blob: 2ea9583ae8d1510b460d0ab7596af5fbe595de8d (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
|
#!/bin/bash
#
# Work derived from ./quick_740n_ttn_bb.sh (Laurent Guerby <laurent@guery.net>)
# Renamed from "CHD OpenWRT" to "CHD LEDE" on 2017-06-21
#
# Copyright 2017 Ludovic Pouzenc <ludovic@pouzenc.fr>
# Copyright 2017 Nicolas Goaziou <mail@nicolasgoaziou.fr>
#
# CHD LEDE is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# CHD LEDE is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with CHD LEDE. If not, see <http://www.gnu.org/licenses/>.
#
echo -n "$0 - " ; date
# Directories and source file URL
BUILD_DIR=${BUILD_DIR:-./build}
CACHE_DIR=${CACHE_DIR:-.}
ORIG_TARBALL=lede-imagebuilder-17.01.2-ar71xx-generic.Linux-x86_64.tar.xz
ORIG_URL=https://downloads.lede-project.org/releases/17.01.2/targets/ar71xx/generic/$ORIG_TARBALL
PACKAGES="luci luci-mod-admin-full ip kmod-leds-gpio" # Base packages
PACKAGES="$PACKAGES luci-i18n-base-en luci-i18n-firewall-en luci-i18n-base-fr luci-i18n-firewall-fr" # internationalisation
PACKAGES="$PACKAGES -kmod-ppp -kmod-pppoe -kmod-pppox" # Unusefull kernel modules
PACKAGES="$PACKAGES -luci-proto-ppp -ppp -ppp-mod-pppoe -odhcp6c" # Unusefull packages
# Argument parsing
if [ $# -lt 8 -o $# -gt 9 ]
then echo "Usage: $0 <profile> <ip4pub> <lanip4addr> <ip6prefix> <root_passwd> <wireless_ssid> <wireless_key> <wireless_txpower> [wanip4addr]"
exit 1
fi
dnslist="185.131.40.1 fe80::31"
profile=$1
# case "$profile" in
# TLWR740|TLWR841)
# ;;
# *) echo "Unsupported profile '$profile', should be TLWR740 or TLWR841"
# exit 2
# ;;
# esac
ip4pub=$2
case "$ip4pub" in
185.131.40.*) ;;
185.131.41.*) ;;
*) echo "Unknown Ip4 $ip4pub"; exit 3;;
esac
lanip4addr=$3
ip6prefix=$4
wanip6addr=${ip6prefix}1/56
lanip6addr=${ip6prefix%%0::}1::1/64
wanip6ll=$(echo $ip6prefix | sed -e 's#.*:\(....:....\)::$#fe80::\1/64#')
if [ '$1$' = "${5:0:3}" ]
then root_password=$5
else root_password=$(mkpasswd -5 "$5")
fi
wireless_ssid=$6
wireless_key=$7
case $8 in
-1) wireless_disabled=1; wireless_txpower=10 ;;
0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16) wireless_disabled=0; wireless_txpower=$8 ;;
*) echo "Unknown txpower '$8'"; exit 4 ;;
esac
wanip4addr=${9:-'no-nat'}
case "$wanip4addr" in
172.16.20.*|172.16.21.*) wanip4mask=255.255.0.0; wanip4gw=172.16.0.254 ;;
*) wanip4addr=$ip4pub; wanip4mask=255.255.254.0; wanip4gw=185.131.40.1 ;;
esac
wanip6gw=fe80::31
# Sumary for interactive user
cat <<EOF
wanip4addr: $wanip4addr
wanip6addr: $wanip6addr
lanip6addr: $lanip6addr
wanip6ll: $wanip6ll
root_password: $root_password
EOF
#########################
# Prepare image builder #
#########################
if [ ! -f "$BUILD_DIR/Makefile" ]; then
if [ ! -s "$CACHE_DIR/$ORIG_TARBALL" ] ; then
wget -O "$CACHE_DIR/$ORIG_TARBALL" "$ORIG_URL"
fi
tar -x -C "$BUILD_DIR/" --strip-components=1 -f "$CACHE_DIR/$ORIG_TARBALL"
fi
cd "$BUILD_DIR/" || exit 5
mkdir -p extra_files/etc/config extra_files/etc/dropbear extra_files/etc/hotplug.d/button
###############################
# Prepare Openwrt config file #
###############################
# Use local replication of repositories
sed --in-place -e 's#downloads.lede-project.org#localhost/lede-project#' repositories.conf
cat > extra_files/etc/dropbear/authorized_keys <<EOF
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuRKy/uRhwFvR3JrCp2NKY0HUPl0m7INUjY9wemmEGA6pSH/9zb+MLX9ZfuDVo6gkMI2YZzdpwAZ7KE2tajDXHHl+KiycY3lcQizgQt3usxf7Eqz3pTWtZBOjrHs3hRloPugg8KXA8Sxko03f68v8lfUw+Kj4LHmnnozJc8Hxde3GjkFbyL9c9Z5rSYG82H217RWaSDnjYso9wyBZYkjTe6vu88fWls3+ZL8p8NdrgqMFO7C+zV38Mgk/G3PkC9SYdobgy58Cm/06jehWonuafZ6bXTH1J3qjogbcGfewNx4H4E7Lf1nl6UTdbAC24tZu3c/UXZQzND+yRRK1r0zen lpouzenc@ttn
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDpqlz2pyiBoGnC7FgnyXrb012hnnLFL0I0RColS/fLzJT4VL8t3/hPFy/Jbl4tX28Yw5G+Mc0WFzZ+KS1ebmYqBcXi2OGNm65HGsEMGUa+67g8PP0t+2OPRN05gFR4Cf4HFro3FdDf/R4mZOf5+Z1Z8fAyIhQ34x/0sl+hnt/nqbOdNlOSqzqyQmmKtzUKSh2CiffajAW/sVfD3HAG1CCiy+Z88df1v7kQ/HdFhFqtjcHrWLO/zgQBOCf3SMrZpead1B13DXCQLMeI98i+VIRB+K6c71FMIGU1Ohp5/FRWtHJ+3nFqRsKOWbBI0SmeMnz9wXkG7FQ2CaDUvg7vB0AZ cyril@cyril-master
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAtfZ7UcydNGf5vpLgfvJRHs6Q08qKP1fIr8aXALg0+/pAlF5FEKMqwERpJ+B8YTmJl0MrrznPLPOUoaYqgJl5aqFww0zDNpbbtW6qDoQE85VRjEmchfbLae8s9q6eWW+CfNh0+7bwBPNTaPVq/FKfge4aR0GwA+ggzS9kPoLRPBM= nicolas@selenimh
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCnkhcQ/nU9Hg89N7PHERLzEhZ68xnOkA4Vt2Tr6PFjsnOVECAaRc2dSFyB4Y7Q+R15UtXcHVVGXI99dJvI/sYS6x1WB86c61ZvcozEglJRMgyaoDD19kPHa8tMeARH9PKCII1amLcOov7/VjGUl9KzJl0HQHp5bFSqsiKvAlu60RvYY7+ktI8qKpZ1UV79K6fNyM792lAFpHT1hk8zzkUDw55VgEd2q4idmaTEbNHjHMsBV0W2zRN+/Ww9jlqQzTtnHkrbI2qw37y9jjUYrks0WKekeazN2E2t7XkyAzrJIKEG3atXgQMF2q2NN01MltpYqs4lzXXuOun8IqDiuSf samylaptop@samylaptop
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBqbk6oj2cjy+JngZBuxpXEix5AAOuQpv3F/WwC0uMJcf0Xm0+N+IjSKoaNn4ksbfoqH7U4zraNBELDbYx+Gizncn5c3q4Qe0N6UjP9GDJx61eUlxby0P1+O3HFqtwCAnel7fRPpKSRqIJgTB6JiESY/PNvqSgmxffVz/uTUetNlTnKtoVnEU0v+K+NEtEGQw5eWTBR3biKDyFoJQQn8cEfHDArR6t4MxjpD6SOMG1OXAbreIvrrRtYLv/6KoX2RjNNPu4XOU/+V8oBMDLvs6rxDRBPM+htc1rXYRxgnioLZ3k8U3p16xl6Au1mI6Mf4mGTR1hJlkpFDOo4bxj/qxoId1vhvEYzKxpa5stDJ1KNsWtSoNID9vv8npFvULkiV1ttn7NPK34H1kmU7//7pCYe9eETi6/NKzEt15U77jJ4h+1RwCRsMZ4Ul09RFO0YhAwiUBWQuO4D3i0RxPMgn631vW61+k3hEeQH2Z9fjHwEy/1a8c+4ZqxUtIB4jInn3HUgjdmlyjX1nZipz5je5LcEl+EN+icsgL4hdgAvcOBVmod0AApc/Y3awyNyEfXKnIGn3tjakdKGpaQ2FQuFkF9us149hnBX0JinGMNL0TjlavDuOUcqSxnzuq30vSkXOBeFywcPy04yO/YVXIWUNvkj3ZH97A9rJS5AbUdoPnA9Q== julien@nuc01
EOF
cat > extra_files/etc/shadow <<EOF
root:$root_password:15980:0:99999:7:::
daemon:*:0:0:99999:7:::
ftp:*:0:0:99999:7:::
network:*:0:0:99999:7:::
nobody:*:0:0:99999:7:::
EOF
cat > extra_files/etc/rc.local <<EOF
# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.
# generated on $(date)
# generated from $(hostname):$(stat -c'%N %y' $0)
exit 0
EOF
cat > extra_files/etc/config/network <<EOF
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config interface 'lan'
option ifname 'eth0'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '$lanip4addr'
option ip6addr '$lanip6addr'
config interface 'wan'
option ifname 'eth1'
option _orig_ifname 'eth1'
option _orig_bridge 'false'
option proto 'static'
option ipaddr '$wanip4addr'
option netmask '$wanip4mask'
option dns '$dnslist'
option ip6addr '$wanip6addr'
option ip6gw '$wanip6gw'
config switch
option name 'eth0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'eth0'
option vlan '1'
option ports '0 1 2 3 4'
config interface 'wan6'
option proto 'static'
option ifname 'eth1'
option send_rs '0'
option ip6addr '$wanip6ll'
config route
option interface 'wan'
option onlink '1'
option target '0.0.0.0/0'
option gateway '$wanip4gw'
EOF
cat > extra_files/etc/config/wireless <<EOF
config wifi-device 'radio0'
option type 'mac80211'
option phy 'phy0'
option channel '11'
option hwmode '11ng'
option htmode 'HT20'
list ht_capab 'SHORT-GI-20'
list ht_capab 'SHORT-GI-40'
list ht_capab 'RX-STBC1'
list ht_capab 'DSSS_CCK-40'
option country 'FR'
option txpower '$wireless_txpower'
config wifi-iface
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid '$wireless_ssid'
option encryption 'psk2'
option key '$wireless_key'
option disabled '$wireless_disabled'
EOF
cat > extra_files/etc/config/dhcp <<EOF
config dnsmasq
option domainneeded 1
option boguspriv 1
option filterwin2k 0 # enable for dial on demand
option localise_queries 1
option rebind_protection 1 # disable if upstream must serve RFC1918 addresses
option rebind_localhost 1 # enable for RBL checking and similar services
option local '/lan/'
option domain 'lan'
option expandhosts 1
option nonegcache 0
option authoritative 1
option readethers 1
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
config dhcp lan
option interface lan
option start 100
option limit 150
option leasetime 12h
option dhcpv6 disabled
option ra server
config dhcp wan
option interface wan
option ignore 1
EOF
cat > extra_files/etc/config/dropbear <<EOF
config dropbear
option PasswordAuth 'off'
option Port '22'
EOF
cat > extra_files/etc/config/firewall <<EOF
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'wan'
option network 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fe80::/10'
option src_port '547'
option dest_ip 'fe80::/10'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'tcp'
option dest_port '22'
option family 'ipv6'
option dest_ip 'fe80::/10'
option name 'Allow-ssh-maj-routeur'
config include
option path '/etc/firewall.user'
EOF
cat > extra_files/etc/hotplug.d/button/01onoff <<"EOF"
#!/bin/sh
[ "$BUTTON" = "wps" ] && [ "$ACTION" = "pressed" ] && {
SW=$(uci get wireless.@wifi-device[0].disabled)
[ $SW == '0' ] && uci set wireless.@wifi-device[0].disabled=1
[ $SW == '0' ] || uci set wireless.@wifi-device[0].disabled=0
wifi
}
EOF
#######################
# Build Openwrt image #
#######################
make clean
make image PROFILE=$profile PACKAGES="$PACKAGES" FILES="extra_files/" V=99
res=$?
echo
if [ $res -eq 0 ]
then echo "Image ready: "
ls -la bin/targets/ar71xx/generic/*ar71xx-generic-tl-*-v*-squashfs-*
echo
else echo "Something went wrong, sorry"
fi
echo -n "$0 - " ; date
exit $res
|