DATA__
ngx.say("error: ", err)
end
}
---- stream_response
-error: pcre_compile() failed: missing ) in "(abc"
+--- stream_response eval
+$Test::Nginx::Util::PcreVersion == 2 ?
+"error: pcre2_compile() failed: missing closing parenthesis in \"(abc\"\n"
+:
+"error: pcre_compile() failed: missing ) in \"(abc\"\n"
--- no_error_log
[error]
@@ -55,12 +58,17 @@ error: pcre_compile() failed: missing )
ngx.say("not matched")
end
}
---- stream_response_like chop
-error: pcre_exec\(\) failed: -10
+--- stream_response eval
+$Test::Nginx::Util::PcreVersion == 2 ?
+"error: pcre_exec\(\) failed: -4\n"
+:
+"error: pcre_exec\(\) failed: -10\n"
--- no_error_log
[error]
+--- ONLY
+
=== TEST 3: UTF-8 mode without UTF-8 sequence checks
@@ -114,6 +122,7 @@ probe process("$LIBPCRE_PATH").function(
printf("exec opts: %x\n", $options)
}
+# TODO: PCRE2 use different option values from PCRE
--- stap_out
compile opts: 800
exec opts: 0
@@ -152,8 +161,14 @@ if not res then
return
end
---- stream_response
-error: pcre_exec() failed: -8
+--- stream_response eval
+# lua_regex_match_limit uses pcre_extra->match_limit in the PCRE,
+# but PCRE2 replaces this with pcre2_set_match_limit interface,
+# which has different effects.
+$Test::Nginx::Util::PcreVersion == 2 ?
+"failed to match\n"
+:
+"error: pcre_exec() failed: -8\n"
--- a/nginx-mod-lua-resty-core/t/stream/re-gmatch.t
+++ b/nginx-mod-lua-resty-core/t/stream/re-gmatch.t
@@ -394,9 +394,13 @@ matched: nil
ngx.say("not matched")
end
}
---- stream_response
-error: pcre_exec() failed: -10
-not matched
+--- stream_response eval
+# PCRE2_ERROR_UTF8_ERR2 (-4)
+# PCRE_ERROR_BADUTF8 (-10)
+$Test::Nginx::Util::PcreVersion == 2 ?
+"error: pcre_exec\(\) failed: -4\nnot matched\n"
+:
+"error: pcre_exec\(\) failed: -10\nnot matched\n"
--- no_error_log
[error]
--- a/nginx-mod-lua-resty-core/t/stream/re-match.t
+++ b/nginx-mod-lua-resty-core/t/stream/re-match.t
@@ -268,8 +268,11 @@ NYI
ngx.say("not matched!")
end
}
---- stream_response_like chop
-error: pcre_compile\(\) failed: two named subpatterns have the same name
+--- stream_response eval
+$Test::Nginx::Util::PcreVersion == 2 ?
+"error: pcre2_compile\(\) failed: two named subpatterns have the same name \(PCRE2_DUPNAMES not set\) in \"\(\?<first>[a-z])\(\?<first>[a-z]+\), [0-9]+\" at \"[a-z]+\), [0-9]+\"\n"
+:
+"error: pcre_compile\(\) failed: two named subpatterns have the same name in \"\(\?<first>[a-z])\(\?<first>[a-z]+\), [0-9]+\" at \">[a-z]+\), [0-9]+\"\n"
--- error_log eval
qr/\[TRACE\s+\d+/
--- a/nginx-mod-lua-resty-core/t/stream/re-opt.t
+++ b/nginx-mod-lua-resty-core/t/stream/re-opt.t
@@ -36,8 +36,13 @@ __DATA__
ngx.say("not matched!")
end
}
---- stream_response
-error: pcre_exec() failed: -27
+--- stream_response eval
+# PCRE2_ERROR_JIT_STACKLIMIT (-46)
+# PCRE_ERROR_JIT_STACKLIMIT (-27)
+$Test::Nginx::Util::PcreVersion == 2 ?
+"error: pcre_exec\(\) failed: -46\n"
+:
+"error: pcre_exec\(\) failed: -27\n"
--- no_error_log
[error]
--- timeout: 10

2009
nginx/patches/nginx-mod-lua/001-feature_support_pcre2.patch Normal file
View File

File diff suppressed because it is too large Load Diff

52
nginx/patches/lua-nginx/100-no_by_lua_block.patch → nginx/patches/nginx-mod-lua/100-no_by_lua_block.patch
View File

@ -1,6 +1,6 @@
--- a/lua-nginx/src/ngx_http_lua_module.c
+++ b/lua-nginx/src/ngx_http_lua_module.c
@@ -207,12 +207,14 @@ static ngx_command_t ngx_http_lua_cmds[]
--- a/nginx-mod-lua/src/ngx_http_lua_module.c
+++ b/nginx-mod-lua/src/ngx_http_lua_module.c
@@ -212,12 +212,14 @@ static ngx_command_t ngx_http_lua_cmds[]
offsetof(ngx_http_lua_loc_conf_t, log_socket_errors),
NULL },
@ -15,7 +15,7 @@
{ ngx_string("init_by_lua"),
NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE1,
@@ -228,12 +230,14 @@ static ngx_command_t ngx_http_lua_cmds[]
@@ -233,12 +235,14 @@ static ngx_command_t ngx_http_lua_cmds[]
0,
(void *) ngx_http_lua_init_by_file },
@ -30,7 +30,7 @@
{ ngx_string("init_worker_by_lua"),
NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE1,
@@ -249,12 +253,14 @@ static ngx_command_t ngx_http_lua_cmds[]
@@ -254,12 +258,14 @@ static ngx_command_t ngx_http_lua_cmds[]
0,
(void *) ngx_http_lua_init_worker_by_file },
@ -45,7 +45,7 @@
{ ngx_string("exit_worker_by_lua_file"),
NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE1,
@@ -264,6 +270,7 @@ static ngx_command_t ngx_http_lua_cmds[]
@@ -269,6 +275,7 @@ static ngx_command_t ngx_http_lua_cmds[]
(void *) ngx_http_lua_exit_worker_by_file },
#if defined(NDK) && NDK
@ -53,7 +53,7 @@
/* set_by_lua_block $res { inline Lua code } */
{ ngx_string("set_by_lua_block"),
NGX_HTTP_SRV_CONF|NGX_HTTP_SIF_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF
@@ -272,6 +279,7 @@ static ngx_command_t ngx_http_lua_cmds[]
@@ -277,6 +284,7 @@ static ngx_command_t ngx_http_lua_cmds[]
NGX_HTTP_LOC_CONF_OFFSET,
0,
(void *) ngx_http_lua_filter_set_by_lua_inline },
@ -61,7 +61,7 @@
/* set_by_lua $res <inline script> [$arg1 [$arg2 [...]]] */
{ ngx_string("set_by_lua"),
@@ -292,6 +300,7 @@ static ngx_command_t ngx_http_lua_cmds[]
@@ -297,6 +305,7 @@ static ngx_command_t ngx_http_lua_cmds[]
(void *) ngx_http_lua_filter_set_by_lua_file },
#endif
@ -69,7 +69,7 @@
/* server_rewrite_by_lua_block { <inline script> } */
{ ngx_string("server_rewrite_by_lua_block"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS,
@@ -299,6 +308,7 @@ static ngx_command_t ngx_http_lua_cmds[]
@@ -304,6 +313,7 @@ static ngx_command_t ngx_http_lua_cmds[]
NGX_HTTP_SRV_CONF_OFFSET,
0,
(void *) ngx_http_lua_server_rewrite_handler_inline },
@ -77,7 +77,7 @@
/* server_rewrite_by_lua_file filename; */
{ ngx_string("server_rewrite_by_lua_file"),
@@ -317,6 +327,7 @@ static ngx_command_t ngx_http_lua_cmds[]
@@ -322,6 +332,7 @@ static ngx_command_t ngx_http_lua_cmds[]
0,
(void *) ngx_http_lua_rewrite_handler_inline },
@ -85,7 +85,7 @@
/* rewrite_by_lua_block { <inline script> } */
{ ngx_string("rewrite_by_lua_block"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF
@@ -325,6 +336,7 @@ static ngx_command_t ngx_http_lua_cmds[]
@@ -330,6 +341,7 @@ static ngx_command_t ngx_http_lua_cmds[]
NGX_HTTP_LOC_CONF_OFFSET,
0,
(void *) ngx_http_lua_rewrite_handler_inline },
@ -93,7 +93,7 @@
/* access_by_lua "<inline script>" */
{ ngx_string("access_by_lua"),
@@ -335,6 +347,7 @@ static ngx_command_t ngx_http_lua_cmds[]
@@ -340,6 +352,7 @@ static ngx_command_t ngx_http_lua_cmds[]
0,
(void *) ngx_http_lua_access_handler_inline },
@ -101,7 +101,7 @@
/* access_by_lua_block { <inline script> } */
{ ngx_string("access_by_lua_block"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF
@@ -343,6 +356,7 @@ static ngx_command_t ngx_http_lua_cmds[]
@@ -348,6 +361,7 @@ static ngx_command_t ngx_http_lua_cmds[]
NGX_HTTP_LOC_CONF_OFFSET,
0,
(void *) ngx_http_lua_access_handler_inline },
@ -109,7 +109,7 @@
/* content_by_lua "<inline script>" */
{ ngx_string("content_by_lua"),
@@ -352,6 +366,7 @@ static ngx_command_t ngx_http_lua_cmds[]
@@ -357,6 +371,7 @@ static ngx_command_t ngx_http_lua_cmds[]
0,
(void *) ngx_http_lua_content_handler_inline },
@ -117,7 +117,7 @@
/* content_by_lua_block { <inline script> } */
{ ngx_string("content_by_lua_block"),
NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF|NGX_CONF_BLOCK|NGX_CONF_NOARGS,
@@ -359,6 +374,7 @@ static ngx_command_t ngx_http_lua_cmds[]
@@ -364,6 +379,7 @@ static ngx_command_t ngx_http_lua_cmds[]
NGX_HTTP_LOC_CONF_OFFSET,
0,
(void *) ngx_http_lua_content_handler_inline },
@ -125,7 +125,7 @@
/* log_by_lua <inline script> */
{ ngx_string("log_by_lua"),
@@ -369,6 +385,7 @@ static ngx_command_t ngx_http_lua_cmds[]
@@ -374,6 +390,7 @@ static ngx_command_t ngx_http_lua_cmds[]
0,
(void *) ngx_http_lua_log_handler_inline },
@ -133,7 +133,7 @@
/* log_by_lua_block { <inline script> } */
{ ngx_string("log_by_lua_block"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF
@@ -377,6 +394,7 @@ static ngx_command_t ngx_http_lua_cmds[]
@@ -382,6 +399,7 @@ static ngx_command_t ngx_http_lua_cmds[]
NGX_HTTP_LOC_CONF_OFFSET,
0,
(void *) ngx_http_lua_log_handler_inline },
@ -141,7 +141,7 @@
{ ngx_string("rewrite_by_lua_file"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF
@@ -433,6 +451,7 @@ static ngx_command_t ngx_http_lua_cmds[]
@@ -438,6 +456,7 @@ static ngx_command_t ngx_http_lua_cmds[]
0,
(void *) ngx_http_lua_header_filter_inline },
@ -149,7 +149,7 @@
/* header_filter_by_lua_block { <inline script> } */
{ ngx_string("header_filter_by_lua_block"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF
@@ -441,6 +460,7 @@ static ngx_command_t ngx_http_lua_cmds[]
@@ -446,6 +465,7 @@ static ngx_command_t ngx_http_lua_cmds[]
NGX_HTTP_LOC_CONF_OFFSET,
0,
(void *) ngx_http_lua_header_filter_inline },
@ -157,7 +157,7 @@
{ ngx_string("header_filter_by_lua_file"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF
@@ -458,6 +478,7 @@ static ngx_command_t ngx_http_lua_cmds[]
@@ -463,6 +483,7 @@ static ngx_command_t ngx_http_lua_cmds[]
0,
(void *) ngx_http_lua_body_filter_inline },
@ -165,7 +165,7 @@
/* body_filter_by_lua_block { <inline script> } */
{ ngx_string("body_filter_by_lua_block"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF
@@ -466,6 +487,7 @@ static ngx_command_t ngx_http_lua_cmds[]
@@ -471,6 +492,7 @@ static ngx_command_t ngx_http_lua_cmds[]
NGX_HTTP_LOC_CONF_OFFSET,
0,
(void *) ngx_http_lua_body_filter_inline },
@ -173,7 +173,7 @@
{ ngx_string("body_filter_by_lua_file"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LIF_CONF
@@ -475,12 +497,14 @@ static ngx_command_t ngx_http_lua_cmds[]
@@ -480,12 +502,14 @@ static ngx_command_t ngx_http_lua_cmds[]
0,
(void *) ngx_http_lua_body_filter_file },
@ -188,7 +188,7 @@
{ ngx_string("balancer_by_lua_file"),
NGX_HTTP_UPS_CONF|NGX_CONF_TAKE1,
@@ -585,12 +609,14 @@ static ngx_command_t ngx_http_lua_cmds[]
@@ -590,12 +614,14 @@ static ngx_command_t ngx_http_lua_cmds[]
offsetof(ngx_http_lua_loc_conf_t, ssl_ciphers),
NULL },
@ -203,7 +203,7 @@
{ ngx_string("ssl_client_hello_by_lua_file"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
@@ -599,12 +625,14 @@ static ngx_command_t ngx_http_lua_cmds[]
@@ -604,12 +630,14 @@ static ngx_command_t ngx_http_lua_cmds[]
0,
(void *) ngx_http_lua_ssl_client_hello_handler_file },
@ -218,7 +218,7 @@
{ ngx_string("ssl_certificate_by_lua_file"),
NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
@@ -613,12 +641,14 @@ static ngx_command_t ngx_http_lua_cmds[]
@@ -618,12 +646,14 @@ static ngx_command_t ngx_http_lua_cmds[]
0,
(void *) ngx_http_lua_ssl_cert_handler_file },
@ -233,7 +233,7 @@
{ ngx_string("ssl_session_store_by_lua_file"),
NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE1,
@@ -627,12 +657,14 @@ static ngx_command_t ngx_http_lua_cmds[]
@@ -632,12 +662,14 @@ static ngx_command_t ngx_http_lua_cmds[]
0,
(void *) ngx_http_lua_ssl_sess_store_handler_file },

27
nginx/patches/nginx-mod-lua/101-bugfix-don-t-include-pcre.h-with-PCRE2-used.patch Normal file
View File

@ -0,0 +1,27 @@
From f968d74c3af8259f325090d282aeb64854cdddf9 Mon Sep 17 00:00:00 2001
From: Christian Marangi <ansuelsmth@gmail.com>
Date: Fri, 13 Oct 2023 20:23:51 +0200
Subject: [PATCH] bugfix: don't include pcre.h with PCRE2 used
pcre.h is a PCRE header and is not exposed by PCRE2 library causing
compilation error as the header is not found.
Don't include pcre.h if nginx is compiled with PCRE2 support enabled.
Fixes: cb83e33e2657 ("feature: support pcre2")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
---
nginx-mod-lua/src/ngx_http_lua_common.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/nginx-mod-lua/src/ngx_http_lua_common.h
+++ b/nginx-mod-lua/src/ngx_http_lua_common.h
@@ -54,7 +54,7 @@ typedef struct {
#endif
-#if (NGX_PCRE)
+#if defined(NGX_PCRE) && !(NGX_PCRE2)
#include <pcre.h>
# if (PCRE_MAJOR > 8) || (PCRE_MAJOR == 8 && PCRE_MINOR >= 21)
# define LUA_HAVE_PCRE_JIT 1

61
nginx/patches/nginx-mod-njs/101-feature_test_fix.patch Normal file
View File

@ -0,0 +1,61 @@
--- a/nginx-mod-njs/auto/explicit_bzero
+++ b/nginx-mod-njs/auto/explicit_bzero
@@ -7,7 +7,7 @@
njs_feature="explicit_bzero()"
njs_feature_name=NJS_HAVE_EXPLICIT_BZERO
-njs_feature_run=yes
+njs_feature_run=no
njs_feature_incs=
njs_feature_libs=
njs_feature_test="#include <strings.h>
--- a/nginx-mod-njs/auto/getrandom
+++ b/nginx-mod-njs/auto/getrandom
@@ -7,7 +7,7 @@
njs_feature="getrandom()"
njs_feature_name=NJS_HAVE_GETRANDOM
-njs_feature_run=yes
+njs_feature_run=no
njs_feature_incs=
njs_feature_libs=
njs_feature_test="#include <unistd.h>
@@ -76,6 +76,7 @@ if [ $njs_found = no ]; then
njs_feature="getentropy()"
njs_feature_name=NJS_HAVE_GETENTROPY
+ njs_feature_run=no
njs_feature_test="#include <unistd.h>
int main(void) {
--- a/nginx-mod-njs/auto/memalign
+++ b/nginx-mod-njs/auto/memalign
@@ -8,7 +8,7 @@
njs_feature="posix_memalign()"
njs_feature_name=NJS_HAVE_POSIX_MEMALIGN
-njs_feature_run=yes
+njs_feature_run=no
njs_feature_incs=
njs_feature_libs=
njs_feature_test="#include <stdlib.h>
@@ -31,7 +31,7 @@ if [ $njs_found = no ]; then
njs_feature="memalign()"
njs_feature_name=NJS_HAVE_MEMALIGN
- njs_feature_run=yes
+ njs_feature_run=no
njs_feature_incs=
njs_feature_libs=
njs_feature_test="#include <stdlib.h>
--- a/nginx-mod-njs/auto/time
+++ b/nginx-mod-njs/auto/time
@@ -5,7 +5,7 @@
njs_feature="clock_gettime(CLOCK_MONOTONIC)"
njs_feature_name=NJS_HAVE_CLOCK_MONOTONIC
-njs_feature_run=yes
+njs_feature_run=no
njs_feature_incs=
njs_feature_libs=
njs_feature_test="#include <time.h>

236
nginx/patches/nginx-mod-njs/102-sizeof_test_fix.patch Normal file
View File

@ -0,0 +1,236 @@
--- a/nginx-mod-njs/auto/types
+++ b/nginx-mod-njs/auto/types
@@ -11,113 +11,37 @@
# printf("%d", (int) sizeof(TYPE));
-njs_feature="sizeof(int)"
-njs_feature_name=NJS_INT_SIZE
-njs_feature_run=value
-njs_feature_incs=
-njs_feature_libs=
-njs_feature_test="#include <stdio.h>
-
- int main() {
- printf(\"%d\", (int) sizeof(int));
- return 0;
- }"
-. auto/feature
-
-
-njs_feature="sizeof(u_int)"
-njs_feature_name=NJS_UINT_SIZE
-njs_feature_run=value
-njs_feature_incs=
-njs_feature_libs=
-njs_feature_test="#include <sys/types.h>
- #include <stdio.h>
-
- int main() {
- printf(\"%d\", (int) sizeof(u_int));
- return 0;
- }"
-. auto/feature
-
-
-njs_feature="sizeof(void *)"
-njs_feature_name=NJS_PTR_SIZE
-njs_feature_run=value
-njs_feature_incs=
-njs_feature_libs=
-njs_feature_test="#include <stdio.h>
-
- int main() {
- printf(\"%d\", (int) sizeof(void *));
- return 0;
- }"
-. auto/feature
-
-
-njs_feature="sizeof(uintptr_t)"
-njs_feature_name=NJS_UINTPTR_T_SIZE
-njs_feature_run=value
-njs_feature_incs=
-njs_feature_libs=
-njs_feature_test="#include <stdint.h>
- #include <stdio.h>
-
- int main() {
- printf(\"%d\", (int) sizeof(uintptr_t));
- return 0;
- }"
-. auto/feature
+njs_type="int"; . auto/types_util/sizeof
+njs_param=NJS_INT_SIZE; njs_value=$njs_size; . auto/types_util/value
-case "$njs_feature_value" in
+njs_type="u_int"; . auto/types_util/sizeof
+njs_param=NJS_UINT_SIZE; njs_value=$njs_size; . auto/types_util/value
+
+
+njs_type="void *"; . auto/types_util/sizeof
+njs_param=NJS_PTR_SIZE; njs_value=$njs_size; . auto/types_util/value
+
+
+njs_type="uintptr_t"; . auto/types_util/sizeof
+njs_param=NJS_UINTPTR_T_SIZE; njs_value=$njs_size; . auto/types_util/value
+
+case "$njs_value" in
8) NJS_64BIT=1 ;;
*) NJS_64BIT=0 ;;
esac
-njs_feature="sizeof(size_t)"
-njs_feature_name=NJS_SIZE_T_SIZE
-njs_feature_run=value
-njs_feature_incs=
-njs_feature_libs=
-njs_feature_test="#include <stdio.h>
-
- int main() {
- printf(\"%d\", (int) sizeof(size_t));
- return 0;
- }"
-. auto/feature
-
-
-njs_feature="sizeof(off_t)"
-njs_feature_name=NJS_OFF_T_SIZE
-njs_feature_run=value
-njs_feature_incs=
-njs_feature_libs=
-njs_feature_test="#define _FILE_OFFSET_BITS 64
- #include <unistd.h>
- #include <stdio.h>
-
- int main() {
- printf(\"%d\", (int) sizeof(off_t));
- return 0;
- }"
-. auto/feature
-
-
-njs_feature="sizeof(time_t)"
-njs_feature_name=NJS_TIME_T_SIZE
-njs_feature_run=value
-njs_feature_incs=
-njs_feature_libs=
-njs_feature_test="#include <time.h>
- #include <stdio.h>
-
- int main(void) {
- printf(\"%d\", (int) sizeof(time_t));
- return 0;
- }"
-. auto/feature
+njs_type="size_t"; . auto/types_util/sizeof
+njs_param=NJS_SIZE_T_SIZE; njs_value=$njs_size; . auto/types_util/value
+
+
+njs_type="off_t"; . auto/types_util/sizeof
+njs_param=NJS_OFF_T_SIZE; njs_value=$njs_size; . auto/types_util/value
+
+
+njs_type="time_t"; . auto/types_util/sizeof
+njs_param=NJS_TIME_T_SIZE; njs_value=$njs_size; . auto/types_util/value
# Ensuring that double type is always evaluated at standard
--- /dev/null
+++ b/nginx-mod-njs/auto/types_util/sizeof
@@ -0,0 +1,78 @@
+
+# Copyright (C) Igor Sysoev
+# Copyright (C) Nginx, Inc.
+
+
+printf "checking for sizeof($njs_type) ..."
+
+cat << END >> $NJS_AUTOCONF_ERR
+
+----------------------------------------
+checking for sizeof($njs_type)
+
+END
+
+njs_size=
+
+cat << END > $NJS_AUTOTEST.c
+
+#include <sys/types.h>
+#include <time.h>
+#include <stdio.h>
+#include <stdint.h>
+
+volatile char object_code_block[] = {
+ '\n', 'e', '4', 'V', 'A',
+ '0', 'x', ('0' + sizeof($njs_type)),
+ 'Y', '3', 'p', 'M', '\n'
+};
+
+int main(void) {
+ printf("dummy use of object_code_block to avoid gc-section: %c", object_code_block[0]);
+ return 0;
+}
+
+END
+
+
+njs_test="$CC $CFLAGS $NJS_CFLAGS $NJS_CC_OPT $NJS_TEST_CFLAGS \
+ -o $NJS_AUTOTEST $NJS_AUTOTEST.c \
+ $NJS_LD_OPT $NJS_TEST_LIBS"
+
+eval "$njs_test >> $NJS_AUTOCONF_ERR 2>&1"
+
+
+if [ -x $NJS_AUTOTEST ]; then
+ njs_size=`sed -ne 's/^e4VA0x\(.\)Y3pM$/\1/p' < $NJS_AUTOTEST`
+ echo " $njs_size"
+fi
+
+
+case $njs_size in
+ 4)
+ njs_max_value=2147483647
+ njs_max_len='(sizeof("-2147483648") - 1)'
+ ;;
+
+ 8)
+ njs_max_value=9223372036854775807LL
+ njs_max_len='(sizeof("-9223372036854775808") - 1)'
+ ;;
+
+ *)
+ echo
+ echo "$0: error: can not detect $njs_type size"
+
+ echo "----------" >> $NJS_AUTOCONF_ERR
+ cat $NJS_AUTOTEST.c >> $NJS_AUTOCONF_ERR
+ echo "----------" >> $NJS_AUTOCONF_ERR
+ echo $njs_test >> $NJS_AUTOCONF_ERR
+ echo "----------" >> $NJS_AUTOCONF_ERR
+
+ rm -rf $NJS_AUTOTEST*
+
+ exit 1
+esac
+
+
+rm -rf $NJS_AUTOTEST*
--- /dev/null
+++ b/nginx-mod-njs/auto/types_util/value
@@ -0,0 +1,12 @@
+
+# Copyright (C) Igor Sysoev
+# Copyright (C) Nginx, Inc.
+
+
+cat << END >> $NJS_AUTO_CONFIG_H
+
+#ifndef $njs_param
+#define $njs_param $njs_value
+#endif
+
+END

51
nginx/patches/nginx-mod-njs/104-endianness_fix.patch Normal file
View File

@ -0,0 +1,51 @@
--- a/nginx-mod-njs/auto/endianness
+++ b/nginx-mod-njs/auto/endianness
@@ -2,6 +2,15 @@
# Copyright (C) Dmitry Volyntsev
# Copyright (C) NGINX, Inc.
+if [ "${CONFIG_BIG_ENDIAN}" != "y" ]; then
+ njs_define=NJS_HAVE_BIG_ENDIAN . auto/define
+
+else
+ njs_define=NJS_HAVE_LITTLE_ENDIAN . auto/define
+fi
+
+return
+
njs_found=no
njs_feature="system byte ordering"
@@ -26,10 +35,4 @@ if [ $njs_found = no ]; then
exit 1;
fi
-if [ $njs_feature_value = big ]; then
- njs_define=NJS_HAVE_BIG_ENDIAN . auto/define
-
-else
- njs_define=NJS_HAVE_LITTLE_ENDIAN . auto/define
-fi
--- a/nginx-mod-njs/nginx/config.make
+++ b/nginx-mod-njs/nginx/config.make
@@ -3,15 +3,15 @@ cat << END
$ngx_addon_dir/../build/libnjs.a: $NGX_MAKEFILE
cd $ngx_addon_dir/.. \\
&& if [ -f build/Makefile ]; then \$(MAKE) clean; fi \\
- && CFLAGS="\$(CFLAGS)" CC="\$(CC)" ./configure --no-openssl \\
- --no-libxml2 --no-zlib --no-pcre --no-quickjs \\
+ && CFLAGS="\$(CFLAGS)" CC="\$(CC)" CONFIG_BIG_ENDIAN=\$(CONFIG_BIG_ENDIAN) \\
+ ./configure --no-openssl --no-libxml2 --no-zlib --no-pcre --no-quickjs \\
&& \$(MAKE) libnjs
$ngx_addon_dir/../build/libqjs.a: $NGX_MAKEFILE
cd $ngx_addon_dir/.. \\
&& if [ -f build/Makefile ]; then \$(MAKE) clean; fi \\
- && CFLAGS="\$(CFLAGS)" CC="\$(CC)" ./configure --no-openssl \\
- --no-libxml2 --no-zlib --no-pcre \\
+ && CFLAGS="\$(CFLAGS)" CC="\$(CC)" CONFIG_BIG_ENDIAN=\$(CONFIG_BIG_ENDIAN) \\
+ ./configure --no-openssl --no-libxml2 --no-zlib --no-pcre \\
&& \$(MAKE) libnjs libqjs
END

52
nginx/patches/rtmp-nginx/100-bigedian.patch → nginx/patches/nginx-mod-rtmp/100-bigedian.patch
View File

@ -12,8 +12,8 @@ Subject: [PATCH 1/3] arut's e0e278bc7fedd6f7465648d1d20df1a8422d60bf [removed
ngx_rtmp_handler.c | 108 +++++++++++++++++++++---------------------
5 files changed, 68 insertions(+), 64 deletions(-)
--- a/nginx-rtmp/ngx_rtmp.c
+++ b/nginx-rtmp/ngx_rtmp.c
--- a/nginx-mod-rtmp/ngx_rtmp.c
+++ b/nginx-mod-rtmp/ngx_rtmp.c
@@ -825,22 +825,6 @@ ngx_rtmp_fire_event(ngx_rtmp_session_t *
}
@ -37,8 +37,8 @@ Subject: [PATCH 1/3] arut's e0e278bc7fedd6f7465648d1d20df1a8422d60bf [removed
static ngx_int_t
ngx_rtmp_init_process(ngx_cycle_t *cycle)
{
--- a/nginx-rtmp/ngx_rtmp.h
+++ b/nginx-rtmp/ngx_rtmp.h
--- a/nginx-mod-rtmp/ngx_rtmp.h
+++ b/nginx-mod-rtmp/ngx_rtmp.h
@@ -417,34 +417,33 @@ ngx_int_t ngx_rtmp_fire_event(ngx_rtmp_s
ngx_int_t ngx_rtmp_set_chunk_size(ngx_rtmp_session_t *s, ngx_uint_t size);
@ -92,8 +92,8 @@ Subject: [PATCH 1/3] arut's e0e278bc7fedd6f7465648d1d20df1a8422d60bf [removed
/* Receiving messages */
ngx_int_t ngx_rtmp_receive_message(ngx_rtmp_session_t *s,
--- a/nginx-rtmp/ngx_rtmp_amf.c
+++ b/nginx-rtmp/ngx_rtmp_amf.c
--- a/nginx-mod-rtmp/ngx_rtmp_amf.c
+++ b/nginx-mod-rtmp/ngx_rtmp_amf.c
@@ -10,23 +10,6 @@
#include "ngx_rtmp.h"
#include <string.h>
@ -244,8 +244,8 @@ Subject: [PATCH 1/3] arut's e0e278bc7fedd6f7465648d1d20df1a8422d60bf [removed
{
return NGX_ERROR;
}
--- a/nginx-rtmp/ngx_rtmp_flv_module.c
+++ b/nginx-rtmp/ngx_rtmp_flv_module.c
--- a/nginx-mod-rtmp/ngx_rtmp_flv_module.c
+++ b/nginx-mod-rtmp/ngx_rtmp_flv_module.c
@@ -102,7 +102,7 @@ ngx_rtmp_flv_fill_index(ngx_rtmp_amf_ctx
return NGX_ERROR;
}
@ -294,8 +294,8 @@ Subject: [PATCH 1/3] arut's e0e278bc7fedd6f7465648d1d20df1a8422d60bf [removed
ctx->offset += (sizeof(ngx_rtmp_flv_header) + size + 4);
--- a/nginx-rtmp/ngx_rtmp_handler.c
+++ b/nginx-rtmp/ngx_rtmp_handler.c
--- a/nginx-mod-rtmp/ngx_rtmp_handler.c
+++ b/nginx-mod-rtmp/ngx_rtmp_handler.c
@@ -200,7 +200,7 @@ ngx_rtmp_recv(ngx_event_t *rev)
ngx_rtmp_stream_t *st, *st0;
ngx_chain_t *in, *head;
@ -470,8 +470,8 @@ Subject: [PATCH 1/3] arut's e0e278bc7fedd6f7465648d1d20df1a8422d60bf [removed
/* This CONTRADICTS the standard
* but that's the way flash client
--- a/nginx-rtmp/ngx_rtmp_send.c
+++ b/nginx-rtmp/ngx_rtmp_send.c
--- a/nginx-mod-rtmp/ngx_rtmp_send.c
+++ b/nginx-mod-rtmp/ngx_rtmp_send.c
@@ -33,13 +33,13 @@
*(__b->last++) = (u_char)(utype);
@ -491,8 +491,8 @@ Subject: [PATCH 1/3] arut's e0e278bc7fedd6f7465648d1d20df1a8422d60bf [removed
#define NGX_RTMP_USER_END(s) \
ngx_rtmp_prepare_message(s, &__h, NULL, __l); \
--- a/nginx-rtmp/hls/ngx_rtmp_hls_module.c
+++ b/nginx-rtmp/hls/ngx_rtmp_hls_module.c
--- a/nginx-mod-rtmp/hls/ngx_rtmp_hls_module.c
+++ b/nginx-mod-rtmp/hls/ngx_rtmp_hls_module.c
@@ -296,7 +296,7 @@ static ngx_command_t ngx_rtmp_hls_comman
ngx_conf_set_enum_slot,
NGX_RTMP_APP_CONF_OFFSET,
@ -534,8 +534,8 @@ Subject: [PATCH 1/3] arut's e0e278bc7fedd6f7465648d1d20df1a8422d60bf [removed
if (len == 0) {
continue;
--- a/nginx-rtmp/ngx_rtmp_bitop.h
+++ b/nginx-rtmp/ngx_rtmp_bitop.h
--- a/nginx-mod-rtmp/ngx_rtmp_bitop.h
+++ b/nginx-mod-rtmp/ngx_rtmp_bitop.h
@@ -40,7 +40,7 @@ uint64_t ngx_rtmp_bit_read_golomb(ngx_rt
((uint32_t) ngx_rtmp_bit_read(br, 32))
@ -545,8 +545,8 @@ Subject: [PATCH 1/3] arut's e0e278bc7fedd6f7465648d1d20df1a8422d60bf [removed
#endif /* _NGX_RTMP_BITOP_H_INCLUDED_ */
--- a/nginx-rtmp/ngx_rtmp_eval.c
+++ b/nginx-rtmp/ngx_rtmp_eval.c
--- a/nginx-mod-rtmp/ngx_rtmp_eval.c
+++ b/nginx-mod-rtmp/ngx_rtmp_eval.c
@@ -166,7 +166,7 @@ ngx_rtmp_eval(void *ctx, ngx_str_t *in,
state = ESCAPE;
continue;
@ -556,8 +556,8 @@ Subject: [PATCH 1/3] arut's e0e278bc7fedd6f7465648d1d20df1a8422d60bf [removed
case ESCAPE:
ngx_rtmp_eval_append(&b, &c, 1, log);
state = NORMAL;
--- a/nginx-rtmp/ngx_rtmp_handshake.c
+++ b/nginx-rtmp/ngx_rtmp_handshake.c
--- a/nginx-mod-rtmp/ngx_rtmp_handshake.c
+++ b/nginx-mod-rtmp/ngx_rtmp_handshake.c
@@ -264,7 +264,8 @@ ngx_rtmp_handshake_create_challenge(ngx_
b = s->hs_buf;
b->last = b->pos = b->start;
@ -578,8 +578,8 @@ Subject: [PATCH 1/3] arut's e0e278bc7fedd6f7465648d1d20df1a8422d60bf [removed
p = b->pos + 4;
ngx_log_debug5(NGX_LOG_DEBUG_RTMP, s->connection->log, 0,
--- a/nginx-rtmp/ngx_rtmp_mp4_module.c
+++ b/nginx-rtmp/ngx_rtmp_mp4_module.c
--- a/nginx-mod-rtmp/ngx_rtmp_mp4_module.c
+++ b/nginx-mod-rtmp/ngx_rtmp_mp4_module.c
@@ -528,9 +528,9 @@ ngx_rtmp_mp4_parse_mdhd(ngx_rtmp_session
}
@ -1330,8 +1330,8 @@ Subject: [PATCH 1/3] arut's e0e278bc7fedd6f7465648d1d20df1a8422d60bf [removed
shift += sizeof(extended_size);
} else if (size == 0) {
--- a/nginx-rtmp/ngx_rtmp_receive.c
+++ b/nginx-rtmp/ngx_rtmp_receive.c
--- a/nginx-mod-rtmp/ngx_rtmp_receive.c
+++ b/nginx-mod-rtmp/ngx_rtmp_receive.c
@@ -17,7 +17,6 @@ ngx_rtmp_protocol_message_handler(ngx_rt
ngx_rtmp_header_t *h, ngx_chain_t *in)
{
@ -1424,8 +1424,8 @@ Subject: [PATCH 1/3] arut's e0e278bc7fedd6f7465648d1d20df1a8422d60bf [removed
return NGX_OK;
}
--- a/nginx-rtmp/ngx_rtmp_record_module.c
+++ b/nginx-rtmp/ngx_rtmp_record_module.c
--- a/nginx-mod-rtmp/ngx_rtmp_record_module.c
+++ b/nginx-mod-rtmp/ngx_rtmp_record_module.c
@@ -454,7 +454,7 @@ ngx_rtmp_record_node_open(ngx_rtmp_sessi
ngx_err_t err;
ngx_str_t path;

11
nginx/patches/nginx/101-feature_test_fix.patch
View File

@ -5,7 +5,7 @@
ngx_feature="C compiler"
ngx_feature_name=
- ngx_feature_run=yes
+ ngx_feature_run=
+ ngx_feature_run=no
ngx_feature_incs=
ngx_feature_path=
ngx_feature_libs=
@ -72,6 +72,15 @@
ngx_feature="prctl(PR_SET_DUMPABLE)"
ngx_feature_name="NGX_HAVE_PR_SET_DUMPABLE"
-ngx_feature_run=yes
+ngx_feature_run=no
ngx_feature_incs="#include <sys/prctl.h>"
ngx_feature_path=
ngx_feature_libs=
@@ -186,7 +186,7 @@ ngx_feature_test="if (prctl(PR_SET_DUMPA
ngx_feature="prctl(PR_SET_KEEPCAPS)"
ngx_feature_name="NGX_HAVE_PR_SET_KEEPCAPS"
-ngx_feature_run=yes
+ngx_feature_run=no
ngx_feature_incs="#include <sys/prctl.h>"
ngx_feature_path=

2
nginx/patches/nginx/102-sizeof_test_fix.patch
View File

@ -4,7 +4,7 @@
$NGX_INCLUDE_INTTYPES_H
$NGX_INCLUDE_AUTO_CONFIG_H
+char object_code_block[] = {
+volatile char object_code_block[] = {
+ '\n', 'e', '4', 'V', 'A',
+ '0', 'x', ('0' + sizeof($ngx_type)),
+ 'Y', '3', 'p', 'M', '\n'

34
nginx/patches/nginx/105-optional-libexslt.patch Normal file
View File

@ -0,0 +1,34 @@
--- a/auto/options
+++ b/auto/options
@@ -165,6 +165,7 @@ USE_PERL=NO
NGX_PERL=perl
USE_LIBXSLT=NO
+USE_LIBEXSLT=NO
USE_LIBGD=NO
USE_GEOIP=NO
@@ -370,6 +371,7 @@ use the \"--with-mail_ssl_module\" optio
--with-pcre-opt=*) PCRE_OPT="$value" ;;
--with-pcre-jit) PCRE_JIT=YES ;;
--without-pcre2) PCRE2=DISABLED ;;
+ --with-libexslt) USE_LIBEXSLT=YES ;;
--with-openssl=*) OPENSSL="$value" ;;
--with-openssl-opt=*) OPENSSL_OPT="$value" ;;
--- a/auto/lib/libxslt/conf
+++ b/auto/lib/libxslt/conf
@@ -96,6 +96,8 @@ END
fi
+if [ $USE_LIBEXSLT = YES ]; then
+
ngx_feature="libexslt"
ngx_feature_name=NGX_HAVE_EXSLT
ngx_feature_run=no
@@ -163,3 +165,4 @@ if [ $ngx_found = yes ]; then
NGX_LIB_LIBXSLT="$NGX_LIB_LIBXSLT -lexslt"
fi
+fi

20
nginx/patches/nginx/106-libxslt-fix-detection.patch Normal file
View File

@ -0,0 +1,20 @@
--- a/auto/lib/libxslt/conf
+++ b/auto/lib/libxslt/conf
@@ -12,7 +12,7 @@
#include <libxslt/xsltInternals.h>
#include <libxslt/transform.h>
#include <libxslt/xsltutils.h>"
- ngx_feature_path="/usr/include/libxml2"
+ ngx_feature_path="${LIBXML2_INC:-/usr/include/libxml2}"
ngx_feature_libs="-lxml2 -lxslt"
ngx_feature_test="xmlParserCtxtPtr ctxt = NULL;
xsltStylesheetPtr sheet = NULL;
@@ -102,7 +102,7 @@ if [ $USE_LIBEXSLT = YES ]; then
ngx_feature_name=NGX_HAVE_EXSLT
ngx_feature_run=no
ngx_feature_incs="#include <libexslt/exslt.h>"
- ngx_feature_path="/usr/include/libxml2"
+ ngx_feature_path="${LIBXML2_INC:-/usr/include/libxml2}"
ngx_feature_libs="-lexslt"
ngx_feature_test="exsltRegisterAll();"
. auto/feature

2
nginx/patches/nginx/201-ignore-invalid-options.patch
View File

@ -1,6 +1,6 @@
--- a/auto/options
+++ b/auto/options
@@ -411,8 +411,7 @@ $0: warning: the \"--with-sha1-asm\" opt
@@ -415,8 +415,7 @@ $0: warning: the \"--with-sha1-asm\" opt
--test-build-solaris-sendfilev) NGX_TEST_BUILD_SOLARIS_SENDFILEV=YES ;;
*)

11
nginx/patches/nginx/202-fix-fPIC-on-link.patch Normal file
View File

@ -0,0 +1,11 @@
--- a/auto/make
+++ b/auto/make
@@ -623,7 +623,7 @@ END
modules: $ngx_obj
$ngx_obj: $ngx_deps$ngx_spacer
- \$(LINK) $ngx_long_start$ngx_binout$ngx_obj$ngx_long_cont$ngx_objs$ngx_libs$ngx_link$ngx_module_link
+ \$(LINK) $ngx_pic_opt $ngx_long_start$ngx_binout$ngx_obj$ngx_long_cont$ngx_objs$ngx_libs$ngx_link$ngx_module_link
$ngx_long_end
$ngx_modules_obj: \$(CORE_DEPS)$ngx_cont$ngx_modules_c

11
nginx/patches/nginx/300-fix-deprecated-openssl-3_0.patch Normal file
View File

@ -0,0 +1,11 @@
--- a/src/event/quic/ngx_event_quic_protection.c
+++ b/src/event/quic/ngx_event_quic_protection.c
@@ -510,7 +510,7 @@ ngx_quic_crypto_common(ngx_quic_secret_t
}
}
- if (EVP_CIPHER_mode(EVP_CIPHER_CTX_cipher(ctx)) == EVP_CIPH_CCM_MODE
+ if (EVP_CIPHER_mode(EVP_CIPHER_CTX_get0_cipher(ctx)) == EVP_CIPH_CCM_MODE
&& EVP_CipherUpdate(ctx, NULL, &len, NULL, in->len) != 1)
{
ngx_ssl_error(NGX_LOG_INFO, log, 0, "EVP_CipherUpdate() failed");

9
opkg/Makefile
View File

@ -7,14 +7,14 @@ include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=opkg
PKG_RELEASE:=2
PKG_RELEASE:=1
PKG_FLAGS:=essential
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL=$(PROJECT_GIT)/project/opkg-lede.git
PKG_SOURCE_DATE:=2022-02-24
PKG_SOURCE_VERSION:=d038e5b6d155784575f62a66a8bb7e874173e92e
PKG_MIRROR_HASH:=e5ec4ae93f6529f7f0b9acc22a9a63c1b2f27d3b30b4a82041fcd58b9bc7cdf3
PKG_SOURCE_DATE:=2024-10-16
PKG_SOURCE_VERSION:=38eccbb1fd694d4798ac1baf88f9ba83d1eac616
PKG_MIRROR_HASH:=de58ff1c99c14789f9ba8946623c8c1e58d022e7e2a659d6f97c6fde54f2c4f4
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=COPYING
@ -39,6 +39,7 @@ define Package/opkg
CATEGORY:=Base system
TITLE:=opkg package manager
DEPENDS:=+uclient-fetch +libpthread +libubox
DEFAULT:=y if !USE_APK
URL:=$(PKG_SOURCE_URL)
MENU:=1
endef

2
opkg/files/20_migrate-feeds
View File

@ -1,6 +1,6 @@
#!/bin/sh
[ -f /etc/opkg.conf ] && grep -q "src\/" /etc/opkg.conf || exit 0
[ -f /etc/opkg.conf ] && grep -q "src/" /etc/opkg.conf || exit 0
echo -e "# Old feeds from previous image\n# Uncomment to reenable\n" >> /etc/opkg/customfeeds.conf
sed -n "s/.*\(src\/.*\)/# \1/p" /etc/opkg.conf >> /etc/opkg/customfeeds.conf

114
ppp/Makefile
View File

@ -9,28 +9,38 @@ include $(TOPDIR)/rules.mk
include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=ppp
PKG_RELEASE:=4
PKG_VERSION:=2.5.1
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/paulusmack/ppp
PKG_SOURCE_DATE:=2021-01-04
PKG_SOURCE_VERSION:=4fb319056f168bb8379865b91b4fd3e1ada73f1e
PKG_MIRROR_HASH:=429cb5fcff36e1d8698766130711d4764347f08b83233dfb4831bea21616efef
PKG_SOURCE_URL:=https://github.com/ppp-project/ppp
PKG_SOURCE_DATE:=2024-09-18
PKG_SOURCE_VERSION:=d5aeec65752d4a9b3bb46771d0b221c4a4a6539e
PKG_MIRROR_HASH:=b98125933d8160ff3476b053414e787e65a94948c0ecee53f6261cd403ff4b03
PKG_MAINTAINER:=Felix Fietkau <nbd@nbd.name>
PKG_LICENSE:=BSD-4-Clause
PKG_CPE_ID:=cpe:/a:samba:ppp
PKG_RELEASE_VERSION:=2.4.9
PKG_VERSION:=$(PKG_RELEASE_VERSION).git-$(PKG_SOURCE_DATE)
PKG_BUILD_DEPENDS:=libpcap
PKG_ASLR_PIE_REGULAR:=1
PKG_BUILD_DEPENDS:=libpcap
PKG_BUILD_FLAGS:=gc-sections lto
PKG_BUILD_PARALLEL:=1
PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
include $(INCLUDE_DIR)/package.mk
CONFIGURE_VARS += \
enable_eaptls=no \
enable_microsoft_extensions=yes \
enable_peap=no
CONFIGURE_ARGS += \
with_openssl=no \
with_pam=no \
with_pcap=no \
with_srp=no \
with_static_pcap=yes
define Package/ppp/Default
SECTION:=net
@ -174,51 +184,25 @@ This tool performs the same discovery process as pppoe, but does
not initiate a session. Can be useful to debug pppoe.
endef
define Build/Configure
$(call Build/Configure/Default,, \
UNAME_S="Linux" \
UNAME_R="$(LINUX_VERSION)" \
UNAME_M="$(ARCH)" \
)
mkdir -p $(PKG_BUILD_DIR)/pppd/plugins/pppoatm/linux
$(CP) \
$(LINUX_DIR)/include/linux/compiler.h \
$(LINUX_DIR)/include/$(LINUX_UAPI_DIR)linux/atm*.h \
$(PKG_BUILD_DIR)/pppd/plugins/pppoatm/linux/
# Kernel 4.14.9+ only, ignore the exit status of cp in case the file
# doesn't exits
-$(CP) $(LINUX_DIR)/include/linux/compiler_types.h \
$(PKG_BUILD_DIR)/pppd/plugins/pppoatm/linux/
endef
MAKE_FLAGS += COPTS="$(TARGET_CFLAGS)" \
PRECOMPILED_FILTER=1 \
STAGING_DIR="$(STAGING_DIR)"
ifeq ($(BUILD_VARIANT),multilink)
MAKE_FLAGS += HAVE_MULTILINK=y
else
MAKE_FLAGS += HAVE_MULTILINK=
endif
ifdef CONFIG_USE_MUSL
MAKE_FLAGS += USE_LIBUTIL=
CONFIGURE_VARS += \
enable_multilink=yes
endif
define Build/InstallDev
$(INSTALL_DIR) $(1)/usr/include
$(CP) $(PKG_INSTALL_DIR)/include/pppd $(1)/usr/include/
$(CP) $(PKG_INSTALL_DIR)/usr/include/pppd $(1)/usr/include/
$(INSTALL_DIR) $(1)/usr/lib/pkgconfig
$(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/*.pc $(1)/usr/lib/pkgconfig
endef
define Package/ppp/script_install
endef
define Package/ppp/install
$(INSTALL_DIR) $(1)/usr/lib/pppd/$(PKG_RELEASE_VERSION)
$(INSTALL_DIR) $(1)/usr/lib/pppd/$(PKG_VERSION)
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/sbin/pppd $(1)/usr/sbin/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/pppd $(1)/usr/sbin/
$(INSTALL_DIR) $(1)/etc/ppp
$(INSTALL_CONF) ./files/etc/ppp/chap-secrets $(1)/etc/ppp/
$(INSTALL_DATA) ./files/etc/ppp/filter $(1)/etc/ppp/
@ -233,21 +217,21 @@ endef
Package/ppp-multilink/install=$(Package/ppp/install)
define Package/ppp-mod-pppoa/install
$(INSTALL_DIR) $(1)/usr/lib/pppd/$(PKG_RELEASE_VERSION)
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/lib/pppd/$(PKG_RELEASE_VERSION)/pppoatm.so \
$(1)/usr/lib/pppd/$(PKG_RELEASE_VERSION)/
$(INSTALL_DIR) $(1)/usr/lib/pppd/$(PKG_VERSION)
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/pppd/$(PKG_VERSION)/pppoatm.so \
$(1)/usr/lib/pppd/$(PKG_VERSION)/
endef
define Package/ppp-mod-pppoe/install
$(INSTALL_DIR) $(1)/usr/lib/pppd/$(PKG_RELEASE_VERSION)
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/lib/pppd/$(PKG_RELEASE_VERSION)/pppoe.so \
$(1)/usr/lib/pppd/$(PKG_RELEASE_VERSION)/
$(INSTALL_DIR) $(1)/usr/lib/pppd/$(PKG_VERSION)
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/pppd/$(PKG_VERSION)/pppoe.so \
$(1)/usr/lib/pppd/$(PKG_VERSION)/
endef
define Package/ppp-mod-radius/install
$(INSTALL_DIR) $(1)/usr/lib/pppd/$(PKG_RELEASE_VERSION)
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/lib/pppd/$(PKG_RELEASE_VERSION)/radius.so \
$(1)/usr/lib/pppd/$(PKG_RELEASE_VERSION)/
$(INSTALL_DIR) $(1)/usr/lib/pppd/$(PKG_VERSION)
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/pppd/$(PKG_VERSION)/radius.so \
$(1)/usr/lib/pppd/$(PKG_VERSION)/
$(INSTALL_DIR) $(1)/etc/ppp
$(INSTALL_DATA) ./files/etc/ppp/radius.conf $(1)/etc/ppp/
$(INSTALL_DIR) $(1)/etc/ppp/radius
@ -258,43 +242,43 @@ define Package/ppp-mod-radius/install
endef
define Package/ppp-mod-pppol2tp/install
$(INSTALL_DIR) $(1)/usr/lib/pppd/$(PKG_RELEASE_VERSION)
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/lib/pppd/$(PKG_RELEASE_VERSION)/pppol2tp.so \
$(1)/usr/lib/pppd/$(PKG_RELEASE_VERSION)/
$(INSTALL_DIR) $(1)/usr/lib/pppd/$(PKG_VERSION)
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/pppd/$(PKG_VERSION)/pppol2tp.so \
$(1)/usr/lib/pppd/$(PKG_VERSION)/
endef
define Package/ppp-mod-pptp/install
$(INSTALL_DIR) $(1)/usr/lib/pppd/$(PKG_RELEASE_VERSION)
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/lib/pppd/$(PKG_RELEASE_VERSION)/pptp.so \
$(1)/usr/lib/pppd/$(PKG_RELEASE_VERSION)/
$(INSTALL_DIR) $(1)/usr/lib/pppd/$(PKG_VERSION)
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/pppd/$(PKG_VERSION)/pptp.so \
$(1)/usr/lib/pppd/$(PKG_VERSION)/
$(INSTALL_DIR) $(1)/etc/ppp
$(INSTALL_DATA) ./files/etc/ppp/options.pptp $(1)/etc/ppp/
endef
define Package/ppp-mod-passwordfd/install
$(INSTALL_DIR) $(1)/usr/lib/pppd/$(PKG_RELEASE_VERSION)
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/lib/pppd/$(PKG_RELEASE_VERSION)/passwordfd.so \
$(1)/usr/lib/pppd/$(PKG_RELEASE_VERSION)/
$(INSTALL_DIR) $(1)/usr/lib/pppd/$(PKG_VERSION)
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/pppd/$(PKG_VERSION)/passwordfd.so \
$(1)/usr/lib/pppd/$(PKG_VERSION)/
endef
define Package/chat/install
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/sbin/chat $(1)/usr/sbin/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/chat $(1)/usr/sbin/
endef
define Package/pppdump/install
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/sbin/pppdump $(1)/usr/sbin/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/pppdump $(1)/usr/sbin/
endef
define Package/pppstats/install
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/sbin/pppstats $(1)/usr/sbin/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/pppstats $(1)/usr/sbin/
endef
define Package/pppoe-discovery/install
$(INSTALL_DIR) $(1)/usr/sbin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/sbin/pppoe-discovery $(1)/usr/sbin/
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/pppoe-discovery $(1)/usr/sbin/
endef
$(eval $(call BuildPackage,ppp))

2
ppp/files/lib/netifd/ppp6-up
View File

@ -27,6 +27,8 @@ if [ -n "$AUTOIPV6" ]; then
[ -n "$EXTENDPREFIX" ] && json_add_string extendprefix 1
[ -n "$IP6TABLE" ] && json_add_string ip6table $IP6TABLE
[ -n "$PEERDNS" ] && json_add_boolean peerdns $PEERDNS
[ "$NOSOURCEFILTER" = "1" ] && json_add_boolean sourcefilter "0"
[ "$DELEGATE" = "0" ] && json_add_boolean delegate "0"
json_close_object
ubus call network add_dynamic "$(json_dump)"
fi

8
ppp/files/ppp.sh
View File

@ -82,13 +82,15 @@ ppp_generic_init_config() {
proto_config_add_boolean persist
proto_config_add_int maxfail
proto_config_add_int holdoff
proto_config_add_boolean sourcefilter
proto_config_add_boolean delegate
}
ppp_generic_setup() {
local config="$1"; shift
local localip
json_get_vars ip6table demand keepalive keepalive_adaptive username password pppd_options pppname unnumbered persist maxfail holdoff peerdns
json_get_vars ip6table demand keepalive keepalive_adaptive username password pppd_options pppname unnumbered persist maxfail holdoff peerdns sourcefilter delegate
[ ! -e /proc/sys/net/ipv6 ] && ipv6=0 || json_get_var ipv6 ipv6
@ -133,6 +135,8 @@ ppp_generic_setup() {
[ "${keepalive_adaptive:-1}" -lt 1 ] && lcp_adaptive=""
[ -n "$connect" ] || json_get_var connect connect
[ -n "$disconnect" ] || json_get_var disconnect disconnect
[ "$sourcefilter" = "0" ] || sourcefilter=""
[ "$delegate" != "0" ] && delegate=""
proto_run_command "$config" /usr/sbin/pppd \
nodetach ipparam "$config" \
@ -143,6 +147,8 @@ ppp_generic_setup() {
${autoipv6:+set AUTOIPV6=1} \
${ip6table:+set IP6TABLE=$ip6table} \
${peerdns:+set PEERDNS=$peerdns} \
${sourcefilter:+set NOSOURCEFILTER=1} \
${delegate:+set DELEGATE=0} \
nodefaultroute \
usepeerdns \
$demand $persist maxfail $maxfail \

24
ppp/patches/010-use_target_for_configure.patch
View File

@ -1,24 +0,0 @@
configure: Allow overriding uname results
In a cross compile setting it makes no sense to rely on the "uname" values
reported by the build host system. This patch allows overriding the
"uname -r", "uname -s" and "uname -m" results with the "UNAME_R", "UNAME_S"
and "UNAME_M" environment variables.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
--- a/configure
+++ b/configure
@@ -10,9 +10,9 @@ CROSS_COMPILE=
CC=cc
CFLAGS=
-system=`uname -s`
-release=`uname -r`
-arch=`uname -m`
+system=${UNAME_S:-`uname -s`}
+release=${UNAME_R:-`uname -r`}
+arch=${UNAME_M:-`uname -m`}
state="unknown"
case $system in

45
ppp/patches/101-pppd-crypto-fix-build-without-openssl.patch Normal file
View File

@ -0,0 +1,45 @@
From: Shiji Yang <yangshiji66@outlook.com>
Date: Fri, 4 Oct 2024 12:19:42 +0000
Subject: [PATCH] pppd/crypto: fix build without openssl
Compile openssl relevant code only when PPP_WITH_OPENSSL is defined.
Signed-off-by: Shiji Yang <yangshiji66@outlook.com>
---
pppd/crypto.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/pppd/crypto.c
+++ b/pppd/crypto.c
@@ -199,6 +199,7 @@ int PPP_crypto_init()
{
int retval = 0;
+#ifdef PPP_WITH_OPENSSL
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
g_crypto_ctx.legacy = OSSL_PROVIDER_load(NULL, "legacy");
if (g_crypto_ctx.legacy == NULL)
@@ -214,6 +215,7 @@ int PPP_crypto_init()
goto done;
}
#endif
+#endif
retval = 1;
@@ -224,6 +226,7 @@ done:
int PPP_crypto_deinit()
{
+#ifdef PPP_WITH_OPENSSL
#if OPENSSL_VERSION_NUMBER >= 0x30000000L
if (g_crypto_ctx.legacy) {
OSSL_PROVIDER_unload(g_crypto_ctx.legacy);
@@ -239,6 +242,7 @@ int PPP_crypto_deinit()
#if OPENSSL_VERSION_NUMBER < 0x10100000L
ERR_free_strings();
#endif
+#endif
return 1;
}

27
ppp/patches/102-pppd-make-pid-directory-before-create-the-pid-file.patch Normal file
View File

@ -0,0 +1,27 @@
From: Shiji Yang <yangshiji66@outlook.com>
Date: Fri, 4 Oct 2024 14:02:14 +0000
Subject: [PATCH] pppd: make pid directory before create the pid file
If multilink feature is not enabled, the '/var/run/pppd' directory
won't be created before adding pid file.
Fixes error message:
'Failed to create pid file /var/run/pppd/pppoe-wan.pid: No such file or directory'
Signed-off-by: Shiji Yang <yangshiji66@outlook.com>
---
pppd/main.c | 3 +++
1 file changed, 3 insertions(+)
--- a/pppd/main.c
+++ b/pppd/main.c
@@ -921,6 +921,9 @@ create_pidfile(int pid)
{
FILE *pidfile;
+#ifndef PPP_WITH_TDB
+ mkdir_recursive(PPP_PATH_VARRUN);
+#endif
slprintf(pidfilename, sizeof(pidfilename), "%s/%s.pid",
PPP_PATH_VARRUN, ifname);
if ((pidfile = fopen(pidfilename, "w")) != NULL) {

42
ppp/patches/103-pppd-crypto-fix-gcc-14-build.patch Normal file
View File

@ -0,0 +1,42 @@
From: Tan Zien <nabsdh9@gmail.com>
Date: Tue, 1 Oct 2024 10:38:45 +0800
Subject: [PATCH] pppd/crypto: fix gcc 14 build
fix this:
crypto.c: In function 'PPP_crypto_error':
crypto.c:178:11: error: implicit declaration of function 'vsnprintf' [-Wimplicit-function-declaration]
178 | off = vsnprintf(buf, len, fmt, args);
| ^~~~~~~~~
crypto.c:41:1: note: include '<stdio.h>' or provide a declaration of 'vsnprintf'
40 | #include "crypto-priv.h"
+++ |+#include <stdio.h>
41 |
crypto.c:178:26: warning: 'vsnprintf' argument 2 type is 'int' where 'long unsigned int' is expected in a call to built-in function declared without prototype [-Wbuiltin-declaration-mismatch]
178 | off = vsnprintf(buf, len, fmt, args);
| ^~~
<built-in>: note: built-in 'vsnprintf' declared here
Signed-off-by: Tan Zien <nabsdh9@gmail.com>
---
pppd/crypto.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/pppd/crypto.c
+++ b/pppd/crypto.c
@@ -34,6 +34,7 @@
#include <stdlib.h>
#include <string.h>
+#include <stdio.h>
#include "pppd.h"
#include "crypto.h"
@@ -247,7 +248,6 @@ int PPP_crypto_deinit()
}
#ifdef UNIT_TEST
-#include <stdio.h>
int debug;
int error_count;

22
ppp/patches/105-debian_demand.patch
View File

@ -1,6 +1,6 @@
--- a/pppd/demand.c
+++ b/pppd/demand.c
@@ -36,6 +36,8 @@
@@ -40,6 +40,8 @@
#include <errno.h>
#include <fcntl.h>
#include <netdb.h>
@ -9,16 +9,16 @@
#include <sys/param.h>
#include <sys/types.h>
#include <sys/wait.h>
@@ -43,6 +45,8 @@
@@ -47,6 +49,8 @@
#include <sys/resource.h>
#include <sys/stat.h>
#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
#ifdef PPP_FILTER
#ifdef PPP_WITH_FILTER
#include <pcap-bpf.h>
#endif
@@ -218,6 +222,14 @@ loop_chars(unsigned char *p, int n)
@@ -223,6 +227,14 @@ loop_chars(unsigned char *p, int n)
int c, rv;
rv = 0;
@ -33,7 +33,7 @@
for (; n > 0; --n) {
c = *p++;
if (c == PPP_FLAG) {
@@ -294,16 +306,100 @@ loop_frame(unsigned char *frame, int len
@@ -299,16 +311,100 @@ loop_frame(unsigned char *frame, int len
* loopback, now that the real serial link is up.
*/
void
@ -137,7 +137,7 @@
} else {
--- a/pppd/ipcp.c
+++ b/pppd/ipcp.c
@@ -1850,7 +1850,7 @@ ipcp_up(fsm *f)
@@ -1915,7 +1915,7 @@ ipcp_up(fsm *f)
proxy_arp_set[f->unit] = 1;
}
@ -148,7 +148,7 @@
} else {
--- a/pppd/ipv6cp.c
+++ b/pppd/ipv6cp.c
@@ -1253,7 +1253,7 @@ ipv6cp_up(fsm *f)
@@ -1338,7 +1338,7 @@ ipv6cp_up(fsm *f)
if (sif6defaultroute(f->unit, go->ourid, ho->hisid))
default_route_set[f->unit] = 1;
}
@ -157,14 +157,14 @@
sifnpmode(f->unit, PPP_IPV6, NPMODE_PASS);
} else {
--- a/pppd/pppd.h
+++ b/pppd/pppd.h
@@ -598,7 +598,7 @@ void demand_conf(void); /* config interf
--- a/pppd/pppd-private.h
+++ b/pppd/pppd-private.h
@@ -368,7 +368,7 @@ void demand_conf(void); /* config interf
void demand_block(void); /* set all NPs to queue up packets */
void demand_unblock(void); /* set all NPs to pass packets */
void demand_discard(void); /* set all NPs to discard packets */
-void demand_rexmit(int); /* retransmit saved frames for an NP */
+void demand_rexmit(int, u_int32_t); /* retransmit saved frames for an NP*/
+void demand_rexmit(int, u_int32_t); /* retransmit saved frames for an NP */
int loop_chars(unsigned char *, int); /* process chars from loopback */
int loop_frame(unsigned char *, int); /* should we bring link up? */

95
ppp/patches/120-debian_ipv6_updown_option.patch
View File

@ -1,95 +0,0 @@
pppd: Allow specifying ipv6-up and ipv6-down scripts
This patch implements the "ipv6-up-script" and "ipv6-down-script" options
which allow to specify the path of the ipv6-up and ipv6-down scripts to call.
These options default to _PATH_IPV6UP and _PATH_IPV6DOWN to retain the
existing behaviour.
The patch originated from the Debian project.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
--- a/pppd/main.c
+++ b/pppd/main.c
@@ -295,6 +295,8 @@ main(int argc, char *argv[])
strlcpy(path_ipup, _PATH_IPUP, sizeof(path_ipup));
strlcpy(path_ipdown, _PATH_IPDOWN, sizeof(path_ipdown));
+ strlcpy(path_ipv6up, _PATH_IPV6UP, sizeof(path_ipv6up));
+ strlcpy(path_ipv6down, _PATH_IPV6DOWN, sizeof(path_ipv6down));
link_stats_valid = 0;
new_phase(PHASE_INITIALIZE);
--- a/pppd/options.c
+++ b/pppd/options.c
@@ -118,6 +118,8 @@ int req_unit = -1; /* requested interfa
char path_ipup[MAXPATHLEN]; /* pathname of ip-up script */
char path_ipdown[MAXPATHLEN];/* pathname of ip-down script */
char req_ifname[MAXIFNAMELEN]; /* requested interface name */
+char path_ipv6up[MAXPATHLEN]; /* pathname of ipv6-up script */
+char path_ipv6down[MAXPATHLEN];/* pathname of ipv6-down script */
bool multilink = 0; /* Enable multilink operation */
char *bundle_name = NULL; /* bundle name for multilink */
bool dump_options; /* print out option values */
@@ -324,6 +326,13 @@ option_t general_options[] = {
"Set pathname of ip-down script",
OPT_PRIV|OPT_STATIC, NULL, MAXPATHLEN },
+ { "ipv6-up-script", o_string, path_ipv6up,
+ "Set pathname of ipv6-up script",
+ OPT_PRIV|OPT_STATIC, NULL, MAXPATHLEN },
+ { "ipv6-down-script", o_string, path_ipv6down,
+ "Set pathname of ipv6-down script",
+ OPT_PRIV|OPT_STATIC, NULL, MAXPATHLEN },
+
#ifdef HAVE_MULTILINK
{ "multilink", o_bool, &multilink,
"Enable multilink operation", OPT_PRIO | 1 },
--- a/pppd/ipv6cp.c
+++ b/pppd/ipv6cp.c
@@ -1295,7 +1295,7 @@ ipv6cp_up(fsm *f)
*/
if (ipv6cp_script_state == s_down && ipv6cp_script_pid == 0) {
ipv6cp_script_state = s_up;
- ipv6cp_script(_PATH_IPV6UP);
+ ipv6cp_script(path_ipv6up);
}
}
@@ -1346,7 +1346,7 @@ ipv6cp_down(fsm *f)
/* Execute the ipv6-down script */
if (ipv6cp_script_state == s_up && ipv6cp_script_pid == 0) {
ipv6cp_script_state = s_down;
- ipv6cp_script(_PATH_IPV6DOWN);
+ ipv6cp_script(path_ipv6down);
}
}
@@ -1384,13 +1384,13 @@ ipv6cp_script_done(void *arg)
case s_up:
if (ipv6cp_fsm[0].state != OPENED) {
ipv6cp_script_state = s_down;
- ipv6cp_script(_PATH_IPV6DOWN);
+ ipv6cp_script(path_ipv6down);
}
break;
case s_down:
if (ipv6cp_fsm[0].state == OPENED) {
ipv6cp_script_state = s_up;
- ipv6cp_script(_PATH_IPV6UP);
+ ipv6cp_script(path_ipv6up);
}
break;
}
--- a/pppd/pppd.h
+++ b/pppd/pppd.h
@@ -328,6 +328,8 @@ extern int req_unit; /* interface unit n
extern char path_ipup[MAXPATHLEN]; /* pathname of ip-up script */
extern char path_ipdown[MAXPATHLEN]; /* pathname of ip-down script */
extern char req_ifname[MAXIFNAMELEN]; /* interface name to use */
+extern char path_ipv6up[MAXPATHLEN]; /* pathname of ipv6-up script */
+extern char path_ipv6down[MAXPATHLEN]; /* pathname of ipv6-down script */
extern bool multilink; /* enable multilink operation */
extern bool noendpoint; /* don't send or accept endpt. discrim. */
extern char *bundle_name; /* bundle name for multilink */

11
ppp/patches/133-fix_sha1_include.patch
View File

@ -1,11 +0,0 @@
--- a/pppd/sha1.c
+++ b/pppd/sha1.c
@@ -19,7 +19,7 @@
#include <string.h>
#include <time.h>
#include <netinet/in.h> /* htonl() */
-#include <net/ppp_defs.h>
+#include "pppd.h"
#include "sha1.h"
static void

56
ppp/patches/200-makefile.patch
View File

@ -1,56 +0,0 @@
pppd: tune Linux config defaults for OpenWrt
This patch adjusts a number defaults to properly match the OpenWrt environment.
It is not intended for upstream.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
--- a/pppd/Makefile.linux
+++ b/pppd/Makefile.linux
@@ -49,7 +49,7 @@ MPPE=y
# Uncomment the next line to include support for PPP packet filtering.
# This requires that the libpcap library and headers be installed
# and that the kernel driver support PPP packet filtering.
-FILTER=y
+#FILTER=y
# Uncomment the next line to enable multilink PPP (enabled by default)
# Linux distributions: Please leave multilink ENABLED in your builds
@@ -59,7 +59,7 @@ HAVE_MULTILINK=y
# Uncomment the next line to enable the TDB database (enabled by default.)
# If you enable multilink, then TDB is automatically enabled also.
# Linux distributions: Please leave TDB ENABLED in your builds.
-USE_TDB=y
+#USE_TDB=y
# Uncomment the next line to enable Type=notify services in systemd
# If enabled, and the user sets the up_sdnotify option, then
@@ -85,13 +85,13 @@ USE_LIBUTIL=y
endif
# Enable EAP-TLS authentication (requires MPPE support, libssl and libcrypto)
-USE_EAPTLS=y
+#USE_EAPTLS=y
MAXOCTETS=y
INCLUDE_DIRS= -I../include
-COMPILE_FLAGS= -DHAVE_PATHS_H -DIPX_CHANGE -DHAVE_MMAP -pipe
+COMPILE_FLAGS= -DHAVE_PATHS_H -DHAVE_MMAP -pipe
CFLAGS= $(COPTS) $(COMPILE_FLAGS) $(INCLUDE_DIRS) '-DDESTDIR="@DESTDIR@"'
@@ -143,10 +143,10 @@ CFLAGS += -DHAS_SHADOW
#LIBS += -lshadow $(LIBS)
endif
-ifeq ($(shell echo '\#include <crypt.h>' | $(CC) -E - >/dev/null 2>&1 && echo yes),yes)
+#ifeq ($(shell echo '\#include <crypt.h>' | $(CC) -E - >/dev/null 2>&1 && echo yes),yes)
CFLAGS += -DHAVE_CRYPT_H=1
LIBS += -lcrypt
-endif
+#endif
ifdef USE_LIBUTIL
CFLAGS += -DHAVE_LOGWTMP=1

1518
ppp/patches/201-mppe_mppc_1.1.patch
View File

File diff suppressed because it is too large Load Diff

38
ppp/patches/203-opt_flags.patch
View File

@ -1,38 +0,0 @@
build: Move optimization flags into a separate variable
Isolate optimization related compiler flags from CFLAGS and move them into a
separate COPTS variable so that it is easier to override optimizations from
the environment.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
--- a/pppd/plugins/radius/Makefile.linux
+++ b/pppd/plugins/radius/Makefile.linux
@@ -47,13 +47,13 @@ install: all
$(INSTALL) -c -m 444 pppd-radattr.8 $(MANDIR)
radius.so: radius.o libradiusclient.a
- $(CC) $(LDFLAGS) -o radius.so -shared radius.o libradiusclient.a
+ $(CC) $(LDFLAGS) -fPIC -o radius.so -shared radius.o libradiusclient.a
radattr.so: radattr.o
- $(CC) $(LDFLAGS) -o radattr.so -shared radattr.o
+ $(CC) $(LDFLAGS) -fPIC -o radattr.so -shared radattr.o
radrealms.so: radrealms.o
- $(CC) $(LDFLAGS) -o radrealms.so -shared radrealms.o
+ $(CC) $(LDFLAGS) -fPIC -o radrealms.so -shared radrealms.o
CLIENTOBJS = avpair.o buildreq.o config.o dict.o ip_util.o \
clientid.o sendserver.o lock.o util.o md5.o
--- a/pppd/plugins/pppoe/Makefile.linux
+++ b/pppd/plugins/pppoe/Makefile.linux
@@ -38,7 +38,7 @@ debug.o: debug.c
$(CC) $(CFLAGS) -I../../.. -c -o debug.o debug.c
pppoe.so: plugin.o discovery.o if.o common.o
- $(CC) $(LDFLAGS) -o pppoe.so -shared plugin.o discovery.o if.o common.o
+ $(CC) $(LDFLAGS) -fPIC -o pppoe.so -shared plugin.o discovery.o if.o common.o
install: all
$(INSTALL) -d -m 755 $(LIBDIR)

2
ppp/patches/204-radius_config.patch
View File

@ -1,6 +1,6 @@
--- a/pppd/plugins/radius/config.c
+++ b/pppd/plugins/radius/config.c
@@ -371,31 +371,37 @@ static int test_config(char *filename)
@@ -381,31 +381,37 @@ static int test_config(char *filename)
}
#endif

29
ppp/patches/205-no_exponential_timeout.patch
View File

@ -1,29 +0,0 @@
pppd: Don't use exponential timeout in discovery phase
This patch removes the exponential timeout increase between PADO or PADS
discovery attempts.
Signed-off-by: Jo-Philipp Wich <jo@mein.io>
--- a/pppd/plugins/pppoe/discovery.c
+++ b/pppd/plugins/pppoe/discovery.c
@@ -632,7 +632,9 @@ discovery(PPPoEConnection *conn)
conn->discoveryState = STATE_SENT_PADI;
waitForPADO(conn, timeout);
+#if 0
timeout *= 2;
+#endif
} while (conn->discoveryState == STATE_SENT_PADI);
timeout = conn->discoveryTimeout;
@@ -647,7 +649,9 @@ discovery(PPPoEConnection *conn)
sendPADR(conn);
conn->discoveryState = STATE_SENT_PADR;
waitForPADS(conn, timeout);
+#if 0
timeout *= 2;
+#endif
} while (conn->discoveryState == STATE_SENT_PADR);
if (!conn->seenMaxPayload) {

10
ppp/patches/207-lcp_mtu_max.patch
View File

@ -8,18 +8,18 @@ Signed-off-by: Jo-Philipp Wich <jo@mein.io>
--- a/pppd/lcp.c
+++ b/pppd/lcp.c
@@ -1862,12 +1862,12 @@ lcp_up(fsm *f)
@@ -1888,12 +1888,12 @@ lcp_up(fsm *f)
* the interface MTU is set to the lowest of that, the
* MTU we want to use, and our link MRU.
*/
- mtu = ho->neg_mru? ho->mru: PPP_MRU;
+ mtu = MIN(ho->neg_mru? ho->mru: PPP_MRU, ao->mru);
mru = go->neg_mru? MAX(wo->mru, go->mru): PPP_MRU;
#ifdef HAVE_MULTILINK
#ifdef PPP_WITH_MULTILINK
if (!(multilink && go->neg_mrru && ho->neg_mrru))
#endif /* HAVE_MULTILINK */
- netif_set_mtu(f->unit, MIN(MIN(mtu, mru), ao->mru));
+ netif_set_mtu(f->unit, MIN(mtu, mru));
#endif /* PPP_WITH_MULTILINK */
- ppp_set_mtu(f->unit, MIN(MIN(mtu, mru), ao->mru));
+ ppp_set_mtu(f->unit, MIN(mtu, mru));
ppp_send_config(f->unit, mtu,
(ho->neg_asyncmap? ho->asyncmap: 0xffffffff),
ho->neg_pcompression, ho->neg_accompression);

Some files were not shown because too many files have changed in this diff Show More