path: root/build-openwrt.sh

#!/bin/bash
#
# Work derived from ./quick_740n_ttn_bb.sh (Laurent Guerby <laurent@guery.net>)
#
# Copyright 2016 Ludovic Pouzenc <ludovic@pouzenc.fr>
#
# CHD OpenWRT is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# CHD OpenWRT is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with CHD OpenWRT.  If not, see <http://www.gnu.org/licenses/>.
#
echo -n "$0 - " ; date

# Directories and source file URL
BUILD_DIR=${BUILD_DIR:-./build}
CACHE_DIR=${CACHE_DIR:-.}
ORIG_TARBALL=OpenWrt-ImageBuilder-15.05-ar71xx-generic.Linux-x86_64.tar.bz2
ORIG_URL=http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/$ORIG_TARBALL
PACKAGES="luci luci-mod-admin-full ip" # Base packages
PACKAGES="$PACKAGES luci-i18n-base-en luci-i18n-firewall-en luci-i18n-base-fr luci-i18n-firewall-fr" # internationnalisation
PACKAGES="$PACKAGES miniupnpd luci-app-upnp luci-i18n-upnp-fr" # Extra packages
PACKAGES="$PACKAGES kmod-ledtrig-default-on kmod-ledtrig-netdev kmod-ledtrig-timer kmod-ledtrig-usbdev kmod-leds-gpio" # Additionnal kernel modules
PACKAGES="$PACKAGES -kmod-ppp -kmod-pppoe -kmod-pppox" # Unusefull kernel modules
PACKAGES="$PACKAGES -luci-proto-ppp -ppp -ppp-mod-pppoe -odhcp6c" # Unusefull packages

# Argument parsing
if [ $# -lt 8 -o $# -gt 9 ]
then	echo "Usage: $0 <profile> <ip4pub> <lanip4addr> <ip6prefix> <root_passwd> <wireless_ssid> <wireless_key> <wireless_txpower> [wanip4addr]"
	exit 1
fi

dnslist="185.131.40.1 fe80::31"

profile=$1
case "$profile" in
	TLWR740|TLWR841)
		;;
	*)	echo "Unsupported profile '$profile', should be TLWR740 or TLWR841"
		exit 2
		;;
esac

ip4pub=$2
case "$ip4pub" in
   185.131.40.*) ;;
   185.131.41.*) ;;
   *) echo "Unknown Ip4 $ip4pub"; exit 3;;
esac

lanip4addr=$3
ip6prefix=$4
wanip6addr=${ip6prefix}1/56
lanip6addr=${ip6prefix%%0::}1::1/64
wanip6ll=$(echo $ip6prefix | sed -e 's#.*:\(....:....\)::$#fe80::\1/64#')

if [ '$1$' = "${5:0:3}" ]
then	root_password=$5
else	root_password=$(mkpasswd -5 "$5")
fi

wireless_ssid=$6
wireless_key=$7
case $8 in
	-1)						wireless_disabled=1;	wireless_txpower=10 ;;
	0|1|2|3|4|5|6|7|8|9|10|11|12|13|14|15|16)	wireless_disabled=0;	wireless_txpower=$8 ;;
	*)						echo "Unknown txpower '$8'"; exit 4 ;;
esac

wanip4addr=${9:-'no-nat'}
case "$wanip4addr" in
	172.16.20.*|172.16.21.*) wanip4mask=255.255.0.0;   wanip4gw=172.16.0.254 ;;
	*)   wanip4addr=$ip4pub; wanip4mask=255.255.254.0; wanip4gw=185.131.40.1 ;;
esac

wanip6gw=fe80::31

cat <<EOF
wanip4addr: $wanip4addr
wanip6addr: $wanip6addr
lanip6addr: $lanip6addr
wanip6ll:   $wanip6ll
root_password: $root_password


EOF

#########################
# Prepare image builder #
#########################
if [ ! -f "$BUILD_DIR/Makefile" ]; then
	if [ ! -s "$CACHE_DIR/$ORIG_TARBALL" ] ; then
		wget -O "$CACHE_DIR/$ORIG_TARBALL" "$ORIG_URL"
	fi
	tar -x -C "$BUILD_DIR/" --strip-components=1 -f "$CACHE_DIR/$ORIG_TARBALL"
fi

cd "$BUILD_DIR/" || exit 5

mkdir -p extra_files/etc/config extra_files/etc/dropbear extra_files/etc/hotplug.d/button

###############################
# Prepare Openwrt config file #
###############################

# Use local replication of repositories
cat > repositories.conf <<"EOT"
## Place your custom repositories here, they must match the architecture and version.
# src/gz chaos_calmer http://downloads.openwrt.org/chaos_calmer/15.05/ar71xx/generic/packages
# src custom file:///usr/src/openwrt/bin/ar71xx/packages

## Remote package repositories
src/gz chaos_calmer_base http://localhost/openwrt/chaos_calmer/15.05/ar71xx/generic/packages/base
src/gz chaos_calmer_luci http://localhost/openwrt/chaos_calmer/15.05/ar71xx/generic/packages/luci
src/gz chaos_calmer_packages http://localhost/openwrt/chaos_calmer/15.05/ar71xx/generic/packages/packages
src/gz chaos_calmer_routing http://localhost/openwrt/chaos_calmer/15.05/ar71xx/generic/packages/routing
src/gz chaos_calmer_telephony http://localhost/openwrt/chaos_calmer/15.05/ar71xx/generic/packages/telephony
src/gz chaos_calmer_management http://localhost/openwrt/chaos_calmer/15.05/ar71xx/generic/packages/management

## This is the local package repository, do not remove!
src imagebuilder file:packages
EOT

cat > extra_files/etc/dropbear/authorized_keys <<EOF
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCuRKy/uRhwFvR3JrCp2NKY0HUPl0m7INUjY9wemmEGA6pSH/9zb+MLX9ZfuDVo6gkMI2YZzdpwAZ7KE2tajDXHHl+KiycY3lcQizgQt3usxf7Eqz3pTWtZBOjrHs3hRloPugg8KXA8Sxko03f68v8lfUw+Kj4LHmnnozJc8Hxde3GjkFbyL9c9Z5rSYG82H217RWaSDnjYso9wyBZYkjTe6vu88fWls3+ZL8p8NdrgqMFO7C+zV38Mgk/G3PkC9SYdobgy58Cm/06jehWonuafZ6bXTH1J3qjogbcGfewNx4H4E7Lf1nl6UTdbAC24tZu3c/UXZQzND+yRRK1r0zen lpouzenc@ttn
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDpqlz2pyiBoGnC7FgnyXrb012hnnLFL0I0RColS/fLzJT4VL8t3/hPFy/Jbl4tX28Yw5G+Mc0WFzZ+KS1ebmYqBcXi2OGNm65HGsEMGUa+67g8PP0t+2OPRN05gFR4Cf4HFro3FdDf/R4mZOf5+Z1Z8fAyIhQ34x/0sl+hnt/nqbOdNlOSqzqyQmmKtzUKSh2CiffajAW/sVfD3HAG1CCiy+Z88df1v7kQ/HdFhFqtjcHrWLO/zgQBOCf3SMrZpead1B13DXCQLMeI98i+VIRB+K6c71FMIGU1Ohp5/FRWtHJ+3nFqRsKOWbBI0SmeMnz9wXkG7FQ2CaDUvg7vB0AZ cyril@cyril-master
ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEAtfZ7UcydNGf5vpLgfvJRHs6Q08qKP1fIr8aXALg0+/pAlF5FEKMqwERpJ+B8YTmJl0MrrznPLPOUoaYqgJl5aqFww0zDNpbbtW6qDoQE85VRjEmchfbLae8s9q6eWW+CfNh0+7bwBPNTaPVq/FKfge4aR0GwA+ggzS9kPoLRPBM= nicolas@selenimh
EOF

cat > extra_files/etc/shadow <<EOF
root:$root_password:15980:0:99999:7:::
daemon:*:0:0:99999:7:::
ftp:*:0:0:99999:7:::
network:*:0:0:99999:7:::
nobody:*:0:0:99999:7:::
EOF

cat > extra_files/etc/rc.local <<EOF
# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.

# generated on $(date)
# generated from $(hostname):$(stat -c'%N %y' $0)

exit 0
EOF

cat > extra_files/etc/config/network <<EOF
config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config interface 'lan'
	option ifname 'eth0'
	option type 'bridge'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '$lanip4addr'
	option ip6addr '$lanip6addr'

config interface 'wan'
	option ifname 'eth1'
	option _orig_ifname 'eth1'
	option _orig_bridge 'false'
	option proto 'static'
	option ipaddr '$wanip4addr'
	option netmask '$wanip4mask'
	option dns '$dnslist'
	option ip6addr '$wanip6addr'
	option ip6gw '$wanip6gw'

config switch
	option name 'eth0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'eth0'
	option vlan '1'
	option ports '0 1 2 3 4'

config interface 'wan6'
	option proto 'static'
	option ifname 'eth1'
	option send_rs '0'
	option ip6addr '$wanip6ll'

config route
        option interface 'wan'
        option onlink '1'
        option target '0.0.0.0/0'
        option gateway '$wanip4gw'
EOF


cat > extra_files/etc/config/wireless <<EOF
config wifi-device 'radio0'
	option type 'mac80211'
        option phy  'phy0'
	option channel '11'
	option hwmode '11ng'
	option htmode 'HT20'
	list ht_capab 'SHORT-GI-20'
	list ht_capab 'SHORT-GI-40'
	list ht_capab 'RX-STBC1'
	list ht_capab 'DSSS_CCK-40'
	option country 'FR'
	option txpower '$wireless_txpower'

config wifi-iface
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid '$wireless_ssid'
	option encryption 'psk2'
	option key '$wireless_key'
	option disabled '$wireless_disabled'
EOF

cat > extra_files/etc/config/dhcp <<EOF
config dnsmasq
	option domainneeded	1
	option boguspriv	1
	option filterwin2k	0  # enable for dial on demand
	option localise_queries	1
	option rebind_protection 1  # disable if upstream must serve RFC1918 addresses
	option rebind_localhost 1  # enable for RBL checking and similar services
	option local	'/lan/'
	option domain	'lan'
	option expandhosts	1
	option nonegcache	0
	option authoritative	1
	option readethers	1
	option leasefile	'/tmp/dhcp.leases'
	option resolvfile	'/tmp/resolv.conf.auto'

config dhcp lan
	option interface	lan
	option start 		100
	option limit		150
	option leasetime	12h
	option dhcpv6		disabled
	option ra server

config dhcp wan
	option interface	wan
	option ignore		1
EOF

cat > extra_files/etc/config/dropbear <<EOF
config dropbear
	option PasswordAuth 'off'
	option Port '22'
EOF

cat > extra_files/etc/config/firewall <<EOF
config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'wan'
	option network 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fe80::/10'
	option src_port '547'
	option dest_ip 'fe80::/10'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option target 'ACCEPT'
	option src 'wan'
	option proto 'tcp'
	option dest_port '22'
	option family 'ipv6'
	option dest_ip 'fe80::/10'
	option name 'Allow-ssh-maj-routeur'

config include
	option path '/etc/firewall.user'
EOF

cat > extra_files/etc/config/upnpd <<EOF
config upnpd 'config'
	option download '1024'
	option upload '512'
	option internal_iface 'lan'
	option port '5000'
	option upnp_lease_file '/var/upnp.leases'
	option uuid 'acae4394-2186-4d96-92d1-b2c8d0819f37'
	option enable_upnp '0'
	option enable_natpmp '0'

config perm_rule
	option action 'allow'
	option ext_ports '1024-65535'
	option int_addr '0.0.0.0/0'
	option int_ports '1024-65535'
	option comment 'Allow high ports'

config perm_rule
	option action 'deny'
	option ext_ports '0-65535'
	option int_addr '0.0.0.0/0'
	option int_ports '0-65535'
	option comment 'Default deny'
EOF

cat > extra_files/etc/hotplug.d/button/01onoff <<"EOF"
#!/bin/sh

[ "$BUTTON" = "wps" ] && [ "$ACTION" = "pressed" ] && {
 SW=$(uci get wireless.@wifi-device[0].disabled)
 [ $SW == '0' ] && uci set wireless.@wifi-device[0].disabled=1
 [ $SW == '0' ] || uci set wireless.@wifi-device[0].disabled=0
 wifi
}
EOF

#######################
# Build Openwrt image #
#######################

# Bug fix for RC3 (make clean forget things)
#if [ -d $BUILD_DIR/build_dir/target-mips_34kc_uClibc-0.9.33.2/linux-ar71xx_generic/tmp ]
#then	rm -r $BUILD_DIR/build_dir/target-mips_34kc_uClibc-0.9.33.2/linux-ar71xx_generic/tmp
#fi

make clean
make image PROFILE=$profile PACKAGES="$PACKAGES" FILES="extra_files/"
res=$?

echo
if [ $res -eq 0 ]
then	echo "Image ready: "
	ls -la bin/ar71xx/openwrt-*-ar71xx-generic-tl-*-v[49]-squashfs-*
	echo
else	echo "Something went wrong, sorry"
fi

echo -n "$0 - " ; date
exit $res