Most of the entries in /etc/sysupgrade.conf are generated by a
uci-defaults script in the fff-sysupgrade package. The only entry
added in a different place is rc.local.fff_userconfig.
Consolidate all entries to be added by the uci-defaults script in
fff-sysupgrade.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Currently there is no way to persistently configure firewall rules on a
router. This might be desirable as home-use of the Freifunk network is
quite common these days.
To allow for the most flexibility while keeping maintenance efforts low,
add a persistent, user-customizable nftables hook. It is evaluated after
all firewall rules have already been configured, so it is possible to
override them.
Users of this hook are responsible for keeping up with changes to the
firmware and modify it appropriately, before updating the system.
Fixes: #314
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Dropbear supports ed25519 keys since OpenWrt 21.02.
Also, ecdsa is supported since v19.07, but disabled in our firmware.
Keep the generated ed25519 and ecdsa host key accross upgrades.
While at it, remove dss host keys, as they are not supported anymore.
5eb7864aadd5 ("dropbear: rewrite init script startup logic to handle both host key files")
8a7a93947004 ("dropbear: remove generation and configuration of DSS keys")
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
The SPDX license identifier provides a standardized way for specifying
licenses that is both human- and machine-readable. It is used upstream
both in OpenWrt and the Linux kernel.
Replace licenses in our repository by those identifiers.
The full-text licenses corresponding to these identifiers are
provided in the LICENSES folder.
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Acked-by: Fabian Bläse <fabian@blaese.de>
uci-defaults scripts are supposed to be run once after firstboot
and then removed. However, the removal only takes place if the
subshell created for the sourced scripts returns exit code 0.
For some of the files, the last command returned a different exit
code, though, leading to the script remaining in its location and
being executed for every boot.
To prevent cases like the latter, this adds an "exit 0" to all
uci-defaults files in our package store. While at it, remove the
shebang for all these files since they are sourced (and not
executed).
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Fabian Bläse <fabian@blaese.de>
User configuration for layer3 firmware is stored in
/etc/config/gateway. To preserve this file across updates it
is added to sysupgrade.conf
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
To reduce the number of possible corner cases
in the first keyxchangev2 release, this patch
removes the sector file with the intention to
add it back after release.
Signed-off-by: Fabian Bläse <fabian@blaese.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Robert Langhammer <rlanghammer@web.de>
Tested-by: Fabian Bläse <fabian@blaese.de>
Add a complete hoodfile to /etc/hoodfile to use only this file
Signed-off-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
- Changed according to Adrian's review
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
This moves the FFF configuration from
/etc/config/system to a new file /etc/config/fff. Thus,
this file can be copied as a whole during upgrade (with
compatibility provided) and then resulting values in
other files are re-set later.
This also fixes the bandwidth settings not being persistent
during upgrade. Other settings may join ...
I tried to go through all the code and update all occurrences
of the relevant system variables (looking for "system" both
in GitHub and my local src folder).
Note that a downgrade will result in loss of configuration!
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
- Rebased
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
This writes CLIENT/BATMAN/WAN port configurations for devices
with switches to a separate file. This file can be changed
based on the desired setup and is then preserved during
firmware upgrade. In case of a future bugfix concerning the
entries of a specific network.* file, this will still be
effective as only the port configurations reside in the
new file, while the other settings could be overwritten by
the upgrade.
For one- and two-port devices, adjustments have been made so
that their relevant settings also reside in the new file now.
This also adds a WebUI interface for setting the two-port
devices (CPE210 and CPE510).
Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Tested-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
Reviewed-by: Tim Niemeyer <tim@tn-x.org>
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
- Changed doc in network.mode
Unfortunately the sysupgrade.conf is installed by base-files. The installed file
just contains examples and will be overwritten with this.
Signed-off-by: Tim Niemeyer <tim@tn-x.org>
Reviewed-by: Christian Dresel <fff@chrisi01.de>
Reviewed-by: Jan Kraus <mayosemmel@gmail.com>
Fabian Bläse
Adrian Schmutzler
Christian Dresel
Tim Niemeyer