mirror
/
openwrt-packages
mirror of https://git.openwrt.org/feed/packages.git
1
0
Fork 0
Code Releases Activity

Compare commits

base: mirror:726cadd2c574ca6271d17fb1310759526f548e9e
Branches Tags
mirror:master
mirror:openwrt-23.05
mirror:openwrt-22.03
mirror:openwrt-21.02
mirror:openwrt-19.07
mirror:openwrt-18.06
mirror:lede-17.01
mirror:for-15.05
mirror:for-14.07
mirror:v14.07
...
compare: mirror:ece60125949cb8a5a35b780fc4c8395edd41df51
Branches Tags
mirror:master
mirror:openwrt-23.05
mirror:openwrt-22.03
mirror:openwrt-21.02
mirror:openwrt-19.07
mirror:openwrt-18.06
mirror:lede-17.01
mirror:for-15.05
mirror:for-14.07
mirror:v14.07

40 Commits
726cadd2c5 ... ece6012594

Author SHA1 Message Date
Josef Schlehofer ece6012594
Merge fd03fc267e into 2c6d5adac0 2024-04-26 23:12:54 +02:00
Dirk Brenken 2c6d5adac0
banip: update 0.9.5-3 
* allow multiple protocol/port definitions per feed, e.g. 'tcp udp 80 443 50000'
* removed the default protocol/port limitation from asn feed

Signed-off-by: Dirk Brenken <dev@brenken.org>
 2024-04-26 17:03:33 +02:00
Josef Schlehofer 9d49df0dab syslog-ng: update to version 4.7.1 
Release notes:
- https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.7.0
- https://github.com/syslog-ng/syslog-ng/releases/tag/syslog-ng-4.7.1

Also bump version in the config file to avoid warning

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
 2024-04-26 13:41:49 +02:00
Josef Schlehofer 6d5e404a0c
Merge pull request #13619 from aparcar/no-circle 
CI: remove CircleCI for now
 2024-04-26 10:47:43 +02:00
Paul Spooren 26c101edc3 CI: remove CircleCI for now 
The GitHub CI offers currenlty more architecture and the Signed-of-by
test is covered via the DOC CI test. In case GitHub ever changes
policies, we can simply switch back.

Signed-off-by: Paul Spooren <mail@aparcar.org>
 2024-04-26 10:44:21 +02:00
Goetz Goerisch 8b08b29271 jool: update documentation 
* corrected the documentation links for upstream
* fixed style to be correctly rendered
* add reference to OpenWrt tutorial

Signed-off-by: Goetz Goerisch <ggoerisch@gmail.com>
 2024-04-26 15:46:37 +08:00
Stan Grishin f471b6b459
Merge pull request #23984 from stangri/master-adblock-fast 
adblock-fast: bugfix: unbound-related fixes
 2024-04-25 14:33:57 -07:00
Javier Marcet bb5e6e15ef docker-compose: Update to version 2.27.0 
Release notes:
https://github.com/docker/compose/releases/tag/v2.27.0

Signed-off-by: Javier Marcet <javier@marcet.info>
 2024-04-26 01:57:33 +08:00
Dirk Brenken 1721f4fb79
Merge pull request #23991 from friendly-bits/master-geoip-shell 
geoip-shell: update to v0.5.2
 2024-04-25 19:20:47 +02:00
Florian Eckert cb9fcdab8a libqmi: add missing PKG_VERSION for APK 
The 'PKG_VERSION' string was missing and only 'PKG_SOURCE_VERSION' string
was used.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
 2024-04-25 16:35:39 +02:00
Florian Eckert 6efdaecf5b libmbim: add missing PKG_VERSION for APK 
The 'PKG_VERSION' string was missing and only 'PKG_SOURCE_VERSION' string
was used.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
 2024-04-25 16:35:03 +02:00
Jianhui Zhao e35b92835e lua-eco: update to 3.4.1 
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
 2024-04-24 19:23:21 -07:00
Stan Grishin 74ce7e5707
Merge pull request #23911 from qosmio/nebula-fix-release-number 
nebula: Use APK style release number
 2024-04-24 17:04:42 -07:00
Stan Grishin 22094a65b6
Merge pull request #23907 from qosmio/nghttp3-fix-release-number 
nghttp3: Use APK style release number
 2024-04-24 17:01:09 -07:00
Stan Grishin 988a533153
Merge pull request #23908 from qosmio/ngtcp2-fix-release-number 
ngtcp2: Use APK style release number
 2024-04-24 17:00:56 -07:00
David Andreoletti 13bcb52870 shairport-sync: support mqtt based remote control 
Enable MQTT support to control shairport-sync remotely

Signed-off-by: David Andreoletti <david@andreoletti.net>
 2024-04-24 12:23:38 -07:00
Ray Wang 5abbd3bcb2 natmap: add log_std{out,err} options 
Introduce `log_stdout` and `log_stderr` options for managing logging output.

Signed-off-by: Ray Wang <r@hev.cc>
 2024-04-24 17:54:03 +08:00
Hirokazu MORIKAWA de361e98d0 node: bump to v20.12.2 
This is a security release.

Notable Changes
* CVE-2024-27980 - Command injection via args parameter of child_process.spawn without shell option enabled on Windows

Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
 2024-04-24 17:53:22 +08:00
Georgi Valkov 847a535a3b perl: fix not a Mach-O file on macOS 
Reverts [1] to resolve the following build error on macOS:

/Volumes/wrt3200/openwrt/staging_dir/hostpkg/usr/bin/perl installperl --destdir=/Volumes/wrt3200/openwrt/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/perl/perl-5.38.2/ipkg-install
WARNING: You've never run 'make test' or some tests failed! (Installing anyway.)
  /usr/bin/perl5.38.2
error: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/install_name_tool: input file: /Volumes/wrt3200/openwrt/build_dir/target-arm_cortex-a9+vfpv3-d16_musl_eabi/perl/perl-5.38.2/ipkg-install/usr/bin/perl5.38.2 is not a Mach-O file

[1] 88efce3814

Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
 2024-04-23 19:00:11 -07:00
Rosen Penev 70a44730fd cni-plugins-nft: use local tarballs 
Avoids having to override PKG_UNPACK.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
 2024-04-23 18:59:51 -07:00
Rosen Penev ed50df97f7 cni-plugins: use local tarballs 
Avoids having to override PKG_UNPACK.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
 2024-04-23 18:59:37 -07:00
Rosen Penev 47d91a4c09 snort3: use local tarballs 
Avoids having a bad tarball name with just the version.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
 2024-04-23 18:59:19 -07:00
Rosen Penev 7ee33e792e treewide: exclude mips64 
These packages exclude mips but forget to exclude mips64.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
 2024-04-23 18:59:04 -07:00
Rosen Penev 2fa8485ed8 luasocket: switch to local tarballs 
Signed-off-by: Rosen Penev <rosenp@gmail.com>
 2024-04-23 18:58:49 -07:00
Rosen Penev 4f09c95ee2 luaexpat: use local tarballs 
Smaller and avoids badly named tarball with just the version.

Signed-off-by: Rosen Penev <rosenp@gmail.com>
 2024-04-23 18:58:31 -07:00
Florian Eckert 22f8fd5c5b modemmanager: add missing PKG_VERSION for APK 
The 'PKG_VERSION' string was missing and only 'PKG_SOURCE_VERSION' string
was used.

Signed-off-by: Florian Eckert <fe@dev.tdt.de>
 2024-04-23 09:39:32 +02:00
Anton Khazan 199bd03b33 geoip-shell: update to v0.5.2 
Changes since v0.5:

Bugfixes:
- bugfix: 'geoip-shell on' command errors out on iptables-based systems
- bugfix: when changing the update cron schedule, old cron job does not get removed
- bugfix: in some edge cases, the update cron job may not be created
- bugfix: incorrect mask bits used when creating a rule allowing ipv6 link-local connections (/8 instead of /10)
- bugfix: geoip-shell-fetch.sh: fix running without root permissions

Improvements:
- nftables variant: attach the base chain to the prerouting netfilter hook with priority -141 (rather than -150) to make rules processing deterministic when other rules exist which have priority 'mangle' (-150), making it easier to create custom rules which will be processed before geoip-shell rules
- include information on currently used firewall backend utility (nftables or iptables) in the status report
- avoid unnecessary re-fetching of ip lists when running 'geoip-shell configure'
- randomize the default update schedule's minute between 10 and 20 (previously was always 15)
- randomize the automatic update second between 0 and 59
- improve console messages and the status report
- update and improve the general documentation
- improve OpenWrt-specific documentation

Signed-off-by: Anton Khazan <antonk.d3v@gmail.com>
 2024-04-23 09:19:24 +03:00
Christian Marangi 466ed55d59 xtables-addons: fix broken compile with external Toolchain 
Fix broken compile with external Toolchain.

Commit 32aaaaa7d3 ("xtables-addons: pass correct flags to
compile and install") simplified and dropped the custom Compile/Install
in favor of the default one. Problem is that it dropped DESTDIR
resulting in the package having problem on finishing install.

The commit then was reworked with c83b8787a5 ("xtables-addons: adapt
build to EXTERNAL_TOOLCHAIN" that reintroduced DESTDIR and also
introduced a useless custom flag to fix wrong ARCH.

ARCH is fixed by kernel.mk and doesn't depend on external Toolchain or
not. For ARCH that require fixing, kernel.mk should be fixed instead of
adding custom function to packages Makefile.

Drop the custom ARCH handling and use Compile/Install everytime.

Fixes: 32aaaaa7d3 ("xtables-addons: pass correct flags to compile and install")
Fixes: c83b8787a5 ("xtables-addons: adapt build to EXTERNAL_TOOLCHAIN")
Signed-off-by: Christian Marangi <ansuelsmth@gmail.com>
 2024-04-22 22:13:33 +02:00
krant 38560743c4 imagemagick: update to 7.1.1.31 
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
 2024-04-22 06:00:26 -07:00
David Andreoletti 459fa7625c shairport-sync: support before/after entering active state, unfixable error detected, volume set events in UCI config 
- Add before/after active state event callbacks in UCI config.
- Add volume change event callbacks in UCI config.
- Add unfixable error event callbacks in UCI config.

As of the current shairport-sync release, all event callbacks have been
mapped to UCI config.

Signed-off-by: David Andreoletti <david@andreoletti.net>
 2024-04-22 05:32:28 -07:00
Jianhui Zhao 99bc6b2782 lua-eco: update to 3.4.0 
Signed-off-by: Jianhui Zhao <zhaojh329@gmail.com>
 2024-04-22 15:30:06 +08:00
Tianling Shen e4e861e08d
dnsproxy: Update to 0.70.0 
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
 2024-04-22 15:26:30 +08:00
Tianling Shen ebed42fcb0
v2ray-core: Update to 5.15.3 
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
 2024-04-22 15:26:22 +08:00
Alexandru Ardelean 2dc22d4a0c
Merge pull request #23975 from krant/libwebp 
libwebp: update to 1.4.0
 2024-04-22 10:11:45 +03:00
Stan Grishin 474587a1f4 adblock-fast: bugfix: unbound-related fixes 
* include `server:` directive at the top of unbound file
* update unbound-related outputGzip variable to include full path
* return always_nxdomain for blocked domains
* also update copyright stamp/license

Signed-off-by: Stan Grishin <stangri@melmac.ca>
 2024-04-21 14:06:58 +00:00
krant 116bbd9359 libwebp: update to 1.4.0 
Signed-off-by: krant <aleksey.vasilenko@gmail.com>
 2024-04-21 00:17:23 +03:00
Sean Khan 3cbb7474c3 nebula: Use APK style release number 
Maintainer: Stan Grishin <stangri@melmac.ca>

Run tested: aarch64, Dynalink DL-WRX36, Master Branch

Signed-off-by: Sean Khan <datapronix@protonmail.com>
 2024-04-12 12:09:59 -04:00
Sean Khan fbf350d5e1 nghttp3: Use APK style release number 
Maintainer: Stan Grishin <stangri@melmac.ca>

Run tested: aarch64, Dynalink DL-WRX36, Master Branch

Signed-off-by: Sean Khan <datapronix@protonmail.com>
 2024-04-12 12:09:59 -04:00
Sean Khan 43e924bacc ngtcp2: Use APK style release number 
Maintainer: Stan Grishin <stangri@melmac.ca>

Run tested: aarch64, Dynalink DL-WRX36, Master Branch

Signed-off-by: Sean Khan <datapronix@protonmail.com>
 2024-04-12 12:09:59 -04:00
Josef Schlehofer fd03fc267e
homeassistant: add new package 
Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
 2021-01-10 15:20:53 +01:00
50 changed files with 708 additions and 517 deletions
Show Stats Expand all files Collapse all files

93
.circleci/Dockerfile
View File

@ -1,93 +0,0 @@
FROM debian:10
# Configuration version history
# v1.0 - Initial version by Etienne Champetier
# v1.0.1 - Run as non-root, add unzip, xz-utils
# v1.0.2 - Add bzr
# v1.0.3 - Verify usign signatures
# v1.0.4 - Add support for Python3
# v1.0.5 - Add 19.07 public keys, verify keys
# v1.0.6 - Add 21.02 public keys, update Debian image to version 10, add rsync
# v1.0.7 - Add 22.03 public keys, 18.06 v2 gpg key, 18.06 usign key
RUN apt update && apt install -y \
build-essential \
bzr \
curl \
jq \
gawk \
gettext \
git \
libncurses5-dev \
libssl-dev \
python \
python3 \
signify-openbsd \
subversion \
rsync \
time \
unzip \
wget \
xz-utils \
zlib1g-dev \
&& rm -rf /var/lib/apt/lists/*
RUN useradd -c "OpenWrt Builder" -m -d /home/build -s /bin/bash build
USER build
ENV HOME /home/build
# OpenWrt Build System (PGP key for unattended snapshot builds)
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/626471F1.asc' | gpg --import \
&& gpg --fingerprint --with-colons '<pgpsign-snapshots@openwrt.org>' | grep '^fpr:::::::::54CC74307A2C6DC9CE618269CD84BCED626471F1:$' \
&& echo '54CC74307A2C6DC9CE618269CD84BCED626471F1:6:' | gpg --import-ownertrust
# OpenWrt Build System (PGP key for 17.01 "Reboot" release builds)
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/D52BBB6B.asc' | gpg --import \
&& gpg --fingerprint --with-colons '<pgpsign-17.01@openwrt.org>' | grep '^fpr:::::::::B09BE781AE8A0CD4702FDCD3833C6010D52BBB6B:$' \
&& echo 'B09BE781AE8A0CD4702FDCD3833C6010D52BBB6B:6:' | gpg --import-ownertrust
# OpenWrt Release Builder (18.06 Signing Key)
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/17E1CE16.asc' | gpg --import \
&& gpg --fingerprint --with-colons '<openwrt-devel@lists.openwrt.org>' | grep '^fpr:::::::::6768C55E79B032D77A28DA5F0F20257417E1CE16:$' \
&& echo '6768C55E79B032D77A28DA5F0F20257417E1CE16:6:' | gpg --import-ownertrust
# OpenWrt Build System (PGP key for 18.06 release builds)
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/15807931.asc' | gpg --import \
&& gpg --fingerprint --with-colons '<pgpsign-18.06@openwrt.org>' | grep '^fpr:::::::::AD0507363D2BCE9C9E36CEC4FBCB78F015807931:$' \
&& echo 'AD0507363D2BCE9C9E36CEC4FBCB78F015807931:6:' | gpg --import-ownertrust
# OpenWrt Build System (PGP key for 19.07 release builds)
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/2074BE7A.asc' | gpg --import \
&& gpg --fingerprint --with-colons '<pgpsign-19.07@openwrt.org>' | grep '^fpr:::::::::D9C6901F45C9B86858687DFF28A39BC32074BE7A:$' \
&& echo 'D9C6901F45C9B86858687DFF28A39BC32074BE7A:6:' | gpg --import-ownertrust
# OpenWrt Build System (PGP key for 21.02 release builds)
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/88CA59E8.asc' | gpg --import \
&& gpg --fingerprint --with-colons '<pgpsign-21.02@openwrt.org>' | grep '^fpr:::::::::667205E379BAF348863A5C6688CA59E88F681580:$' \
&& echo '667205E379BAF348863A5C6688CA59E88F681580:6:' | gpg --import-ownertrust
# OpenWrt Build System (GnuPGP key for 22.03 release builds)
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/CD54E82DADB3684D.asc' | gpg --import \
&& gpg --fingerprint --with-colons '<pgpsign-22.03@openwrt.org>' | grep '^fpr:::::::::BF856781A01293C8409ABE72CD54E82DADB3684D:$' \
&& echo 'BF856781A01293C8409ABE72CD54E82DADB3684D:6:' | gpg --import-ownertrust
# untrusted comment: Public usign key for unattended snapshot builds
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=usign/b5043e70f9a75cde' --create-dirs -o /home/build/usign/b5043e70f9a75cde \
&& echo 'd7ac10f9ed1b38033855f3d27c9327d558444fca804c685b17d9dcfb0648228f */home/build/usign/b5043e70f9a75cde' | sha256sum --check
# untrusted comment: Public usign key for 18.06 release builds
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=usign/1035ac73cc4e59e3' --create-dirs -o /home/build/usign/1035ac73cc4e59e3 \
&& echo '8dc2e7f5c4e634437e6641f4df77a18bf59f0c8e9016c8ba4be5d4a0111e68c2 */home/build/usign/1035ac73cc4e59e3' | sha256sum --check
# untrusted comment: Public usign key for 19.07 release builds
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=usign/f94b9dd6febac963' --create-dirs -o /home/build/usign/f94b9dd6febac963 \
&& echo 'b1d09457cfbc36fccfe18382d65c54a2ade3e7fd3902da490a53aa517b512755 */home/build/usign/f94b9dd6febac963' | sha256sum --check
# untrusted comment: Public usign key for 21.02 release builds
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=usign/2f8b0b98e08306bf' --create-dirs -o /home/build/usign/2f8b0b98e08306bf \
&& echo 'd102bdd75421c62490b97f520f9db06aadb44ad408b244755d26e96ea5cd3b7f */home/build/usign/2f8b0b98e08306bf' | sha256sum --check
# untrusted comment: Public usign key for 22.03 release builds
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=usign/4d017e6f1ed5d616' --create-dirs -o /home/build/usign/4d017e6f1ed5d616 \
&& echo 'f3c5fdf447d7c2743442e68077d60acc7c3e91754849e1f4b6be837b4204b7e2 */home/build/usign/4d017e6f1ed5d616' | sha256sum --check

6
.circleci/README
View File

@ -1,6 +0,0 @@
# Build/update the docker image
docker pull debian:10
docker build --rm -t docker.io/openwrtorg/packages-cci:latest .
docker tag <IMAGE ID> docker.io/openwrtorg/packages-cci:<VERSION-TAG>
docker push docker.io/openwrtorg/packages-cci

182
.circleci/config.yml
View File

@ -1,182 +0,0 @@
version: 2.0
jobs:
build:
docker:
- image: docker.io/openwrtorg/packages-cci:v1.0.7
environment:
- SDK_HOST: "downloads.openwrt.org"
- SDK_PATH: "snapshots/targets/ath79/generic"
- SDK_FILE: "openwrt-sdk-ath79-generic_*.Linux-x86_64.tar.xz"
- BRANCH: "master"
steps:
- checkout:
path: ~/openwrt_packages
- run:
name: Check changes / verify commits
working_directory: ~/openwrt_packages
command: |
cat >> $BASH_ENV <<EOF
echo_red() { printf "\033[1;31m\$*\033[m\n"; }
echo_green() { printf "\033[1;32m\$*\033[m\n"; }
echo_blue() { printf "\033[1;34m\$*\033[m\n"; }
EOF
source $BASH_ENV
RET=0
for commit in $(git rev-list HEAD ^origin/$BRANCH); do
echo_blue "=== Checking commit '$commit'"
if git show --format='%P' -s $commit | grep -qF ' '; then
echo_red "Pull request should not include merge commits"
RET=1
fi
author="$(git show -s --format=%aN $commit)"
if echo $author | grep -q '\S\+\s\+\S\+'; then
echo_green "Author name ($author) seems ok"
else
echo_red "Author name ($author) need to be your real name 'firstname lastname'"
RET=1
fi
subject="$(git show -s --format=%s $commit)"
if echo "$subject" | grep -q -e '^[0-9A-Za-z,+/_-]\+: ' -e '^Revert '; then
echo_green "Commit subject line seems ok ($subject)"
else
echo_red "Commit subject line MUST start with '<package name>: ' ($subject)"
RET=1
fi
body="$(git show -s --format=%b $commit)"
sob="$(git show -s --format='Signed-off-by: %aN <%aE>' $commit)"
if echo "$body" | grep -qF "$sob"; then
echo_green "Signed-off-by match author"
else
echo_red "Signed-off-by is missing or doesn't match author (should be '$sob')"
RET=1
fi
done
exit $RET
- run:
name: Download the SDK
working_directory: ~/sdk
command: |
curl "https://$SDK_HOST/$SDK_PATH/sha256sums" -sS -o sha256sums
curl "https://$SDK_HOST/$SDK_PATH/sha256sums.asc" -fs -o sha256sums.asc || true
curl "https://$SDK_HOST/$SDK_PATH/sha256sums.sig" -fs -o sha256sums.sig || true
if [ ! -f sha256sums.asc ] && [ ! -f sha256sums.sig ]; then
echo_red "Missing sha256sums signature files"
exit 1
fi
[ ! -f sha256sums.asc ] || gpg --with-fingerprint --verify sha256sums.asc sha256sums
if [ -f sha256sums.sig ]; then
VERIFIED=
for KEY in ~/usign/*; do
echo "Trying $KEY..."
if signify-openbsd -V -q -p "$KEY" -x sha256sums.sig -m sha256sums; then
echo "...verified"
VERIFIED=1
break
fi
done
if [ -z "$VERIFIED" ]; then
echo_red "Could not verify usign signature"
exit 1
fi
fi
rsync -av "$SDK_HOST::downloads/$SDK_PATH/$SDK_FILE" .
sha256sum -c --ignore-missing sha256sums
- run:
name: Prepare build_dir
working_directory: ~/build_dir
command: |
tar Jxf ~/sdk/$SDK_FILE --strip=1
touch .config
make prepare-tmpinfo scripts/config/conf
./scripts/config/conf --defconfig=.config Config.in
make prereq
rm .config
cat > feeds.conf <<EOF
src-git base https://github.com/openwrt/openwrt.git;$BRANCH
src-link packages $HOME/openwrt_packages
src-git luci https://github.com/openwrt/luci.git;$BRANCH
EOF
cat feeds.conf
./scripts/feeds update -a > /dev/null
make defconfig > /dev/null
# enable BUILD_LOG
sed -i 's/# CONFIG_BUILD_LOG is not set/CONFIG_BUILD_LOG=y/' .config
- run:
name: Install & download source, check package, compile
working_directory: ~/build_dir
command: |
set +o pipefail
PKGS=$(cd ~/openwrt_packages; git diff --diff-filter=d --name-only "origin/$BRANCH..." | grep 'Makefile$' | grep -Ev '/files/|/src/' | awk -F/ '{ print $(NF-1) }')
if [ -z "$PKGS" ] ; then
echo_blue "WARNING: No new or modified packages found!"
exit 0
fi
echo_blue "=== Found new/modified packages: $PKGS"
for PKG in $PKGS ; do
echo_blue "===+ Install: $PKG"
./scripts/feeds install "$PKG"
echo_blue "===+ Download: $PKG"
make "package/$PKG/download" V=s
echo_blue "===+ Check package: $PKG"
make "package/$PKG/check" V=s 2>&1 | tee logtmp
RET=${PIPESTATUS[0]}
if [ $RET -ne 0 ]; then
echo_red "=> Package check failed: $RET)"
exit $RET
fi
badhash_msg="HASH does not match "
badhash_msg+="|HASH uses deprecated hash,"
badhash_msg+="|HASH is missing,"
if grep -qE "$badhash_msg" logtmp; then
echo_red "=> Package HASH check failed"
exit 1
fi
echo_green "=> Package check OK"
done
make \
-f .config \
-f tmp/.packagedeps \
-f <(echo '$(info $(sort $(package-y) $(package-m)))'; echo -en 'a:\n\t@:') \
| tr ' ' '\n' >enabled-package-subdirs.txt
for PKG in $PKGS ; do
if ! grep -m1 -qE "(^|/)$PKG$" enabled-package-subdirs.txt; then
echo_red "===+ Building: $PKG skipped. It cannot be enabled with $SDK_FILE"
continue
fi
echo_blue "===+ Building: $PKG"
make "package/$PKG/compile" -j3 V=s || {
RET=$?
echo_red "===+ Building: $PKG failed, rebuilding with -j1 for human readable error log"
make "package/$PKG/compile" -j1 V=s; exit $RET
}
done
- store_artifacts:
path: ~/build_dir/logs
- store_artifacts:
path: ~/build_dir/bin
workflows:
version: 2
buildpr:
jobs:
- build:
filters:
branches:
ignore: master

6
admin/syslog-ng/Makefile
View File

@ -1,8 +1,8 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=syslog-ng
PKG_VERSION:=4.6.0
PKG_RELEASE:=2
PKG_VERSION:=4.7.1
PKG_RELEASE:=1
PKG_MAINTAINER:=Josef Schlehofer <pepe.schlehofer@gmail.com>
PKG_LICENSE:=LGPL-2.1-or-later GPL-2.0-or-later
@ -11,7 +11,7 @@ PKG_CPE_ID:=cpe:/a:balabit:syslog-ng
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/syslog-ng/syslog-ng/releases/download/$(PKG_NAME)-$(PKG_VERSION)/
PKG_HASH:=b69e3360dfb96a754a4e1cbead4daef37128b1152a23572356db4ab64a475d4f
PKG_HASH:=5477189a2d12325aa4faebfcf59f5bdd9084234732f0c3ec16dd253847dacf1c
PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1

2
admin/syslog-ng/files/syslog-ng.conf
View File

@ -1,7 +1,7 @@
# Collect all local logs into a single file /var/log/messages.
# See https://www.syslog-ng.com/technical-documents/list/syslog-ng-open-source-edition
@version: 4.6
@version: 4.7
@include "scl.conf"
options {

4
lang/lua-eco/Makefile
View File

@ -1,12 +1,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=lua-eco
PKG_VERSION:=3.3.0
PKG_VERSION:=3.4.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL=https://github.com/zhaojh329/lua-eco/releases/download/v$(PKG_VERSION)
PKG_HASH:=597c3edbb20c35f638b26b4fa7a02638c48f96f0330758a7ac1c44079b2170a3
PKG_HASH:=6b28cf832d7427dd5106750814de65b2d9796669e6efacdfa14277c85fcb3b01
PKG_MAINTAINER:=Jianhui Zhao <zhaojh329@gmail.com>
PKG_LICENSE:=MIT

62
lang/lua-eco/patches/0001-Support-POSIX-basename-from-musl-libc.patch
View File

@ -1,62 +0,0 @@
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
From: Hauke Mehrtens <hauke@hauke-m.de>
Date: Sun, 14 Apr 2024 17:13:17 +0200
Subject: Support POSIX basename() from musl libc
Musl libc 1.2.5 removed the definition of the basename() function from
string.h and only provides it in libgen.h as the POSIX standard
defines it.
This change fixes compilation with musl libc 1.2.5.
````
/build_dir/target-mips_24kc_musl/lua-eco-3.3.0/log/log.c: In function '___log':
/build_dir/target-mips_24kc_musl/lua-eco-3.3.0/log/log.c:76:24: error: implicit declaration of function 'basename' [-Werror=implicit-function-declaration]
76 | filename = basename(filename);
| ^~~~~~~~
/build_dir/target-mips_24kc_musl/lua-eco-3.3.0/log/log.c:76:22: error: assignment to 'const char *' from 'int' makes pointer from integer without a cast [-Werror=int-conversion]
76 | filename = basename(filename);
| ^
````
basename() modifies the input string, copy it first with strdup(), If
strdup() returns NULL the code will handle it.
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
---
log/log.c | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
--- a/log/log.c
+++ b/log/log.c
@@ -9,6 +9,7 @@
#include <stdlib.h>
#include <unistd.h>
#include <string.h>
+#include <libgen.h>
#include "log.h"
@@ -65,6 +66,7 @@ void ___log(const char *filename, int li
{
char new_fmt[256];
va_list ap;
+ char *dirc = NULL;
priority = LOG_PRI(priority);
@@ -72,9 +74,13 @@ void ___log(const char *filename, int li
return;
if (__log_flags__ & LOG_FLAG_FILE || __log_flags__ & LOG_FLAG_PATH) {
- if (!(__log_flags__ & LOG_FLAG_PATH))
- filename = basename(filename);
+ if (!(__log_flags__ & LOG_FLAG_PATH)) {
+ dirc = strdup(filename);
+ filename = basename(dirc);
+ }
snprintf(new_fmt, sizeof(new_fmt), "(%s:%3d) %s", filename, line, fmt);
+ if (!(__log_flags__ & LOG_FLAG_PATH))
+ free(dirc);
} else {
snprintf(new_fmt, sizeof(new_fmt), "%s", fmt);
}

7
lang/luaexpat/Makefile
View File

@ -11,9 +11,10 @@ PKG_NAME:=luaexpat
PKG_VERSION:=1.5.1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/lunarmodules/luaexpat/archive/refs/tags
PKG_HASH:=7d455f154de59eb0b073c3620bc8b873f7f697b3f21a112e6ff8dc9fca6d0826
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=$(PKG_VERSION)
PKG_SOURCE_URL:=https://github.com/lunarmodules/luaexpat
PKG_MIRROR_HASH:=7e370d47e947a1acfeb4d00df012f47116fe7971f5b12033e92666e37a9312a1
PKG_CPE_ID:=cpe:/a:matthewwild:luaexpat

7
lang/luasocket/Makefile
View File

@ -11,9 +11,10 @@ PKG_NAME:=luasocket
PKG_VERSION:=3.1.0
PKG_RELEASE:=1
PKG_SOURCE:=v$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/lunarmodules/luasocket/archive/refs/tags
PKG_HASH:=bf033aeb9e62bcaa8d007df68c119c966418e8c9ef7e4f2d7e96bddeca9cca6e
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=v$(PKG_VERSION)
PKG_SOURCE_URL:=https://github.com/lunarmodules/luasocket
PKG_MIRROR_HASH:=1ee81f1f5a63d0d14c8c8571e8940604cbf1443c3b18ee7d3d1bac6791f853fc
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
PKG_LICENSE:=MIT

4
lang/node/Makefile
View File

@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=node
PKG_VERSION:=v20.12.1
PKG_VERSION:=v20.12.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://nodejs.org/dist/$(PKG_VERSION)
PKG_HASH:=b9bef0314e12773ef004368ee56a2db509a948d4170b9efb07441bac1f1407a0
PKG_HASH:=bc57ee721a12cc8be55bb90b4a9a2f598aed5581d5199ec3bd171a4781bfecda
PKG_MAINTAINER:=Hirokazu MORIKAWA <morikw2@gmail.com>, Adrian Panella <ianchi74@outlook.com>
PKG_LICENSE:=MIT

2
lang/perl/Makefile
View File

@ -11,7 +11,7 @@ include perlver.mk
PKG_NAME:=perl
PKG_VERSION:=$(PERL_VERSION)
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_SOURCE_URL:=https://www.cpan.org/src/5.0
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz

114
lang/perl/patches/920-Revert-perl-127606-adjust-dependency-paths-on-instal.patch Normal file
View File

@ -0,0 +1,114 @@
From 002d6666a3ed5bc9c360c1f91116ebbf0c5ef57c Mon Sep 17 00:00:00 2001
From: Georgi Valkov <gvalkov@gmail.com>
Date: Sat, 20 Apr 2024 16:18:37 +0300
Subject: [PATCH] revert 88efce38149481334db7ddb932f9b74eaaa9765b
Signed-off-by: Georgi Valkov <gvalkov@gmail.com>
---
Makefile.SH | 35 ++---------------------------------
installperl | 25 -------------------------
2 files changed, 2 insertions(+), 58 deletions(-)
--- a/Makefile.SH
+++ b/Makefile.SH
@@ -61,16 +61,8 @@ true)
-compatibility_version \
${api_revision}.${api_version}.${api_subversion} \
-current_version \
- ${revision}.${patchlevel}.${subversion}"
- case "$osvers" in
- 1[5-9]*|[2-9]*)
- shrpldflags="$shrpldflags -install_name `pwd`/\$@ -Xlinker -headerpad_max_install_names"
- exeldflags="-Xlinker -headerpad_max_install_names"
- ;;
- *)
- shrpldflags="$shrpldflags -install_name \$(shrpdir)/\$@"
- ;;
- esac
+ ${revision}.${patchlevel}.${subversion} \
+ -install_name \$(shrpdir)/\$@"
;;
cygwin*)
shrpldflags="$shrpldflags -Wl,--out-implib=libperl.dll.a"
@@ -353,14 +345,6 @@ MANIFEST_SRT = MANIFEST.srt
!GROK!THIS!
-case "$useshrplib$osname" in
-truedarwin)
- $spitshell >>$Makefile <<!GROK!THIS!
-PERL_EXE_LDFLAGS=$exeldflags
-!GROK!THIS!
- ;;
-esac
-
$spitshell >>$Makefile <<!GROK!THIS!
# Macros to invoke a copy of our fully operational perl during the build.
PERL_EXE = perl\$(EXE_EXT)
@@ -1040,20 +1024,6 @@ $(PERL_EXE): $& $(perlmain_dep) $(LIBPER
$(SHRPENV) $(CC) -o perl $(CLDFLAGS) $(CCDLFLAGS) $(perlmain_objs) $(LLIBPERL) $(static_ext) `cat ext.libs` $(libs)
!NO!SUBS!
;;
-
- darwin)
- case "$useshrplib$osvers" in
- true1[5-9]*|true[2-9]*) $spitshell >>$Makefile <<'!NO!SUBS!'
- $(SHRPENV) $(CC) -o perl $(PERL_EXE_LDFLAGS) $(CLDFLAGS) $(CCDLFLAGS) $(perlmain_objs) $(static_ext) $(LLIBPERL) `cat ext.libs` $(libs)
-!NO!SUBS!
- ;;
- *) $spitshell >>$Makefile <<'!NO!SUBS!'
- $(SHRPENV) $(CC) -o perl $(CLDFLAGS) $(CCDLFLAGS) $(perlmain_objs) $(static_ext) $(LLIBPERL) `cat ext.libs` $(libs)
-!NO!SUBS!
- ;;
- esac
- ;;
-
*) $spitshell >>$Makefile <<'!NO!SUBS!'
$(SHRPENV) $(CC) -o perl $(CLDFLAGS) $(CCDLFLAGS) $(perlmain_objs) $(static_ext) $(LLIBPERL) `cat ext.libs` $(libs)
!NO!SUBS!
--- a/installperl
+++ b/installperl
@@ -282,7 +282,6 @@ else {
safe_unlink("$installbin/$perl_verbase$ver$exe_ext");
copy("perl$exe_ext", "$installbin/$perl_verbase$ver$exe_ext");
strip("$installbin/$perl_verbase$ver$exe_ext");
- fix_dep_names("$installbin/$perl_verbase$ver$exe_ext");
chmod(0755, "$installbin/$perl_verbase$ver$exe_ext");
`chtag -r "$installbin/$perl_verbase$ver$exe_ext"` if ($^O eq 'os390');
}
@@ -350,7 +349,6 @@ foreach my $file (@corefiles) {
if (copy_if_diff($file,"$installarchlib/CORE/$file")) {
if ($file =~ /\.(\Q$so\E|\Q$dlext\E)$/) {
strip("-S", "$installarchlib/CORE/$file") if $^O eq 'darwin';
- fix_dep_names("$installarchlib/CORE/$file");
chmod($SO_MODE, "$installarchlib/CORE/$file");
} else {
chmod($NON_SO_MODE, "$installarchlib/CORE/$file");
@@ -749,27 +747,4 @@ sub strip
}
}
-sub fix_dep_names {
- my $file = shift;
-
- $^O eq "darwin" && $Config{osvers} =~ /^(1[5-9]|[2-9])/
- && $Config{useshrplib}
- or return;
-
- my @opts;
- my $so = $Config{so};
- my $libperl = "$Config{archlibexp}/CORE/libperl.$Config{so}";
- if ($file =~ /\blibperl.\Q$Config{so}\E$/a) {
- push @opts, -id => $libperl;
- }
- else {
- push @opts, -change => getcwd . "/libperl.$so", $libperl;
- }
- push @opts, $file;
-
- $opts{verbose} and print " install_name_tool @opts\n";
- system "install_name_tool", @opts
- and die "Cannot update $file dependency paths\n";
-}
-
# ex: set ts=8 sts=4 sw=4 et:

79
lang/python/homeassistant/Makefile Normal file
View File

@ -0,0 +1,79 @@
#
# Copyright (C) 2019-2021 CZ.NIC, z. s. p. o. (https://www.nic.cz/)
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=homeassistant
PKG_VERSION:=2021.1.0
PKG_RELEASE:=1
PYPI_NAME:=homeassistant
PKG_HASH:=074816e884a57ce7e833fda67bd0565c8dfbee4c7506d4b79c273b45a4bb557a
PKG_MAINTAINER:=Josef Schlehofer <pepe.schlehofer@gmail.com>
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE.md
PKG_CPE_ID:=cpe:/a:home-assistant:home-assistant
include ../pypi.mk
include $(INCLUDE_DIR)/package.mk
include ../python3-package.mk
define Package/homeassistant
SECTION:=utils
CATEGORY:=Utilities
TITLE:=Home Assistant
URL:=https://www.home-assistant.io/
DEPENDS:= \
+python3-aiohttp \
+python3-aiohttp-cors \
+python3-astral \
+python3-async-timeout \
+python3-attrs \
+python3-bcrypt \
+python3-ciso8601 \
+python3-certifi \
+python3-cryptography \
+python3-defusedxml \
+python3-ifaddr \
+python3-jinja2 \
+python3-netdisco \
+python3-pip \
+python3-pillow \
+python3-pyjwt \
+python3-pyotp \
+python3-pytz \
+python3-requests \
+python3-ruamel-yaml \
+python3-slugify \
+python3-sqlalchemy \
+python3-voluptuous \
+python3-voluptuous-serialize \
+python3-yaml \
+python3-yarl \
+python3-zeroconf
VARIANT:=python3
endef
define Package/homeassistant/description
Home Assistant is a home automation platform running on Python 3.
It is able to track and control all devices at home and offer a platform for automating control.
It requires a minimum of 1 GB of RAM.
endef
define Py3Package/homeassistant/install
$(INSTALL_DIR) $(1)/usr/bin
$(CP) $(PKG_INSTALL_DIR)/usr/bin/* $(1)/usr/bin/
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/hass.init $(1)/etc/init.d/hass
endef
$(eval $(call Py3Package,homeassistant))
$(eval $(call BuildPackage,homeassistant))
$(eval $(call BuildPackage,homeassistant-src))

18
lang/python/homeassistant/files/hass.init Normal file
View File

@ -0,0 +1,18 @@
#!/bin/sh /etc/rc.common
USE_PROCD=1
START=99
STOP=10
PROG=/usr/bin/hass
CONF=/srv/homeassistant
start_service() {
mkdir -m 0755 -p "$CONF"
procd_open_instance
procd_set_param command "$PROG" -c "$CONF"
procd_set_param respawn
procd_set_param stdout 1
procd_set_param stderr 1
procd_close_instance
}

256
lang/python/homeassistant/patches/0001-treewide-bump-all-dependencies-to-match-OpenWrt-ones.patch Normal file
View File

@ -0,0 +1,256 @@
From d953209f6cbfdd8c9214891f42d033b8f0bfb5b6 Mon Sep 17 00:00:00 2001
From: Josef Schlehofer <pepe.schlehofer@gmail.com>
Date: Sat, 9 Jan 2021 19:47:30 +0100
Subject: [PATCH] treewide: bump all dependencies to match OpenWrt ones
Mines PR's:
- PyNaCl:
https://github.com/home-assistant/core/pull/45012
- Cryptography:
https://github.com/home-assistant/core/pull/44992
- Attrs:
https://github.com/home-assistant/core/pull/44991
- yarl:
https://github.com/home-assistant/core/pull/44991
Pillow:
https://github.com/home-assistant/core/pull/44209
Next step: unpin specific version of dependencies
---
homeassistant/components/doods/manifest.json | 2 +-
homeassistant/components/image/manifest.json | 2 +-
homeassistant/components/proxy/manifest.json | 2 +-
homeassistant/components/qrcode/manifest.json | 2 +-
homeassistant/components/seven_segments/manifest.json | 2 +-
homeassistant/components/sighthound/manifest.json | 2 +-
homeassistant/components/tensorflow/manifest.json | 2 +-
homeassistant/package_constraints.txt | 11 +++++------
requirements.txt | 8 ++++----
requirements_all.txt | 2 +-
requirements_test_all.txt | 2 +-
setup.py | 8 ++++----
12 files changed, 22 insertions(+), 23 deletions(-)
diff --git a/homeassistant/components/doods/manifest.json b/homeassistant/components/doods/manifest.json
index 0ca3444f70..ecbcd8563a 100644
--- a/homeassistant/components/doods/manifest.json
+++ b/homeassistant/components/doods/manifest.json
@@ -2,6 +2,6 @@
"domain": "doods",
"name": "DOODS - Dedicated Open Object Detection Service",
"documentation": "https://www.home-assistant.io/integrations/doods",
- "requirements": ["pydoods==1.0.2", "pillow==7.2.0"],
+ "requirements": ["pydoods==1.0.2", "pillow==8.1.0"],
"codeowners": []
}
diff --git a/homeassistant/components/image/manifest.json b/homeassistant/components/image/manifest.json
index 246ea38714..6978f09ab6 100644
--- a/homeassistant/components/image/manifest.json
+++ b/homeassistant/components/image/manifest.json
@@ -3,7 +3,7 @@
"name": "Image",
"config_flow": false,
"documentation": "https://www.home-assistant.io/integrations/image",
- "requirements": ["pillow==7.2.0"],
+ "requirements": ["pillow==8.1.0"],
"dependencies": ["http"],
"codeowners": ["@home-assistant/core"],
"quality_scale": "internal"
diff --git a/homeassistant/components/proxy/manifest.json b/homeassistant/components/proxy/manifest.json
index 081645a4aa..65d8d21fc0 100644
--- a/homeassistant/components/proxy/manifest.json
+++ b/homeassistant/components/proxy/manifest.json
@@ -2,6 +2,6 @@
"domain": "proxy",
"name": "Camera Proxy",
"documentation": "https://www.home-assistant.io/integrations/proxy",
- "requirements": ["pillow==7.2.0"],
+ "requirements": ["pillow==8.1.0"],
"codeowners": []
}
diff --git a/homeassistant/components/qrcode/manifest.json b/homeassistant/components/qrcode/manifest.json
index 00d528ba39..b16eace14f 100644
--- a/homeassistant/components/qrcode/manifest.json
+++ b/homeassistant/components/qrcode/manifest.json
@@ -2,6 +2,6 @@
"domain": "qrcode",
"name": "QR Code",
"documentation": "https://www.home-assistant.io/integrations/qrcode",
- "requirements": ["pillow==7.2.0", "pyzbar==0.1.7"],
+ "requirements": ["pillow==8.1.0", "pyzbar==0.1.7"],
"codeowners": []
}
diff --git a/homeassistant/components/seven_segments/manifest.json b/homeassistant/components/seven_segments/manifest.json
index 4996ba29f8..01e0275fee 100644
--- a/homeassistant/components/seven_segments/manifest.json
+++ b/homeassistant/components/seven_segments/manifest.json
@@ -2,6 +2,6 @@
"domain": "seven_segments",
"name": "Seven Segments OCR",
"documentation": "https://www.home-assistant.io/integrations/seven_segments",
- "requirements": ["pillow==7.2.0"],
+ "requirements": ["pillow==8.1.0"],
"codeowners": ["@fabaff"]
}
diff --git a/homeassistant/components/sighthound/manifest.json b/homeassistant/components/sighthound/manifest.json
index a5c56b3777..99902b8dd3 100644
--- a/homeassistant/components/sighthound/manifest.json
+++ b/homeassistant/components/sighthound/manifest.json
@@ -2,6 +2,6 @@
"domain": "sighthound",
"name": "Sighthound",
"documentation": "https://www.home-assistant.io/integrations/sighthound",
- "requirements": ["pillow==7.2.0", "simplehound==0.3"],
+ "requirements": ["pillow==8.1.0", "simplehound==0.3"],
"codeowners": ["@robmarkcole"]
}
diff --git a/homeassistant/components/tensorflow/manifest.json b/homeassistant/components/tensorflow/manifest.json
index a8739a86d7..f039a14d5b 100644
--- a/homeassistant/components/tensorflow/manifest.json
+++ b/homeassistant/components/tensorflow/manifest.json
@@ -7,7 +7,7 @@
"tf-models-official==2.3.0",
"pycocotools==2.0.1",
"numpy==1.19.2",
- "pillow==7.2.0"
+ "pillow==8.1.0"
],
"codeowners": []
}
diff --git a/homeassistant/package_constraints.txt b/homeassistant/package_constraints.txt
index 11e7dd8991..7aa1b52fe0 100644
--- a/homeassistant/package_constraints.txt
+++ b/homeassistant/package_constraints.txt
@@ -4,11 +4,11 @@ aiohttp==3.7.1
aiohttp_cors==0.7.0
astral==1.10.1
async_timeout==3.0.1
-attrs==19.3.0
+attrs==20.3.0
bcrypt==3.1.7
certifi>=2020.6.20
ciso8601==2.1.3
-cryptography==3.2
+cryptography==3.3.1
defusedxml==0.6.0
distro==1.5.0
emoji==0.5.4
@@ -19,17 +19,17 @@ importlib-metadata==1.6.0;python_version<'3.8'
jinja2>=2.11.2
netdisco==2.8.2
paho-mqtt==1.5.1
-pillow==7.2.0
+pillow==8.1.0
pip>=8.0.3,<20.3
python-slugify==4.0.1
pytz>=2020.1
pyyaml==5.3.1
-requests==2.25.0
+requests==2.25.1
ruamel.yaml==0.15.100
sqlalchemy==1.3.20
voluptuous-serialize==2.4.0
voluptuous==0.12.1
-yarl==1.4.2
+yarl==1.6.2
zeroconf==0.28.8
pycryptodome>=3.6.6
@@ -57,4 +57,3 @@ btlewrap>=0.0.10
enum34==1000000000.0.0
typing==1000000000.0.0
uuid==1000000000.0.0
-
diff --git a/requirements.txt b/requirements.txt
index cbe339fd83..d6fdcd1894 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -4,7 +4,7 @@
aiohttp==3.7.1
astral==1.10.1
async_timeout==3.0.1
-attrs==19.3.0
+attrs==20.3.0
bcrypt==3.1.7
certifi>=2020.6.20
ciso8601==2.1.3
@@ -12,13 +12,13 @@ httpx==0.16.1
importlib-metadata==1.6.0;python_version<'3.8'
jinja2>=2.11.2
PyJWT==1.7.1
-cryptography==3.2
+cryptography==3.3.1
pip>=8.0.3,<20.3
python-slugify==4.0.1
pytz>=2020.1
pyyaml==5.3.1
-requests==2.25.0
+requests==2.25.1
ruamel.yaml==0.15.100
voluptuous==0.12.1
voluptuous-serialize==2.4.0
-yarl==1.4.2
+yarl==1.6.2
diff --git a/requirements_all.txt b/requirements_all.txt
index 8e3b891c2e..38ff5f789f 100644
--- a/requirements_all.txt
+++ b/requirements_all.txt
@@ -1122,7 +1122,7 @@ pilight==0.1.1
# homeassistant.components.seven_segments
# homeassistant.components.sighthound
# homeassistant.components.tensorflow
-pillow==7.2.0
+pillow==8.1.0
# homeassistant.components.dominos
pizzapi==0.0.3
diff --git a/requirements_test_all.txt b/requirements_test_all.txt
index 466c072f4a..dee71e94f2 100644
--- a/requirements_test_all.txt
+++ b/requirements_test_all.txt
@@ -551,7 +551,7 @@ pilight==0.1.1
# homeassistant.components.seven_segments
# homeassistant.components.sighthound
# homeassistant.components.tensorflow
-pillow==7.2.0
+pillow==8.1.0
# homeassistant.components.plex
plexapi==4.2.0
diff --git a/setup.py b/setup.py
index c9acb4d82d..51cfa03104 100755
--- a/setup.py
+++ b/setup.py
@@ -35,7 +35,7 @@ REQUIRES = [
"aiohttp==3.7.1",
"astral==1.10.1",
"async_timeout==3.0.1",
- "attrs==19.3.0",
+ "attrs==20.3.0",
"bcrypt==3.1.7",
"certifi>=2020.6.20",
"ciso8601==2.1.3",
@@ -44,16 +44,16 @@ REQUIRES = [
"jinja2>=2.11.2",
"PyJWT==1.7.1",
# PyJWT has loose dependency. We want the latest one.
- "cryptography==3.2",
+ "cryptography==3.3.1",
"pip>=8.0.3,<20.3",
"python-slugify==4.0.1",
"pytz>=2020.1",
"pyyaml==5.3.1",
- "requests==2.25.0",
+ "requests==2.25.1",
"ruamel.yaml==0.15.100",
"voluptuous==0.12.1",
"voluptuous-serialize==2.4.0",
- "yarl==1.4.2",
+ "yarl==1.6.2",
]
MIN_PY_VERSION = ".".join(map(str, hass_const.REQUIRED_PYTHON_VER))
--
2.25.1

4
libs/gperftools/Makefile
View File

@ -26,7 +26,7 @@ define Package/gperftools-headers
SECTION:=libs
TITLE:=Gperftools Headers
URL:=https://github.com/gperftools/gperftools
DEPENDS:= @!mips @!mipsel @!powerpc
DEPENDS:= @!(mips||mips64||mipsel||powerpc)
endef
define Package/gperftools-runtime
@ -34,7 +34,7 @@ define Package/gperftools-runtime
CATEGORY:=Libraries
TITLE:=Gperftools Runtime
URL:=https://github.com/gperftools/gperftools
DEPENDS:= +libunwind +libstdcpp @!mips @!mipsel @!powerpc
DEPENDS:= +libunwind +libstdcpp @!(mips||mips64||mipsel||powerpc)
endef
define Package/gperftools-headers/description

5
libs/libmbim/Makefile
View File

@ -8,11 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=libmbim
PKG_SOURCE_VERSION:=1.30.0
PKG_RELEASE:=1
PKG_VERSION:=1.30.0
PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://gitlab.freedesktop.org/mobile-broadband/libmbim.git
PKG_SOURCE_VERSION:=$(PKG_VERSION)
PKG_MIRROR_HASH:=792c2310290ac3a2ee690e25eda7c79c1e982aa41b3bff2be7454f3505a09827
PKG_BUILD_FLAGS:=gc-sections

5
libs/libqmi/Makefile
View File

@ -8,11 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=libqmi
PKG_SOURCE_VERSION:=1.34.0
PKG_RELEASE:=1
PKG_VERSION:=1.34.0
PKG_RELEASE:=2
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://gitlab.freedesktop.org/mobile-broadband/libqmi.git
PKG_SOURCE_VERSION:=$(PKG_VERSION)
PKG_MIRROR_HASH:=05211a43de53b7bf967fe29ca62dbe8332f42748dbfc8d32880cda765d00020c
PKG_BUILD_FLAGS:=gc-sections

4
libs/libwebp/Makefile
View File

@ -1,12 +1,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=libwebp
PKG_VERSION:=1.3.2
PKG_VERSION:=1.4.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://storage.googleapis.com/downloads.webmproject.org/releases/webp
PKG_HASH:=2a499607df669e40258e53d0ade8035ba4ec0175244869d1025d460562aa09b4
PKG_HASH:=61f873ec69e3be1b99535634340d5bde750b2e4447caa1db9f61be3fd49ab1e5
PKG_MAINTAINER:=Alexandru Ardelean <ardeleanalex@gmail.com>
PKG_LICENSE:=BSD-3-Clause

2
libs/nghttp3/Makefile
View File

@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=nghttp3
PKG_VERSION:=1.2.0
PKG_RELEASE:=r1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/ngtcp2/$(PKG_NAME)/releases/download/v$(PKG_VERSION)/

2
libs/ngtcp2/Makefile
View File

@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=ngtcp2
PKG_VERSION:=1.4.0
PKG_RELEASE:=r1
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/ngtcp2/$(PKG_NAME)/releases/download/v$(PKG_VERSION)/

4
multimedia/imagemagick/Makefile
View File

@ -6,7 +6,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=imagemagick
PKG_VERSION:=7.1.1.30
PKG_VERSION:=7.1.1.31
PKG_RELEASE:=1
PKG_MAINTAINER:=Aleksey Vasilenko <aleksey.vasilenko@gmail.com>
@ -15,7 +15,7 @@ _PKGREV:=$(_PKGVER)-$(subst .,,$(suffix $(PKG_VERSION)))
PKG_SOURCE:=ImageMagick-$(_PKGREV).tar.xz
PKG_SOURCE_URL:=https://imagemagick.org/archive
PKG_HASH:=ec192780d09da7d7b1e7a374a19f97d69cceb4e5e83057515cd595eda233a891
PKG_HASH:=7e5c8db53dd90a0cfc5cc7ca6d34728ed86054b4bc86e9787902285fec1107a8
PKG_BUILD_DIR:=$(BUILD_DIR)/ImageMagick-$(_PKGREV)
PKG_FIXUP:=autoreconf

10
net/adblock-fast/Makefile
View File

@ -1,14 +1,14 @@
# Copyright 2023 MOSSDeF, Stan Grishin (stangri@melmac.ca)
# TLD optimization written by Dirk Brenken (dev@brenken.org)
# This is free software, licensed under the GNU General Public License v3.
# Copyright 2023-2024 MOSSDeF, Stan Grishin (stangri@melmac.ca).
# TLD optimization written by Dirk Brenken (dev@brenken.org).
# This is free software, licensed under AGPL-3.0-or-later.
include $(TOPDIR)/rules.mk
PKG_NAME:=adblock-fast
PKG_VERSION:=1.1.1
PKG_RELEASE:=r8
PKG_RELEASE:=11
PKG_MAINTAINER:=Stan Grishin <stangri@melmac.ca>
PKG_LICENSE:=GPL-3.0-or-later
PKG_LICENSE:=AGPL-3.0-or-later
include $(INCLUDE_DIR)/package.mk

23
net/adblock-fast/files/etc/init.d/adblock-fast
View File

@ -52,7 +52,7 @@ readonly smartdnsNftsetFilter=';'
readonly unboundFile="/var/lib/unbound/adb_list.${packageName}"
readonly unboundCache="/var/run/${packageName}/unbound.cache"
readonly unboundGzip="${packageName}.unbound.gz"
readonly unboundFilter='s|^|local-zone: "|;s|$|" static|'
readonly unboundFilter='s|^|local-zone: "|;s|$|." always_nxdomain|'
readonly A_TMP="/var/${packageName}.a.tmp"
readonly B_TMP="/var/${packageName}.b.tmp"
readonly SED_TMP="/var/${packageName}.sed.tmp"
@ -267,7 +267,7 @@ dns_set_output_values() {
outputFilter="$unboundFilter"
outputFile="$unboundFile"
outputCache="$unboundCache"
outputGzip="$unboundGzip"
outputGzip="${compressed_cache_dir}/${unboundGzip}"
;;
esac
}
@ -757,7 +757,7 @@ load_environment() {
[ "$dns" = 'smartdns.domainset' ] || rm -f "$smartdnsDomainSetFile" "$smartdnsDomainSetCache" "${compressed_cache_dir}/${smartdnsDomainSetGzip}" "$smartdnsDomainSetConfig"
[ "$dns" = 'smartdns.ipset' ] || rm -f "$smartdnsIpsetFile" "$smartdnsIpsetCache" "${compressed_cache_dir}/${smartdnsIpsetGzip}" "$smartdnsIpsetConfig"
[ "$dns" = 'smartdns.nftset' ] || rm -f "$smartdnsNftsetFile" "$smartdnsNftsetCache" "${compressed_cache_dir}/${smartdnsNftsetGzip}" "$smartdnsNftsetConfig"
[ "$dns" = 'unbound.adb_list' ] || rm -f "$unboundFile" "$unboundCache" "$unboundGzip"
[ "$dns" = 'unbound.adb_list' ] || rm -f "$unboundFile" "$unboundCache" "${compressed_cache_dir}/${unboundGzip}"
for i in "$runningConfigFile" "$runningErrorFile" "$runningStatusFile" "$outputFile" "$outputCache" "$outputGzip" "$outputConfig"; do
[ -n "$i" ] || continue
@ -892,7 +892,7 @@ resolver() {
rm -f "$smartdnsDomainSetFile" "$smartdnsDomainSetCache" "${compressed_cache_dir}/${smartdnsDomainSetGzip}" "$smartdnsDomainSetConfig"
rm -f "$smartdnsIpsetFile" "$smartdnsIpsetCache" "${compressed_cache_dir}/${smartdnsIpsetGzip}" "$smartdnsIpsetConfig"
rm -f "$smartdnsNftsetFile" "$smartdnsNftsetCache" "${compressed_cache_dir}/${smartdnsNftsetGzip}" "$smartdnsNftsetConfig"
rm -f "$unboundFile" "$unboundCache" "$unboundGzip"
rm -f "$unboundFile" "$unboundCache" "${compressed_cache_dir}/${unboundGzip}"
if [ -s "/etc/config/dhcp" ]; then
config_load 'dhcp'
config_foreach _dnsmasq_instance_config 'dnsmasq' 'cleanup'
@ -932,19 +932,19 @@ resolver() {
case "$dns" in
dnsmasq.*)
chmod 660 "$outputFile"
chown root:dnsmasq "$outputFile"
chown root:dnsmasq "$outputFile" >/dev/null 2>/dev/null
param='dnsmasq_restart'
output_text='Restarting dnsmasq'
;;
smartdns.*)
chmod 660 "$outputFile" "$outputConfig"
chown root:root "$outputFile" "$outputConfig"
chown root:root "$outputFile" "$outputConfig" >/dev/null 2>/dev/null
param='smartdns_restart'
output_text='Restarting SmartDNS'
;;
unbound.*)
chmod 660 "$outputFile"
chown root:unbound "$outputFile"
chown root:unbound "$outputFile" >/dev/null 2>/dev/null
param='unbound_restart'
output_text='Restarting Unbound'
;;
@ -1036,7 +1036,7 @@ cache() {
return $?
;;
test_gzip)
[ -s "$outputGzip" ] && gzip -t -c "$outputGzip"
[ -s "$outputGzip" ] && gzip -t -c "$outputGzip" >/dev/null 2>/dev/null
return $?
;;
create_gzip)
@ -1412,6 +1412,11 @@ $(sed '/^[[:space:]]*$/d' "$A_TMP")"
output_failn
json add error 'errorMovingDataFile'
fi
case "$dns" in
unbound.adb_list)
sed -i '1 i\server:' "$outputFile"
;;
esac
if [ "$compressed_cache" -gt 0 ]; then
output 2 'Creating compressed cache '
json set message "$(get_text 'statusProcessing'): creating compressed cache"
@ -1596,7 +1601,7 @@ adb_check() {
smartdns.*)
grep "$string" "$outputFile";;
unbound.adb_list)
grep "$string" "$outputFile" | sed 's|^local-zone: "||;s|" static$||;';;
grep "$string" "$outputFile" | sed 's|^local-zone: "||;s|." always_nxdomain$||;';;
esac
fi
else

2
net/banip/Makefile
View File

@ -6,7 +6,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=banip
PKG_VERSION:=0.9.5
PKG_RELEASE:=2
PKG_RELEASE:=3
PKG_LICENSE:=GPL-3.0-or-later
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>

8
net/banip/files/README.md
View File

@ -15,7 +15,7 @@ IP address blocking is commonly used to protect against brute force attacks, pre
| adguard | adguard IPs | | | x | tcp: 80, 443 | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
| adguardtrackers | adguardtracker IPs | | | x | tcp: 80, 443 | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
| antipopads | antipopads IPs | | | x | tcp: 80, 443 | [Link](https://github.com/dibdot/banIP-IP-blocklists) |
| asn | ASN segments | | | x | tcp: 80, 443 | [Link](https://asn.ipinfo.app) |
| asn | ASN segments | x | x | x | | [Link](https://asn.ipinfo.app) |
| backscatterer | backscatterer IPs | x | x | | | [Link](https://www.uceprotect.net/en/index.php) |
| becyber | malicious attacker IPs | x | x | | | [Link](https://github.com/duggytuxy/malicious_ip_addresses) |
| binarydefense | binary defense banlist | x | x | | | [Link](https://iplists.firehol.org/?ipset=bds_atif) |
@ -114,7 +114,7 @@ IP address blocking is commonly used to protect against brute force attacks, pre
* It's strongly recommended to use the LuCI frontend to easily configure all aspects of banIP, the application is located in LuCI under the 'Services' menu
* If you're using a complex network setup, e.g. special tunnel interfaces, than untick the 'Auto Detection' option under the 'General Settings' tab and set the required options manually
* Start the service with '/etc/init.d/banip start' and check everything is working by running '/etc/init.d/banip status' and also check the 'Firewall Log' and 'Processing Log' tabs
* If you're going to configure banIP via CLI, edit the config file '/etc/config/banip' and enable the service (set ban\_enabled to '1'), then add pre-configured feeds via 'ban\_feed' (see the feed list above) and add/change other options to your needs (see the options reference below)
* If you're going to configure banIP via CLI, edit the config file '/etc/config/banip' and enable the service (set ban\_enabled to '1'), then add pre-configured feeds via 'ban\_feed' (see the feed list above) and add/change other options to your needs, see the options reference table below
## banIP CLI interface
* All important banIP functions are accessible via CLI.
@ -428,12 +428,12 @@ A valid JSON source object contains the following information, e.g.:
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)$/{printf \"%s,\\n\",$1}",
"descr": "tor exit nodes",
"flag": "tcp 80-89 443"
"flag": "gz tcp 80-88 udp 50000"
},
[...]
```
Add an unique feed name (no spaces, no special chars) and make the required changes: adapt at least the URL, the regex and the description for a new feed.
Please note: the flag field is optional, it's a space separated list of options: supported are 'gz' as an archive format, protocols 'tcp' or 'udp' with port numbers/port ranges for destination port limitations.
Please note: the flag field is optional, it's a space separated list of options: supported are 'gz' as an archive format, protocols 'tcp' or 'udp' with port numbers/port ranges for destination port limitations - multiple definitions are possible.
## Support
Please join the banIP discussion in this [forum thread](https://forum.openwrt.org/t/banip-support-thread/16985) or contact me by mail <dev@brenken.org>

50
net/banip/files/banip-functions.sh
View File

@ -595,24 +595,30 @@ f_etag() {
# build initial nft file with base table, chains and rules
#
f_nftinit() {
local wan_dev vlan_allow vlan_block log_ct log_icmp log_syn log_udp log_tcp feed_log feed_rc allow_proto allow_dport flag file="${1}"
local wan_dev vlan_allow vlan_block log_ct log_icmp log_syn log_udp log_tcp feed_log feed_rc flag tmp_proto tmp_port allow_dport file="${1}"
wan_dev="$(printf "%s" "${ban_dev}" | "${ban_sedcmd}" 's/^/\"/;s/$/\"/;s/ /\", \"/g')"
[ -n "${ban_vlanallow}" ] && vlan_allow="$(printf "%s" "${ban_vlanallow%%?}" | "${ban_sedcmd}" 's/^/\"/;s/$/\"/;s/ /\", \"/g')"
[ -n "${ban_vlanblock}" ] && vlan_block="$(printf "%s" "${ban_vlanblock%%?}" | "${ban_sedcmd}" 's/^/\"/;s/$/\"/;s/ /\", \"/g')"
for flag in ${ban_allowflag}; do
if [ -z "${allow_proto}" ] && { [ "${flag}" = "tcp" ] || [ "${flag}" = "udp" ]; }; then
allow_proto="${flag}"
elif [ -n "${allow_proto}" ] && [ -n "${flag//[![:digit]-]/}" ] && ! printf "%s" "${allow_dport}" | "${ban_grepcmd}" -qw "${flag}"; then
if [ -z "${allow_dport}" ]; then
allow_dport="${flag}"
else
allow_dport="${allow_dport}, ${flag}"
if [ "${flag}" = "tcp" ] || [ "${flag}" = "udp" ]; then
if [ -z "${tmp_proto}" ]; then
tmp_proto="${flag}"
elif ! printf "%s" "${tmp_proto}" | "${ban_grepcmd}" -qw "${flag}"; then
tmp_proto="${tmp_proto}, ${flag}"
fi
elif [ -n "${flag//[![:digit]-]/}" ]; then
if [ -z "${tmp_port}" ]; then
tmp_port="${flag}"
elif ! printf "%s" "${tmp_port}" | "${ban_grepcmd}" -qw "${flag}"; then
tmp_port="${tmp_port}, ${flag}"
fi
fi
done
[ -n "${allow_dport}" ] && allow_dport="${allow_proto} dport { ${allow_dport} }"
if [ -n "${tmp_proto}" ] && [ -n "${tmp_port}" ]; then
allow_dport="meta l4proto { ${tmp_proto} } th dport { ${tmp_port} }"
fi
if [ "${ban_logprerouting}" = "1" ]; then
log_icmp="log level ${ban_nftloglevel} prefix \"banIP/pre-icmp/drop: \""
@ -697,7 +703,7 @@ f_nftinit() {
#
f_down() {
local log_input log_forwardwan log_forwardlan start_ts end_ts tmp_raw tmp_load tmp_file split_file ruleset_raw handle rc etag_rc
local expr cnt_set cnt_dl restore_rc feed_direction feed_rc feed_log feed_comp feed_proto feed_dport feed_target
local expr cnt_set cnt_dl restore_rc feed_direction feed_rc feed_log feed_comp feed_target feed_dport tmp_proto tmp_port flag
local feed="${1}" proto="${2}" feed_url="${3}" feed_rule="${4}" feed_flag="${5}"
start_ts="$(date +%s)"
@ -756,19 +762,25 @@ f_down() {
# prepare feed flags
#
for flag in ${feed_flag}; do
if [ "${flag}" = "gz" ] && ! printf "%s" "${feed_comp}" | "${ban_grepcmd}" -qw "${flag}"; then
if [ "${flag}" = "gz" ]; then
feed_comp="${flag}"
elif [ -z "${feed_proto}" ] && { [ "${flag}" = "tcp" ] || [ "${flag}" = "udp" ]; }; then
feed_proto="${flag}"
elif [ -n "${feed_proto}" ] && [ -n "${flag//[![:digit]-]/}" ] && ! printf "%s" "${feed_dport}" | "${ban_grepcmd}" -qw "${flag}"; then
if [ -z "${feed_dport}" ]; then
feed_dport="${flag}"
else
feed_dport="${feed_dport}, ${flag}"
elif [ "${flag}" = "tcp" ] || [ "${flag}" = "udp" ]; then
if [ -z "${tmp_proto}" ]; then
tmp_proto="${flag}"
elif ! printf "%s" "${tmp_proto}" | "${ban_grepcmd}" -qw "${flag}"; then
tmp_proto="${tmp_proto}, ${flag}"
fi
elif [ -n "${flag//[![:digit]-]/}" ]; then
if [ -z "${tmp_port}" ]; then
tmp_port="${flag}"
elif ! printf "%s" "${tmp_port}" | "${ban_grepcmd}" -qw "${flag}"; then
tmp_port="${tmp_port}, ${flag}"
fi
fi
done
[ -n "${feed_dport}" ] && feed_dport="${feed_proto} dport { ${feed_dport} }"
if [ -n "${tmp_proto}" ] && [ -n "${tmp_port}" ]; then
feed_dport="meta l4proto { ${tmp_proto} } th dport { ${tmp_port} }"
fi
# chain/rule maintenance
#

3
net/banip/files/banip.feeds
View File

@ -36,8 +36,7 @@
"url_6": "https://asn.ipinfo.app/api/text/list/",
"rule_4": "/^(([0-9]{1,3}\\.){3}(1?[0-9][0-9]?|2[0-4][0-9]|25[0-5])(\\/(1?[0-9]|2?[0-9]|3?[0-2]))?)$/{printf \"%s,\\n\",$1}",
"rule_6": "/^(([0-9A-f]{0,4}:){1,7}[0-9A-f]{0,4}:?(\\/(1?[0-2][0-8]|[0-9][0-9]))?)$/{printf \"%s,\\n\",$1}",
"descr": "ASN IP segments",
"flag": "tcp 80 443"
"descr": "ASN IP segments"
},
"backscatterer":{
"url_4": "http://wget-mirrors.uceprotect.net/rbldnsd-all/ips.backscatterer.org.gz",

4
net/dnsproxy/Makefile
View File

@ -5,12 +5,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=dnsproxy
PKG_VERSION:=0.69.2
PKG_VERSION:=0.70.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/AdguardTeam/dnsproxy/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=aa1cea0eea683bde017acbb30c09c96b24b30133e157e743666be900ad7560ea
PKG_HASH:=a78ce398f2019e7a3a57e7ffcb06ecfb6d08e36e0a07c58ada4ac4871cecd677
PKG_MAINTAINER:=Tianling Shen <cnsztl@immortalwrt.org>
PKG_LICENSE:=Apache-2.0

70
net/geoip-shell/DETAILS.md
View File

@ -7,8 +7,6 @@
## **Overview**
### Main Scripts
- geoip-shell-install.sh
- geoip-shell-uninstall.sh
- geoip-shell-manage.sh
- geoip-shell-run.sh
- geoip-shell-fetch.sh
@ -22,7 +20,7 @@
**geoip-shell-detect-lan.sh**
This script is only used under specific conditions:
- During initial setup, with whitelist mode, and only if wan interfaces were set to 'all', and LAN subnets were not specified via command line args. geoip-shell then assumes that it is being installed on a machine belonging to a LAN, uses this script to detect the LAN subnets and offers the user to add them to the whitelist, and to enable automatic detection of LAN subnets in the future.
- During initial setup, with whitelist mode, and only if wan interfaces were set to 'all', and LAN subnets were not specified via command line args. geoip-shell then assumes that it is being configured on a host behind a router and firewall, uses this script to detect the LAN subnets and offers the user to add them to the whitelist, and to enable automatic detection of LAN subnets in the future.
- At the time of creating/updating firewall rules, and only if LAN subnets automatic detection is enabled. geoip-shell then re-detects LAN subnets automatically.
### Library Scripts
@ -57,13 +55,12 @@ The -lib-uninstall script has some functions which are used both for uninstallat
For more information about integration with OpenWrt, read [OpenWrt-README.md](OpenWrt-README.md)
### User interface
The scripts intended as user interface are **geoip-shell-install.sh**, **geoip-shell-uninstall.sh**, **geoip-shell-manage.sh** and **check-ip-in-source.sh**. All the other scripts are intended as a back-end. If you just want to install and move on, you only need to run the -install script.
After installation, the user interface is provided by running "geoip-shell", which is a symlink to the -manage script.
## **Main scripts in detail**
**geoip-shell-manage.sh**: serves as the main user interface to configure geoip after installation. You can also call it by simply typing `geoip-shell`. As most scripts in this suite, it requires root privileges because it needs to interact with the netfilter kernel component and access the data folder which is only readable and writable by root. Since it serves as the main user interface, it contains a lot of logic to generate a report, parse, validate and initiate actions requested by the user (by calling other scripts as required), check for possible remote machine lockout and warn the user about it, check actions result, update the config and take corrective actions in case of an error. Describing all this is beyond the scope of this document but you can read the code. Sources the lib-status script when generating a status report. Sources lib-setup for some of the arguments parsing logic and interactive dialogs implementation.
`geoip-shell <on|off> [-c <"country_codes">]` : Enable or disable the geoip blocking chain (via a rule in the base geoip chain)
`geoip-shell <on|off>` : Enable or disable the geoip blocking chain (via a rule in the base geoip chain)
`geoip-shell <add|remove> [-c <"country_codes">]` :
* Adds or removes the specified country codes to/from the config file.
@ -75,7 +72,11 @@ After installation, the user interface is provided by running "geoip-shell", whi
`geoip-shell restore` : re-fetches and re-applies geoip firewall rules and ip lists as per the config.
`geoip-shell configure [options]` : changes geoip-shell configuration
`geoip-shell showconfig` : prints the contents of the config file.
`geoip-shell configure [options]` : changes geoip-shell configuration.
Initial configuration is possible either fully interactively (the -manage script gathers all important config via dialog with the user), partially interactively (you provide some command line arguments, the -manage script processes them and if needed, asks you additional questions), or completely non-interactively by calling the -manage script with the `-z` option which will force setup to fail if any required options are missing or invalid. Any sensible combination of the following options is allowed in one command.
**Options for the `geoip-shell configure` command:**
@ -87,61 +88,78 @@ After installation, the user interface is provided by running "geoip-shell", whi
`-u [ripe|ipdeny]`: Change ip lists source.
`-i <[ifaces]|auto|all>`: Change which network interfaces geoip firewall rules are applied to. `auto` will attempt to automatically detect WAN network interfaces. `auto` works correctly in **most** cases but not in **every** case. Don't use `auto` if the machine has no direct connection to WAN. The automatic detection occurs only when manually triggered by the user via this command.
`-i <[ifaces]|auto|all>`: Change which network interfaces geoip firewall rules are applied to. `auto` will attempt to automatically detect WAN network interfaces. `auto` works correctly in **most** cases but not in **every** case. Don't use `auto` if the machine has no dedicated WAN network interfaces. The automatic detection occurs only when manually triggered by the user via this command.
`-l <"[lan_ips]"|auto|none>`: Specify LAN ip's or subnets to exclude from blocking (both ipv4 and ipv6). `auto` will trigger LAN subnets re-detection at every update of the ip lists. When specifying custom ip's or subnets, automatic detection is disabled. This option is only avaiable when using geoip-shell in whitelist mode.
`-t <"[trusted_ips]|none">`: Specify trusted ip's or subnets (anywhere on the Internet) to exclude from geoip blocking (both ipv4 and ipv6).
`-p <[tcp|udp]:[allow|block]:[all|<ports>]>`: specify ports geoip blocking will apply (or not apply) to, for tcp or udp. To specify ports for both tcp and udp, use the `-p` option twice. For more details, read [NOTES.md](NOTES.md), sections 9-11.
`-p <[tcp|udp]:[allow|block]:[all|<ports>]>`: Specify ports geoip blocking will apply (or not apply) to, for tcp or udp. To specify ports for both tcp and udp, use the `-p` option twice. For more details, read [NOTES.md](NOTES.md), sections 9-11.
`-r <[user_country_code]|none>` : Specify user's country code. Used to prevent accidental lockout of a remote machine. `none` disables this feature.
`-s <"schedule_expression"|disable>` : enables automatic ip lists updates and configures the schedule for the periodic cron job which implements this feature. `disable` disables automatic ip lists updates.
`-s <"schedule_expression"|disable>` : Enables automatic ip lists updates and configures the schedule for the periodic cron job which implements this feature. `disable` disables automatic ip lists updates.
`-o <true|false>` : No backup. If set to 'true', geoip-shell will not create a backup of ip lists and firewall rules after applying changes, and will automatically re-fetch ip lists after each reboot. Default is 'true' for OpenWrt, 'false' for all other systems.
`-a <path>` : Set custom path to directory where backups and the status file will be stored. Default is '/tmp/geoip-shell-data' for OpenWrt, '/var/lib/geoip-shell' for all other systems.
`-O <memory|performance>`: specify optimization policy for nftables sets. By default optimizes for low memory consumption if system RAM is less than 2GiB, otherwise optimizes for performance. This option doesn't work with iptables.
`-O <memory|performance>`: Specify optimization policy for nftables sets. By default optimizes for low memory consumption if system RAM is less than 2GiB, otherwise optimizes for performance. This option doesn't work with iptables.
`geoip-shell showconfig` : prints the contents of the config file.
`-z`: Non-interactive setup.
**geoip-shell-run.sh**: Serves as a proxy to call the -fetch, -apply and -backup scripts with arguments required for each action. Executes the requested actions, depending on the config set by the -install and -manage scripts, and the command line options, and writes to system log when starting and on action completion (or if any errors encountered). If persistence or autoupdates are enabled, the cron jobs (or on OpenWrt, the firewall include script) call this script with the necessary options. If a non-fatal error is encountered during an automatic update function, the script enters sort of a temporary daemon mode where it will re-try the action (up to a certain number of retries) with increasing time intervals. It also implements some logic to account for unexpected issues encountered during the 'restore' action which runs after system reboot to impelement persistnece, such as a missing backup, and in this situation will automatically change its action from 'restore' to 'update' and try to re-fetch and re-apply the ip lists.
**geoip-shell-run.sh**: Serves as a proxy to call the -fetch, -apply and -backup scripts with arguments required for each action. Executes the requested actions, depending on the config and the command line options, and writes to system log when starting and on action completion (or if any errors encountered). If persistence or autoupdates are enabled, the cron jobs (or on OpenWrt, the firewall include script) call this script with the necessary options. If a non-fatal error is encountered during an automatic update function, the script enters sort of a temporary daemon mode where it will re-try the action (up to a certain number of retries) with increasing time intervals. It also implements some logic to account for unexpected issues encountered during the 'restore' action which runs after system reboot to impelement persistnece, such as a missing backup, and in this situation will automatically change its action from 'restore' to 'update' and try to re-fetch and re-apply the ip lists.
`geoip-shell-run add -l <"list_id [list_id] ... [list_id]">` : Fetches ip lists, loads them into ip sets and applies firewall rules for specified list id's.
A list id has the format of `<country_code>_<family>`. For example, ****US_ipv4** and **GB_ipv6** are valid list id's.
`geoip-shell-run.sh add -l <"list_id [list_id] ... [list_id]">` : Fetches ip lists, loads them into ip sets and applies firewall rules for specified list id's.
A list id has the format of `<country_code>_<family>`. For example, **US_ipv4** and **GB_ipv6** are valid list id's.
`geoip-shell-run remove -l <"list_ids">` : Removes iplists and firewall rules for specified list id's.
`geoip-shell-run.sh remove -l <"list_ids">` : Removes iplists and firewall rules for specified list id's.
`geoip-shell-run update` : Updates the ip sets for list id's that had been previously configured. Intended for triggering from periodic cron jobs.
`geoip-shell-run.sh update` : Updates the ip sets for list id's that had been previously configured. Intended for triggering from periodic cron jobs.
`geoip-shell-run restore` : Restore previously downloaded lists from backup (skip fetching). Used by the reboot cron job (or by the firewall include on OpenWrt) to implement persistence.
`geoip-shell-run.sh restore` : Restore previously downloaded lists from backup (skip fetching). Used by the reboot cron job (or by the firewall include on OpenWrt) to implement persistence.
**geoip-shell-fetch.sh**
- Fetches ip lists for given list id's from RIPE or from ipdeny. The source is selected during installation. If you want to change the default which is RIPE, install with the `-u ipdeny` option.
- Fetches ip lists for given list id's from RIPE or from ipdeny.
- Parses, validates, compiles the downloaded lists, and saves each one to a separate file.
- Implements extensive sanity checks at each stage (fetching, parsing, validating and saving) and handles errors if they occur.
(for specifics on how to use the script, run it with the -h option)
Options:
**geoip-shell-apply.sh**: directly interfaces with the firewall. Creates or removes ip sets and firewall rules for specified list id's. Sources the lib-apply-ipt or lib-apply-nft script which does most of the actual work.
`-l <"list_ids">` : ip list id's in the format <country_code>_<family> (if specifying multiple list id's, use double quotes)
`geoip-shell-apply add -l <"list_ids">` :
`-p <path>` : Path to directory where downloaded and compiled subnet lists will be stored.
`-o <output_file>` : Path to output file where fetched list will be stored.
`-s <status_file>` : Path to a status file to register fetch results in.
`-u <ripe|ipdeny>` : Use this ip list source for download. Supported sources: ripe, ipdeny.
Extra options:
`-r` : Raw mode (outputs newline-delimited ip lists rather than nftables-ready ones).
`-f` : Force using fetched lists even if list timestamp didn't change compared to existing list.
**geoip-shell-apply.sh**: directly interfaces with the firewall. Creates or removes ip sets and firewall rules for specified list id's. Sources the lib-ipt or lib-nft library script.
`geoip-shell-apply.sh add -l <"list_ids">` :
- Loads ip list files for specified list id's into ip sets and applies firewall rules required for geoip blocking.
List id has the format of `<country_code>_<family>`. For example, **US_ipv4** and **GB_ipv6** are valid list id's.
`geoip-shell-apply remove -l <"list_ids">` :
`geoip-shell-apply.sh remove -l <"list_ids">` :
- removes ip sets and geoip firewall rules for specified list id's.
**geoip-shell-cronsetup.sh** manages all the cron-related logic and actions. Called by the -manage script. Cron jobs are created based on the settings stored in the config file. Also used to validate cron schedule provided by the user at the time of installation or later.
**geoip-shell-cronsetup.sh** manages all the cron-related logic and actions. Called by the -manage script. Cron jobs are created based on the settings stored in the config file. Also used to validate cron schedule specified by the user.
**geoip-shell-backup.sh**: Creates a backup of current geoip-shell firewall rules and ip sets and current geoip-shell config, or restores them from backup. By default (if you didn't run the installation with the '-o' option), backup will be created after every change to ip sets in the firewall. Backups are automatically compressed and de-compressed with the best utility available to the system, in this order "bzip2, xz, gzip", or simply "cat" as a fallback if neither is available (which generally should never happen on Linux). Only one backup copy is kept. Sources the lib-backup-ipt or the lib-backup-nft script which does most of the actual work.
**geoip-shell-backup.sh**: Creates backup of current geoip-shell firewall rules and ip sets and current geoip-shell config, or restores them from backup. By default (if you didn't configure geoip-shell with the '-o' option), backup will be created after every change to ip sets in the firewall. Backups are automatically compressed and de-compressed with the best utility available to the system, in this order "bzip2, xz, gzip", or simply "cat" as a fallback if neither is available (which generally should never happen on Linux). Only one backup copy is kept. Sources the lib-ipt or the lib-nft library script.
`geoip-shell-backup create-backup` : Creates a backup of the current firewall state and geoip blocking config.
`geoip-shell-backup.sh create-backup` : Creates backup of geoip-shell ip sets and config.
`geoip-shell-backup restore` : Restores the firewall state and the config from backup. Used by the *run script to implement persistence. Can be manually used for recovery from fault conditions.
`geoip-shell-backup.sh restore` : Restores geoip-shell state and config from backup. Used by the *run script to implement persistence. Can be manually used for recovery from fault conditions. If run with option `-n`, does not restore the config and the status files.

8
net/geoip-shell/Makefile
View File

@ -4,14 +4,14 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=geoip-shell
PKG_VERSION:=0.5
PKG_RELEASE:=2
PKG_VERSION:=0.5.2
PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0-or-later
PKG_MAINTAINER:=antonk <antonk.d3v@gmail.com>
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=3b56796aea49d7ae1e5ce3de1f5ccfafd36c7f3f
PKG_SOURCE_VERSION:=db8bbf4ce04094843beea1b1aa4fbceb0d35688d
PKG_SOURCE_URL:=https://github.com/friendly-bits/geoip-shell-openwrt.git
PKG_MIRROR_HASH:=2a6cb1996fc7c48f146267e193fe1812addeb228adc5fe16a55341509d4a5353
PKG_MIRROR_HASH:=4b0b90a936b8e9b476a0b85bd2100fcc4d1da25cd6929c0bcc282ae7ff137e9f
include $(INCLUDE_DIR)/package.mk

4
net/geoip-shell/NOTES.md
View File

@ -14,7 +14,7 @@
### **nftables**
- With **nftables**, all firewall rules created by geoip-shell are in the table named `geoip-shell`, family "inet", which is a term nftables uses for tables applying to both ip families. The `geoip-shell` table includes rules for both ip families and any nftables sets geoip-shell creates. geoip-shell creates 2 chains in that table: `GEOIP-BASE` and `GEOIP-SHELL`. The base chain attaches to netfilter's `prerouting` hook and has a rule which directs traffic to the `GEOIP-SHELL` chain. That rule is the geoip-shell "enable" rule for nftables-based systems which acts exactly like the "enable" rule in the iptables-based systems, except it applies to both ip families.
- **nftables** allows for more control over which network interfaces each rule applies to, so when certain network interfaces are specified during installation, geoip-shell specifies these interfaces directly in the rules inside the `GEOIP-SHELL` chain, and so (contrary to iptables-based systems) there is no need in an additional chain.
- **nftables** allows for more control over which network interfaces each rule applies to, so when certain network interfaces are specified during initial setup, geoip-shell specifies these interfaces directly in the rules inside the `GEOIP-SHELL` chain, and so (contrary to iptables-based systems) there is no need in an additional chain.
- **nftables** features atomic rules updates, meaning that when issuing multiple nftables commands at once, if any command fails, all changes get cancelled and the system remains in the same state as before. geoip-shell utilizes this feature for fault-tolerance and to completely eliminate time when geoip blocking is disabled during an update of the sets or rules.
- **nftables** current version (up to 1.0.8 and probably 1.0.9) has some bugs related to unnecessarily high transient memory consumption when performing certain actions, including adding new sets. These bugs are known and for the most part, already have patches implemented which should eventually roll out to the distributions. This mostly matters for embedded hardware with less than 512MB of memory. geoip-shell works around these bugs as much as possible. One of the workarounds is to avoid using the atomic replacement feature for nftables sets. Instead, when updating sets, geoip-shell first adds new sets one by one, then atomically applies all other changes, including rules changes and removing the old sets. In case of an error during any stage of this process, all changes get cancelled, old rules and sets remain in place and geoip-shell then destroys the new sets. This is less efficient but with current versions of nftables, this actually lowers the minimum memory bar for the embedded devices. Once a new version of nftables will be rolled out to the distros, geoip-shell will adapt the algorithm accordingly.
@ -27,7 +27,7 @@
3) geoip-shell uses RIPE as the default source for ip lists. RIPE is a regional registry, and as such, is expected to stay online and free for the foreseeable future. However, RIPE may be fairly slow in some regions. For that reason, I implemented support for fetching ip lists from ipdeny. ipdeny provides aggregated ip lists, meaning in short that there are less entries for same effective geoip blocking, so the machine which these lists are installed on has to do less work when processing incoming connection requests. All ip lists the suite fetches from ipdeny are aggregated lists.
4) The scripts intended as user interface are: **-install**, **-uninstall**, **-manage** (also called by running '**geoip-shell**' after installation) and **check-ip-in-registry.sh**. The -manage script saves the config to a file and implements coherence checks between that file and the actual firewall state. While you can run the other scripts individually, if you make changes to firewall geoip rules, next time you run the -manage script it may insist on reverting those changes since they are not reflected in the config file. The **-backup** script can be used individually. By default, it creates a backup of geoip-shell state after every successful action involving changes to or updates of the ip lists. If you encounter issues, you can use it with the 'restore' command to restore geoip-shell to its previous state. It also restores the config, so the -manage script will not mind.
4) The script intended as user interface is **geoip-shell-manage.sh** (also called by running **geoip-shell**).
5) How to manually check firewall rules created by geoip-shell:
- With nftables: `nft -t list table inet geoip-shell`. This will display all geoip-shell rules and sets.

21
net/geoip-shell/SETUP.md
View File

@ -1,18 +1,11 @@
# Notes about questions asked during the initial setup
## Notes about questions asked during the initial setup
## **'Your shell 'A' is supported by geoip-shell but a faster shell 'B' is available in this system, using it instead is recommended. Would you like to use 'B' with geoip-shell?'**
geoip-shell will work with the shell A you ran it from, but it will work faster with a shell B which is also installed in your system. Your call - type in `y` or `n`. The recommendation is clear. If you type in `y`, geoip-shell installer will launch itself using shell B and configure geoip-shell to always use shell B.
## **'I'm running under an unsupported/unknown shell shell 'A' but a supported shell 'B' is available in this system, using it instead is recommended. Would you like to use 'B' with geoip-shell?'**
Whether geoip-shell will work correctly or at all with the shell A you ran it from is unknown, but a supported shell B is available in your system. You can try to run geoip-shell with A but the recommendation is clear. Generally, geoip-shell works best with shells `ash` and `dash`. If you type in `y`, geoip-shell installer will launch itself using shell B and configure geoip-shell to always use shell B.
## **'Please enter your country code':**
### **'Please enter your country code':**
If you answer this question, the _-manage_ script will check that changes in ip lists which you request to make will not block your own country and warn you if they will. This applies both to the initial setup, and to any subsequent changes to the ip lists which you may want to make in the future. The idea behind this is to make this tool as fool-proof as possible. This information is written to the geoip-shell config file (only readable by root) on your device and geoip-shell does not send it anywhere. You can remove this config entry any time via the command `geoip-shell configure -r none`. You can skip the question by pressing Enter if you wish.
## **'Does this machine have dedicated WAN interface(s)? [y|n]':**
### **'Does this machine have dedicated WAN interface(s)? [y|n]':**
Answering this question is mandatory because the firewall is configured differently, depending on the answer. Answering it incorrectly may cause unexpected results, including having no geoip blocking or losing remote access to your machine.
@ -20,7 +13,7 @@ A machine may have dedicated WAN network interfaces if it's a router or in certa
Otherwise, geoip rules are applied to traffic arriving from all network interfaces, except the loopback interface. Besides that, when geoip-shell is installed in whitelist mode and you picked `n` in this question, additional firewall rules may be created which add LAN subnets or ip's to the whitelist in order to avoid blocking them (you can approve or configure that on the next step of the installation). This does not guarantee that your LAN subnets will not be blocked by another rule in another table, and in fact, if you prefer to block some of them then having them in whitelist will not matter. This is because while the 'drop' verdict is final, the 'accept' verdict is not.
## **'Autodetected ipvX LAN subnets: ... [c]onfirm, c[h]ange, [s]kip or [a]bort installation?'**
### **'Autodetected ipvX LAN subnets: ... [c]onfirm, c[h]ange, [s]kip or [a]bort?'**
You will see this question if installing the suite in whitelist mode and you chose `n` in the previous question. The reason why under these conditions this question is asked is to avoid blocking your LAN from accessing your machine.
@ -48,7 +41,7 @@ A third way to do that is by examining your network configuration (in your route
If you find out that the subnets were detected incorrectly, you can type in 'h' and manually enter the correct subnets or ip addresses which you want to allow connections from.
## **'A[u]to-detect LAN subnets when updating ip lists or keep this config c[o]nstant?'**
### **'A[u]to-detect LAN subnets when updating ip lists or keep this config c[o]nstant?'**
As the above question, you will see this one if installing the suite in whitelist mode and you answered `n` to the question about WAN interfaces. You will not see this question if you specified custom subnets or ips in the previous question.
@ -60,8 +53,8 @@ If you type in 'c' then whatever subnets have been detected during installation
Generally if automatic detection worked as expected during initial setup, most likely it will work correctly every time, so it is a good idea to allow auto-detection with each update. If not then, well, not.
## **Extra options**
### **Extra options**
- geoip-shell supports an additional setting: trusted ip's or subnets. Currently this is only configurable by running the -install script with the option `-t <"[trusted_ips]">` (or after installation via the `geoip-shell configure -t <"[trusted_ips]">` command). You can specify trusted ip addresses or subnets anywhere on the LAN or on the Internet. To remove this setting later, run `geoip-shell configure -t none`.
- geoip-shell supports lots of additional command-line options. You can find out more by running `sh geoip-shell-install.sh -h`, or after installation `geoip-shell -h`, or by reading [NOTES.md](NOTES.md) and [DETAILS.md](DETAILS.md).
- geoip-shell supports lots of additional command-line options. You can find out more by running `geoip-shell -h`, or by reading [NOTES.md](NOTES.md) and [DETAILS.md](DETAILS.md).

39
net/jool/files/readme.md
View File

@ -1,28 +1,35 @@
# [Jool](https://www.jool.mx)
# [Jool](https://nicmx.github.io/Jool/en/index.html)
## Documentation
[See here](https://www.jool.mx/en/documentation.html).
[See here](https://nicmx.github.io/Jool/en/documentation.html).
You might also want to see [contact info](https://www.jool.mx/en/contact.html).
You might also want to see [contact info](https://nicmx.github.io/Jool/en/contact.html).
## Usage
### Start script
This package includes a start script that will:
1. Read the configuration file `/etc/config/jool`
2. Determine what services are active
3. Run jool with procd
For now this means that:
* The services will be disabled by default in the uci config `(/etc/config/jool)`
* The only uci configuration support available for the package is to enable or disable each instance or the entire deamon
* There is no uci support and configuration will be saved at `/etc/jool/*
* Only one instance of jool(nat64) can run with the boot script
* Only one instance of jool(siit) can run with the boot script
* For now there is no way of overriding of the configuration file's paths
1. Read the configuration file `/etc/config/jool`
2. Determine what services are active
3. Run `jool` with procd
The configuration files the startup script useses for each jool instance are:
* jool(nat64): `/etc/jool/jool-nat64.conf.json`
* jool(siit): `/etc/jool/jool-siit.conf.json`
### For now this means that
- The services will be disabled by default in the uci config `(/etc/config/jool)`
- The only uci configuration support available for the package is to enable or disable each instance or the entire deamon
- There is no uci support and configuration will be saved at `/etc/jool/`
- Only one instance of jool(nat64) can run with the boot script
- Only one instance of jool(siit) can run with the boot script
- For now there is no way of overriding of the configuration file's paths
The configuration files the startup script uses for each jool instance are:
- jool(nat64): `/etc/jool/jool-nat64.conf.json`
- jool(siit): `/etc/jool/jool-siit.conf.json`
### OpenWrt tutorial
For a more detailed tutorial refer to this [wiki page](https://openwrt.org/docs/guide-user/network/ipv6/nat64).

5
net/modemmanager/Makefile
View File

@ -8,11 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=modemmanager
PKG_SOURCE_VERSION:=1.22.0
PKG_RELEASE:=12
PKG_VERSION:=1.22.0
PKG_RELEASE:=13
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://gitlab.freedesktop.org/mobile-broadband/ModemManager.git
PKG_SOURCE_VERSION:=$(PKG_VERSION)
PKG_MIRROR_HASH:=cd67d0833481146cc630299ffd2e7afdedb2c90f9d8ce3cc348af1fffacc87de
PKG_MAINTAINER:=Nicholas Smith <nicholas@nbembedded.com>

2
net/natmap/Makefile
View File

@ -2,7 +2,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=natmap
PKG_VERSION:=20240303
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/heiher/natmap/releases/download/$(PKG_VERSION)

2
net/natmap/files/natmap.config
View File

@ -10,4 +10,6 @@ config natmap
option forward_target ''
option forward_port ''
option notify_script ''
option log_stdout '1'
option log_stderr '1'

8
net/natmap/files/natmap.init
View File

@ -27,7 +27,9 @@ validate_section_natmap() {
'port:port' \
'forward_target:host' \
'forward_port:port' \
'notify_script:file'
'notify_script:file' \
'log_stdout:bool:1' \
'log_stderr:bool:1'
}
natmap_instance() {
@ -63,8 +65,8 @@ natmap_instance() {
procd_append_param command -e /usr/lib/natmap/update.sh
procd_set_param respawn
procd_set_param stdout 1
procd_set_param stderr 1
procd_set_param stdout "${log_stdout}"
procd_set_param stderr "${log_stderr}"
procd_close_instance
}

2
net/nebula/Makefile
View File

@ -5,7 +5,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=nebula
PKG_VERSION:=1.8.2
PKG_RELEASE:=r2
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/slackhq/nebula/tar.gz/v$(PKG_VERSION)?

7
net/snort3/Makefile
View File

@ -9,9 +9,10 @@ PKG_NAME:=snort3
PKG_VERSION:=3.1.84.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/snort3/snort3/archive/refs/tags/
PKG_HASH:=dca1707a66f6ca56ddd526163b2d951cefdb168bddc162c791adc74c0d226c7f
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=$(PKG_VERSION)
PKG_SOURCE_URL:=https://github.com/snort3/snort3
PKG_MIRROR_HASH:=ffa69fdd95c55a943ab4dd782923caf31937dd8ad29e202d7fe781373ed84444
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>, John Audia <therealgraysky@proton.me>
PKG_LICENSE:=GPL-2.0-only

4
net/v2ray-core/Makefile
View File

@ -5,12 +5,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=v2ray-core
PKG_VERSION:=5.15.1
PKG_VERSION:=5.15.3
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/v2fly/v2ray-core/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=461a65a1675f17ad95a2a5ddf0b016247a34aa376ed1738c143e7c6603ab4abd
PKG_HASH:=32b325e54ee93fb3563c33d3c097592aa857370055d8ef1c50fd2387678843df
PKG_LICENSE:=MIT
PKG_LICENSE_FILES:=LICENSE

10
net/xtables-addons/Makefile
View File

@ -41,15 +41,6 @@ CONFIGURE_ARGS+= \
--with-kbuild="$(LINUX_DIR)" \
--with-xtlibdir="/usr/lib/iptables"
ifdef CONFIG_EXTERNAL_TOOLCHAIN
MAKE_FLAGS:= \
$(patsubst ARCH=%,ARCH=$(LINUX_KARCH),$(MAKE_FLAGS)) \
DEPMOD="/bin/true"
MAKE_INSTALL_FLAGS:= \
$(patsubst ARCH=%,ARCH=$(LINUX_KARCH),$(MAKE_FLAGS)) \
DEPMOD="/bin/true"
else
define Build/Compile
+$(MAKE) $(PKG_JOBS) -C $(PKG_BUILD_DIR) \
$(KERNEL_MAKE_FLAGS) \
@ -65,7 +56,6 @@ define Build/Install
DEPMOD="/bin/true" \
install
endef
endif
# 1: extension/module suffix used in package name
# 2: extension/module display name used in package title/description

5
sound/shairport-sync/Makefile
View File

@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=shairport-sync
PKG_VERSION:=4.3.2
PKG_RELEASE:=3
PKG_RELEASE:=5
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/mikebrady/shairport-sync/tar.gz/$(PKG_VERSION)?
@ -29,7 +29,7 @@ define Package/shairport-sync/default
SECTION:=sound
CATEGORY:=Sound
TITLE:=AirPlay compatible audio player
DEPENDS:=@AUDIO_SUPPORT +libpthread +alsa-lib +libconfig +libdaemon +libpopt +libplist +libsodium +libgcrypt +libffmpeg-full +libuuid +nqptp
DEPENDS:=@AUDIO_SUPPORT +libpthread +alsa-lib +libconfig +libdaemon +libpopt +libplist +libsodium +libgcrypt +libffmpeg-full +libuuid +nqptp +libmosquitto
PROVIDES:=shairport-sync
URL:=https://github.com/mikebrady/shairport-sync
endef
@ -80,6 +80,7 @@ CONFIGURE_ARGS += \
--with-libdaemon \
--with-airplay-2 \
--with-pipe \
--with-mqtt-client \
--with-metadata
ifeq ($(BUILD_VARIANT),openssl)

15
sound/shairport-sync/files/shairport-sync.config
View File

@ -37,6 +37,10 @@ config shairport-sync 'shairport_sync'
# Session Control
option sesctl_run_before_play_begins '' # /etc/shairport-sync-start.sh
option sesctl_run_after_play_ends '' # /etc/shairport-sync-stop.sh
option sesctl_run_before_entering_active_state '' # /path/to/script.sh
option sesctl_run_after_exiting_active_state '' # /path/to/script.sh
option sesctl_run_if_an_unfixable_error_is_detected '' # /path/to/script.sh
option sesctl_run_when_volume_is_set '' # /path/to/script.sh
option sesctl_wait_for_completion '' # no/yes
option sesctl_session_interruption '' # no/yes
option sesctl_session_timeout '' # 120
@ -56,6 +60,17 @@ config shairport-sync 'shairport_sync'
# Stdout
option stdout_latency_offset '' # 0
option stdout_buffer_length '' # 44100
# MQTT: https://github.com/mikebrady/shairport-sync/blob/master/MQTT.md
option mqtt_enabled 'no'
option mqtt_hostname '127.0.0.1'
option mqtt_port '1883'
option mqtt_username '' # empty = no authentication
option mqtt_password '' # empty = no authentication
option mqtt_topic 'shairport'
option mqtt_publish_raw 'no'
option mqtt_publish_parsed 'no'
option mqtt_publish_cover 'no'
option mqtt_enable_remote 'no'
# AO
option ao_latency_offset '' # 0
option ao_buffer_length '' # 44100

19
sound/shairport-sync/files/shairport-sync.init
View File

@ -83,6 +83,10 @@ start_instance() {
printf "{\n"
append_str "$cfg" sesctl_run_before_play_begins "run_this_before_play_begins"
append_str "$cfg" sesctl_run_after_play_ends "run_this_after_play_ends"
append_str "$cfg" sesctl_run_before_entering_active_state "run_this_before_entering_active_state"
append_str "$cfg" sesctl_run_after_exiting_active_state "run_this_after_exiting_active_state"
append_str "$cfg" sesctl_run_if_an_unfixable_error_is_detected "run_this_if_an_unfixable_error_is_detected"
append_str "$cfg" sesctl_run_when_volume_is_set "run_this_when_volume_is_set"
append_str "$cfg" sesctl_wait_for_completion "wait_for_completion"
append_str "$cfg" sesctl_session_interruption "allow_session_interruption"
append_num "$cfg" sesctl_session_timeout "session_timeout"
@ -116,6 +120,21 @@ start_instance() {
append_num "$cfg" stdout_buffer_length "audio_backend_buffer_desired_length"
printf "};\n\n"
# MQTT
printf "mqtt =\n"
printf "{\n"
append_str "$cfg" mqtt_enabled "enabled"
append_str "$cfg" mqtt_hostname "hostname"
append_num "$cfg" mqtt_port "port"
append_str "$cfg" mqtt_username "username"
append_str "$cfg" mqtt_password "password"
append_str "$cfg" mqtt_topic "topic"
append_str "$cfg" mqtt_publish_raw "publish_raw"
append_str "$cfg" mqtt_publish_parsed "publish_parsed"
append_str "$cfg" mqtt_publish_cover "publish_cover"
append_str "$cfg" mqtt_enable_remote "enable_remote"
printf "};\n\n"
# AO audio back end
printf "ao =\n"
printf "{\n"

11
utils/cni-plugins-nft/Makefile
View File

@ -2,11 +2,12 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=cni-plugins-nft
PKG_VERSION:=1.0.12
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/greenpau/cni-plugins/archive/v$(PKG_VERSION)
PKG_HASH:=51c4b41c61f46c7dfc691d52dba301e7d8189589e1a625772f761ea3ae804fb3
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=v$(PKG_VERSION)
PKG_SOURCE_URL:=https://github.com/greenpau/cni-plugins
PKG_MIRROR_HASH:=3bb778c8f48261eaaee8b14b9219f1730967ef16158b5b540d45da54ef580e53
PKG_MAINTAINER:=Oskari Rauta <oskari.rauta@gmail.com>
PKG_LICENSE:=Apache-2.0
@ -23,8 +24,6 @@ GO_PKG_BUILD_PKG:=github.com/greenpau/cni-plugins/cmd/cni-nftables-portmap \
include $(INCLUDE_DIR)/package.mk
include ../../lang/golang/golang-package.mk
PKG_UNPACK:=$(HOST_TAR) -C "$(PKG_BUILD_DIR)" --strip-components=1 -xzf "$(DL_DIR)/$(PKG_SOURCE)"
define Package/cni-plugins-nft
SECTION:=utils
CATEGORY:=Utilities

15
utils/cni-plugins/Makefile
View File

@ -2,15 +2,16 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=cni-plugins
PKG_VERSION:=1.1.1
PKG_RELEASE:=1
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/containernetworking/plugins/archive/v$(PKG_VERSION)
PKG_HASH:=c86c44877c47f69cd23611e22029ab26b613f620195b76b3ec20f589367a7962
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=v$(PKG_VERSION)
PKG_SOURCE_URL:=https://github.com/containernetworking/plugins
PKG_MIRROR_HASH:=4372700fa1fb159235586432800f228d92246d13571f5a29aa9bc58291eac6d9
PKG_MAINTAINER:=Daniel Golle <daniel@makrotopia.org>, Paul Spooren <mail@aparcar.org>
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
PKG_BUILD_DEPENDS:=golang/host
PKG_BUILD_PARALLEL:=1
@ -24,8 +25,6 @@ GO_PKG_BUILD_PKG:=github.com/containernetworking/plugins/plugins/main/... \
include $(INCLUDE_DIR)/package.mk
include ../../lang/golang/golang-package.mk
PKG_UNPACK:=$(HOST_TAR) -C "$(PKG_BUILD_DIR)" --strip-components=1 -xzf "$(DL_DIR)/$(PKG_SOURCE)"
define Package/cni-plugins
SECTION:=utils
CATEGORY:=Utilities

6
utils/docker-compose/Makefile
View File

@ -1,14 +1,14 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=compose
PKG_VERSION:=2.26.1
PKG_RELEASE:=2
PKG_VERSION:=2.27.0
PKG_RELEASE:=1
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
PKG_SOURCE:=$(PKG_NAME)-v$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/docker/compose/tar.gz/v${PKG_VERSION}?
PKG_HASH:=081ad40241f8e144cad088a65e6fd0ec588e3d36931e5baabb3dc5ab068ceb60
PKG_HASH:=29b2232d1609dff03db74188a7944c85ba8b612f47a7e39938a43db8fb7d7067
PKG_MAINTAINER:=Javier Marcet <javier@marcet.info>

2
utils/dockerd/Makefile
View File

@ -47,7 +47,7 @@ define Package/dockerd
+kmod-veth \
+tini \
+uci-firewall \
@!(mips||mipsel)
@!(mips||mips64||mipsel)
USERID:=docker:docker
MENU:=1
endef

2
utils/mstflint/Makefile
View File

@ -31,7 +31,7 @@ define Package/mstflint
CATEGORY:=Utilities
TITLE:=Mellanox Firmware Burning and Diagnostics Tools
URL:=https://github.com/Mellanox/mstflint
DEPENDS:=@!(mips||mipsel) \
DEPENDS:=@!(mips||mips64||mipsel) \
+libcurl +liblzma +libopenssl +libsqlite3 \
+libstdcpp +libxml2 +python3-ctypes \
+python3-urllib +python3-xml +zlib