diff options
Diffstat (limited to 'build-openwrt-dev.sh')
-rwxr-xr-x | build-openwrt-dev.sh | 408 |
1 files changed, 408 insertions, 0 deletions
diff --git a/build-openwrt-dev.sh b/build-openwrt-dev.sh new file mode 100755 index 0000000..79ea750 --- /dev/null +++ b/build-openwrt-dev.sh @@ -0,0 +1,408 @@ +#!/bin/bash +# +# Work derived from ./quick_740n_ttn_bb.sh (Laurent Guerby <laurent@guery.net>) +# +# Copyright 2016 Ludovic Pouzenc <ludovic@pouzenc.fr> +# +# CHD OpenWRT is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# CHD OpenWRT is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with CHD OpenWRT. If not, see <http://www.gnu.org/licenses/>. +# +echo -n "$0 - " ; date + +# Directories and source file URL +BUILD_DIR=${BUILD_DIR:-./build} +CACHE_DIR=${CACHE_DIR:-.} +ORIG_TARBALL=OpenWrt-ImageBuilder-15.05-ar71xx-generic.Linux-x86_64.tar.bz2 +ORIG_URL=http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/$ORIG_TARBALL +PACKAGES="luci luci-mod-admin-full ip" # Base packages +PACKAGES="$PACKAGES luci-i18n-base-en luci-i18n-firewall-en luci-i18n-base-fr luci-i18n-firewall-fr" # internationnalisation +PACKAGES="$PACKAGES miniupnpd luci-app-upnp luci-i18n-upnp-fr" # Extra packages +PACKAGES="$PACKAGES kmod-ledtrig-default-on kmod-ledtrig-netdev kmod-ledtrig-timer kmod-ledtrig-usbdev kmod-leds-gpio" # Additionnal kernel modules +PACKAGES="$PACKAGES -kmod-ppp -kmod-pppoe -kmod-pppox" # Unusefull kernel modules +PACKAGES="$PACKAGES -luci-proto-ppp -ppp -ppp-mod-pppoe -odhcp6c" # Unusefull packages + +# Argument parsing +if [ $# -lt 8 -o $# -gt 9 ] +then echo "Usage: $0 <profile> <ip4pub> <lanip4addr> <ip6prefix> <root_passwd> <wireless_ssid> <wireless_key> <wireless_txpower> [wanip4addr]" + exit 1 +fi + +dnslist="185.131.40.1 fe80::31" + +profile=$1 +case "$profile" in + TLWR740|TLWR841) + ;; + *) echo "Unsupported profile '$profile', should be TLWR740 or TLWR841" + exit 2 + ;; +esac + +ip4pub=$2 +case "$ip4pub" in + 185.131.40.*) ;; + 185.131.41.*) ;; + *) echo "Unknown Ip4 $ip4pub"; exit 3;; +esac + +lanip4addr=$3 +ip6prefix=$4 +wanip6addr=${ip6prefix}1/56 +lanip6addr=${ip6prefix%%0::}1::1/64 +wanip6ll=$(echo $ip6prefix | sed -e 's#.*:\(....:....\)::$#fe80::\1/64#') + +if [ '$1$' = "${5:0:3}" ] +then root_password=$5 +else root_password=$(mkpasswd -5 "$5") +fi + +wireless_ssid=$6 +wireless_key=$7 +case $8 in + -1) wireless_disabled=1; wireless_txpower=10 ;; + 0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16) wireless_disabled=0; wireless_txpower=$8 ;; + *) echo "Unknown txpower '$8'"; exit 4 ;; +esac + +wanip4addr=${9:-'no-nat'} +case "$wanip4addr" in + 172.16.20.*|172.16.21.*) wanip4mask=255.255.0.0; wanip4gw=172.16.0.254 ;; + *) wanip4addr=$ip4pub; wanip4mask=255.255.254.0; wanip4gw=185.131.40.1 ;; +esac + +wanip6gw=fe80::31 + +cat <<EOF +wanip4addr: $wanip4addr +wanip6addr: $wanip6addr +lanip6addr: $lanip6addr +wanip6ll: $wanip6ll +root_password: $root_password + + +EOF + +######################### +# Prepare image builder # +######################### +if [ ! -f "$BUILD_DIR/Makefile" ]; then + if [ ! -s "$CACHE_DIR/$ORIG_TARBALL" ] ; then + wget -O "$CACHE_DIR/$ORIG_TARBALL" "$ORIG_URL" + fi + tar -x -C "$BUILD_DIR/" --strip-components=1 -f "$CACHE_DIR/$ORIG_TARBALL" +fi + +cd "$BUILD_DIR/" || exit 5 + +mkdir -p extra_files/etc/config extra_files/etc/dropbear extra_files/etc/hotplug.d/button + +############################### +# Prepare Openwrt config file # +############################### + +cat > extra_files/etc/dropbear/authorized_keys <<EOF +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuRKy/uRhwFvR3JrCp2NKY0HUPl0m7INUjY9wemmEGA6pSH/9zb+MLX9ZfuDVo6gkMI2YZzdpwAZ7KE2tajDXHHl+KiycY3lcQizgQt3usxf7Eqz3pTWtZBOjrHs3hRloPugg8KXA8Sxko03f68v8lfUw+Kj4LHmnnozJc8Hxde3GjkFbyL9c9Z5rSYG82H217RWaSDnjYso9wyBZYkjTe6vu88fWls3+ZL8p8NdrgqMFO7C+zV38Mgk/G3PkC9SYdobgy58Cm/06jehWonuafZ6bXTH1J3qjogbcGfewNx4H4E7Lf1nl6UTdbAC24tZu3c/UXZQzND+yRRK1r0zen lpouzenc@ttn +ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDpqlz2pyiBoGnC7FgnyXrb012hnnLFL0I0RColS/fLzJT4VL8t3/hPFy/Jbl4tX28Yw5G+Mc0WFzZ+KS1ebmYqBcXi2OGNm65HGsEMGUa+67g8PP0t+2OPRN05gFR4Cf4HFro3FdDf/R4mZOf5+Z1Z8fAyIhQ34x/0sl+hnt/nqbOdNlOSqzqyQmmKtzUKSh2CiffajAW/sVfD3HAG1CCiy+Z88df1v7kQ/HdFhFqtjcHrWLO/zgQBOCf3SMrZpead1B13DXCQLMeI98i+VIRB+K6c71FMIGU1Ohp5/FRWtHJ+3nFqRsKOWbBI0SmeMnz9wXkG7FQ2CaDUvg7vB0AZ cyril@cyril-master +ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAtfZ7UcydNGf5vpLgfvJRHs6Q08qKP1fIr8aXALg0+/pAlF5FEKMqwERpJ+B8YTmJl0MrrznPLPOUoaYqgJl5aqFww0zDNpbbtW6qDoQE85VRjEmchfbLae8s9q6eWW+CfNh0+7bwBPNTaPVq/FKfge4aR0GwA+ggzS9kPoLRPBM= nicolas@selenimh +EOF + +cat > extra_files/etc/shadow <<EOF +root:$root_password:15980:0:99999:7::: +daemon:*:0:0:99999:7::: +ftp:*:0:0:99999:7::: +network:*:0:0:99999:7::: +nobody:*:0:0:99999:7::: +EOF + +cat > extra_files/etc/rc.local <<EOF +# Put your custom commands here that should be executed once +# the system init finished. By default this file does nothing. + +# generated on $(date) +# generated from $(hostname):$(stat -c'%N %y' $0) + +exit 0 +EOF + +cat > extra_files/etc/config/network <<EOF +config interface 'loopback' + option ifname 'lo' + option proto 'static' + option ipaddr '127.0.0.1' + option netmask '255.0.0.0' + +config interface 'lan' + option ifname 'eth0' + option type 'bridge' + option proto 'static' + option netmask '255.255.255.0' + option ipaddr '$lanip4addr' + option ip6addr '$lanip6addr' + +config interface 'wan' + option ifname 'eth1' + option _orig_ifname 'eth1' + option _orig_bridge 'false' + option proto 'static' + option ipaddr '$wanip4addr' + option netmask '$wanip4mask' + option dns '$dnslist' + option ip6addr '$wanip6addr' + option ip6gw '$wanip6gw' + +config switch + option name 'eth0' + option reset '1' + option enable_vlan '1' + +config switch_vlan + option device 'eth0' + option vlan '1' + option ports '0 1 2 3 4' + +config interface 'wan6' + option proto 'static' + option ifname 'eth1' + option send_rs '0' + option ip6addr '$wanip6ll' + +config route + option interface 'wan' + option onlink '1' + option target '0.0.0.0/0' + option gateway '$wanip4gw' +EOF + + +cat > extra_files/etc/config/wireless <<EOF +config wifi-device 'radio0' + option type 'mac80211' + option phy 'phy0' + option channel '11' + option hwmode '11ng' + option htmode 'HT20' + list ht_capab 'SHORT-GI-20' + list ht_capab 'SHORT-GI-40' + list ht_capab 'RX-STBC1' + list ht_capab 'DSSS_CCK-40' + option country 'FR' + option txpower '$wireless_txpower' + +config wifi-iface + option device 'radio0' + option network 'lan' + option mode 'ap' + option ssid '$wireless_ssid' + option encryption 'psk2' + option key '$wireless_key' + option disabled '$wireless_disabled' +EOF + +cat > extra_files/etc/config/dhcp <<EOF +config dnsmasq + option domainneeded 1 + option boguspriv 1 + option filterwin2k 0 # enable for dial on demand + option localise_queries 1 + option rebind_protection 1 # disable if upstream must serve RFC1918 addresses + option rebind_localhost 1 # enable for RBL checking and similar services + option local '/lan/' + option domain 'lan' + option expandhosts 1 + option nonegcache 0 + option authoritative 1 + option readethers 1 + option leasefile '/tmp/dhcp.leases' + option resolvfile '/tmp/resolv.conf.auto' + +config dhcp lan + option interface lan + option start 100 + option limit 150 + option leasetime 12h + option dhcpv6 disabled + option ra server + +config dhcp wan + option interface wan + option ignore 1 +EOF + +cat > extra_files/etc/config/dropbear <<EOF +config dropbear + option PasswordAuth 'off' + option Port '22' +EOF + +cat > extra_files/etc/config/firewall <<EOF +config defaults + option syn_flood '1' + option input 'ACCEPT' + option output 'ACCEPT' + option forward 'REJECT' + +config zone + option name 'lan' + option network 'lan' + option input 'ACCEPT' + option output 'ACCEPT' + option forward 'REJECT' + +config zone + option name 'wan' + option network 'wan' + option input 'REJECT' + option output 'ACCEPT' + option forward 'REJECT' + option masq '1' + option mtu_fix '1' + +config forwarding + option src 'lan' + option dest 'wan' + +config rule + option name 'Allow-DHCP-Renew' + option src 'wan' + option proto 'udp' + option dest_port '68' + option target 'ACCEPT' + option family 'ipv4' + +config rule + option name 'Allow-Ping' + option src 'wan' + option proto 'icmp' + option icmp_type 'echo-request' + option family 'ipv4' + option target 'ACCEPT' + +config rule + option name 'Allow-DHCPv6' + option src 'wan' + option proto 'udp' + option src_ip 'fe80::/10' + option src_port '547' + option dest_ip 'fe80::/10' + option dest_port '546' + option family 'ipv6' + option target 'ACCEPT' + +config rule + option name 'Allow-ICMPv6-Input' + option src 'wan' + option proto 'icmp' + list icmp_type 'echo-request' + list icmp_type 'echo-reply' + list icmp_type 'destination-unreachable' + list icmp_type 'packet-too-big' + list icmp_type 'time-exceeded' + list icmp_type 'bad-header' + list icmp_type 'unknown-header-type' + list icmp_type 'router-solicitation' + list icmp_type 'neighbour-solicitation' + list icmp_type 'router-advertisement' + list icmp_type 'neighbour-advertisement' + option limit '1000/sec' + option family 'ipv6' + option target 'ACCEPT' + +config rule + option name 'Allow-ICMPv6-Forward' + option src 'wan' + option dest '*' + option proto 'icmp' + list icmp_type 'echo-request' + list icmp_type 'echo-reply' + list icmp_type 'destination-unreachable' + list icmp_type 'packet-too-big' + list icmp_type 'time-exceeded' + list icmp_type 'bad-header' + list icmp_type 'unknown-header-type' + option limit '1000/sec' + option family 'ipv6' + option target 'ACCEPT' + +config rule + option target 'ACCEPT' + option src 'wan' + option proto 'tcp' + option dest_port '22' + option family 'ipv6' + option dest_ip 'fe80::/10' + option name 'Allow-ssh-maj-routeur' + +config include + option path '/etc/firewall.user' +EOF + +cat > extra_files/etc/config/upnpd <<EOF +config upnpd 'config' + option download '1024' + option upload '512' + option internal_iface 'lan' + option port '5000' + option upnp_lease_file '/var/upnp.leases' + option uuid 'acae4394-2186-4d96-92d1-b2c8d0819f37' + option enable_upnp '0' + option enable_natpmp '0' + +config perm_rule + option action 'allow' + option ext_ports '1024-65535' + option int_addr '0.0.0.0/0' + option int_ports '1024-65535' + option comment 'Allow high ports' + +config perm_rule + option action 'deny' + option ext_ports '0-65535' + option int_addr '0.0.0.0/0' + option int_ports '0-65535' + option comment 'Default deny' +EOF + +cat > extra_files/etc/hotplug.d/button/01onoff <<"EOF" +#!/bin/sh + +[ "$BUTTON" = "wps" ] && [ "$ACTION" = "pressed" ] && { + SW=$(uci get wireless.@wifi-device[0].disabled) + [ $SW == '0' ] && uci set wireless.@wifi-device[0].disabled=1 + [ $SW == '0' ] || uci set wireless.@wifi-device[0].disabled=0 + wifi +} +EOF + +####################### +# Build Openwrt image # +####################### + +# Bug fix for RC3 (make clean forget things) +#if [ -d $BUILD_DIR/build_dir/target-mips_34kc_uClibc-0.9.33.2/linux-ar71xx_generic/tmp ] +#then rm -r $BUILD_DIR/build_dir/target-mips_34kc_uClibc-0.9.33.2/linux-ar71xx_generic/tmp +#fi + +make clean +make image PROFILE=$profile PACKAGES="$PACKAGES" FILES="extra_files/" +res=$? + +echo +if [ $res -eq 0 ] +then echo "Image ready: " + ls -la bin/ar71xx/openwrt-*-ar71xx-generic-tl-*-v[49]-squashfs-* + echo +else echo "Something went wrong, sorry" +fi + +echo -n "$0 - " ; date +exit $res |