Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
No results found
Show changes
Commits on Source (24)
Hide whitespace changes
Inline Side-by-side
Showing
with 433 additions and 24 deletions
.gitconfig 0 → 100644
View file @ 69c1f007
# To use this config run: git config --local include.path ../.gitconfig
# You also need bash to interpret hooks and scripts
[core]
hooksPath = .githooks
[alias]
new-mr = "!.gitscripts/new-mr"
new-branch = "!.gitscripts/new-branch"
[sendemail]
to = packaging@turris.com
.githooks/pre-push 0 → 100755
View file @ 69c1f007
#!/bin/bash
set -eu
server="gitlab.nic.cz"
server_old="gitlab.labs.nic.cz"
zero_sha1="0000000000000000000000000000000000000000"
compare_ancestors() {
local local_hash="$1"
[[ "$local_hash" != "$zero_sha1" ]] || return 0 # ignore removals
local correct_base invalid_base_a invalid_base_b
correct_base="$(git merge-base "$local_hash" "$2")"
invalid_base_a="$(git merge-base "$local_hash" "$3")"
invalid_base_b="$(git merge-base "$local_hash" "$4")"
git merge-base --is-ancestor "$correct_base" "$invalid_base_a" \
&& git merge-base --is-ancestor "$correct_base" "$invalid_base_b"
}
remote_name="$1"
remote_url="$2"
if [[ "$remote_url" != *$server* && "$remote_url" != *$server_old* ]]; then
# We are interested only in pushes to our server
exit 0
fi
push_hbk=
push_hbl=
push_hbd=
while read -r local_ref local_sha1 remote_ref remote_sha1; do
if [[ "$local_sha1" = "$zero_sha1" ]]; then
# Always allow removal of branches
continue
fi
remote_ref="${remote_ref#refs/heads/}"
case "$remote_ref" in
hbk)
push_hbk="$local_sha1"
;;
hbl)
push_hbl="$local_sha1"
;;
hbd)
push_hbd="$local_sha1"
;;
hotfix/*)
if compare_ancestors "$local_sha1" hbk hbl hbd; then
echo "Reference has invalid ancestor, please base it on top of hbk: $local_ref" >&2
exit 1
fi
;;
feature/*|bugfix/*|refactor/*|hack/*)
if compare_ancestors "$local_sha1" hbl hbk hbd; then
echo "Reference has invalid ancestor, please base it on top of hbl: $local_ref" >&2
exit 1
fi
;;
majorfeature/*|fix/*|majorrefactor/*|majorhack/*)
if compare_ancestors "$local_sha1" hbd hbk hbl; then
echo "Reference has invalid ancestor, please base it on top of hbd: $local_ref" >&2
exit 1
fi
;;
*)
# We terminate push only if this tries to create new branch of invalid
# name. This allows push to existing branches.
if [[ "$remote_sha1" = "$zero_sha1" ]]; then
echo "Creation of new branch of this name is not allowed: $remote_ref" >&2
exit 1
fi
;;
esac
done
if [[ -n "$push_hbk" || -n "$push_hbl" ]]; then
if [[ -z "$push_hbd" ]]; then
if [[ -n "$push_hbk" ]]; then
echo "HBL and HBD branches have to be always updated with HBK branch." >&2
else
echo "HBD branch has to be always updated with HBL branch." >&2
fi
echo "Push all of them at the same time with: git push origin hbk hbl hbd" >&2
exit 1
fi
if [[ -n "$push_hbk" ]]; then
if ! git merge-base --is-ancestor "$push_hbk" "$push_hbl"; then
echo "Tip commit of HBK is not merged to HBL branch." >&2
exit 1
fi
if ! git merge-base --is-ancestor "$push_hbk" "$push_hbd"; then
echo "Tip commit of HBK is not merged to HBD branch." >&2
exit 1
fi
else
if ! git merge-base --is-ancestor "$push_hbl" "$push_hbd"; then
echo "Tip commit of HBL is not merged to HBD branch." >&2
exit 1
fi
fi
fi
.gitscripts/new-branch 0 → 100755
View file @ 69c1f007
#!/bin/bash
branch_name="$1"
branch_base="$2"
branch_desig="$3"
valid_base() {
[[ "$1" == "hbk" || "$1" == "hbl" || "$1" == "hbd" ]]
}
valid_desig() {
local base="$1"
local desig="$2"
case "$base" in
hbk)
[[ "$desig" = "hotfix" ]]
return
;;
hbl)
[[ "$desig" =~ ^(bugfix|feature|refactor|hack)$ ]]
return
;;
hbd)
[[ "$desig" =~ ^(fix|majorfeature|majorrefactor|majorhack)$ ]]
return
;;
*)
return 1
;;
esac
}
while [[ -z "$branch_name" ]]; do
read -r -p "Branch name: " branch_name
done
while ! valid_base "$branch_base"; do
read -r -p "Branch base (hb[k]/hb[l]/hb[d]): " branch_base
case "$branch_base" in
k)
branch_base="hbk"
;;
l)
branch_base="hbl"
;;
d)
branch_base="hbd"
;;
esac
done
while ! valid_desig "$branch_base" "$branch_desig"; do
case "$branch_base" in
hbk)
branch_desig="hotfix"
continue
;;
hbl)
read -r -p "Branch designation (bugfix/feature/refactor/hack): " \
branch_desig
case "$branch_desig" in
b|bug|fix)
branch_desig="bugfix"
;;
f)
branch_desig="feature"
;;
r|ref)
branch_desig="refactor"
;;
h)
branch_desig="hack"
;;
esac
;;
hbd)
read -r -p "Branch designation (fix/majorfeature/majorrefactor/majorhack): " \
branch_desig
case "$branch_desig" in
b|bug|bugfix)
branch_desig="fix"
;;
f|feature)
branch_desig="majorfeature"
;;
r|ref|refactor)
branch_desig="majorrefactor"
;;
h|hack)
branch_desig="majorhack"
;;
esac
;;
esac
done
branch="$branch_desig/$branch_name"
echo "Creating branch: $branch"
git branch "$branch" "$branch_base"
git switch "$branch"
.gitscripts/new-mr 0 → 100755
View file @ 69c1f007
#!/bin/bash
repo="https://gitlab.nic.cz/turris/turris-build"
cur_branch="$(git branch --show-current)"
open_merge_request() {
local target="$1"
local url="$repo/-/merge_requests/new?merge_request%5Bsource_branch%5D=$cur_branch&merge_request%5Btarget_branch%5D=$target"
if command -v xdg-open >/dev/null; then
xdg-open "$url"
else
echo "Open following URL to create merge request for branch: $cur_branch"
echo "$url"
fi
}
case "$cur_branch" in
hbk)
echo "hbk branch is the most stable branch. There is no merge target for it." &2
exit 1
;;
hbl|hbd)
echo "$cur_branch branch is merged only on new Turris OS release." >&2
exit 1
;;
hotfix/*)
open_merge_request hbk
;;
feature/*|bugfix/*|refactor/*|hack/*)
open_merge_request hbl
;;
majorfeature/*|fix/*|majorrefactor/*|majorhack/*)
open_merge_request hbd
;;
*)
echo "Merge requests are not supported for this branch." >&2
;;
esac
NEWS
View file @ 69c1f007
......@@ -18,7 +18,10 @@
5.1.9
-----
* Based on the latest OpenWrt 19.07.7
* Updated kernel to version 4.14.221
* Fixed Baron Samedit sudo vulnerability - CVE-2021-3156
* Fixed wolfSSL vulnerabilities - CVE-2021-3336 and CVE-2020-36177
5.1.8
-----
......
compile_pkgs
View file @ 69c1f007
......@@ -244,7 +244,7 @@ checkout() {
OPENWRT_URL="$GIT_MIRROR/openwrt"
fi
rm -rf .git
git init
git init --initial-branch=master
git remote add origin "$OPENWRT_URL"
if [ -z "$GIT_MIRROR" -a "${OPENWRT_BRANCH:0:1}" = "#" ]; then
# If we are downloading directly from server we can't fetch specific
......
configs/common/basic_settings
View file @ 69c1f007
......@@ -28,3 +28,7 @@ CONFIG_CCACHE=y
CONFIG_TOOLCHAINOPTS=y
CONFIG_MUSL_DISABLE_CRYPT_SIZE_HACK=y
CONFIG_FSTOOLS_MMC_IS_MTD=y
# Disable failsafe as we have rescue for that purpose
CONFIG_PREINITOPT=y
CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE=y
feeds.conf
View file @ 69c1f007
......@@ -8,6 +8,5 @@ src-git packages https://git.openwrt.org/feed/packages.git;openwrt-19.07
src-git luci https://git.openwrt.org/project/luci.git;openwrt-19.07
src-git routing https://git.openwrt.org/feed/routing.git;openwrt-19.07
src-git telephony https://git.openwrt.org/feed/telephony.git;openwrt-19.07
src-git openwisp https://github.com/openwisp/openwisp-config.git
src-git sidn https://github.com/SIDN/sidn_openwrt_pkgs.git
src-git cesnet https://github.com/CESNET/Nemea-OpenWRT.git
generate_medkits
View file @ 69c1f007
......@@ -25,6 +25,7 @@ output_path=
board="omnia"
branch="$PUBLISH_BRANCH"
updater_branch=
[ "$PUBLISH_BRANCH" != "hbs" ] && updater_branch="$PUBLISH_BRANCH"
sign_key=
while [ $# -gt 0 ]; do
case "$1" in
......
lists/pkglists/datacollect.lua.m4
View file @ 69c1f007
include(utils.m4)dnl
_FEATURE_GUARD_
Install("reforis-data-collection-plugin", { priority = 40 })
if not options or options.survey ~= false then
Install("turris-survey", { priority = 40 })
end
......
patches/openwrt/backport/0007-openvpn-openvpn-Support-username-and-password-options.patch 0 → 100644
View file @ 69c1f007
From d7b06b8a204e5c70b9b3c076230808ee1765a4db Mon Sep 17 00:00:00 2001
From: Michal Hrusecky <michal.hrusecky@turris.com>
Date: Mon, 16 Nov 2020 14:34:19 +0100
Subject: [PATCH] openvpn: Support username and password options
Some VPN providers require username and password for client to connect.
This commit adds an option to specify username, password and
cert_password directly in uci config which then gets expanded during
start of openpvn client.
Signed-off-by: Michal Hrusecky <michal.hrusecky@turris.com>
---
package/network/services/openvpn/Makefile | 2 +-
.../services/openvpn/files/openvpn.config | 7 ++++
.../services/openvpn/files/openvpn.init | 39 +++++++++++++++++--
3 files changed, 44 insertions(+), 4 deletions(-)
diff --git a/package/network/services/openvpn/Makefile b/package/network/services/openvpn/Makefile
index 1d5c5a7..711aef5 100644
--- a/package/network/services/openvpn/Makefile
+++ b/package/network/services/openvpn/Makefile
@@ -10,7 +10,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=openvpn
PKG_VERSION:=2.4.7
-PKG_RELEASE:=4
+PKG_RELEASE:=5
PKG_SOURCE_URL:=\
https://build.openvpn.net/downloads/releases/ \
diff --git a/package/network/services/openvpn/files/openvpn.config b/package/network/services/openvpn/files/openvpn.config
index 1fd846f..b62d5f2 100644
--- a/package/network/services/openvpn/files/openvpn.config
+++ b/package/network/services/openvpn/files/openvpn.config
@@ -9,6 +9,13 @@ config openvpn custom_config
# Set to 1 to enable this instance:
option enabled 0
+ # Credentials to login
+ #option username 'login'
+ #option password 'password'
+
+ # Password for client certificate
+ #option cert_password 'cert_password'
+
# Include OpenVPN configuration
option config /etc/openvpn/my-vpn.conf
diff --git a/package/network/services/openvpn/files/openvpn.init b/package/network/services/openvpn/files/openvpn.init
index a454eb4..f100f40 100644
--- a/package/network/services/openvpn/files/openvpn.init
+++ b/package/network/services/openvpn/files/openvpn.init
@@ -69,6 +69,14 @@ section_enabled() {
[ $enable -gt 0 ] || [ $enabled -gt 0 ]
}
+create_temp_file() {
+ mkdir -p "$(dirname "$1")"
+ rm -f "$1"
+ touch "$1"
+ chown root "$1"
+ chmod 0600 "$1"
+}
+
openvpn_get_dev() {
local dev dev_type
local name="$1"
@@ -103,6 +111,31 @@ openvpn_get_dev() {
echo "--dev-type $dev_type --dev $dev"
}
+openvpn_get_credentials() {
+ local name="$1"
+ local ret=""
+
+ config_get cert_password "$name" cert_password
+ config_get password "$name" password
+ config_get username "$name" username
+
+ if [ -n "$cert_password" ]; then
+ create_temp_file /var/run/openvpn.$name.pass
+ echo "$cert_password" > /var/run/openvpn.$name.pass
+ ret=" --askpass /var/run/openvpn.$name.pass "
+ fi
+
+ if [ -n "$username" ]; then
+ create_temp_file /var/run/openvpn.$name.userpass
+ echo "$username" > /var/run/openvpn.$name.userpass
+ echo "$password" >> /var/run/openvpn.$name.userpass
+ ret=" --auth-user-pass /var/run/openvpn.$name.userpass "
+ fi
+
+ # Return overrides
+ echo "$ret"
+}
+
openvpn_add_instance() {
local name="$1"
local dir="$2"
@@ -118,7 +151,8 @@ openvpn_add_instance() {
--up "/usr/libexec/openvpn-hotplug up $name" \
--down "/usr/libexec/openvpn-hotplug down $name" \
--script-security "${security:-2}" \
- $(openvpn_get_dev "$name" "$conf")
+ $(openvpn_get_dev "$name" "$conf") \
+ $(openvpn_get_credentials "$name" "$conf")
procd_set_param file "$dir/$conf"
procd_set_param term_timeout 15
procd_set_param respawn
@@ -150,8 +184,7 @@ start_instance() {
return
fi
- [ ! -d "/var/etc" ] && mkdir -p "/var/etc"
- [ -f "/var/etc/openvpn-$s.conf" ] && rm "/var/etc/openvpn-$s.conf"
+ create_temp_file "/var/etc/openvpn-$s.conf"
append_bools "$s" $OPENVPN_BOOLS
append_params "$s" $OPENVPN_PARAMS
--
2.30.0
patches/openwrt/hack/0001-base-files-do-not-automatically-activate-services-an.patch
View file @ 69c1f007
From de666f4def6d0f7cae94a62429d4ace0ff106528 Mon Sep 17 00:00:00 2001
From 68d617a62d8312ea9b90780db2a638c0e093b927 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= <karel.koci@nic.cz>
Date: Tue, 29 May 2018 16:13:18 +0200
Subject: [PATCH] base-files: do not automatically activate services and
......@@ -15,9 +15,9 @@ Signed-off-by: Karel Kočí <karel.koci@nic.cz>
Signed-off-by: Josef Schlehofer <josef.schlehofer@nic.cz>
---
package/base-files/Makefile | 11 ++++
package/base-files/files/etc/services_wanted | 57 ++++++++++++++++++++
package/base-files/files/etc/services_wanted | 58 ++++++++++++++++++++
package/base-files/files/lib/functions.sh | 16 +++---
3 files changed, 77 insertions(+), 7 deletions(-)
3 files changed, 78 insertions(+), 7 deletions(-)
create mode 100644 package/base-files/files/etc/services_wanted
diff --git a/package/base-files/Makefile b/package/base-files/Makefile
......@@ -44,13 +44,14 @@ index 0a7c2bc..4a80593 100644
-include $(PLATFORM_SUBDIR)/base-files.mk
diff --git a/package/base-files/files/etc/services_wanted b/package/base-files/files/etc/services_wanted
new file mode 100644
index 0000000..3b4a8f0
index 0000000..cc74025
--- /dev/null
+++ b/package/base-files/files/etc/services_wanted
@@ -0,0 +1,57 @@
@@ -0,0 +1,58 @@
+asm1062-fix
+atd
+atlas
+atsha204-feed-entropy
+boot
+cron
+cups
......@@ -134,5 +135,5 @@ index 860fc04..213e2c2 100755
return $ret
--
2.28.0
2.30.0
patches/openwrt/hack/0016-hostapd-restart-network-on-wpad-install.patch 0 → 100644
View file @ 69c1f007
From fdaec362fea3f1520a81e6ca1f124714a2bbf158 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Karel=20Ko=C4=8D=C3=AD?= <cynerd@email.cz>
Date: Wed, 27 May 2020 11:37:13 +0200
Subject: [PATCH] hostapd: restart network on wpad install
When wpad binary is installed it triggers some kind of network reload
that ends with broken WiFi. The problem is probably somewhere else but
it makes sense to reload network when wpad is updated to load new
version. That also fixes problem with broken WiFi on that reload.
---
package/network/services/hostapd/Makefile | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
index 35ce85b..3998a47 100644
--- a/package/network/services/hostapd/Makefile
+++ b/package/network/services/hostapd/Makefile
@@ -591,6 +591,17 @@ ifeq ($(BUILD_VARIANT),supplicant-full-wolfssl)
endef
endif
+define Package/wpad/postinst
+#!/bin/sh
+[ -n "$$IPKG_INSTROOT" ] || /etc/init.d/network restart
+endef
+Package/wpad-basic/postinst = $(Package/wpad/postinst)
+Package/wpad-mini/postinst = $(Package/wpad/postinst)
+Package/wpad-openssl/postinst = $(Package/wpad/postinst)
+Package/wpad-wolfssl/postinst = $(Package/wpad/postinst)
+Package/wpad-mesh-openssl/postinst = $(Package/wpad/postinst)
+Package/wpad-mesh-wolfssl/postinst = $(Package/wpad/postinst)
+
$(eval $(call BuildPackage,hostapd))
$(eval $(call BuildPackage,hostapd-basic))
$(eval $(call BuildPackage,hostapd-mini))
--
2.26.2
patches/openwrt/to-upstream/0035-hostapd-backport-fixes-for-multiple-SSID-at-one-PHY-.patch
View file @ 69c1f007
......@@ -7,26 +7,12 @@ Fixed invalid mgmt frames at startup
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
---
package/network/services/hostapd/Makefile | 2 +-
...10-move-deauthentication-at-ap-start.patch | 55 +++++++++++++++++++
.../611-ignore-management-frames.patch | 32 +++++++++++
3 files changed, 88 insertions(+), 1 deletion(-)
create mode 100644 package/network/services/hostapd/patches/610-move-deauthentication-at-ap-start.patch
create mode 100644 package/network/services/hostapd/patches/611-ignore-management-frames.patch
diff --git a/package/network/services/hostapd/Makefile b/package/network/services/hostapd/Makefile
index 35ce85b3be..7a4e61e932 100644
--- a/package/network/services/hostapd/Makefile
+++ b/package/network/services/hostapd/Makefile
@@ -7,7 +7,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=hostapd
-PKG_RELEASE:=5
+PKG_RELEASE:=6
PKG_SOURCE_URL:=http://w1.fi/hostap.git
PKG_SOURCE_PROTO:=git
diff --git a/package/network/services/hostapd/patches/610-move-deauthentication-at-ap-start.patch b/package/network/services/hostapd/patches/610-move-deauthentication-at-ap-start.patch
new file mode 100644
index 0000000000..5694d3d5fc
......