summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLudovic Pouzenc <ludovic@pouzenc.fr>2017-11-27 21:50:23 +0100
committerLudovic Pouzenc <ludovic@pouzenc.fr>2017-11-27 21:50:23 +0100
commiteeaa262d92a3d4fb1d8b0826385b87f0933dbf01 (patch)
tree027192254d3ef79b0de4607292032fd45c63b17a
parente7d21277f1aaa8e8268e898e85629e6be545a487 (diff)
downloadchd_openwrt-eeaa262d92a3d4fb1d8b0826385b87f0933dbf01.zip
chd_openwrt-eeaa262d92a3d4fb1d8b0826385b87f0933dbf01.tar.gz
chd_openwrt-eeaa262d92a3d4fb1d8b0826385b87f0933dbf01.tar.bz2
dev to prod (LEDE 17.01.4)
-rwxr-xr-xbuild-openwrt.sh237
-rw-r--r--maj/gen.php15
2 files changed, 64 insertions, 188 deletions
diff --git a/build-openwrt.sh b/build-openwrt.sh
index 7a14dc1..95a79a5 100755
--- a/build-openwrt.sh
+++ b/build-openwrt.sh
@@ -24,8 +24,8 @@ echo -n "$0 - " ; date
# Directories and source file URL
BUILD_DIR=${BUILD_DIR:-./build}
CACHE_DIR=${CACHE_DIR:-.}
-ORIG_TARBALL=lede-imagebuilder-17.01.2-ar71xx-generic.Linux-x86_64.tar.xz
-ORIG_URL=https://downloads.lede-project.org/releases/17.01.2/targets/ar71xx/generic/$ORIG_TARBALL
+ORIG_TARBALL=lede-imagebuilder-17.01.4-ar71xx-generic.Linux-x86_64.tar.xz
+ORIG_URL=https://downloads.lede-project.org/releases/17.01.4/targets/ar71xx/generic/$ORIG_TARBALL
PACKAGES="luci luci-mod-admin-full ip kmod-leds-gpio" # Base packages
PACKAGES="$PACKAGES luci-i18n-base-en luci-i18n-firewall-en luci-i18n-base-fr luci-i18n-firewall-fr" # internationalisation
PACKAGES="$PACKAGES -kmod-ppp -kmod-pppoe -kmod-pppox" # Unusefull kernel modules
@@ -38,6 +38,7 @@ then echo "Usage: $0 <profile> <ip4pub> <lanip4addr> <ip6prefix> <root_passwd> <
fi
dnslist="185.131.40.1 fe80::31"
+logserv="172.16.0.253"
profile=$1
@@ -98,7 +99,8 @@ fi
cd "$BUILD_DIR/" || exit 5
-mkdir -p extra_files/etc/config extra_files/etc/dropbear extra_files/etc/hotplug.d/button
+[ -d extra_files/ ] && rm -r extra_files/
+mkdir -p extra_files/etc/{config,dropbear,sysctl.d}
###############################
# Prepare Openwrt config file #
@@ -121,6 +123,7 @@ daemon:*:0:0:99999:7:::
ftp:*:0:0:99999:7:::
network:*:0:0:99999:7:::
nobody:*:0:0:99999:7:::
+dnsmasq:x:0:0:99999:7:::
EOF
cat > extra_files/etc/rc.local <<EOF
@@ -130,9 +133,32 @@ cat > extra_files/etc/rc.local <<EOF
# generated on $(date)
# generated from $(hostname):$(stat -c'%N %y' $0)
+[ -x /etc/rc.initconf ] && /etc/rc.initconf >/var/log/initconf.log 2>&1
exit 0
EOF
+cat > extra_files/etc/rc.initconf <<EOF
+echo "uci set wireless.default_radio0.key='*****************'"
+uci set wireless.default_radio0.key='$wireless_key'
+set -v
+uci set wireless.default_radio0.ssid='$wireless_ssid'
+uci set wireless.default_radio0.encryption='psk2'
+uci set wireless.default_radio0.wpa_disable_eapol_key_retries='1'
+uci set wireless.radio0.country='FR'
+uci set wireless.radio0.txpower='$wireless_txpower'
+uci set wireless.radio0.distance='30'
+uci set wireless.radio0.disabled='0'
+uci set system.@system[0].zonename='Europe/Paris'
+uci set system.@system[0].timezone='CET-1CEST,M3.5.0,M10.5.0/3'
+uci set system.@system[0].log_ip='$logserv'
+uci delete dhcp.lan.dhcpv6
+uci set luci.main.lang='fr'
+rm /etc/rc.initconf
+uci commit
+wifi
+EOF
+chmod +x extra_files/etc/rc.initconf
+
cat > extra_files/etc/config/network <<EOF
config interface 'loopback'
option ifname 'lo'
@@ -140,12 +166,14 @@ config interface 'loopback'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
+config globals 'globals'
+
config interface 'lan'
- option ifname 'eth0'
option type 'bridge'
+ option ifname 'eth0'
option proto 'static'
- option netmask '255.255.255.0'
option ipaddr '$lanip4addr'
+ option netmask '255.255.255.0'
option ip6addr '$lanip6addr'
config interface 'wan'
@@ -158,6 +186,14 @@ config interface 'wan'
option dns '$dnslist'
option ip6addr '$wanip6addr'
option ip6gw '$wanip6gw'
+ option gateway '$wanip4gw'
+
+config interface 'wan6'
+ option ifname 'eth1'
+ option _orig_ifname 'eth1'
+ option _orig_bridge 'false'
+ option proto 'static'
+ option ip6addr '$wanip6ll'
config switch
option name 'eth0'
@@ -165,76 +201,9 @@ config switch
option enable_vlan '1'
config switch_vlan
- option device 'eth0'
+ option device 'switch0'
option vlan '1'
- option ports '0 1 2 3 4'
-
-config interface 'wan6'
- option proto 'static'
- option ifname 'eth1'
- option send_rs '0'
- option ip6addr '$wanip6ll'
-
-config route
- option interface 'wan'
- option onlink '1'
- option target '0.0.0.0/0'
- option gateway '$wanip4gw'
-EOF
-
-
-cat > extra_files/etc/config/wireless <<EOF
-config wifi-device 'radio0'
- option type 'mac80211'
- option phy 'phy0'
- option channel '11'
- option hwmode '11ng'
- option htmode 'HT20'
- list ht_capab 'SHORT-GI-20'
- list ht_capab 'SHORT-GI-40'
- list ht_capab 'RX-STBC1'
- list ht_capab 'DSSS_CCK-40'
- option country 'FR'
- option txpower '$wireless_txpower'
-
-config wifi-iface
- option device 'radio0'
- option network 'lan'
- option mode 'ap'
- option ssid '$wireless_ssid'
- option encryption 'psk2'
- option key '$wireless_key'
- option disabled '$wireless_disabled'
-EOF
-
-cat > extra_files/etc/config/dhcp <<EOF
-config dnsmasq
- option domainneeded 1
- option boguspriv 1
- option filterwin2k 0 # enable for dial on demand
- option localise_queries 1
- option rebind_protection 1 # disable if upstream must serve RFC1918 addresses
- option rebind_localhost 1 # enable for RBL checking and similar services
- option local '/lan/'
- option domain 'lan'
- option expandhosts 1
- option nonegcache 0
- option authoritative 1
- option readethers 1
- option leasefile '/tmp/dhcp.leases'
- option resolvfile '/tmp/resolv.conf.auto'
-
-config dhcp lan
- option interface lan
- option start 100
- option limit 150
- option leasetime 12h
- option dhcpv6 disabled
- option ra server
-
-config dhcp wan
- option interface wan
- option ignore 1
+ option ports '1 2 3 4 0'
EOF
cat > extra_files/etc/config/dropbear <<EOF
@@ -243,119 +212,21 @@ config dropbear
option Port '22'
EOF
-cat > extra_files/etc/config/firewall <<EOF
-config defaults
- option syn_flood '1'
- option input 'ACCEPT'
- option output 'ACCEPT'
- option forward 'REJECT'
-
-config zone
- option name 'lan'
- option network 'lan'
- option input 'ACCEPT'
- option output 'ACCEPT'
- option forward 'REJECT'
-
-config zone
- option name 'wan'
- option network 'wan'
- option input 'REJECT'
- option output 'ACCEPT'
- option forward 'REJECT'
- option masq '1'
- option mtu_fix '1'
-
-config forwarding
- option src 'lan'
- option dest 'wan'
-
-config rule
- option name 'Allow-DHCP-Renew'
- option src 'wan'
- option proto 'udp'
- option dest_port '68'
- option target 'ACCEPT'
- option family 'ipv4'
-
-config rule
- option name 'Allow-Ping'
- option src 'wan'
- option proto 'icmp'
- option icmp_type 'echo-request'
- option family 'ipv4'
- option target 'ACCEPT'
-
-config rule
- option name 'Allow-DHCPv6'
- option src 'wan'
- option proto 'udp'
- option src_ip 'fe80::/10'
- option src_port '547'
- option dest_ip 'fe80::/10'
- option dest_port '546'
- option family 'ipv6'
- option target 'ACCEPT'
-
-config rule
- option name 'Allow-ICMPv6-Input'
- option src 'wan'
- option proto 'icmp'
- list icmp_type 'echo-request'
- list icmp_type 'echo-reply'
- list icmp_type 'destination-unreachable'
- list icmp_type 'packet-too-big'
- list icmp_type 'time-exceeded'
- list icmp_type 'bad-header'
- list icmp_type 'unknown-header-type'
- list icmp_type 'router-solicitation'
- list icmp_type 'neighbour-solicitation'
- list icmp_type 'router-advertisement'
- list icmp_type 'neighbour-advertisement'
- option limit '1000/sec'
- option family 'ipv6'
- option target 'ACCEPT'
-
-config rule
- option name 'Allow-ICMPv6-Forward'
- option src 'wan'
- option dest '*'
- option proto 'icmp'
- list icmp_type 'echo-request'
- list icmp_type 'echo-reply'
- list icmp_type 'destination-unreachable'
- list icmp_type 'packet-too-big'
- list icmp_type 'time-exceeded'
- list icmp_type 'bad-header'
- list icmp_type 'unknown-header-type'
- option limit '1000/sec'
- option family 'ipv6'
- option target 'ACCEPT'
-
-config rule
- option target 'ACCEPT'
- option src 'wan'
- option proto 'tcp'
- option dest_port '22'
- option family 'ipv6'
- option dest_ip 'fe80::/10'
- option name 'Allow-ssh-maj-routeur'
-
-config include
- option path '/etc/firewall.user'
-EOF
+cat > extra_files/etc/firewall.user <<EOF
+# This file is interpreted as shell script.
+# Put your custom iptables rules here, they will
+# be executed with each firewall (re-)start.
-cat > extra_files/etc/hotplug.d/button/01onoff <<"EOF"
-#!/bin/sh
+# Internal uci firewall chains are flushed and recreated on reload, so
+# put custom rules into the root chains e.g. INPUT or FORWARD or into the
+# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
-[ "$BUTTON" = "wps" ] && [ "$ACTION" = "pressed" ] && {
- SW=$(uci get wireless.@wifi-device[0].disabled)
- [ $SW == '0' ] && uci set wireless.@wifi-device[0].disabled=1
- [ $SW == '0' ] || uci set wireless.@wifi-device[0].disabled=0
- wifi
-}
+ip6tables -A input_wan_rule -s fe80::/10 -d fe80::/10 -p tcp -m tcp --dport 22 -m comment --comment "CHD-allow-ssh-maj-routeur" -j ACCEPT
EOF
+cat > extra_files/etc/sysctl.d/dad.conf <<EOF
+net.ipv6.conf.eth1.accept_dad=0
+EOF
#######################
# Build Openwrt image #
diff --git a/maj/gen.php b/maj/gen.php
index e6bb308..cf46a4f 100644
--- a/maj/gen.php
+++ b/maj/gen.php
@@ -107,7 +107,7 @@ switch ($_POST['profile']) {
$profile="DEVICE_$target";
$user_filename="mise-a-jour-routeur-$target.bin";
-$gen_filename="bin/targets/ar71xx/generic/lede-17.01.2-ar71xx-generic-$target-squashfs-factory$region.bin";
+$gen_fileglob="bin/targets/ar71xx/generic/lede-*-ar71xx-generic-$target-squashfs-factory$region.bin";
if ( !$res ) {
echo "<!DOCTYPE html>\n<html>\n<head>\n<meta charset=\"utf-8\" />\n</head>\n<body>\n<h2>Oops, une erreur s'est produite</h2><div>Il y a un problème avec les renseignements fournis<br><ul>\n";
@@ -153,21 +153,26 @@ if ( ! flock($fh, LOCK_EX) ) {
exit();
}
+// Run the imagebuilder make command
putenv("CACHE_DIR=$basepath/");
putenv("BUILD_DIR=$basepath/build/");
exec($command, $output, $return_val);
+// Match produced file against expected filename
+$gen_matchedfiles = glob("$basepath/build/$gen_fileglob");
+
// Dump script output in /tmp for troobleshooting
file_put_contents(tempnam('/tmp' , $scriptfile.'_'), array($command, "\n", print_r($output,true), "\n",$return_val,"\n"));
-
-if ( $return_val === 0 ) {
+if ( $return_val === 0 && count($gen_matchedfiles) === 1) {
header('Content-Type: application/octet-stream');
header("Content-Disposition: attachment; filename=$user_filename");
- readfile("$basepath/build/$gen_filename");
+ readfile($gen_matchedfiles[0]);
} else {
echo "<pre>\n$command\n\n";
echo join($output, "\n") . "\n\n";
- echo "Command return value : "; var_dump($return_val);
+ echo "Expected file pattern : '$basepath/build/$gen_fileglob'"; echo "\n";
+ echo "Matched files : "; print_r($gen_matchedfiles); echo "\n";
+ echo "Command return value : "; var_dump($return_val); echo "\n";
}
fclose($fh);