1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
|
#!/bin/bash
#
# Work derived from ./quick_740n_ttn_bb.sh (Laurent Guerby <laurent@guery.net>)
# Renamed from "CHD OpenWRT" to "CHD LEDE" on 2017-06-21
#
# Copyright 2017 Ludovic Pouzenc <ludovic@pouzenc.fr>
# Copyright 2017 Nicolas Goaziou <mail@nicolasgoaziou.fr>
#
# CHD LEDE is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# CHD LEDE is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with CHD LEDE. If not, see <http://www.gnu.org/licenses/>.
#
echo -n "$0 - " ; date
# Directories and source file URL
BUILD_DIR=${BUILD_DIR:-./build}
CACHE_DIR=${CACHE_DIR:-.}
ORIG_TARBALL=lede-imagebuilder-17.01.4-ar71xx-generic.Linux-x86_64.tar.xz
ORIG_URL=https://downloads.lede-project.org/releases/17.01.4/targets/ar71xx/generic/$ORIG_TARBALL
PACKAGES="luci luci-mod-admin-full ip kmod-leds-gpio" # Base packages
PACKAGES="$PACKAGES luci-i18n-base-en luci-i18n-firewall-en luci-i18n-base-fr luci-i18n-firewall-fr" # internationalisation
PACKAGES="$PACKAGES -kmod-ppp -kmod-pppoe -kmod-pppox" # Unusefull kernel modules
PACKAGES="$PACKAGES -luci-proto-ppp -ppp -ppp-mod-pppoe -odhcp6c" # Unusefull packages
# Argument parsing
if [ $# -lt 8 -o $# -gt 9 ]
then echo "Usage: $0 <profile> <ip4pub> <lanip4addr> <ip6prefix> <root_passwd> <wireless_ssid> <wireless_key> <wireless_txpower> [wanip4addr]"
exit 1
fi
dnslist="185.131.40.1 fe80::31"
logserv="172.16.0.253"
profile=$1
ip4pub=$2
case "$ip4pub" in
185.131.4[0-3].[0-9]*) ;;
*) echo "Unknown Ip4 $ip4pub"; exit 3;;
esac
lanip4addr=$3
ip6prefix=$4
wanip6addr=${ip6prefix}1/56
lanip6addr=${ip6prefix%%0::}1::1/64
wanip6ll=$(echo $ip6prefix | sed -ne 's#.*:\([0-9a-f]\{1,4\}:[0-9a-f]\{1,4\}\)::$#fe80::\1/64#pi')
if [ -z "$wanip6ll" ]
then echo "Error while generating link-local WAN IPv6 address"
exit 2
fi
if [ '$1$' = "${5:0:3}" ]
then root_password=$5
else root_password=$(mkpasswd -5 "$5")
fi
wireless_ssid=$6
wireless_key=$7
case $8 in
-1) wireless_disabled=1; wireless_txpower=17 ;;
0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16|17|18) wireless_disabled=0; wireless_txpower=$8 ;;
*) echo "Unknown txpower '$8'"; exit 4 ;;
esac
wanip4addr=${9:-'no-nat'}
case "$wanip4addr" in
172.16.*) wanip4mask=255.255.0.0; wanip4gw=172.16.0.254 ;;
no-nat|185.131.*) wanip4addr=$ip4pub; wanip4mask=255.255.254.0; wanip4gw=185.131.40.1 ;;
*) echo "Unknown WAN IP address: $wanip4addr"; exit 6;;
esac
wanip6gw=fe80::31
# Sumary for interactive user
cat <<EOF
wanip4addr: $wanip4addr
wanip6addr: $wanip6addr
lanip6addr: $lanip6addr
wanip6ll: $wanip6ll
root_password: $root_password
EOF
#########################
# Prepare image builder #
#########################
if [ ! -f "$BUILD_DIR/Makefile" ]; then
if [ ! -s "$CACHE_DIR/$ORIG_TARBALL" ] ; then
wget -O "$CACHE_DIR/$ORIG_TARBALL" "$ORIG_URL"
fi
tar -x -C "$BUILD_DIR/" --strip-components=1 -f "$CACHE_DIR/$ORIG_TARBALL"
fi
cd "$BUILD_DIR/" || exit 5
[ -d extra_files/ ] && rm -r extra_files/
mkdir -p extra_files/etc/{config,dropbear,sysctl.d}
###############################
# Prepare Openwrt config file #
###############################
# Use local replication of repositories
sed --in-place -e 's#downloads.lede-project.org#localhost/lede-project#' repositories.conf
cat > extra_files/etc/dropbear/authorized_keys <<EOF
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuRKy/uRhwFvR3JrCp2NKY0HUPl0m7INUjY9wemmEGA6pSH/9zb+MLX9ZfuDVo6gkMI2YZzdpwAZ7KE2tajDXHHl+KiycY3lcQizgQt3usxf7Eqz3pTWtZBOjrHs3hRloPugg8KXA8Sxko03f68v8lfUw+Kj4LHmnnozJc8Hxde3GjkFbyL9c9Z5rSYG82H217RWaSDnjYso9wyBZYkjTe6vu88fWls3+ZL8p8NdrgqMFO7C+zV38Mgk/G3PkC9SYdobgy58Cm/06jehWonuafZ6bXTH1J3qjogbcGfewNx4H4E7Lf1nl6UTdbAC24tZu3c/UXZQzND+yRRK1r0zen lpouzenc@ttn
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDpqlz2pyiBoGnC7FgnyXrb012hnnLFL0I0RColS/fLzJT4VL8t3/hPFy/Jbl4tX28Yw5G+Mc0WFzZ+KS1ebmYqBcXi2OGNm65HGsEMGUa+67g8PP0t+2OPRN05gFR4Cf4HFro3FdDf/R4mZOf5+Z1Z8fAyIhQ34x/0sl+hnt/nqbOdNlOSqzqyQmmKtzUKSh2CiffajAW/sVfD3HAG1CCiy+Z88df1v7kQ/HdFhFqtjcHrWLO/zgQBOCf3SMrZpead1B13DXCQLMeI98i+VIRB+K6c71FMIGU1Ohp5/FRWtHJ+3nFqRsKOWbBI0SmeMnz9wXkG7FQ2CaDUvg7vB0AZ cyril@cyril-master
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAtfZ7UcydNGf5vpLgfvJRHs6Q08qKP1fIr8aXALg0+/pAlF5FEKMqwERpJ+B8YTmJl0MrrznPLPOUoaYqgJl5aqFww0zDNpbbtW6qDoQE85VRjEmchfbLae8s9q6eWW+CfNh0+7bwBPNTaPVq/FKfge4aR0GwA+ggzS9kPoLRPBM= nicolas@selenimh
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCnkhcQ/nU9Hg89N7PHERLzEhZ68xnOkA4Vt2Tr6PFjsnOVECAaRc2dSFyB4Y7Q+R15UtXcHVVGXI99dJvI/sYS6x1WB86c61ZvcozEglJRMgyaoDD19kPHa8tMeARH9PKCII1amLcOov7/VjGUl9KzJl0HQHp5bFSqsiKvAlu60RvYY7+ktI8qKpZ1UV79K6fNyM792lAFpHT1hk8zzkUDw55VgEd2q4idmaTEbNHjHMsBV0W2zRN+/Ww9jlqQzTtnHkrbI2qw37y9jjUYrks0WKekeazN2E2t7XkyAzrJIKEG3atXgQMF2q2NN01MltpYqs4lzXXuOun8IqDiuSf samylaptop@samylaptop
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBqbk6oj2cjy+JngZBuxpXEix5AAOuQpv3F/WwC0uMJcf0Xm0+N+IjSKoaNn4ksbfoqH7U4zraNBELDbYx+Gizncn5c3q4Qe0N6UjP9GDJx61eUlxby0P1+O3HFqtwCAnel7fRPpKSRqIJgTB6JiESY/PNvqSgmxffVz/uTUetNlTnKtoVnEU0v+K+NEtEGQw5eWTBR3biKDyFoJQQn8cEfHDArR6t4MxjpD6SOMG1OXAbreIvrrRtYLv/6KoX2RjNNPu4XOU/+V8oBMDLvs6rxDRBPM+htc1rXYRxgnioLZ3k8U3p16xl6Au1mI6Mf4mGTR1hJlkpFDOo4bxj/qxoId1vhvEYzKxpa5stDJ1KNsWtSoNID9vv8npFvULkiV1ttn7NPK34H1kmU7//7pCYe9eETi6/NKzEt15U77jJ4h+1RwCRsMZ4Ul09RFO0YhAwiUBWQuO4D3i0RxPMgn631vW61+k3hEeQH2Z9fjHwEy/1a8c+4ZqxUtIB4jInn3HUgjdmlyjX1nZipz5je5LcEl+EN+icsgL4hdgAvcOBVmod0AApc/Y3awyNyEfXKnIGn3tjakdKGpaQ2FQuFkF9us149hnBX0JinGMNL0TjlavDuOUcqSxnzuq30vSkXOBeFywcPy04yO/YVXIWUNvkj3ZH97A9rJS5AbUdoPnA9Q== julien@nuc01
EOF
cat > extra_files/etc/shadow <<EOF
root:$root_password:15980:0:99999:7:::
daemon:*:0:0:99999:7:::
ftp:*:0:0:99999:7:::
network:*:0:0:99999:7:::
nobody:*:0:0:99999:7:::
dnsmasq:x:0:0:99999:7:::
EOF
cat > extra_files/etc/rc.local <<EOF
# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.
# generated on $(date)
# generated from $(hostname):$(stat -c'%N %y' $0)
[ -x /etc/rc.initconf ] && /etc/rc.initconf >/var/log/initconf.log 2>&1
exit 0
EOF
cat > extra_files/etc/rc.initconf <<EOF
echo "uci set wireless.default_radio0.key='*****************'"
uci set wireless.default_radio0.key='$wireless_key'
set -v
uci set wireless.default_radio0.ssid='$wireless_ssid'
uci set wireless.default_radio0.encryption='psk2'
uci set wireless.default_radio0.wpa_disable_eapol_key_retries='1'
uci set wireless.radio0.country='FR'
uci set wireless.radio0.txpower='$wireless_txpower'
uci set wireless.radio0.distance='30'
uci set wireless.radio0.disabled='0'
uci set system.@system[0].zonename='Europe/Paris'
uci set system.@system[0].timezone='CET-1CEST,M3.5.0,M10.5.0/3'
uci set system.@system[0].log_ip='$logserv'
uci delete dhcp.lan.dhcpv6
uci set luci.main.lang='fr'
rm /etc/rc.initconf
uci commit
wifi
EOF
chmod +x extra_files/etc/rc.initconf
cat > extra_files/etc/config/network <<EOF
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
config interface 'lan'
option type 'bridge'
option ifname 'eth0'
option proto 'static'
option ipaddr '$lanip4addr'
option netmask '255.255.255.0'
option ip6addr '$lanip6addr'
config interface 'wan'
option ifname 'eth1'
option _orig_ifname 'eth1'
option _orig_bridge 'false'
option proto 'static'
option ipaddr '$wanip4addr'
option netmask '$wanip4mask'
option dns '$dnslist'
option ip6addr '$wanip6addr'
option ip6gw '$wanip6gw'
option gateway '$wanip4gw'
config interface 'wan6'
option ifname 'eth1'
option _orig_ifname 'eth1'
option _orig_bridge 'false'
option proto 'static'
option ip6addr '$wanip6ll'
config switch
option name 'eth0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 4 0'
EOF
cat > extra_files/etc/config/dropbear <<EOF
config dropbear
option PasswordAuth 'off'
option Port '22'
EOF
cat > extra_files/etc/firewall.user <<EOF
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
ip6tables -A input_wan_rule -s fe80::/10 -d fe80::/10 -p tcp -m tcp --dport 22 -m comment --comment "CHD-allow-ssh-maj-routeur" -j ACCEPT
EOF
cat > extra_files/etc/sysctl.d/dad.conf <<EOF
net.ipv6.conf.eth1.accept_dad=0
EOF
#######################
# Build Openwrt image #
#######################
make clean
make image PROFILE=$profile PACKAGES="$PACKAGES" FILES="extra_files/" V=99
res=$?
echo
if [ $res -eq 0 ]
then echo "Image ready: "
ls -la bin/targets/ar71xx/generic/*ar71xx-generic-tl-*-v*-squashfs-*
echo
else echo "Something went wrong, sorry"
fi
echo -n "$0 - " ; date
exit $res
|
