diff options
author | Ludovic Pouzenc <ludovic@pouzenc.fr> | 2017-11-27 21:50:23 +0100 |
---|---|---|
committer | Ludovic Pouzenc <ludovic@pouzenc.fr> | 2017-11-27 21:50:23 +0100 |
commit | eeaa262d92a3d4fb1d8b0826385b87f0933dbf01 (patch) | |
tree | 027192254d3ef79b0de4607292032fd45c63b17a | |
parent | e7d21277f1aaa8e8268e898e85629e6be545a487 (diff) | |
download | chd_openwrt-eeaa262d92a3d4fb1d8b0826385b87f0933dbf01.zip chd_openwrt-eeaa262d92a3d4fb1d8b0826385b87f0933dbf01.tar.gz chd_openwrt-eeaa262d92a3d4fb1d8b0826385b87f0933dbf01.tar.bz2 |
dev to prod (LEDE 17.01.4)
-rwxr-xr-x | build-openwrt.sh | 237 | ||||
-rw-r--r-- | maj/gen.php | 15 |
2 files changed, 64 insertions, 188 deletions
diff --git a/build-openwrt.sh b/build-openwrt.sh index 7a14dc1..95a79a5 100755 --- a/build-openwrt.sh +++ b/build-openwrt.sh @@ -24,8 +24,8 @@ echo -n "$0 - " ; date # Directories and source file URL BUILD_DIR=${BUILD_DIR:-./build} CACHE_DIR=${CACHE_DIR:-.} -ORIG_TARBALL=lede-imagebuilder-17.01.2-ar71xx-generic.Linux-x86_64.tar.xz -ORIG_URL=https://downloads.lede-project.org/releases/17.01.2/targets/ar71xx/generic/$ORIG_TARBALL +ORIG_TARBALL=lede-imagebuilder-17.01.4-ar71xx-generic.Linux-x86_64.tar.xz +ORIG_URL=https://downloads.lede-project.org/releases/17.01.4/targets/ar71xx/generic/$ORIG_TARBALL PACKAGES="luci luci-mod-admin-full ip kmod-leds-gpio" # Base packages PACKAGES="$PACKAGES luci-i18n-base-en luci-i18n-firewall-en luci-i18n-base-fr luci-i18n-firewall-fr" # internationalisation PACKAGES="$PACKAGES -kmod-ppp -kmod-pppoe -kmod-pppox" # Unusefull kernel modules @@ -38,6 +38,7 @@ then echo "Usage: $0 <profile> <ip4pub> <lanip4addr> <ip6prefix> <root_passwd> < fi dnslist="185.131.40.1 fe80::31" +logserv="172.16.0.253" profile=$1 @@ -98,7 +99,8 @@ fi cd "$BUILD_DIR/" || exit 5 -mkdir -p extra_files/etc/config extra_files/etc/dropbear extra_files/etc/hotplug.d/button +[ -d extra_files/ ] && rm -r extra_files/ +mkdir -p extra_files/etc/{config,dropbear,sysctl.d} ############################### # Prepare Openwrt config file # @@ -121,6 +123,7 @@ daemon:*:0:0:99999:7::: ftp:*:0:0:99999:7::: network:*:0:0:99999:7::: nobody:*:0:0:99999:7::: +dnsmasq:x:0:0:99999:7::: EOF cat > extra_files/etc/rc.local <<EOF @@ -130,9 +133,32 @@ cat > extra_files/etc/rc.local <<EOF # generated on $(date) # generated from $(hostname):$(stat -c'%N %y' $0) +[ -x /etc/rc.initconf ] && /etc/rc.initconf >/var/log/initconf.log 2>&1 exit 0 EOF +cat > extra_files/etc/rc.initconf <<EOF +echo "uci set wireless.default_radio0.key='*****************'" +uci set wireless.default_radio0.key='$wireless_key' +set -v +uci set wireless.default_radio0.ssid='$wireless_ssid' +uci set wireless.default_radio0.encryption='psk2' +uci set wireless.default_radio0.wpa_disable_eapol_key_retries='1' +uci set wireless.radio0.country='FR' +uci set wireless.radio0.txpower='$wireless_txpower' +uci set wireless.radio0.distance='30' +uci set wireless.radio0.disabled='0' +uci set system.@system[0].zonename='Europe/Paris' +uci set system.@system[0].timezone='CET-1CEST,M3.5.0,M10.5.0/3' +uci set system.@system[0].log_ip='$logserv' +uci delete dhcp.lan.dhcpv6 +uci set luci.main.lang='fr' +rm /etc/rc.initconf +uci commit +wifi +EOF +chmod +x extra_files/etc/rc.initconf + cat > extra_files/etc/config/network <<EOF config interface 'loopback' option ifname 'lo' @@ -140,12 +166,14 @@ config interface 'loopback' option ipaddr '127.0.0.1' option netmask '255.0.0.0' +config globals 'globals' + config interface 'lan' - option ifname 'eth0' option type 'bridge' + option ifname 'eth0' option proto 'static' - option netmask '255.255.255.0' option ipaddr '$lanip4addr' + option netmask '255.255.255.0' option ip6addr '$lanip6addr' config interface 'wan' @@ -158,6 +186,14 @@ config interface 'wan' option dns '$dnslist' option ip6addr '$wanip6addr' option ip6gw '$wanip6gw' + option gateway '$wanip4gw' + +config interface 'wan6' + option ifname 'eth1' + option _orig_ifname 'eth1' + option _orig_bridge 'false' + option proto 'static' + option ip6addr '$wanip6ll' config switch option name 'eth0' @@ -165,76 +201,9 @@ config switch option enable_vlan '1' config switch_vlan - option device 'eth0' + option device 'switch0' option vlan '1' - option ports '0 1 2 3 4' - -config interface 'wan6' - option proto 'static' - option ifname 'eth1' - option send_rs '0' - option ip6addr '$wanip6ll' - -config route - option interface 'wan' - option onlink '1' - option target '0.0.0.0/0' - option gateway '$wanip4gw' -EOF - - -cat > extra_files/etc/config/wireless <<EOF -config wifi-device 'radio0' - option type 'mac80211' - option phy 'phy0' - option channel '11' - option hwmode '11ng' - option htmode 'HT20' - list ht_capab 'SHORT-GI-20' - list ht_capab 'SHORT-GI-40' - list ht_capab 'RX-STBC1' - list ht_capab 'DSSS_CCK-40' - option country 'FR' - option txpower '$wireless_txpower' - -config wifi-iface - option device 'radio0' - option network 'lan' - option mode 'ap' - option ssid '$wireless_ssid' - option encryption 'psk2' - option key '$wireless_key' - option disabled '$wireless_disabled' -EOF - -cat > extra_files/etc/config/dhcp <<EOF -config dnsmasq - option domainneeded 1 - option boguspriv 1 - option filterwin2k 0 # enable for dial on demand - option localise_queries 1 - option rebind_protection 1 # disable if upstream must serve RFC1918 addresses - option rebind_localhost 1 # enable for RBL checking and similar services - option local '/lan/' - option domain 'lan' - option expandhosts 1 - option nonegcache 0 - option authoritative 1 - option readethers 1 - option leasefile '/tmp/dhcp.leases' - option resolvfile '/tmp/resolv.conf.auto' - -config dhcp lan - option interface lan - option start 100 - option limit 150 - option leasetime 12h - option dhcpv6 disabled - option ra server - -config dhcp wan - option interface wan - option ignore 1 + option ports '1 2 3 4 0' EOF cat > extra_files/etc/config/dropbear <<EOF @@ -243,119 +212,21 @@ config dropbear option Port '22' EOF -cat > extra_files/etc/config/firewall <<EOF -config defaults - option syn_flood '1' - option input 'ACCEPT' - option output 'ACCEPT' - option forward 'REJECT' - -config zone - option name 'lan' - option network 'lan' - option input 'ACCEPT' - option output 'ACCEPT' - option forward 'REJECT' - -config zone - option name 'wan' - option network 'wan' - option input 'REJECT' - option output 'ACCEPT' - option forward 'REJECT' - option masq '1' - option mtu_fix '1' - -config forwarding - option src 'lan' - option dest 'wan' - -config rule - option name 'Allow-DHCP-Renew' - option src 'wan' - option proto 'udp' - option dest_port '68' - option target 'ACCEPT' - option family 'ipv4' - -config rule - option name 'Allow-Ping' - option src 'wan' - option proto 'icmp' - option icmp_type 'echo-request' - option family 'ipv4' - option target 'ACCEPT' - -config rule - option name 'Allow-DHCPv6' - option src 'wan' - option proto 'udp' - option src_ip 'fe80::/10' - option src_port '547' - option dest_ip 'fe80::/10' - option dest_port '546' - option family 'ipv6' - option target 'ACCEPT' - -config rule - option name 'Allow-ICMPv6-Input' - option src 'wan' - option proto 'icmp' - list icmp_type 'echo-request' - list icmp_type 'echo-reply' - list icmp_type 'destination-unreachable' - list icmp_type 'packet-too-big' - list icmp_type 'time-exceeded' - list icmp_type 'bad-header' - list icmp_type 'unknown-header-type' - list icmp_type 'router-solicitation' - list icmp_type 'neighbour-solicitation' - list icmp_type 'router-advertisement' - list icmp_type 'neighbour-advertisement' - option limit '1000/sec' - option family 'ipv6' - option target 'ACCEPT' - -config rule - option name 'Allow-ICMPv6-Forward' - option src 'wan' - option dest '*' - option proto 'icmp' - list icmp_type 'echo-request' - list icmp_type 'echo-reply' - list icmp_type 'destination-unreachable' - list icmp_type 'packet-too-big' - list icmp_type 'time-exceeded' - list icmp_type 'bad-header' - list icmp_type 'unknown-header-type' - option limit '1000/sec' - option family 'ipv6' - option target 'ACCEPT' - -config rule - option target 'ACCEPT' - option src 'wan' - option proto 'tcp' - option dest_port '22' - option family 'ipv6' - option dest_ip 'fe80::/10' - option name 'Allow-ssh-maj-routeur' - -config include - option path '/etc/firewall.user' -EOF +cat > extra_files/etc/firewall.user <<EOF +# This file is interpreted as shell script. +# Put your custom iptables rules here, they will +# be executed with each firewall (re-)start. -cat > extra_files/etc/hotplug.d/button/01onoff <<"EOF" -#!/bin/sh +# Internal uci firewall chains are flushed and recreated on reload, so +# put custom rules into the root chains e.g. INPUT or FORWARD or into the +# special user chains, e.g. input_wan_rule or postrouting_lan_rule. -[ "$BUTTON" = "wps" ] && [ "$ACTION" = "pressed" ] && { - SW=$(uci get wireless.@wifi-device[0].disabled) - [ $SW == '0' ] && uci set wireless.@wifi-device[0].disabled=1 - [ $SW == '0' ] || uci set wireless.@wifi-device[0].disabled=0 - wifi -} +ip6tables -A input_wan_rule -s fe80::/10 -d fe80::/10 -p tcp -m tcp --dport 22 -m comment --comment "CHD-allow-ssh-maj-routeur" -j ACCEPT EOF +cat > extra_files/etc/sysctl.d/dad.conf <<EOF +net.ipv6.conf.eth1.accept_dad=0 +EOF ####################### # Build Openwrt image # diff --git a/maj/gen.php b/maj/gen.php index e6bb308..cf46a4f 100644 --- a/maj/gen.php +++ b/maj/gen.php @@ -107,7 +107,7 @@ switch ($_POST['profile']) { $profile="DEVICE_$target"; $user_filename="mise-a-jour-routeur-$target.bin"; -$gen_filename="bin/targets/ar71xx/generic/lede-17.01.2-ar71xx-generic-$target-squashfs-factory$region.bin"; +$gen_fileglob="bin/targets/ar71xx/generic/lede-*-ar71xx-generic-$target-squashfs-factory$region.bin"; if ( !$res ) { echo "<!DOCTYPE html>\n<html>\n<head>\n<meta charset=\"utf-8\" />\n</head>\n<body>\n<h2>Oops, une erreur s'est produite</h2><div>Il y a un problème avec les renseignements fournis<br><ul>\n"; @@ -153,21 +153,26 @@ if ( ! flock($fh, LOCK_EX) ) { exit(); } +// Run the imagebuilder make command putenv("CACHE_DIR=$basepath/"); putenv("BUILD_DIR=$basepath/build/"); exec($command, $output, $return_val); +// Match produced file against expected filename +$gen_matchedfiles = glob("$basepath/build/$gen_fileglob"); + // Dump script output in /tmp for troobleshooting file_put_contents(tempnam('/tmp' , $scriptfile.'_'), array($command, "\n", print_r($output,true), "\n",$return_val,"\n")); - -if ( $return_val === 0 ) { +if ( $return_val === 0 && count($gen_matchedfiles) === 1) { header('Content-Type: application/octet-stream'); header("Content-Disposition: attachment; filename=$user_filename"); - readfile("$basepath/build/$gen_filename"); + readfile($gen_matchedfiles[0]); } else { echo "<pre>\n$command\n\n"; echo join($output, "\n") . "\n\n"; - echo "Command return value : "; var_dump($return_val); + echo "Expected file pattern : '$basepath/build/$gen_fileglob'"; echo "\n"; + echo "Matched files : "; print_r($gen_matchedfiles); echo "\n"; + echo "Command return value : "; var_dump($return_val); echo "\n"; } fclose($fh); |