Initial import.

1 files changed, 408 insertions, 0 deletions

diff --git a/build-openwrt-dev.sh b/build-openwrt-dev.sh
new file mode 100755
index 0000000..79ea750
--- /dev/null
+++ b/build-openwrt-dev.sh
@@ -0,0 +1,408 @@
+#!/bin/bash
+#
+# Work derived from ./quick_740n_ttn_bb.sh (Laurent Guerby <laurent@guery.net>)
+#
+# Copyright 2016 Ludovic Pouzenc <ludovic@pouzenc.fr>
+#
+# CHD OpenWRT is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# CHD OpenWRT is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with CHD OpenWRT.  If not, see <http://www.gnu.org/licenses/>.
+#
+echo -n "$0 - " ; date
+
+# Directories and source file URL
+BUILD_DIR=${BUILD_DIR:-./build}
+CACHE_DIR=${CACHE_DIR:-.}
+ORIG_TARBALL=OpenWrt-ImageBuilder-15.05-ar71xx-generic.Linux-x86_64.tar.bz2
+ORIG_URL=http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/$ORIG_TARBALL
+PACKAGES="luci luci-mod-admin-full ip" # Base packages
+PACKAGES="$PACKAGES luci-i18n-base-en luci-i18n-firewall-en luci-i18n-base-fr luci-i18n-firewall-fr" # internationnalisation
+PACKAGES="$PACKAGES miniupnpd luci-app-upnp luci-i18n-upnp-fr" # Extra packages
+PACKAGES="$PACKAGES kmod-ledtrig-default-on kmod-ledtrig-netdev kmod-ledtrig-timer kmod-ledtrig-usbdev kmod-leds-gpio" # Additionnal kernel modules
+PACKAGES="$PACKAGES -kmod-ppp -kmod-pppoe -kmod-pppox" # Unusefull kernel modules
+PACKAGES="$PACKAGES -luci-proto-ppp -ppp -ppp-mod-pppoe -odhcp6c" # Unusefull packages
+
+# Argument parsing
+if [ $# -lt 8 -o $# -gt 9 ]
+then	echo "Usage: $0 <profile> <ip4pub> <lanip4addr> <ip6prefix> <root_passwd> <wireless_ssid> <wireless_key> <wireless_txpower> [wanip4addr]"
+	exit 1
+fi
+
+dnslist="185.131.40.1 fe80::31"
+
+profile=$1
+case "$profile" in
+	TLWR740|TLWR841)
+		;;
+	*)	echo "Unsupported profile '$profile', should be TLWR740 or TLWR841"
+		exit 2
+		;;
+esac
+
+ip4pub=$2
+case "$ip4pub" in
+   185.131.40.*) ;;
+   185.131.41.*) ;;
+   *) echo "Unknown Ip4 $ip4pub"; exit 3;;
+esac
+
+lanip4addr=$3
+ip6prefix=$4
+wanip6addr=${ip6prefix}1/56
+lanip6addr=${ip6prefix%%0::}1::1/64
+wanip6ll=$(echo $ip6prefix | sed -e 's#.*:\(....:....\)::$#fe80::\1/64#')
+
+if [ '$1$' = "${5:0:3}" ]
+then	root_password=$5
+else	root_password=$(mkpasswd -5 "$5")
+fi
+
+wireless_ssid=$6
+wireless_key=$7
+case $8 in
+	-1)						wireless_disabled=1;	wireless_txpower=10 ;;
+	0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16)	wireless_disabled=0;	wireless_txpower=$8 ;;
+	*)						echo "Unknown txpower '$8'"; exit 4 ;;
+esac
+
+wanip4addr=${9:-'no-nat'}
+case "$wanip4addr" in
+	172.16.20.*|172.16.21.*) wanip4mask=255.255.0.0;   wanip4gw=172.16.0.254 ;;
+	*)   wanip4addr=$ip4pub; wanip4mask=255.255.254.0; wanip4gw=185.131.40.1 ;;
+esac
+
+wanip6gw=fe80::31
+
+cat <<EOF
+wanip4addr: $wanip4addr
+wanip6addr: $wanip6addr
+lanip6addr: $lanip6addr
+wanip6ll:   $wanip6ll
+root_password: $root_password
+
+
+EOF
+
+#########################
+# Prepare image builder #
+#########################
+if [ ! -f "$BUILD_DIR/Makefile" ]; then
+	if [ ! -s "$CACHE_DIR/$ORIG_TARBALL" ] ; then
+		wget -O "$CACHE_DIR/$ORIG_TARBALL" "$ORIG_URL"
+	fi
+	tar -x -C "$BUILD_DIR/" --strip-components=1 -f "$CACHE_DIR/$ORIG_TARBALL"
+fi
+
+cd "$BUILD_DIR/" || exit 5
+
+mkdir -p extra_files/etc/config extra_files/etc/dropbear extra_files/etc/hotplug.d/button
+
+###############################
+# Prepare Openwrt config file #
+###############################
+
+cat > extra_files/etc/dropbear/authorized_keys <<EOF
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuRKy/uRhwFvR3JrCp2NKY0HUPl0m7INUjY9wemmEGA6pSH/9zb+MLX9ZfuDVo6gkMI2YZzdpwAZ7KE2tajDXHHl+KiycY3lcQizgQt3usxf7Eqz3pTWtZBOjrHs3hRloPugg8KXA8Sxko03f68v8lfUw+Kj4LHmnnozJc8Hxde3GjkFbyL9c9Z5rSYG82H217RWaSDnjYso9wyBZYkjTe6vu88fWls3+ZL8p8NdrgqMFO7C+zV38Mgk/G3PkC9SYdobgy58Cm/06jehWonuafZ6bXTH1J3qjogbcGfewNx4H4E7Lf1nl6UTdbAC24tZu3c/UXZQzND+yRRK1r0zen lpouzenc@ttn
+ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDpqlz2pyiBoGnC7FgnyXrb012hnnLFL0I0RColS/fLzJT4VL8t3/hPFy/Jbl4tX28Yw5G+Mc0WFzZ+KS1ebmYqBcXi2OGNm65HGsEMGUa+67g8PP0t+2OPRN05gFR4Cf4HFro3FdDf/R4mZOf5+Z1Z8fAyIhQ34x/0sl+hnt/nqbOdNlOSqzqyQmmKtzUKSh2CiffajAW/sVfD3HAG1CCiy+Z88df1v7kQ/HdFhFqtjcHrWLO/zgQBOCf3SMrZpead1B13DXCQLMeI98i+VIRB+K6c71FMIGU1Ohp5/FRWtHJ+3nFqRsKOWbBI0SmeMnz9wXkG7FQ2CaDUvg7vB0AZ cyril@cyril-master
+ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAtfZ7UcydNGf5vpLgfvJRHs6Q08qKP1fIr8aXALg0+/pAlF5FEKMqwERpJ+B8YTmJl0MrrznPLPOUoaYqgJl5aqFww0zDNpbbtW6qDoQE85VRjEmchfbLae8s9q6eWW+CfNh0+7bwBPNTaPVq/FKfge4aR0GwA+ggzS9kPoLRPBM= nicolas@selenimh
+EOF
+
+cat > extra_files/etc/shadow <<EOF
+root:$root_password:15980:0:99999:7:::
+daemon:*:0:0:99999:7:::
+ftp:*:0:0:99999:7:::
+network:*:0:0:99999:7:::
+nobody:*:0:0:99999:7:::
+EOF
+
+cat > extra_files/etc/rc.local <<EOF
+# Put your custom commands here that should be executed once
+# the system init finished. By default this file does nothing.
+
+# generated on $(date)
+# generated from $(hostname):$(stat -c'%N %y' $0)
+
+exit 0
+EOF
+
+cat > extra_files/etc/config/network <<EOF
+config interface 'loopback'
+	option ifname 'lo'
+	option proto 'static'
+	option ipaddr '127.0.0.1'
+	option netmask '255.0.0.0'
+
+config interface 'lan'
+	option ifname 'eth0'
+	option type 'bridge'
+	option proto 'static'
+	option netmask '255.255.255.0'
+	option ipaddr '$lanip4addr'
+	option ip6addr '$lanip6addr'
+
+config interface 'wan'
+	option ifname 'eth1'
+	option _orig_ifname 'eth1'
+	option _orig_bridge 'false'
+	option proto 'static'
+	option ipaddr '$wanip4addr'
+	option netmask '$wanip4mask'
+	option dns '$dnslist'
+	option ip6addr '$wanip6addr'
+	option ip6gw '$wanip6gw'
+
+config switch
+	option name 'eth0'
+	option reset '1'
+	option enable_vlan '1'
+
+config switch_vlan
+	option device 'eth0'
+	option vlan '1'
+	option ports '0 1 2 3 4'
+
+config interface 'wan6'
+	option proto 'static'
+	option ifname 'eth1'
+	option send_rs '0'
+	option ip6addr '$wanip6ll'
+
+config route
+        option interface 'wan'
+        option onlink '1'
+        option target '0.0.0.0/0'
+        option gateway '$wanip4gw'
+EOF
+
+
+cat > extra_files/etc/config/wireless <<EOF
+config wifi-device 'radio0'
+	option type 'mac80211'
+        option phy  'phy0'
+	option channel '11'
+	option hwmode '11ng'
+	option htmode 'HT20'
+	list ht_capab 'SHORT-GI-20'
+	list ht_capab 'SHORT-GI-40'
+	list ht_capab 'RX-STBC1'
+	list ht_capab 'DSSS_CCK-40'
+	option country 'FR'
+	option txpower '$wireless_txpower'
+
+config wifi-iface
+	option device 'radio0'
+	option network 'lan'
+	option mode 'ap'
+	option ssid '$wireless_ssid'
+	option encryption 'psk2'
+	option key '$wireless_key'
+	option disabled '$wireless_disabled'
+EOF
+
+cat > extra_files/etc/config/dhcp <<EOF
+config dnsmasq
+	option domainneeded	1
+	option boguspriv	1
+	option filterwin2k	0  # enable for dial on demand
+	option localise_queries	1
+	option rebind_protection 1  # disable if upstream must serve RFC1918 addresses
+	option rebind_localhost 1  # enable for RBL checking and similar services
+	option local	'/lan/'
+	option domain	'lan'
+	option expandhosts	1
+	option nonegcache	0
+	option authoritative	1
+	option readethers	1
+	option leasefile	'/tmp/dhcp.leases'
+	option resolvfile	'/tmp/resolv.conf.auto'
+
+config dhcp lan
+	option interface	lan
+	option start 		100
+	option limit		150
+	option leasetime	12h
+	option dhcpv6		disabled
+	option ra server
+
+config dhcp wan
+	option interface	wan
+	option ignore		1
+EOF
+
+cat > extra_files/etc/config/dropbear <<EOF
+config dropbear
+	option PasswordAuth 'off'
+	option Port '22'
+EOF
+
+cat > extra_files/etc/config/firewall <<EOF
+config defaults
+	option syn_flood '1'
+	option input 'ACCEPT'
+	option output 'ACCEPT'
+	option forward 'REJECT'
+
+config zone
+	option name 'lan'
+	option network 'lan'
+	option input 'ACCEPT'
+	option output 'ACCEPT'
+	option forward 'REJECT'
+
+config zone
+	option name 'wan'
+	option network 'wan'
+	option input 'REJECT'
+	option output 'ACCEPT'
+	option forward 'REJECT'
+	option masq '1'
+	option mtu_fix '1'
+
+config forwarding
+	option src 'lan'
+	option dest 'wan'
+
+config rule
+	option name 'Allow-DHCP-Renew'
+	option src 'wan'
+	option proto 'udp'
+	option dest_port '68'
+	option target 'ACCEPT'
+	option family 'ipv4'
+
+config rule
+	option name 'Allow-Ping'
+	option src 'wan'
+	option proto 'icmp'
+	option icmp_type 'echo-request'
+	option family 'ipv4'
+	option target 'ACCEPT'
+
+config rule
+	option name 'Allow-DHCPv6'
+	option src 'wan'
+	option proto 'udp'
+	option src_ip 'fe80::/10'
+	option src_port '547'
+	option dest_ip 'fe80::/10'
+	option dest_port '546'
+	option family 'ipv6'
+	option target 'ACCEPT'
+
+config rule
+	option name 'Allow-ICMPv6-Input'
+	option src 'wan'
+	option proto 'icmp'
+	list icmp_type 'echo-request'
+	list icmp_type 'echo-reply'
+	list icmp_type 'destination-unreachable'
+	list icmp_type 'packet-too-big'
+	list icmp_type 'time-exceeded'
+	list icmp_type 'bad-header'
+	list icmp_type 'unknown-header-type'
+	list icmp_type 'router-solicitation'
+	list icmp_type 'neighbour-solicitation'
+	list icmp_type 'router-advertisement'
+	list icmp_type 'neighbour-advertisement'
+	option limit '1000/sec'
+	option family 'ipv6'
+	option target 'ACCEPT'
+
+config rule
+	option name 'Allow-ICMPv6-Forward'
+	option src 'wan'
+	option dest '*'
+	option proto 'icmp'
+	list icmp_type 'echo-request'
+	list icmp_type 'echo-reply'
+	list icmp_type 'destination-unreachable'
+	list icmp_type 'packet-too-big'
+	list icmp_type 'time-exceeded'
+	list icmp_type 'bad-header'
+	list icmp_type 'unknown-header-type'
+	option limit '1000/sec'
+	option family 'ipv6'
+	option target 'ACCEPT'
+
+config rule
+	option target 'ACCEPT'
+	option src 'wan'
+	option proto 'tcp'
+	option dest_port '22'
+	option family 'ipv6'
+	option dest_ip 'fe80::/10'
+	option name 'Allow-ssh-maj-routeur'
+
+config include
+	option path '/etc/firewall.user'
+EOF
+
+cat > extra_files/etc/config/upnpd <<EOF
+config upnpd 'config'
+	option download '1024'
+	option upload '512'
+	option internal_iface 'lan'
+	option port '5000'
+	option upnp_lease_file '/var/upnp.leases'
+	option uuid 'acae4394-2186-4d96-92d1-b2c8d0819f37'
+	option enable_upnp '0'
+	option enable_natpmp '0'
+
+config perm_rule
+	option action 'allow'
+	option ext_ports '1024-65535'
+	option int_addr '0.0.0.0/0'
+	option int_ports '1024-65535'
+	option comment 'Allow high ports'
+
+config perm_rule
+	option action 'deny'
+	option ext_ports '0-65535'
+	option int_addr '0.0.0.0/0'
+	option int_ports '0-65535'
+	option comment 'Default deny'
+EOF
+
+cat > extra_files/etc/hotplug.d/button/01onoff <<"EOF"
+#!/bin/sh
+
+[ "$BUTTON" = "wps" ] && [ "$ACTION" = "pressed" ] && {
+ SW=$(uci get wireless.@wifi-device[0].disabled)
+ [ $SW == '0' ] && uci set wireless.@wifi-device[0].disabled=1
+ [ $SW == '0' ] || uci set wireless.@wifi-device[0].disabled=0
+ wifi
+}
+EOF
+
+#######################
+# Build Openwrt image #
+#######################
+
+# Bug fix for RC3 (make clean forget things)
+#if [ -d $BUILD_DIR/build_dir/target-mips_34kc_uClibc-0.9.33.2/linux-ar71xx_generic/tmp ]
+#then	rm -r $BUILD_DIR/build_dir/target-mips_34kc_uClibc-0.9.33.2/linux-ar71xx_generic/tmp
+#fi
+
+make clean
+make image PROFILE=$profile PACKAGES="$PACKAGES" FILES="extra_files/"
+res=$?
+
+echo
+if [ $res -eq 0 ]
+then	echo "Image ready: "
+	ls -la bin/ar71xx/openwrt-*-ar71xx-generic-tl-*-v[49]-squashfs-*
+	echo
+else	echo "Something went wrong, sorry"
+fi
+
+echo -n "$0 - " ; date
+exit $res