Compare commits
7 Commits
91b253de0e
...
9e1e3362a6
Author | SHA1 | Date |
---|---|---|
Alexander Puzynia | 9e1e3362a6 | |
Josef Schlehofer | 9d49df0dab | |
Josef Schlehofer | 6d5e404a0c | |
Paul Spooren | 26c101edc3 | |
Goetz Goerisch | 8b08b29271 | |
Alexander Puzynia | efa240b4e1 | |
Alexander Puzynia | c24387cb23 |
|
@ -1,93 +0,0 @@
|
|||
FROM debian:10
|
||||
|
||||
|
||||
# Configuration version history
|
||||
# v1.0 - Initial version by Etienne Champetier
|
||||
# v1.0.1 - Run as non-root, add unzip, xz-utils
|
||||
# v1.0.2 - Add bzr
|
||||
# v1.0.3 - Verify usign signatures
|
||||
# v1.0.4 - Add support for Python3
|
||||
# v1.0.5 - Add 19.07 public keys, verify keys
|
||||
# v1.0.6 - Add 21.02 public keys, update Debian image to version 10, add rsync
|
||||
# v1.0.7 - Add 22.03 public keys, 18.06 v2 gpg key, 18.06 usign key
|
||||
|
||||
RUN apt update && apt install -y \
|
||||
build-essential \
|
||||
bzr \
|
||||
curl \
|
||||
jq \
|
||||
gawk \
|
||||
gettext \
|
||||
git \
|
||||
libncurses5-dev \
|
||||
libssl-dev \
|
||||
python \
|
||||
python3 \
|
||||
signify-openbsd \
|
||||
subversion \
|
||||
rsync \
|
||||
time \
|
||||
unzip \
|
||||
wget \
|
||||
xz-utils \
|
||||
zlib1g-dev \
|
||||
&& rm -rf /var/lib/apt/lists/*
|
||||
|
||||
RUN useradd -c "OpenWrt Builder" -m -d /home/build -s /bin/bash build
|
||||
USER build
|
||||
ENV HOME /home/build
|
||||
|
||||
# OpenWrt Build System (PGP key for unattended snapshot builds)
|
||||
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/626471F1.asc' | gpg --import \
|
||||
&& gpg --fingerprint --with-colons '<pgpsign-snapshots@openwrt.org>' | grep '^fpr:::::::::54CC74307A2C6DC9CE618269CD84BCED626471F1:$' \
|
||||
&& echo '54CC74307A2C6DC9CE618269CD84BCED626471F1:6:' | gpg --import-ownertrust
|
||||
|
||||
# OpenWrt Build System (PGP key for 17.01 "Reboot" release builds)
|
||||
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/D52BBB6B.asc' | gpg --import \
|
||||
&& gpg --fingerprint --with-colons '<pgpsign-17.01@openwrt.org>' | grep '^fpr:::::::::B09BE781AE8A0CD4702FDCD3833C6010D52BBB6B:$' \
|
||||
&& echo 'B09BE781AE8A0CD4702FDCD3833C6010D52BBB6B:6:' | gpg --import-ownertrust
|
||||
|
||||
# OpenWrt Release Builder (18.06 Signing Key)
|
||||
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/17E1CE16.asc' | gpg --import \
|
||||
&& gpg --fingerprint --with-colons '<openwrt-devel@lists.openwrt.org>' | grep '^fpr:::::::::6768C55E79B032D77A28DA5F0F20257417E1CE16:$' \
|
||||
&& echo '6768C55E79B032D77A28DA5F0F20257417E1CE16:6:' | gpg --import-ownertrust
|
||||
|
||||
# OpenWrt Build System (PGP key for 18.06 release builds)
|
||||
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/15807931.asc' | gpg --import \
|
||||
&& gpg --fingerprint --with-colons '<pgpsign-18.06@openwrt.org>' | grep '^fpr:::::::::AD0507363D2BCE9C9E36CEC4FBCB78F015807931:$' \
|
||||
&& echo 'AD0507363D2BCE9C9E36CEC4FBCB78F015807931:6:' | gpg --import-ownertrust
|
||||
|
||||
# OpenWrt Build System (PGP key for 19.07 release builds)
|
||||
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/2074BE7A.asc' | gpg --import \
|
||||
&& gpg --fingerprint --with-colons '<pgpsign-19.07@openwrt.org>' | grep '^fpr:::::::::D9C6901F45C9B86858687DFF28A39BC32074BE7A:$' \
|
||||
&& echo 'D9C6901F45C9B86858687DFF28A39BC32074BE7A:6:' | gpg --import-ownertrust
|
||||
|
||||
# OpenWrt Build System (PGP key for 21.02 release builds)
|
||||
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/88CA59E8.asc' | gpg --import \
|
||||
&& gpg --fingerprint --with-colons '<pgpsign-21.02@openwrt.org>' | grep '^fpr:::::::::667205E379BAF348863A5C6688CA59E88F681580:$' \
|
||||
&& echo '667205E379BAF348863A5C6688CA59E88F681580:6:' | gpg --import-ownertrust
|
||||
|
||||
# OpenWrt Build System (GnuPGP key for 22.03 release builds)
|
||||
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=gpg/CD54E82DADB3684D.asc' | gpg --import \
|
||||
&& gpg --fingerprint --with-colons '<pgpsign-22.03@openwrt.org>' | grep '^fpr:::::::::BF856781A01293C8409ABE72CD54E82DADB3684D:$' \
|
||||
&& echo 'BF856781A01293C8409ABE72CD54E82DADB3684D:6:' | gpg --import-ownertrust
|
||||
|
||||
# untrusted comment: Public usign key for unattended snapshot builds
|
||||
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=usign/b5043e70f9a75cde' --create-dirs -o /home/build/usign/b5043e70f9a75cde \
|
||||
&& echo 'd7ac10f9ed1b38033855f3d27c9327d558444fca804c685b17d9dcfb0648228f */home/build/usign/b5043e70f9a75cde' | sha256sum --check
|
||||
|
||||
# untrusted comment: Public usign key for 18.06 release builds
|
||||
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=usign/1035ac73cc4e59e3' --create-dirs -o /home/build/usign/1035ac73cc4e59e3 \
|
||||
&& echo '8dc2e7f5c4e634437e6641f4df77a18bf59f0c8e9016c8ba4be5d4a0111e68c2 */home/build/usign/1035ac73cc4e59e3' | sha256sum --check
|
||||
|
||||
# untrusted comment: Public usign key for 19.07 release builds
|
||||
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=usign/f94b9dd6febac963' --create-dirs -o /home/build/usign/f94b9dd6febac963 \
|
||||
&& echo 'b1d09457cfbc36fccfe18382d65c54a2ade3e7fd3902da490a53aa517b512755 */home/build/usign/f94b9dd6febac963' | sha256sum --check
|
||||
|
||||
# untrusted comment: Public usign key for 21.02 release builds
|
||||
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=usign/2f8b0b98e08306bf' --create-dirs -o /home/build/usign/2f8b0b98e08306bf \
|
||||
&& echo 'd102bdd75421c62490b97f520f9db06aadb44ad408b244755d26e96ea5cd3b7f */home/build/usign/2f8b0b98e08306bf' | sha256sum --check
|
||||
|
||||
# untrusted comment: Public usign key for 22.03 release builds
|
||||
RUN curl 'https://git.openwrt.org/?p=keyring.git;a=blob_plain;f=usign/4d017e6f1ed5d616' --create-dirs -o /home/build/usign/4d017e6f1ed5d616 \
|
||||
&& echo 'f3c5fdf447d7c2743442e68077d60acc7c3e91754849e1f4b6be837b4204b7e2 */home/build/usign/4d017e6f1ed5d616' | sha256sum --check
|
|
@ -1,6 +0,0 @@
|
|||
# Build/update the docker image
|
||||
|
||||
docker pull debian:10
|
||||
docker build --rm -t docker.io/openwrtorg/packages-cci:latest .
|
||||
docker tag <IMAGE ID> docker.io/openwrtorg/packages-cci:<VERSION-TAG>
|
||||
docker push docker.io/openwrtorg/packages-cci
|
|
@ -1,182 +0,0 @@
|
|||
version: 2.0
|
||||
jobs:
|
||||
build:
|
||||
docker:
|
||||
- image: docker.io/openwrtorg/packages-cci:v1.0.7
|
||||
environment:
|
||||
- SDK_HOST: "downloads.openwrt.org"
|
||||
- SDK_PATH: "snapshots/targets/ath79/generic"
|
||||
- SDK_FILE: "openwrt-sdk-ath79-generic_*.Linux-x86_64.tar.xz"
|
||||
- BRANCH: "master"
|
||||
steps:
|
||||
- checkout:
|
||||
path: ~/openwrt_packages
|
||||
|
||||
- run:
|
||||
name: Check changes / verify commits
|
||||
working_directory: ~/openwrt_packages
|
||||
command: |
|
||||
cat >> $BASH_ENV <<EOF
|
||||
echo_red() { printf "\033[1;31m\$*\033[m\n"; }
|
||||
echo_green() { printf "\033[1;32m\$*\033[m\n"; }
|
||||
echo_blue() { printf "\033[1;34m\$*\033[m\n"; }
|
||||
EOF
|
||||
source $BASH_ENV
|
||||
|
||||
RET=0
|
||||
for commit in $(git rev-list HEAD ^origin/$BRANCH); do
|
||||
echo_blue "=== Checking commit '$commit'"
|
||||
if git show --format='%P' -s $commit | grep -qF ' '; then
|
||||
echo_red "Pull request should not include merge commits"
|
||||
RET=1
|
||||
fi
|
||||
|
||||
author="$(git show -s --format=%aN $commit)"
|
||||
if echo $author | grep -q '\S\+\s\+\S\+'; then
|
||||
echo_green "Author name ($author) seems ok"
|
||||
else
|
||||
echo_red "Author name ($author) need to be your real name 'firstname lastname'"
|
||||
RET=1
|
||||
fi
|
||||
|
||||
subject="$(git show -s --format=%s $commit)"
|
||||
if echo "$subject" | grep -q -e '^[0-9A-Za-z,+/_-]\+: ' -e '^Revert '; then
|
||||
echo_green "Commit subject line seems ok ($subject)"
|
||||
else
|
||||
echo_red "Commit subject line MUST start with '<package name>: ' ($subject)"
|
||||
RET=1
|
||||
fi
|
||||
|
||||
body="$(git show -s --format=%b $commit)"
|
||||
sob="$(git show -s --format='Signed-off-by: %aN <%aE>' $commit)"
|
||||
if echo "$body" | grep -qF "$sob"; then
|
||||
echo_green "Signed-off-by match author"
|
||||
else
|
||||
echo_red "Signed-off-by is missing or doesn't match author (should be '$sob')"
|
||||
RET=1
|
||||
fi
|
||||
done
|
||||
|
||||
exit $RET
|
||||
|
||||
- run:
|
||||
name: Download the SDK
|
||||
working_directory: ~/sdk
|
||||
command: |
|
||||
curl "https://$SDK_HOST/$SDK_PATH/sha256sums" -sS -o sha256sums
|
||||
curl "https://$SDK_HOST/$SDK_PATH/sha256sums.asc" -fs -o sha256sums.asc || true
|
||||
curl "https://$SDK_HOST/$SDK_PATH/sha256sums.sig" -fs -o sha256sums.sig || true
|
||||
if [ ! -f sha256sums.asc ] && [ ! -f sha256sums.sig ]; then
|
||||
echo_red "Missing sha256sums signature files"
|
||||
exit 1
|
||||
fi
|
||||
[ ! -f sha256sums.asc ] || gpg --with-fingerprint --verify sha256sums.asc sha256sums
|
||||
if [ -f sha256sums.sig ]; then
|
||||
VERIFIED=
|
||||
for KEY in ~/usign/*; do
|
||||
echo "Trying $KEY..."
|
||||
if signify-openbsd -V -q -p "$KEY" -x sha256sums.sig -m sha256sums; then
|
||||
echo "...verified"
|
||||
VERIFIED=1
|
||||
break
|
||||
fi
|
||||
done
|
||||
if [ -z "$VERIFIED" ]; then
|
||||
echo_red "Could not verify usign signature"
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
rsync -av "$SDK_HOST::downloads/$SDK_PATH/$SDK_FILE" .
|
||||
sha256sum -c --ignore-missing sha256sums
|
||||
|
||||
- run:
|
||||
name: Prepare build_dir
|
||||
working_directory: ~/build_dir
|
||||
command: |
|
||||
tar Jxf ~/sdk/$SDK_FILE --strip=1
|
||||
touch .config
|
||||
make prepare-tmpinfo scripts/config/conf
|
||||
./scripts/config/conf --defconfig=.config Config.in
|
||||
make prereq
|
||||
rm .config
|
||||
cat > feeds.conf <<EOF
|
||||
src-git base https://github.com/openwrt/openwrt.git;$BRANCH
|
||||
src-link packages $HOME/openwrt_packages
|
||||
src-git luci https://github.com/openwrt/luci.git;$BRANCH
|
||||
EOF
|
||||
cat feeds.conf
|
||||
./scripts/feeds update -a > /dev/null
|
||||
make defconfig > /dev/null
|
||||
# enable BUILD_LOG
|
||||
sed -i 's/# CONFIG_BUILD_LOG is not set/CONFIG_BUILD_LOG=y/' .config
|
||||
|
||||
- run:
|
||||
name: Install & download source, check package, compile
|
||||
working_directory: ~/build_dir
|
||||
command: |
|
||||
set +o pipefail
|
||||
PKGS=$(cd ~/openwrt_packages; git diff --diff-filter=d --name-only "origin/$BRANCH..." | grep 'Makefile$' | grep -Ev '/files/|/src/' | awk -F/ '{ print $(NF-1) }')
|
||||
if [ -z "$PKGS" ] ; then
|
||||
echo_blue "WARNING: No new or modified packages found!"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo_blue "=== Found new/modified packages: $PKGS"
|
||||
for PKG in $PKGS ; do
|
||||
echo_blue "===+ Install: $PKG"
|
||||
./scripts/feeds install "$PKG"
|
||||
|
||||
echo_blue "===+ Download: $PKG"
|
||||
make "package/$PKG/download" V=s
|
||||
|
||||
echo_blue "===+ Check package: $PKG"
|
||||
make "package/$PKG/check" V=s 2>&1 | tee logtmp
|
||||
RET=${PIPESTATUS[0]}
|
||||
|
||||
if [ $RET -ne 0 ]; then
|
||||
echo_red "=> Package check failed: $RET)"
|
||||
exit $RET
|
||||
fi
|
||||
|
||||
badhash_msg="HASH does not match "
|
||||
badhash_msg+="|HASH uses deprecated hash,"
|
||||
badhash_msg+="|HASH is missing,"
|
||||
if grep -qE "$badhash_msg" logtmp; then
|
||||
echo_red "=> Package HASH check failed"
|
||||
exit 1
|
||||
fi
|
||||
echo_green "=> Package check OK"
|
||||
done
|
||||
|
||||
make \
|
||||
-f .config \
|
||||
-f tmp/.packagedeps \
|
||||
-f <(echo '$(info $(sort $(package-y) $(package-m)))'; echo -en 'a:\n\t@:') \
|
||||
| tr ' ' '\n' >enabled-package-subdirs.txt
|
||||
for PKG in $PKGS ; do
|
||||
if ! grep -m1 -qE "(^|/)$PKG$" enabled-package-subdirs.txt; then
|
||||
echo_red "===+ Building: $PKG skipped. It cannot be enabled with $SDK_FILE"
|
||||
continue
|
||||
fi
|
||||
echo_blue "===+ Building: $PKG"
|
||||
make "package/$PKG/compile" -j3 V=s || {
|
||||
RET=$?
|
||||
echo_red "===+ Building: $PKG failed, rebuilding with -j1 for human readable error log"
|
||||
make "package/$PKG/compile" -j1 V=s; exit $RET
|
||||
}
|
||||
done
|
||||
|
||||
- store_artifacts:
|
||||
path: ~/build_dir/logs
|
||||
|
||||
- store_artifacts:
|
||||
path: ~/build_dir/bin
|
||||
|
||||
workflows:
|
||||
version: 2
|
||||
buildpr:
|
||||
jobs:
|
||||
- build:
|
||||
filters:
|
||||
branches:
|
||||
ignore: master
|
|
@ -1,8 +1,8 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=syslog-ng
|
||||
PKG_VERSION:=4.6.0
|
||||
PKG_RELEASE:=2
|
||||
PKG_VERSION:=4.7.1
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_MAINTAINER:=Josef Schlehofer <pepe.schlehofer@gmail.com>
|
||||
PKG_LICENSE:=LGPL-2.1-or-later GPL-2.0-or-later
|
||||
|
@ -11,7 +11,7 @@ PKG_CPE_ID:=cpe:/a:balabit:syslog-ng
|
|||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
PKG_SOURCE_URL:=https://github.com/syslog-ng/syslog-ng/releases/download/$(PKG_NAME)-$(PKG_VERSION)/
|
||||
PKG_HASH:=b69e3360dfb96a754a4e1cbead4daef37128b1152a23572356db4ab64a475d4f
|
||||
PKG_HASH:=5477189a2d12325aa4faebfcf59f5bdd9084234732f0c3ec16dd253847dacf1c
|
||||
|
||||
PKG_BUILD_PARALLEL:=1
|
||||
PKG_INSTALL:=1
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
# Collect all local logs into a single file /var/log/messages.
|
||||
# See https://www.syslog-ng.com/technical-documents/list/syslog-ng-open-source-edition
|
||||
|
||||
@version: 4.6
|
||||
@version: 4.7
|
||||
@include "scl.conf"
|
||||
|
||||
options {
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=acme-common
|
||||
PKG_VERSION:=1.1.1
|
||||
PKG_VERSION:=1.1.2
|
||||
|
||||
PKG_MAINTAINER:=Toke Høiland-Jørgensen <toke@toke.dk>
|
||||
PKG_LICENSE:=GPL-3.0-only
|
||||
|
|
|
@ -57,6 +57,7 @@ load_options() {
|
|||
config_get days "$section" days
|
||||
export days
|
||||
config_get standalone "$section" standalone
|
||||
export standalone
|
||||
[ -n "$standalone" ] && log warn "Option \"standalone\" is deprecated."
|
||||
config_get dns_wait "$section" dns_wait
|
||||
export dns_wait
|
||||
|
@ -126,7 +127,7 @@ load_globals() {
|
|||
log warn "Option \"state_dir\" is deprecated, please remove it. Certificates now exist in $CERT_DIR."
|
||||
mkdir -p "$state_dir"
|
||||
else
|
||||
state_dir=/etc/acme
|
||||
state_dir=$CERT_DIR
|
||||
fi
|
||||
export state_dir
|
||||
|
||||
|
|
|
@ -1,28 +1,35 @@
|
|||
# [Jool](https://www.jool.mx)
|
||||
# [Jool](https://nicmx.github.io/Jool/en/index.html)
|
||||
|
||||
## Documentation
|
||||
|
||||
[See here](https://www.jool.mx/en/documentation.html).
|
||||
[See here](https://nicmx.github.io/Jool/en/documentation.html).
|
||||
|
||||
You might also want to see [contact info](https://www.jool.mx/en/contact.html).
|
||||
You might also want to see [contact info](https://nicmx.github.io/Jool/en/contact.html).
|
||||
|
||||
## Usage
|
||||
|
||||
### Start script
|
||||
|
||||
This package includes a start script that will:
|
||||
1. Read the configuration file `/etc/config/jool`
|
||||
2. Determine what services are active
|
||||
3. Run jool with procd
|
||||
|
||||
For now this means that:
|
||||
* The services will be disabled by default in the uci config `(/etc/config/jool)`
|
||||
* The only uci configuration support available for the package is to enable or disable each instance or the entire deamon
|
||||
* There is no uci support and configuration will be saved at `/etc/jool/*
|
||||
* Only one instance of jool(nat64) can run with the boot script
|
||||
* Only one instance of jool(siit) can run with the boot script
|
||||
* For now there is no way of overriding of the configuration file's paths
|
||||
1. Read the configuration file `/etc/config/jool`
|
||||
2. Determine what services are active
|
||||
3. Run `jool` with procd
|
||||
|
||||
The configuration files the startup script useses for each jool instance are:
|
||||
* jool(nat64): `/etc/jool/jool-nat64.conf.json`
|
||||
* jool(siit): `/etc/jool/jool-siit.conf.json`
|
||||
### For now this means that
|
||||
|
||||
- The services will be disabled by default in the uci config `(/etc/config/jool)`
|
||||
- The only uci configuration support available for the package is to enable or disable each instance or the entire deamon
|
||||
- There is no uci support and configuration will be saved at `/etc/jool/`
|
||||
- Only one instance of jool(nat64) can run with the boot script
|
||||
- Only one instance of jool(siit) can run with the boot script
|
||||
- For now there is no way of overriding of the configuration file's paths
|
||||
|
||||
The configuration files the startup script uses for each jool instance are:
|
||||
|
||||
- jool(nat64): `/etc/jool/jool-nat64.conf.json`
|
||||
- jool(siit): `/etc/jool/jool-siit.conf.json`
|
||||
|
||||
### OpenWrt tutorial
|
||||
|
||||
For a more detailed tutorial refer to this [wiki page](https://openwrt.org/docs/guide-user/network/ipv6/nat64).
|
||||
|
|
Loading…
Reference in New Issue