include $(TOPDIR)/rules.mk
PKG_NAME:=php
-PKG_VERSION:=7.2.7
-PKG_RELEASE:=2
+PKG_VERSION:=7.2.8
+PKG_RELEASE:=1
PKG_MAINTAINER:=Michael Heimpold <mhei@heimpold.de>
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://www.php.net/distributions/
-PKG_HASH:=eb01c0153b3baf1f64b8b044013ce414b52fede222df3f509e8ff209478f31f0
+PKG_HASH:=53ba0708be8a7db44256e3ae9fcecc91b811e5b5119e6080c951ffe7910ffb0f
PKG_FIXUP:=libtool autoreconf
PKG_BUILD_PARALLEL:=1
#
-# Copyright (C) 2016 Yousong Zhou <yszhou4tech@gmail.com>
+# Copyright (C) 2016-2018 Yousong Zhou <yszhou4tech@gmail.com>
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
PKG_NAME:=dtc
-PKG_VERSION:=1.4.6
-PKG_RELEASE:=2
+PKG_VERSION:=1.4.7
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_HASH:=382302bfcc3c40734be80ac620983971d911ec4cde798f551873f3eb008c7b7e
+PKG_HASH:=6643e8f00ff86350f465bb54b2185058b5b1b7bac01a0842c81a52b86589cde7
PKG_SOURCE_URL:=@KERNEL/software/utils/dtc
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=GPL
SECTION:=utils
CATEGORY:=Utilities
TITLE:=Device Tree Compiler
- URL:=http://devicetree.org/Device_Tree_Compiler
+ URL:=https://git.kernel.org/pub/scm/utils/dtc/dtc.git
endef
define Package/dtc/description
SECTION:=utils
CATEGORY:=Utilities
TITLE:=Flat Device Tree Utilities
- URL:=http://devicetree.org/Device_Tree_Compiler
+ URL:=https://git.kernel.org/pub/scm/utils/dtc/dtc.git
endef
define Package/fdt-utils/install
SECTION:=libs
CATEGORY:=Libraries
TITLE:=a utility library for reading and manipulating dtb files
- URL:=http://devicetree.org/Device_Tree_Compiler
+ URL:=https://git.kernel.org/pub/scm/utils/dtc/dtc.git
endef
define Package/libfdt/description
+++ /dev/null
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=eventlog
-PKG_VERSION:=0.2.12
-PKG_RELEASE:=2
-
-PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
-
-PKG_SOURCE_URL:=https://my.balabit.com/downloads/eventlog/0.2/
-PKG_SOURCE:=$(PKG_NAME)_$(PKG_VERSION).tar.gz
-PKG_HASH:=494dac8e01dc5ce323df2ad554d94874938dab51aa025987677b2bc6906a9c66
-
-PKG_FIXUP:=autoreconf
-PKG_INSTALL:=1
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/libeventlog
- SECTION:=libs
- CATEGORY:=Libraries
- TITLE:=A new API to format and send structured log messages.
-endef
-
-define Package/eventlog/description
- A new API to format and send structured log messages. It supports multiple message
- representations (plain, XML attributes and XML tags) and multiple output methods
- (local syslogd).
-endef
-
-define Build/InstallDev
- $(INSTALL_DIR) $(1)/usr/include
- $(CP) $(PKG_INSTALL_DIR)/usr/include/eventlog $(1)/usr/include/
- $(INSTALL_DIR) $(1)/usr/lib
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/libevtlog.{a,so*} $(1)/usr/lib/
- $(INSTALL_DIR) $(1)/usr/lib/pkgconfig
- $(CP) $(PKG_INSTALL_DIR)/usr/lib/pkgconfig/eventlog.pc $(1)/usr/lib/pkgconfig/
-endef
-
-define Package/libeventlog/install
- $(INSTALL_DIR) $(1)/usr/lib
- $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/libevtlog.so* $(1)/usr/lib/
-endef
-
-$(eval $(call BuildPackage,libeventlog))
PKG_NAME:=hiredis
PKG_VERSION:=0.13.3
-PKG_RELEASE:=1
+PKG_RELEASE:=2
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://github.com/redis/hiredis.git
-PKG_SOURCE_VERSION:=010756025e8cefd1bc66c6d4ed3b1648ef6f1f95
-PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_MIRROR_HASH:=ac774e318215cbfad4b8e493a84b4fe9a03f9882828ea01eac5357f28b5e9cd4
+PKG_SOURCE_URL:=https://codeload.github.com/redis/hiredis/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=717e6fc8dc2819bef522deaca516de9e51b9dfa68fe393b7db5c3b6079196f78
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=COPYING
include $(TOPDIR)/rules.mk
PKG_NAME:=libmpdclient
-PKG_VERSION:=2.11
+PKG_VERSION:=2.14
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_HASH:=15fe693893c0d7ea3f4c35c4016fbd0332836164178b20983eec9b470846baf6
-PKG_SOURCE_URL:=http://www.musicpd.org/download/libmpdclient/2/
-PGK_HASH:=15fe693893c0d7ea3f4c35c4016fbd0332836164178b20983eec9b470846baf6
+PKG_HASH:=0a84e2791bfe3077cf22ee1784c805d5bb550803dffe56a39aa3690a38061372
+PKG_SOURCE_URL:=https://www.musicpd.org/download/libmpdclient/2/
PKG_MAINTAINER:=Ted Hess <thess@kitschensync.net>
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=COPYING
+PKG_FIXUP:=autoreconf
PKG_INSTALL:=1
include $(INCLUDE_DIR)/package.mk
A stable, documented, asynchronous API library for interfacing MPD in the C, C++ & Objective C languages.
endef
-TARGET_CFLAGS+="-std=gnu99"
+CONFIGURE_ARGS+= --disable-documentation
-define Build/Configure
- $(call Build/Configure/Default, \
- --disable-documentation \
- )
+# Newer sources require meson/ninja to build so...
+# Use our hacked-up version of the libmpdclient v2.11 autotools.
+define Build/Prepare
+ $(call Build/Prepare/Default)
+ $(CP) ./autotools-files/* $(PKG_BUILD_DIR)/
endef
define Build/InstallDev
--- /dev/null
+ACLOCAL_AMFLAGS = -I m4
+AUTOMAKE_OPTIONS = foreign 1.11 dist-xz subdir-objects
+
+mpdincludedir = $(includedir)/mpd
+mpdinclude_HEADERS = \
+ include/mpd/async.h \
+ include/mpd/audio_format.h \
+ include/mpd/client.h \
+ include/mpd/capabilities.h \
+ include/mpd/compiler.h \
+ include/mpd/connection.h \
+ include/mpd/database.h \
+ include/mpd/directory.h \
+ include/mpd/entity.h \
+ include/mpd/error.h \
+ include/mpd/idle.h \
+ include/mpd/list.h \
+ include/mpd/mixer.h \
+ include/mpd/parser.h \
+ include/mpd/password.h \
+ include/mpd/player.h \
+ include/mpd/playlist.h \
+ include/mpd/protocol.h \
+ include/mpd/queue.h \
+ include/mpd/recv.h \
+ include/mpd/response.h \
+ include/mpd/send.h \
+ include/mpd/status.h \
+ include/mpd/stats.h \
+ include/mpd/tag.h \
+ include/mpd/output.h \
+ include/mpd/pair.h \
+ include/mpd/search.h \
+ include/mpd/socket.h \
+ include/mpd/song.h \
+ include/mpd/sticker.h \
+ include/mpd/settings.h \
+ include/mpd/message.h \
+ include/mpd/version.h
+
+AM_CPPFLAGS += -I$(srcdir)/include -Iinclude
+
+lib_LTLIBRARIES = src/libmpdclient.la
+
+src_libmpdclient_la_SOURCES = \
+ src/async.c src/iasync.h \
+ src/buffer.h \
+ src/internal.h \
+ src/ierror.c src/ierror.h \
+ src/resolver.c src/resolver.h \
+ src/capabilities.c \
+ src/connection.c \
+ src/database.c \
+ src/directory.c \
+ src/rdirectory.c \
+ src/error.c \
+ src/fd_util.c src/fd_util.h \
+ src/output.c \
+ src/coutput.c \
+ src/entity.c \
+ src/idle.c \
+ src/iso8601.h \
+ src/iso8601.c \
+ src/kvlist.c \
+ src/list.c \
+ src/mixer.c \
+ src/parser.c \
+ src/password.c \
+ src/player.c \
+ src/playlist.c \
+ src/rplaylist.c \
+ src/cplaylist.c \
+ src/queue.c \
+ src/quote.c src/quote.h \
+ src/recv.c \
+ src/response.c \
+ src/run.c src/run.h \
+ src/search.c \
+ src/send.c src/isend.h \
+ src/socket.c src/socket.h \
+ src/song.c \
+ src/status.c \
+ src/cstatus.c \
+ src/stats.c \
+ src/cstats.c \
+ src/sync.c src/sync.h \
+ src/tag.c \
+ src/sticker.c \
+ src/settings.c \
+ src/message.c \
+ src/cmessage.c \
+ src/uri.h
+
+src_libmpdclient_la_LDFLAGS = -version-info @LIBMPDCLIENT_LIBTOOL_VERSION@ \
+ -no-undefined
+
+if HAVE_GNU_LD
+src_libmpdclient_la_LDFLAGS += -Wl,--version-script=$(srcdir)/libmpdclient.ld
+endif
+
+#
+# Installation
+#
+
+pkgconfigdir = $(libdir)/pkgconfig
+pkgconfig_DATA = libmpdclient.pc
+
+#
+# Distribution
+#
+
+EXTRA_DIST = \
+ libmpdclient.ld \
+ libmpdclient.pc.in
--- /dev/null
+/* config.h.in. Generated from configure.ac by autoheader. */
+
+/* Default MPD host */
+#undef DEFAULT_HOST
+
+/* Default MPD port */
+#undef DEFAULT_PORT
+
+/* Default UNIX socket path */
+#undef DEFAULT_SOCKET
+
+/* Define to enable TCP support */
+#undef ENABLE_TCP
+
+/* Define to 1 if you have the <dlfcn.h> header file. */
+#undef HAVE_DLFCN_H
+
+/* Define to 1 if you have the `getaddrinfo' function. */
+#undef HAVE_GETADDRINFO
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#undef HAVE_INTTYPES_H
+
+/* Define to 1 if you have the <memory.h> header file. */
+#undef HAVE_MEMORY_H
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#undef HAVE_STDLIB_H
+
+/* Define to 1 if you have the <strings.h> header file. */
+#undef HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#undef HAVE_STRING_H
+
+/* Define to 1 if you have the `strndup' function. */
+#undef HAVE_STRNDUP
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#undef HAVE_UNISTD_H
+
+/* Define to the sub-directory where libtool stores uninstalled libraries. */
+#undef LT_OBJDIR
+
+/* Name of package */
+#undef PACKAGE
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the home page for this package. */
+#undef PACKAGE_URL
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* Define to 1 if you have the ANSI C header files. */
+#undef STDC_HEADERS
+
+/* Version number of package */
+#undef VERSION
--- /dev/null
+AC_PREREQ(2.60)
+AC_INIT(libmpdclient, 2.14, musicpd-dev-team@lists.sourceforge.net)
+AC_CONFIG_SRCDIR([src/connection.c])
+AC_CONFIG_AUX_DIR(build)
+AM_INIT_AUTOMAKE([foreign 1.11 dist-xz subdir-objects silent-rules])
+AC_CONFIG_HEADERS([config.h])
+AC_CONFIG_MACRO_DIR([m4])
+
+AC_SUBST(MAJOR_VERSION,2)
+AC_SUBST(MINOR_VERSION,14)
+AC_SUBST(PATCH_VERSION,0)
+
+LIBMPDCLIENT_LIBTOOL_VERSION=2:14:0
+AC_SUBST(LIBMPDCLIENT_LIBTOOL_VERSION)
+
+# Remove the check for c++ and fortran compiler
+m4_defun([_LT_AC_LANG_CXX_CONFIG], [:])
+m4_defun([_LT_AC_LANG_F77_CONFIG], [:])
+
+dnl Check for programs
+AC_PROG_CC_C99
+AC_PROG_INSTALL
+
+AC_PROG_LD
+AM_CONDITIONAL(HAVE_GNU_LD, test x$with_gnu_ld = xyes)
+
+AC_LIBTOOL_WIN32_DLL
+AC_PROG_LIBTOOL
+
+
+dnl
+dnl initialize variables
+dnl
+
+set -- $CFLAGS
+
+
+dnl
+dnl OS specific defaults
+dnl
+
+AC_CANONICAL_HOST
+
+case "$host_os" in
+mingw32* | windows*)
+ LIBS="$LIBS -lws2_32"
+ ;;
+esac
+
+
+dnl
+dnl Check for libraries
+dnl
+
+AC_SEARCH_LIBS([socket], [network socket])
+
+
+dnl
+dnl build options
+dnl
+
+AC_ARG_ENABLE(documentation,
+ AS_HELP_STRING([--disable-documentation],
+ [Disable API doc generation @<:@default=enabled@:>@]),,
+ [enable_documentation=yes])
+
+if test "x$enable_documentation" = xyes; then
+ AC_PATH_PROG(DOXYGEN, doxygen)
+ if test x$DOXYGEN = x; then
+ AC_MSG_ERROR([doxygen not found])
+ fi
+
+ AC_SUBST(DOXYGEN)
+fi
+AM_CONDITIONAL(DOXYGEN, test x$enable_documentation = xyes)
+
+AC_ARG_ENABLE(tcp,
+ AS_HELP_STRING([--disable-tcp],
+ [Disable TCP support @<:@default=enabled@:>@]),,
+ [enable_tcp=yes])
+if test "x$enable_tcp" = xyes; then
+ AC_DEFINE([ENABLE_TCP], 1, [Define to enable TCP support])
+ AC_SEARCH_LIBS([gethostbyname], [nsl])
+ AC_CHECK_FUNCS([getaddrinfo])
+ AC_CHECK_FUNCS([strndup])
+fi
+
+AC_ARG_ENABLE(werror,
+ AS_HELP_STRING([--enable-werror],
+ [Treat warnings as errors @<:@default=disabled@:>@]),
+ enable_werror=no)
+
+if test "x$enable_werror" = xyes; then
+ AM_CFLAGS="$AM_CFLAGS -Werror -pedantic-errors"
+fi
+
+AC_ARG_ENABLE(debug,
+ AS_HELP_STRING([--enable-debug],
+ [Enable debugging @<:@default=disabled@:>@]),
+ enable_debug=no)
+
+if test "x$enable_debug" = xno; then
+ AM_CFLAGS="$AM_CFLAGS -DNDEBUG"
+fi
+
+
+dnl
+dnl CFLAGS
+dnl
+
+AC_SUBST(AM_CFLAGS)
+AC_SUBST(AM_CPPFLAGS)
+
+WANTED_CFLAGS="-Wall -W -Wextra -Wno-deprecated-declarations -Wmissing-prototypes -Wshadow -Wpointer-arith -Wstrict-prototypes -Wcast-qual -Wwrite-strings"
+for flag in $WANTED_CFLAGS ; do
+ AX_CHECK_COMPILER_FLAGS([$flag], [CFLAGS="$CFLAGS $flag"],)
+done
+
+dnl
+dnl Compile-time options
+dnl
+
+AC_ARG_WITH([default-socket],
+ AC_HELP_STRING([--with-default-socket=PATH],
+ [default path of the socket file @<:@/var/run/mpd/socket@:>@]),,
+ [with_default_socket=auto])
+
+if test x$with_default_socket = xauto; then
+ case "$host_os" in
+ mingw32* | windows*)
+ # no UNIX domain sockets on WIN32
+ with_default_socket=no
+ ;;
+ *)
+ with_default_socket=/var/run/mpd/socket
+ ;;
+ esac
+fi
+
+if test x$with_default_socket != xno; then
+ AC_DEFINE_UNQUOTED([DEFAULT_SOCKET], ["$with_default_socket"],
+ [Default UNIX socket path])
+fi
+
+AC_ARG_WITH([default-host],
+ AC_HELP_STRING([--with-default-host=ARG],
+ [default MPD host @<:@localhost@:>@]),,
+ [with_default_host=localhost])
+AC_DEFINE_UNQUOTED([DEFAULT_HOST], ["$with_default_host"], [Default MPD host])
+
+AC_ARG_WITH([default-port],
+ AC_HELP_STRING([--with-default-port=ARG],
+ [default MPD port @<:@6600@:>@]),,
+ [with_default_port=6600])
+AC_DEFINE_UNQUOTED([DEFAULT_PORT], [$with_default_port], [Default MPD port])
+
+
+dnl
+dnl Done
+dnl
+
+AC_OUTPUT([Makefile include/mpd/version.h libmpdclient.pc doc/doxygen.conf])
--- /dev/null
+prefix=@prefix@
+exec_prefix=@exec_prefix@
+libdir=@libdir@
+includedir=@includedir@
+
+Name: libmpdclient
+Description: Music Player Daemon client library
+Version: @VERSION@
+Libs: -L${libdir} -lmpdclient
+Cflags: -I${includedir}
--- /dev/null
+# ===========================================================================
+# http://www.nongnu.org/autoconf-archive/ax_check_compiler_flags.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+# AX_CHECK_COMPILER_FLAGS(FLAGS, [ACTION-SUCCESS], [ACTION-FAILURE])
+#
+# DESCRIPTION
+#
+# Check whether the given compiler FLAGS work with the current language's
+# compiler, or whether they give an error. (Warnings, however, are
+# ignored.)
+#
+# ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on
+# success/failure.
+#
+# LICENSE
+#
+# Copyright (c) 2009 Steven G. Johnson <stevenj@alum.mit.edu>
+# Copyright (c) 2009 Matteo Frigo
+#
+# This program is free software: you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation, either version 3 of the License, or (at your
+# option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+# Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# As a special exception, the respective Autoconf Macro's copyright owner
+# gives unlimited permission to copy, distribute and modify the configure
+# scripts that are the output of Autoconf when processing the Macro. You
+# need not follow the terms of the GNU General Public License when using
+# or distributing such scripts, even though portions of the text of the
+# Macro appear in them. The GNU General Public License (GPL) does govern
+# all other use of the material that constitutes the Autoconf Macro.
+#
+# This special exception to the GPL applies to versions of the Autoconf
+# Macro released by the Autoconf Archive. When you make and distribute a
+# modified version of the Autoconf Macro, you may extend this special
+# exception to the GPL to apply to your modified version as well.
+
+AC_DEFUN([AX_CHECK_COMPILER_FLAGS],
+[AC_PREREQ(2.59) dnl for _AC_LANG_PREFIX
+AC_MSG_CHECKING([whether _AC_LANG compiler accepts $1])
+dnl Some hackery here since AC_CACHE_VAL can't handle a non-literal varname:
+AS_LITERAL_IF([$1],
+ [AC_CACHE_VAL(AS_TR_SH(ax_cv_[]_AC_LANG_ABBREV[]_flags_[$1]), [
+ ax_save_FLAGS=$[]_AC_LANG_PREFIX[]FLAGS
+ _AC_LANG_PREFIX[]FLAGS="$1"
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM()],
+ AS_TR_SH(ax_cv_[]_AC_LANG_ABBREV[]_flags_[$1])=yes,
+ AS_TR_SH(ax_cv_[]_AC_LANG_ABBREV[]_flags_[$1])=no)
+ _AC_LANG_PREFIX[]FLAGS=$ax_save_FLAGS])],
+ [ax_save_FLAGS=$[]_AC_LANG_PREFIX[]FLAGS
+ _AC_LANG_PREFIX[]FLAGS="$1"
+ AC_COMPILE_IFELSE([AC_LANG_PROGRAM()],
+ eval AS_TR_SH(ax_cv_[]_AC_LANG_ABBREV[]_flags_[$1])=yes,
+ eval AS_TR_SH(ax_cv_[]_AC_LANG_ABBREV[]_flags_[$1])=no)
+ _AC_LANG_PREFIX[]FLAGS=$ax_save_FLAGS])
+eval ax_check_compiler_flags=$AS_TR_SH(ax_cv_[]_AC_LANG_ABBREV[]_flags_[$1])
+AC_MSG_RESULT($ax_check_compiler_flags)
+if test "x$ax_check_compiler_flags" = xyes; then
+ m4_default([$2], :)
+else
+ m4_default([$3], :)
+fi
+])dnl AX_CHECK_COMPILER_FLAGS
CATEGORY:=Libraries
TITLE:=C library to handle the Public Suffix List
URL:=https://github.com/rockdaboot/libpsl
+ DEPENDS:=+libidn2 +libunistring
endef
define Package/libpsl/description
C library to handle the Public Suffix List
endef
+CONFIGURE_ARGS += --disable-rpath
+
define Build/InstallDev
$(INSTALL_DIR) \
$(1)/usr/lib \
include $(TOPDIR)/rules.mk
PKG_NAME:=libtorrent
-PKG_VERSION:=0.13.6-git-1
-PKG_RELEASE=$(PKG_SOURCE_VERSION).1
+PKG_VERSION:=0.13.7
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://github.com/rakshasa/libtorrent.git
-PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=14e793b75dac95c51ad64ff9cd2dc6772b68c625
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
-PKG_MIRROR_HASH:=0971c21d0e6b7028bc319e97c82bdb213c17dfc503fc0f89b809e5ed7ce98142
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/rakshasa/libtorrent/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=86b4b1753385aaddf9e59ad94f1292eee5102139eb57520e84d1af2f04693708
PKG_FIXUP:=autoreconf
PKG_BUILD_PARALLEL:=1
SECTION:=libs
CATEGORY:=Libraries
TITLE:=Rakshasa's BitTorrent library
- URL:=http://libtorrent.rakshasa.no/
+ URL:=https://rakshasa.github.io/rtorrent/
DEPENDS:=+libopenssl +libsigcxx +zlib
- MAINTAINER:=Peter Wagner <tripolar@gmx.at>
+ MAINTAINER:=Rosen Penev <rosenp@gmail.com>
endef
define Package/libtorrent/description
---- a/configure.ac
-+++ b/configure.ac
-@@ -19,7 +19,6 @@ AC_SUBST(LIBTORRENT_INTERFACE_VERSION_NO
-
- AM_INIT_AUTOMAKE
- AC_CONFIG_HEADERS(config.h)
--AM_PATH_CPPUNIT(1.9.6)
-
- AC_PROG_CXX
-
--- a/scripts/checks.m4
+++ b/scripts/checks.m4
@@ -96,7 +96,7 @@ AC_DEFUN([TORRENT_CHECK_KQUEUE], [
index 65e34872..27e33570 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -69,12 +69,15 @@ AC_ARG_ENABLE(openssl,
+@@ -71,12 +71,15 @@ AC_ARG_ENABLE(openssl,
[ --disable-openssl Don't use OpenSSL's SHA1 implementation.],
[
if test "$enableval" = "yes"; then
else
AC_DEFINE(USE_NSS_SHA, 1, Using Mozilla's SHA1 implementation.)
fi
-@@ -85,6 +88,7 @@ AC_ARG_ENABLE(openssl,
+@@ -87,6 +90,7 @@ AC_ARG_ENABLE(openssl,
AC_DEFINE(USE_OPENSSL, 1, Using OpenSSL.)
AC_DEFINE(USE_OPENSSL_SHA, 1, Using OpenSSL's SHA1 implementation.)
PKG_NAME:=xmlrpc-c
PKG_VERSION:=1.39.13
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tgz
PKG_SOURCE_URL:=@SF/xmlrpc-c/Xmlrpc-c%20Super%20Stable/$(PKG_VERSION)
--disable-wininet-client \
--disable-libwww-client \
--disable-abyss-server \
+ --disable-cgi-server \
--disable-cplusplus \
--disable-abyss-threads \
- --disable-cgi-server
+ --without-libwww-ssl
ifeq ($(BUILD_VARIANT),libxml2)
CONFIGURE_ARGS += \
PKG_VERSION_PLUGIN:=0.5.2
PKG_VERSION_DOVECOT:=$(shell make --no-print-directory -C ../dovecot/ val.PKG_VERSION V=s)
PKG_VERSION:=$(PKG_VERSION_DOVECOT)-$(PKG_VERSION_PLUGIN)
-PKG_RELEASE:=2
+PKG_RELEASE:=3
DOVECOT_VERSION:=2.3
PKG_INSTALL:=1
include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/nls.mk
define Package/dovecot-pigeonhole
SECTION:=mail
include $(TOPDIR)/rules.mk
PKG_NAME:=acme
-PKG_VERSION:=2.7.8
-PKG_RELEASE:=4
+PKG_VERSION:=2.7.9
+PKG_RELEASE:=1
PKG_LICENSE:=GPLv3
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://github.com/Neilpang/acme.sh
-PKG_SOURCE_VERSION:=521d8c4b1f374c52ab1452d399a4d4910465e9fe
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_RELEASE).tar.xz
-PKG_MIRROR_HASH:=03e24eb41513b4d28dc42f5ae5c91be0030094149cbdbf9cdf9b6f87db9e36c0
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/Neilpang/acme.sh/tar.gz/$(PKG_VERSION)?
+PKG_HASH:=25f8eef1a53584e3ebc653e1ae7763362ca97c40bb476ab7fee01aa50fa3a101
+PKG_BUILD_DIR:=$(BUILD_DIR)/acme.sh-$(PKG_VERSION)
PKG_MAINTAINER:=Toke Høiland-Jørgensen <toke@toke.dk>
LUCI_DIR:=/usr/lib/lua/luci
include $(TOPDIR)/rules.mk
PKG_NAME:=adblock
-PKG_VERSION:=3.5.3
-PKG_RELEASE:=1
+PKG_VERSION:=3.5.4
+PKG_RELEASE:=2
PKG_LICENSE:=GPL-3.0+
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
return 0
fi
fi
+ local nice="$(uci_get adblock extra adb_nice)"
procd_open_instance "adblock"
procd_set_param command "${adb_script}" "${@}"
procd_set_param pidfile "${adb_pidfile}"
+ procd_set_param nice ${nice:-0}
procd_set_param stdout 1
procd_set_param stderr 1
procd_close_instance
#
LC_ALL=C
PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-adb_ver="3.5.3"
+adb_ver="3.5.4-2"
adb_sysver="unknown"
adb_enabled=0
adb_debug=0
f_log "info" "start adblock processing (${adb_action})"
}
-# create temporay files and directories
+# create temporary files and directories
#
f_temp()
{
fi
}
-# remove temporay files and directories
+# remove temporary files and directories
#
f_rmtemp()
{
#
f_extconf()
{
- local uci_config
+ local uci_config port port_list="53 853 5353"
case "${adb_dns}" in
dnsmasq)
uci_config="firewall"
if [ ${adb_enabled} -eq 1 ] && [ ${adb_forcedns} -eq 1 ] && \
- [ -z "$(uci -q get firewall.adblock_dns)" ] && [ $(/etc/init.d/firewall enabled; printf '%u' ${?}) -eq 0 ]
+ [ -z "$(uci -q get firewall.adblock_dns_53)" ] && [ $(/etc/init.d/firewall enabled; printf '%u' ${?}) -eq 0 ]
then
- uci -q batch <<-EOF
- set firewall.adblock_dns="redirect"
- set firewall.adblock_dns.name="Adblock DNS"
- set firewall.adblock_dns.src="lan"
- set firewall.adblock_dns.proto="tcp udp"
- set firewall.adblock_dns.src_dport="53"
- set firewall.adblock_dns.dest_port="53"
- set firewall.adblock_dns.target="DNAT"
- EOF
- elif [ -n "$(uci -q get firewall.adblock_dns)" ] && ([ ${adb_enabled} -eq 0 ] || [ ${adb_forcedns} -eq 0 ])
+ for port in ${port_list}
+ do
+ uci_add firewall "redirect" "adblock_dns_${port}"
+ uci_set firewall "adblock_dns_${port}" "name" "Adblock DNS, port ${port}"
+ uci_set firewall "adblock_dns_${port}" "src" "lan"
+ uci_set firewall "adblock_dns_${port}" "proto" "tcp udp"
+ uci_set firewall "adblock_dns_${port}" "src_dport" "${port}"
+ uci_set firewall "adblock_dns_${port}" "dest_port" "${port}"
+ uci_set firewall "adblock_dns_${port}" "target" "DNAT"
+ done
+ elif [ -n "$(uci -q get firewall.adblock_dns_53)" ] && ([ ${adb_enabled} -eq 0 ] || [ ${adb_forcedns} -eq 0 ])
then
- uci -q delete firewall.adblock_dns
+ for port in ${port_list}
+ do
+ uci_remove firewall "adblock_dns_${port}"
+ done
fi
f_uci "${uci_config}"
}
--- /dev/null
+#
+# Copyright (C) 2018 TDT AG <development@tdt.de>
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See https://www.gnu.org/licenses/gpl-2.0.txt for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=proto-bonding
+PKG_VERSION:=2018-06-11
+PKG_RELEASE:=1
+
+PKG_LICENSE:=GPL-2.0
+PKG_LICENSE_FILES:=
+
+PKG_MAINTAINER:=Helge Mader <ma@dev.tdt.de>
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/proto-bonding
+ SECTION:=net
+ CATEGORY:=Network
+ TITLE:=Link Aggregation (Channel Bonding) proto handler
+ DEPENDS:=+kmod-bonding
+endef
+
+define Package/proto-bonding/description
+ This package contains the channel bonding proto handler for netifd
+endef
+
+define Build/Compile
+endef
+
+define Package/proto-bonding/install
+ $(INSTALL_DIR) $(1)/lib/netifd/proto/
+ $(INSTALL_BIN) ./files/lib/netifd/proto/bonding.sh \
+ $(1)/lib/netifd/proto/
+endef
+
+$(eval $(call BuildPackage,proto-bonding))
--- /dev/null
+#!/bin/sh
+#
+# Copyright (C) 2018 TDT AG <development@tdt.de>
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See https://www.gnu.org/licenses/gpl-2.0.txt for more information.
+#
+
+. /lib/functions.sh
+. ../netifd-proto.sh
+
+init_proto "$@"
+
+INCLUDE_ONLY=1
+
+BONDING_MASTERS="/sys/class/net/bonding_masters"
+
+set_driver_values() {
+ local varname
+
+ for varname in "$@"; do
+ local value
+ json_get_var value "$varname"
+
+ [ -n "$value" ] && echo "$value" > /sys/class/net/"$link"/bonding/"$varname"
+ done
+}
+
+proto_bonding_init_config() {
+ no_device=1
+ available=1
+
+ proto_config_add_string "ifname"
+
+ proto_config_add_string "ipaddr"
+ proto_config_add_string "netmask"
+
+ proto_config_add_string "bonding_policy"
+ proto_config_add_string "link_monitoring"
+ proto_config_add_string "slaves"
+ proto_config_add_string "all_slaves_active"
+
+ proto_config_add_string "min_links"
+ proto_config_add_string "ad_actor_sys_prio"
+ proto_config_add_string "ad_actor_system"
+ proto_config_add_string "ad_select"
+ proto_config_add_string "lacp_rate"
+ proto_config_add_string "packets_per_slave"
+ proto_config_add_string "xmit_hash_policy"
+ proto_config_add_string "primary"
+ proto_config_add_string "primary_reselect"
+ proto_config_add_string "lp_interval"
+ proto_config_add_string "tlb_dynamic_lb"
+ proto_config_add_string "resend_igmp"
+ proto_config_add_string "fail_over_mac"
+ proto_config_add_string "num_grat_arp__num_unsol_na"
+
+ proto_config_add_string "arp_interval"
+ proto_config_add_string "arp_ip_target"
+ proto_config_add_string "arp_all_targets"
+ proto_config_add_string "arp_validate"
+
+ proto_config_add_string "miimon"
+ proto_config_add_string "downdelay"
+ proto_config_add_string "updelay"
+ proto_config_add_string "use_carrier"
+}
+
+proto_bonding_setup() {
+ local cfg="$1"
+ local link="bonding-$cfg"
+
+ # Check for loaded kernel bonding driver (/sys/class/net/bonding_masters exists)
+ [ -f "$BONDING_MASTERS" ] || {
+ echo "$cfg" "setup: bonding_masters does not exist in sysfs (kernel module not loaded?)"
+ proto_notify_error "$cfg" "setup: bonding_masters does not exist in sysfs (kernel module not loaded?)"
+ proto_block_restart "$cfg"
+ return
+ }
+
+ # Add bonding interface to system
+ echo "+$link" > "$BONDING_MASTERS"
+
+ # Set bonding policy (with corresponding parameters)
+ local bonding_policy
+ json_get_vars bonding_policy
+
+ case "$bonding_policy" in
+
+ 802.3ad)
+ echo "$bonding_policy" > /sys/class/net/"$link"/bonding/mode
+ set_driver_values min_links ad_actor_sys_prio ad_actor_system ad_select lacp_rate
+ ;;
+
+ balance-rr)
+ echo "$bonding_policy" > /sys/class/net/"$link"/bonding/mode
+ set_driver_values packets_per_slave xmit_hash_policy
+ ;;
+
+ balance-tlb)
+ echo "$bonding_policy" > /sys/class/net/"$link"/bonding/mode
+ set_driver_values primary primary_reselect lp_interval tlb_dynamic_lb resend_igmp xmit_hash_policy
+ ;;
+
+ balance-alb)
+ echo "$bonding_policy" > /sys/class/net/"$link"/bonding/mode
+ set_driver_values primary primary_reselect lp_interval tlb_dynamic_lb resend_igmp xmit_hash_policy
+ ;;
+
+ active-backup)
+ echo "$bonding_policy" > /sys/class/net/"$link"/bonding/mode
+ set_driver_values primary primary_reselect fail_over_mac num_grat_arp__num_unsol_na xmit_hash_policy
+ ;;
+ esac
+
+ # Set link monitoring (with corresponding parameters)
+ local link_monitoring
+ json_get_vars link_monitoring
+
+ case "$link_monitoring" in
+
+ arp)
+ local arp_interval arp_ip_target arp_all_targets arp_validate
+ json_get_vars arp_interval arp_ip_target arp_all_targets arp_validate
+
+ [ -n "$arp_interval" -a "$arp_interval" != 0 ] && echo "$arp_interval" > /sys/class/net/"$link"/bonding/arp_interval
+
+ IFS=' '
+ for target in $arp_ip_target; do
+ echo "+$target" > /sys/class/net/"$link"/bonding/arp_ip_target
+ done
+
+ [ -n "$arp_all_targets" ] && echo "$arp_all_targets" > /sys/class/net/"$link"/bonding/arp_all_targets
+ [ -n "$arp_validate" ] && echo "$arp_validate" > /sys/class/net/"$link"/bonding/arp_validate
+ ;;
+
+ mii)
+ local miimon downdelay updelay use_carrier
+ json_get_vars miimon downdelay updelay use_carrier
+
+ [ -n "$miimon" -a "$miimon" != 0 ] && echo "$miimon" > /sys/class/net/"$link"/bonding/miimon
+ [ -n "$downdelay" ] && echo "$downdelay" > /sys/class/net/"$link"/bonding/downdelay
+ [ -n "$updelay" ] && echo "$updelay" > /sys/class/net/"$link"/bonding/updelay
+ [ -n "$use_carrier" ] && echo "$use_carrier" > /sys/class/net/"$link"/bonding/use_carrier
+ ;;
+ esac
+
+ # Add slaves to bonding interface
+ local slaves
+ json_get_vars slaves
+
+ for slave in $slaves; do
+
+ if [ "$(cat /proc/net/dev |grep "$slave")" == "" ]; then
+ echo "$cfg" "ERROR IN CONFIGURATION - $slave: No such device"
+ proto_notify_error "$cfg" "ERROR IN CONFIGURATION - $slave: No such device"
+ proto_block_restart "$cfg"
+ return
+ fi
+
+ ifconfig "$slave" down
+
+ sleep 1
+
+ echo "+$slave" > /sys/class/net/"$link"/bonding/slaves
+
+ ifconfig "$slave" up
+ done
+
+ [ -n "$all_slaves_active" ] && echo "$all_slaves_active" > /sys/class/net/"$link"/bonding/all_slaves_active
+
+ local ipaddr netmask
+ json_get_vars ipaddr netmask
+
+ # ATTENTION
+ #All json vars have to be read before the line below, as the
+ # json object will be overwritten by proto_init_update
+ # ATTENTION
+
+ proto_init_update "$link" 1
+
+ # For static configuration we _MUST_ have an IP address
+ [ -z "$ipaddr" ] && {
+ echo "$cfg" "INVALID LOCAL ADDRESS"
+ proto_notify_error "$cfg" "INVALID_LOCAL_ADDRESS"
+ proto_block_restart "$cfg"
+ return
+ }
+
+ proto_add_ipv4_address "$ipaddr" "$netmask"
+
+ proto_send_update "$cfg"
+}
+
+proto_bonding_teardown() {
+ local cfg="$1"
+ local link="bonding-$cfg"
+
+ # Check for loaded kernel bonding driver (/sys/class/net/bonding_masters exists)
+ [ -f "$BONDING_MASTERS" ] || {
+ echo "$cfg" "teardown: bonding_masters does not exist in sysfs (kernel module not loaded?)"
+ proto_notify_error "$cfg" "teardown: bonding_masters does not exist in sysfs (kernel module not loaded?)"
+ proto_block_restart "$cfg"
+ return
+ }
+
+ echo "-$link" > /sys/class/net/bonding_masters
+ logger "bonding_teardown($1): $2"
+}
+
+add_protocol bonding
PKG_NAME:=chaosvpn
-PKG_REV:=2eb24810b5aa0b2d56f21562e52927020dc3090a
-PKG_VERSION:=2014-01-24
-PKG_RELEASE=2
-
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://github.com/ryd/chaosvpn.git
-PKG_SOURCE_VERSION:=$(PKG_REV)
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_REV).tar.gz
-PKG_MIRROR_HASH:=da987a95cb33af730c2b08ceec3af29a61e523625479c7e8b978fad881abbb53
-PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
+PKG_VERSION:=2.19
+PKG_RELEASE=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/ryd/chaosvpn/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=53625d131140529e88d8a14c34cc4d8d5d0134292d90f4ae55e9df29d3232828
PKG_LICENSE:=Apache-2.0
PKG_MAINTAINER:=Norbert Summer <git@o-g.at>
--- /dev/null
+#
+# Copyright (C) 2010-2011 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=foolsm
+PKG_VERSION:=1.0.10
+PKG_RELEASE:=1
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=http://lsm.foobar.fi/download
+PKG_HASH:=33210209ca38b3bfef1a9180f765266a134fc811dea8bc06450a3bd48d1d083e
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/foolsm
+ SECTION:=net
+ CATEGORY:=Network
+ DEPENDS:=+ssmtp
+ TITLE:=A link state monitor
+ URL:=http://lsm.foobar.fi/
+endef
+
+define Package/foolsm/description
+ foolsm is a link state monitor for carrying out actions when a link
+ transistions from the up to down state or vice versa.
+endef
+
+define Package/foolsm/conffiles
+/etc/foolsm/foolsm.conf
+endef
+
+define Package/foolsm/install
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/foolsm $(1)/usr/sbin/
+ $(INSTALL_DIR) $(1)/etc/foolsm/script.d
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_DATA) ./files/connections.conf $(1)/etc/foolsm/connections.conf
+ $(INSTALL_DATA) ./files/foolsm.conf $(1)/etc/foolsm/foolsm.conf
+ $(INSTALL_BIN) ./files/foolsm_script $(1)/etc/foolsm/script
+ $(INSTALL_BIN) ./files/foolsm.init $(1)/etc/init.d/foolsm
+endef
+
+define Package/foolsm/conffiles
+/etc/foolsm/connections.conf
+/etc/foolsm/foolsm.conf
+endef
+
+$(eval $(call BuildPackage,foolsm))
--- /dev/null
+connection {
+ name=Provider1
+ checkip=1.1.1.1
+ device=pppoe-wan
+ ttl=2
+}
+
+connection {
+ name=Provider2
+ checkip=2.2.2.2
+ device=eth0.2
+ ttl=1
+}
--- /dev/null
+#
+# (C) 2009 Mika Ilmaranta <ilmis at nullnet.fi>
+#
+# License: GPLv2
+#
+
+#
+# Debug level: 0 .. 8 are normal, 9 gives lots of stuff and 100 doesn't
+# bother to detach
+#
+#debug=10
+#debug=9
+debug=8
+# reopen_on_enodev=1
+
+#
+# Defaults for the connection entries
+#
+defaults {
+ name=defaults
+ checkip=127.0.0.1
+ eventscript=/etc/foolsm/script
+ notifyscript=
+ max_packet_loss=20
+ max_successive_pkts_lost=7
+ min_packet_loss=5
+ min_successive_pkts_rcvd=10
+ interval_ms=2000
+ timeout_ms=2000
+ warn_email=root
+ check_arp=0
+ sourceip=
+# if using ping probes for monitoring only then defaults should
+# not define a default device for packets to autodiscover their path
+# to destination
+# device=eth0
+# use system default ttl
+ ttl=0
+}
+
+include /etc/foolsm/connections.conf
+
+#EOF
--- /dev/null
+#!/bin/sh /etc/rc.common
+# Copyright (C) 2010-2011 OpenWrt.org
+
+START=45
+
+SERVICE_USE_PID=1
+SERVICE_PID_FILE=/var/run/foolsm.pid
+
+start() {
+ service_start /usr/sbin/foolsm -c /etc/foolsm/foolsm.conf -p $SERVICE_PID_FILE
+}
+
+stop() {
+ service_stop /usr/sbin/foolsm
+}
+
+reload() {
+ service_reload /usr/sbin/foolsm
+}
--- /dev/null
+#!/bin/sh
+#
+# (C) 2009 Mika Ilmaranta <ilmis@nullnet.fi>
+# (C) 2009 Tom Eastep <teastep@shorewall.net>
+#
+# License: GPLv2
+#
+
+DATE=$(/bin/date)
+
+STATE=${1}
+NAME=${2}
+CHECKIP=${3}
+DEVICE=${4}
+WARN_EMAIL=${5}
+REPLIED=${6}
+WAITING=${7}
+TIMEOUT=${8}
+REPLY_LATE=${9}
+CONS_RCVD=${10}
+CONS_WAIT=${11}
+CONS_MISS=${12}
+AVG_RTT=${13}
+
+cat <<EOM | ssmtp ${WARN_EMAIL}
+Subject: "LSM: ${NAME} ${STATE}, DEV ${DEVICE}"
+
+Hi,
+
+Your connection ${NAME} has changed it's state to ${STATE} at ${DATE}.
+
+Following parameters were passed:
+
+newstate = ${STATE}
+name = ${NAME}
+checkip = ${CHECKIP}
+device = ${DEVICE}
+warn_email = ${WARN_EMAIL}
+
+Packet counters:
+
+replied = ${REPLIED} packets replied
+waiting = ${WAITING} packets waiting for reply
+timeout = ${TIMEOUT} packets that have timed out (= packet loss)
+reply_late = ${REPLY_LATE} packets that received a reply after timeout
+cons_rcvd = ${CONS_RCVD} consecutively received replies in sequence
+cons_wait = ${CONS_WAIT} consecutive packets waiting for reply
+cons_miss = ${CONS_MISS} consecutive packets that have timed out
+avg_rtt = ${AVG_RTT} average rtt, notice that waiting and timed out packets have rtt = 0 when calculating this
+
+Your LSM Daemon
+
+EOM
+
+exit 0
+
+#EOF
--- /dev/null
+--- a/defs.h 2016-11-10 07:22:50.275506874 -0500
++++ b/defs.h 2016-11-10 07:22:58.639469850 -0500
+@@ -22,7 +22,7 @@
+
+ #define min(x, y) ((x)<(y) ? (x) : (y))
+
+-#define PLUGIN_EXPORT_DIR "/var/lib/foolsm"
++#define PLUGIN_EXPORT_DIR "/tmp"
+
+ #endif
+
--- /dev/null
+--- a/forkexec.c 2017-11-02 07:45:28.679821530 -0400
++++ /bforkexec.c 2017-11-02 07:44:54.527653043 -0400
+@@ -108,7 +108,7 @@
+ int script_status;
+ pid_t pid;
+
+- while ((pid = waitpid(WAIT_ANY, &script_status, WNOHANG)) != 0) {
++ while ((pid = waitpid(-1, &script_status, WNOHANG)) != 0) {
+ if(pid == -1) {
+ if(cfg.debug >= 9 && errno != ECHILD)
+ syslog(LOG_ERR, "%s: %s: %d: waitpid failed %s", __FILE__, __FUNCTION__, __LINE__, strerror(errno));
PKG_MAINTAINER:=Mislav Novakovic <mislav.novakovic@sartura.hr>
PKG_NAME:=go-ethereum
-PKG_VERSION:=1.8.11
+PKG_VERSION:=1.8.12
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/ethereum/go-ethereum/tar.gz/v${PKG_VERSION}?
-PKG_HASH:=ad18cc1d3154499ade6c712eab4b005d9dc0abf61282cfb349900d30dfba019a
+PKG_HASH:=53cfd6ff2f82f7a42fa5175e2a795aada4425a22353e5d46008cd566bfb5e239
PKG_BUILD_DEPENDS:=golang/host
PKG_BUILD_PARALLEL:=1
PKG_MIRROR_HASH:=7b1567d4d4b316ed4b70372bbcfc2039a93d6a7bbf24c2b3036b2c7f3bccc9b4
PKG_VERSION:=0.10.2-git-20180607-$(PKG_SOURCE_VERSION)
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
well as their helpers.
endef
-define Package/gnunet/config
-config GNUNET_HAS_ICONV_SUPPORT
- depends on PACKAGE_gnunet && (!USE_UCLIBC || (USE_UCLIBC && BUILD_NLS))
- bool
- default y
-endef
-
define BuildComponent
PKG_CONFIG_DEPENDS+=CONFIG_PACKAGE_$(PKG_NAME)-$(1)
PLUGIN_fs-heap:=datastore_heap
CONFLICTS_fs-heap:=gnunet-fs-mysql gnunet-fs-pgsql gnunet-fs-sqlite
-DEPENDS_mysql:=+libmysqlclient @GNUNET_HAS_ICONV_SUPPORT
+DEPENDS_mysql:=+libmysqlclient
LIB_mysql:=mysql my
DEPENDS_social-mysql:=+gnunet-mysql +gnunet-social
include $(TOPDIR)/rules.mk
PKG_NAME:=inadyn
-PKG_VERSION:=2.3
+PKG_VERSION:=2.3.1
PKG_RELEASE:=1
PKG_MAINTAINER:=
PKG_LICENSE:=GPL-2.0
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://github.com/troglobit/inadyn/releases/download/v$(PKG_VERSION)
-PKG_HASH:=4a98b80d8565b9e4cb32b19b7a8b06a22a7d9a6f4f03a5298a8d441b6187c760
+PKG_HASH:=81c942db6eab27fa16e868175bdb7aff963eeee06d48bc5443e0dcd6f7c2da40
PKG_FIXUP:=autoreconf
PKG_NAME:=ipsec-tools
PKG_VERSION:=0.8.2
-PKG_RELEASE:=7
+PKG_RELEASE:=8
PKG_MAINTAINER:=Noah Meyerhans <frodo@morgul.net>, \
Vitaly Protsko <villy@sft.ru>
PKG_LICENSE := BSD-3-Clause
--- /dev/null
+--- a/src/racoon/isakmp_xauth.c
++++ b/src/racoon/isakmp_xauth.c
+@@ -376,6 +376,7 @@ xauth_reply(iph1, port, id, res)
+ struct ph1handle *iph1;
+ int port;
+ int id;
++ int res;
+ {
+ struct xauth_state *xst = &iph1->mode_cfg->xauth;
+ char *usr = xst->authdata.generic.usr;
+
--- /dev/null
+From 071fec7181255b9234add44865a435dfdefee520 Mon Sep 17 00:00:00 2001
+In-Reply-To: <20180528120513.560-1-cote2004-github@yahoo.com>
+References: <20180528120513.560-1-cote2004-github@yahoo.com>
+From: Eneas U de Queiroz <cote2004-github@yahoo.com>
+Date: Wed, 30 May 2018 15:42:20 -0300
+Subject: [PATCH v2 1/1] ipsec-tools: add openssl 1.1 support
+To: equeiroz@troianet.com.br
+
+This patch updates the calls to openssl 1.1 API, and adds a
+compatibility layer so it compiles with (at least) openssl 1.0.2, I
+haven't tested it with lower versions, but all that's needed is to edit
+the openssl_compat.* files and add the missing functions there--they're
+usually trivial.
+
+Signed-off-by: Eneas U de Queiroz <cote2004-github@yahoo.com>
+---
+ src/racoon/Makefile.am | 10 +--
+ src/racoon/algorithm.c | 6 +-
+ src/racoon/cfparse.y | 2 +-
+ src/racoon/crypto_openssl.c | 197 +++++++++++++++++++++-------------------
+ src/racoon/crypto_openssl.h | 2 +-
+ src/racoon/eaytest.c | 7 +-
+ src/racoon/ipsec_doi.c | 2 +-
+ src/racoon/openssl_compat.c | 213 ++++++++++++++++++++++++++++++++++++++++++++
+ src/racoon/openssl_compat.h | 45 ++++++++++
+ src/racoon/plainrsa-gen.c | 41 +++++----
+ src/racoon/prsa_par.y | 28 ++++--
+ src/racoon/rsalist.c | 5 +-
+ 12 files changed, 431 insertions(+), 127 deletions(-)
+ create mode 100644 src/racoon/openssl_compat.c
+ create mode 100644 src/racoon/openssl_compat.h
+
+diff --git a/src/racoon/Makefile.am b/src/racoon/Makefile.am
+index dbaded9..4c585f3 100644
+--- a/src/racoon/Makefile.am
++++ b/src/racoon/Makefile.am
+@@ -4,7 +4,7 @@ sbin_PROGRAMS = racoon racoonctl plainrsa-gen
+ noinst_PROGRAMS = eaytest
+ include_racoon_HEADERS = racoonctl.h var.h vmbuf.h misc.h gcmalloc.h admin.h \
+ schedule.h sockmisc.h isakmp_var.h isakmp.h isakmp_xauth.h \
+- isakmp_cfg.h isakmp_unity.h ipsec_doi.h evt.h
++ isakmp_cfg.h isakmp_unity.h ipsec_doi.h evt.h openssl_compat.h
+ lib_LTLIBRARIES = libracoon.la
+
+ adminsockdir=${localstatedir}/racoon
+@@ -32,7 +32,7 @@ racoon_SOURCES = \
+ gssapi.c dnssec.c getcertsbyname.c privsep.c \
+ pfkey.c admin.c evt.c ipsec_doi.c oakley.c grabmyaddr.c vendorid.c \
+ policy.c localconf.c remoteconf.c crypto_openssl.c algorithm.c \
+- proposal.c sainfo.c strnames.c \
++ openssl_compat.c proposal.c sainfo.c strnames.c \
+ plog.c logger.c schedule.c str2val.c \
+ safefile.c backupsa.c genlist.c rsalist.c \
+ cftoken.l cfparse.y prsa_tok.l prsa_par.y
+@@ -51,12 +51,12 @@ libracoon_la_SOURCES = kmpstat.c vmbuf.c sockmisc.c misc.c
+ libracoon_la_CFLAGS = -DNOUSE_PRIVSEP $(AM_CFLAGS)
+
+ plainrsa_gen_SOURCES = plainrsa-gen.c plog.c \
+- crypto_openssl.c logger.c
++ crypto_openssl.c logger.c openssl_compat.c
+ EXTRA_plainrsa_gen_SOURCES = $(MISSING_ALGOS)
+ plainrsa_gen_LDADD = $(CRYPTOBJS) vmbuf.o misc.o
+ plainrsa_gen_DEPENDENCIES = $(CRYPTOBJS) vmbuf.o misc.o
+
+-eaytest_SOURCES = eaytest.c plog.c logger.c
++eaytest_SOURCES = eaytest.c plog.c logger.c openssl_compat.c
+ EXTRA_eaytest_SOURCES = missing/crypto/sha2/sha2.c
+ eaytest_LDADD = crypto_openssl_test.o vmbuf.o str2val.o misc_noplog.o \
+ $(CRYPTOBJS)
+@@ -75,7 +75,7 @@ noinst_HEADERS = \
+ debugrm.h isakmp.h misc.h sainfo.h \
+ dhgroup.h isakmp_agg.h netdb_dnssec.h schedule.h \
+ isakmp_cfg.h isakmp_xauth.h isakmp_unity.h isakmp_frag.h \
+- throttle.h privsep.h \
++ throttle.h privsep.h openssl_compat.h \
+ cfparse_proto.h cftoken_proto.h genlist.h rsalist.h \
+ missing/crypto/sha2/sha2.h missing/crypto/rijndael/rijndael_local.h \
+ missing/crypto/rijndael/rijndael-api-fst.h \
+diff --git a/src/racoon/algorithm.c b/src/racoon/algorithm.c
+index 3fd50f6..66c874b 100644
+--- a/src/racoon/algorithm.c
++++ b/src/racoon/algorithm.c
+@@ -128,7 +128,7 @@ static struct enc_algorithm oakley_encdef[] = {
+ { "aes", algtype_aes, OAKLEY_ATTR_ENC_ALG_AES, 16,
+ eay_aes_encrypt, eay_aes_decrypt,
+ eay_aes_weakkey, eay_aes_keylen, },
+-#ifdef HAVE_OPENSSL_CAMELLIA_H
++#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA)
+ { "camellia", algtype_camellia, OAKLEY_ATTR_ENC_ALG_CAMELLIA, 16,
+ eay_camellia_encrypt, eay_camellia_decrypt,
+ eay_camellia_weakkey, eay_camellia_keylen, },
+@@ -168,7 +168,7 @@ static struct enc_algorithm ipsec_encdef[] = {
+ { "twofish", algtype_twofish, IPSECDOI_ESP_TWOFISH, 16,
+ NULL, NULL,
+ NULL, eay_twofish_keylen, },
+-#ifdef HAVE_OPENSSL_IDEA_H
++#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA)
+ { "3idea", algtype_3idea, IPSECDOI_ESP_3IDEA, 8,
+ NULL, NULL,
+ NULL, NULL, },
+@@ -179,7 +179,7 @@ static struct enc_algorithm ipsec_encdef[] = {
+ { "rc4", algtype_rc4, IPSECDOI_ESP_RC4, 8,
+ NULL, NULL,
+ NULL, NULL, },
+-#ifdef HAVE_OPENSSL_CAMELLIA_H
++#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA)
+ { "camellia", algtype_camellia, IPSECDOI_ESP_CAMELLIA, 16,
+ NULL, NULL,
+ NULL, eay_camellia_keylen, },
+diff --git a/src/racoon/cfparse.y b/src/racoon/cfparse.y
+index 0d9bd67..8415752 100644
+--- a/src/racoon/cfparse.y
++++ b/src/racoon/cfparse.y
+@@ -2564,7 +2564,7 @@ set_isakmp_proposal(rmconf)
+ plog(LLV_DEBUG2, LOCATION, NULL,
+ "encklen=%d\n", s->encklen);
+
+- memset(types, 0, ARRAYLEN(types));
++ memset(types, 0, sizeof types);
+ types[algclass_isakmp_enc] = s->algclass[algclass_isakmp_enc];
+ types[algclass_isakmp_hash] = s->algclass[algclass_isakmp_hash];
+ types[algclass_isakmp_dh] = s->algclass[algclass_isakmp_dh];
+diff --git a/src/racoon/crypto_openssl.c b/src/racoon/crypto_openssl.c
+index 55b076a..8fb358f 100644
+--- a/src/racoon/crypto_openssl.c
++++ b/src/racoon/crypto_openssl.c
+@@ -90,6 +90,7 @@
+ #endif
+ #endif
+ #include "plog.h"
++#include "openssl_compat.h"
+
+ #define USE_NEW_DES_API
+
+@@ -316,9 +317,12 @@ eay_cmp_asn1dn(n1, n2)
+ i = idx+1;
+ goto end;
+ }
+- if ((ea->value->length == 1 && ea->value->data[0] == '*') ||
+- (eb->value->length == 1 && eb->value->data[0] == '*')) {
+- if (OBJ_cmp(ea->object,eb->object)) {
++ ASN1_STRING *sa = X509_NAME_ENTRY_get_data(ea);
++ ASN1_STRING *sb = X509_NAME_ENTRY_get_data(eb);
++ if ((ASN1_STRING_length(sa) == 1 && ASN1_STRING_get0_data(sa)[0] == '*') ||
++ (ASN1_STRING_length(sb) == 1 && ASN1_STRING_get0_data(sb)[0] == '*')) {
++ if (OBJ_cmp(X509_NAME_ENTRY_get_object(ea),
++ X509_NAME_ENTRY_get_object(eb))) {
+ i = idx+1;
+ goto end;
+ }
+@@ -430,7 +434,7 @@ cb_check_cert_local(ok, ctx)
+
+ if (!ok) {
+ X509_NAME_oneline(
+- X509_get_subject_name(ctx->current_cert),
++ X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)),
+ buf,
+ 256);
+ /*
+@@ -438,7 +442,8 @@ cb_check_cert_local(ok, ctx)
+ * ok if they are self signed. But we should still warn
+ * the user.
+ */
+- switch (ctx->error) {
++ int ctx_error = X509_STORE_CTX_get_error(ctx);
++ switch (ctx_error) {
+ case X509_V_ERR_CERT_HAS_EXPIRED:
+ case X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT:
+ case X509_V_ERR_INVALID_CA:
+@@ -453,9 +458,9 @@ cb_check_cert_local(ok, ctx)
+ }
+ plog(log_tag, LOCATION, NULL,
+ "%s(%d) at depth:%d SubjectName:%s\n",
+- X509_verify_cert_error_string(ctx->error),
+- ctx->error,
+- ctx->error_depth,
++ X509_verify_cert_error_string(ctx_error),
++ ctx_error,
++ X509_STORE_CTX_get_error_depth(ctx),
+ buf);
+ }
+ ERR_clear_error();
+@@ -477,10 +482,11 @@ cb_check_cert_remote(ok, ctx)
+
+ if (!ok) {
+ X509_NAME_oneline(
+- X509_get_subject_name(ctx->current_cert),
++ X509_get_subject_name(X509_STORE_CTX_get_current_cert(ctx)),
+ buf,
+ 256);
+- switch (ctx->error) {
++ int ctx_error=X509_STORE_CTX_get_error(ctx);
++ switch (ctx_error) {
+ case X509_V_ERR_UNABLE_TO_GET_CRL:
+ ok = 1;
+ log_tag = LLV_WARNING;
+@@ -490,9 +496,9 @@ cb_check_cert_remote(ok, ctx)
+ }
+ plog(log_tag, LOCATION, NULL,
+ "%s(%d) at depth:%d SubjectName:%s\n",
+- X509_verify_cert_error_string(ctx->error),
+- ctx->error,
+- ctx->error_depth,
++ X509_verify_cert_error_string(ctx_error),
++ ctx_error,
++ X509_STORE_CTX_get_error_depth(ctx),
+ buf);
+ }
+ ERR_clear_error();
+@@ -516,14 +522,15 @@ eay_get_x509asn1subjectname(cert)
+ if (x509 == NULL)
+ goto error;
+
++ X509_NAME *subject_name = X509_get_subject_name(x509);
+ /* get the length of the name */
+- len = i2d_X509_NAME(x509->cert_info->subject, NULL);
++ len = i2d_X509_NAME(subject_name, NULL);
+ name = vmalloc(len);
+ if (!name)
+ goto error;
+ /* get the name */
+ bp = (unsigned char *) name->v;
+- len = i2d_X509_NAME(x509->cert_info->subject, &bp);
++ len = i2d_X509_NAME(subject_name, &bp);
+
+ X509_free(x509);
+
+@@ -661,15 +668,16 @@ eay_get_x509asn1issuername(cert)
+ if (x509 == NULL)
+ goto error;
+
++ X509_NAME *issuer_name = X509_get_issuer_name(x509);
+ /* get the length of the name */
+- len = i2d_X509_NAME(x509->cert_info->issuer, NULL);
++ len = i2d_X509_NAME(issuer_name, NULL);
+ name = vmalloc(len);
+ if (name == NULL)
+ goto error;
+
+ /* get the name */
+ bp = (unsigned char *) name->v;
+- len = i2d_X509_NAME(x509->cert_info->issuer, &bp);
++ len = i2d_X509_NAME(issuer_name, &bp);
+
+ X509_free(x509);
+
+@@ -850,7 +858,7 @@ eay_check_x509sign(source, sig, cert)
+ return -1;
+ }
+
+- res = eay_rsa_verify(source, sig, evp->pkey.rsa);
++ res = eay_rsa_verify(source, sig, EVP_PKEY_get0_RSA(evp));
+
+ EVP_PKEY_free(evp);
+ X509_free(x509);
+@@ -992,7 +1000,7 @@ eay_get_x509sign(src, privkey)
+ if (evp == NULL)
+ return NULL;
+
+- sig = eay_rsa_sign(src, evp->pkey.rsa);
++ sig = eay_rsa_sign(src, EVP_PKEY_get0_RSA(evp));
+
+ EVP_PKEY_free(evp);
+
+@@ -1079,7 +1087,11 @@ eay_strerror()
+ int line, flags;
+ unsigned long es;
+
++#if OPENSSL_VERSION_NUMBER >= 0x10100000L
++ es = 0; /* even when allowed by OPENSSL_API_COMPAT, it is defined as 0 */
++#else
+ es = CRYPTO_thread_id();
++#endif
+
+ while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0){
+ n = snprintf(ebuf + len, sizeof(ebuf) - len,
+@@ -1100,7 +1112,7 @@ vchar_t *
+ evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc)
+ {
+ vchar_t *res;
+- EVP_CIPHER_CTX ctx;
++ EVP_CIPHER_CTX *ctx;
+
+ if (!e)
+ return NULL;
+@@ -1111,7 +1123,7 @@ evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc
+ if ((res = vmalloc(data->l)) == NULL)
+ return NULL;
+
+- EVP_CIPHER_CTX_init(&ctx);
++ ctx = EVP_CIPHER_CTX_new();
+
+ switch(EVP_CIPHER_nid(e)){
+ case NID_bf_cbc:
+@@ -1125,54 +1137,41 @@ evp_crypt(vchar_t *data, vchar_t *key, vchar_t *iv, const EVP_CIPHER *e, int enc
+ /* XXX: can we do that also for algos with a fixed key size ?
+ */
+ /* init context without key/iv
+- */
+- if (!EVP_CipherInit(&ctx, e, NULL, NULL, enc))
+- {
+- OpenSSL_BUG();
+- vfree(res);
+- return NULL;
+- }
++ */
++ if (!EVP_CipherInit(ctx, e, NULL, NULL, enc))
++ goto out;
+
+- /* update key size
+- */
+- if (!EVP_CIPHER_CTX_set_key_length(&ctx, key->l))
+- {
+- OpenSSL_BUG();
+- vfree(res);
+- return NULL;
+- }
+-
+- /* finalize context init with desired key size
+- */
+- if (!EVP_CipherInit(&ctx, NULL, (u_char *) key->v,
++ /* update key size
++ */
++ if (!EVP_CIPHER_CTX_set_key_length(ctx, key->l))
++ goto out;
++
++ /* finalize context init with desired key size
++ */
++ if (!EVP_CipherInit(ctx, NULL, (u_char *) key->v,
+ (u_char *) iv->v, enc))
+- {
+- OpenSSL_BUG();
+- vfree(res);
+- return NULL;
+- }
++ goto out;
+ break;
+ default:
+- if (!EVP_CipherInit(&ctx, e, (u_char *) key->v,
+- (u_char *) iv->v, enc)) {
+- OpenSSL_BUG();
+- vfree(res);
+- return NULL;
+- }
++ if (!EVP_CipherInit(ctx, e, (u_char *) key->v,
++ (u_char *) iv->v, enc))
++ goto out;
+ }
+
+ /* disable openssl padding */
+- EVP_CIPHER_CTX_set_padding(&ctx, 0);
++ EVP_CIPHER_CTX_set_padding(ctx, 0);
+
+- if (!EVP_Cipher(&ctx, (u_char *) res->v, (u_char *) data->v, data->l)) {
+- OpenSSL_BUG();
+- vfree(res);
+- return NULL;
+- }
++ if (!EVP_Cipher(ctx, (u_char *) res->v, (u_char *) data->v, data->l))
++ goto out;
+
+- EVP_CIPHER_CTX_cleanup(&ctx);
++ EVP_CIPHER_CTX_free(ctx);
+
+ return res;
++out:
++ EVP_CIPHER_CTX_free(ctx);
++ OpenSSL_BUG();
++ vfree(res);
++ return NULL;
+ }
+
+ int
+@@ -1230,7 +1229,7 @@ eay_des_keylen(len)
+ return evp_keylen(len, EVP_des_cbc());
+ }
+
+-#ifdef HAVE_OPENSSL_IDEA_H
++#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA)
+ /*
+ * IDEA-CBC
+ */
+@@ -1587,7 +1586,7 @@ eay_aes_keylen(len)
+ return len;
+ }
+
+-#if defined(HAVE_OPENSSL_CAMELLIA_H)
++#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA)
+ /*
+ * CAMELLIA-CBC
+ */
+@@ -1680,9 +1679,9 @@ eay_hmac_init(key, md)
+ vchar_t *key;
+ const EVP_MD *md;
+ {
+- HMAC_CTX *c = racoon_malloc(sizeof(*c));
++ HMAC_CTX *c = HMAC_CTX_new();
+
+- HMAC_Init(c, key->v, key->l, md);
++ HMAC_Init_ex(c, key->v, key->l, md, NULL);
+
+ return (caddr_t)c;
+ }
+@@ -1761,8 +1760,7 @@ eay_hmacsha2_512_final(c)
+
+ HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
+ res->l = l;
+- HMAC_cleanup((HMAC_CTX *)c);
+- (void)racoon_free(c);
++ HMAC_CTX_free((HMAC_CTX *)c);
+
+ if (SHA512_DIGEST_LENGTH != res->l) {
+ plog(LLV_ERROR, LOCATION, NULL,
+@@ -1811,8 +1809,7 @@ eay_hmacsha2_384_final(c)
+
+ HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
+ res->l = l;
+- HMAC_cleanup((HMAC_CTX *)c);
+- (void)racoon_free(c);
++ HMAC_CTX_free((HMAC_CTX *)c);
+
+ if (SHA384_DIGEST_LENGTH != res->l) {
+ plog(LLV_ERROR, LOCATION, NULL,
+@@ -1861,8 +1858,7 @@ eay_hmacsha2_256_final(c)
+
+ HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
+ res->l = l;
+- HMAC_cleanup((HMAC_CTX *)c);
+- (void)racoon_free(c);
++ HMAC_CTX_free((HMAC_CTX *)c);
+
+ if (SHA256_DIGEST_LENGTH != res->l) {
+ plog(LLV_ERROR, LOCATION, NULL,
+@@ -1912,8 +1908,7 @@ eay_hmacsha1_final(c)
+
+ HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
+ res->l = l;
+- HMAC_cleanup((HMAC_CTX *)c);
+- (void)racoon_free(c);
++ HMAC_CTX_free((HMAC_CTX *)c);
+
+ if (SHA_DIGEST_LENGTH != res->l) {
+ plog(LLV_ERROR, LOCATION, NULL,
+@@ -1962,8 +1957,7 @@ eay_hmacmd5_final(c)
+
+ HMAC_Final((HMAC_CTX *)c, (unsigned char *) res->v, &l);
+ res->l = l;
+- HMAC_cleanup((HMAC_CTX *)c);
+- (void)racoon_free(c);
++ HMAC_CTX_free((HMAC_CTX *)c);
+
+ if (MD5_DIGEST_LENGTH != res->l) {
+ plog(LLV_ERROR, LOCATION, NULL,
+@@ -2266,6 +2260,7 @@ eay_dh_generate(prime, g, publen, pub, priv)
+ u_int32_t g;
+ {
+ BIGNUM *p = NULL;
++ BIGNUM *BNg = NULL;
+ DH *dh = NULL;
+ int error = -1;
+
+@@ -2276,25 +2271,28 @@ eay_dh_generate(prime, g, publen, pub, priv)
+
+ if ((dh = DH_new()) == NULL)
+ goto end;
+- dh->p = p;
+- p = NULL; /* p is now part of dh structure */
+- dh->g = NULL;
+- if ((dh->g = BN_new()) == NULL)
++ if ((BNg = BN_new()) == NULL)
+ goto end;
+- if (!BN_set_word(dh->g, g))
++ if (!BN_set_word(BNg, g))
+ goto end;
++ if (! DH_set0_pqg(dh, p, NULL, BNg))
++ goto end;
++ BNg = NULL;
++ p = NULL; /* p is now part of dh structure */
+
+ if (publen != 0)
+- dh->length = publen;
++ DH_set_length(dh, publen);
+
+ /* generate public and private number */
+ if (!DH_generate_key(dh))
+ goto end;
+
+ /* copy results to buffers */
+- if (eay_bn2v(pub, dh->pub_key) < 0)
++ BIGNUM *pub_key, *priv_key;
++ DH_get0_key(dh, (const BIGNUM**) &pub_key, (const BIGNUM**) &priv_key);
++ if (eay_bn2v(pub, pub_key) < 0)
+ goto end;
+- if (eay_bn2v(priv, dh->priv_key) < 0) {
++ if (eay_bn2v(priv, priv_key) < 0) {
+ vfree(*pub);
+ goto end;
+ }
+@@ -2306,6 +2304,8 @@ end:
+ DH_free(dh);
+ if (p != 0)
+ BN_free(p);
++ if (BNg != 0)
++ BN_free(BNg);
+ return(error);
+ }
+
+@@ -2319,6 +2319,10 @@ eay_dh_compute(prime, g, pub, priv, pub2, key)
+ int l;
+ unsigned char *v = NULL;
+ int error = -1;
++ BIGNUM *p = BN_new();
++ BIGNUM *BNg = BN_new();
++ BIGNUM *pub_key = BN_new();
++ BIGNUM *priv_key = BN_new();
+
+ /* make public number to compute */
+ if (eay_v2bn(&dh_pub, pub2) < 0)
+@@ -2327,19 +2331,21 @@ eay_dh_compute(prime, g, pub, priv, pub2, key)
+ /* make DH structure */
+ if ((dh = DH_new()) == NULL)
+ goto end;
+- if (eay_v2bn(&dh->p, prime) < 0)
++ if (p == NULL || BNg == NULL || pub_key == NULL || priv_key == NULL)
+ goto end;
+- if (eay_v2bn(&dh->pub_key, pub) < 0)
++
++ if (eay_v2bn(&p, prime) < 0)
+ goto end;
+- if (eay_v2bn(&dh->priv_key, priv) < 0)
++ if (eay_v2bn(&pub_key, pub) < 0)
+ goto end;
+- dh->length = pub2->l * 8;
+-
+- dh->g = NULL;
+- if ((dh->g = BN_new()) == NULL)
++ if (eay_v2bn(&priv_key, priv) < 0)
+ goto end;
+- if (!BN_set_word(dh->g, g))
++ if (!BN_set_word(BNg, g))
+ goto end;
++ DH_set0_key(dh, pub_key, priv_key);
++ DH_set_length(dh, pub2->l * 8);
++ DH_set0_pqg(dh, p, NULL, BNg);
++ pub_key = priv_key = p = BNg = NULL;
+
+ if ((v = racoon_calloc(prime->l, sizeof(u_char))) == NULL)
+ goto end;
+@@ -2350,6 +2356,14 @@ eay_dh_compute(prime, g, pub, priv, pub2, key)
+ error = 0;
+
+ end:
++ if (p != NULL)
++ BN_free(p);
++ if (BNg != NULL)
++ BN_free(BNg);
++ if (pub_key != NULL)
++ BN_free(pub_key);
++ if (priv_key != NULL)
++ BN_free(priv_key);
+ if (dh_pub != NULL)
+ BN_free(dh_pub);
+ if (dh != NULL)
+@@ -2400,12 +2414,14 @@ eay_bn2v(var, bn)
+ void
+ eay_init()
+ {
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
+ OpenSSL_add_all_algorithms();
+ ERR_load_crypto_strings();
+ #ifdef HAVE_OPENSSL_ENGINE_H
+ ENGINE_load_builtin_engines();
+ ENGINE_register_all_complete();
+ #endif
++#endif
+ }
+
+ vchar_t *
+@@ -2504,8 +2520,7 @@ binbuf_pubkey2rsa(vchar_t *binbuf)
+ goto out;
+ }
+
+- rsa_pub->n = mod;
+- rsa_pub->e = exp;
++ RSA_set0_key(rsa_pub, mod, exp, NULL);
+
+ out:
+ return rsa_pub;
+@@ -2582,5 +2597,5 @@ eay_random()
+ const char *
+ eay_version()
+ {
+- return SSLeay_version(SSLEAY_VERSION);
++ return OpenSSL_version(OPENSSL_VERSION);
+ }
+diff --git a/src/racoon/crypto_openssl.h b/src/racoon/crypto_openssl.h
+index 66fac73..ee5b765 100644
+--- a/src/racoon/crypto_openssl.h
++++ b/src/racoon/crypto_openssl.h
+@@ -124,7 +124,7 @@ extern vchar_t *eay_aes_decrypt __P((vchar_t *, vchar_t *, vchar_t *));
+ extern int eay_aes_weakkey __P((vchar_t *));
+ extern int eay_aes_keylen __P((int));
+
+-#if defined(HAVE_OPENSSL_CAMELLIA_H)
++#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA)
+ /* Camellia */
+ extern vchar_t *eay_camellia_encrypt __P((vchar_t *, vchar_t *, vchar_t *));
+ extern vchar_t *eay_camellia_decrypt __P((vchar_t *, vchar_t *, vchar_t *));
+diff --git a/src/racoon/eaytest.c b/src/racoon/eaytest.c
+index 1474bdc..ae09db3 100644
+--- a/src/racoon/eaytest.c
++++ b/src/racoon/eaytest.c
+@@ -62,6 +62,7 @@
+ #include "dhgroup.h"
+ #include "crypto_openssl.h"
+ #include "gnuc.h"
++#include "openssl_compat.h"
+
+ #include "package_version.h"
+
+@@ -103,7 +104,7 @@ rsa_verify_with_pubkey(src, sig, pubkey_txt)
+ printf ("PEM_read_PUBKEY(): %s\n", eay_strerror());
+ return -1;
+ }
+- error = eay_check_rsasign(src, sig, evp->pkey.rsa);
++ error = eay_check_rsasign(src, sig, EVP_PKEY_get0_RSA(evp));
+
+ return error;
+ }
+@@ -698,7 +699,7 @@ ciphertest(ac, av)
+ eay_cast_encrypt, eay_cast_decrypt) < 0)
+ return -1;
+
+-#ifdef HAVE_OPENSSL_IDEA_H
++#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA)
+ if (ciphertest_1 ("IDEA",
+ &data, 8,
+ &key, key.l,
+@@ -715,7 +716,7 @@ ciphertest(ac, av)
+ eay_rc5_encrypt, eay_rc5_decrypt) < 0)
+ return -1;
+ #endif
+-#if defined(HAVE_OPENSSL_CAMELLIA_H)
++#if defined(HAVE_OPENSSL_CAMELLIA_H) && ! defined(OPENSSL_NO_CAMELLIA)
+ if (ciphertest_1 ("CAMELLIA",
+ &data, 16,
+ &key, key.l,
+diff --git a/src/racoon/ipsec_doi.c b/src/racoon/ipsec_doi.c
+index 84a4c71..b52469f 100644
+--- a/src/racoon/ipsec_doi.c
++++ b/src/racoon/ipsec_doi.c
+@@ -715,7 +715,7 @@ out:
+ /* key length must not be specified on some algorithms */
+ if (keylen) {
+ if (sa->enctype == OAKLEY_ATTR_ENC_ALG_DES
+-#ifdef HAVE_OPENSSL_IDEA_H
++#if defined(HAVE_OPENSSL_IDEA_H) && ! defined(OPENSSL_NO_IDEA)
+ || sa->enctype == OAKLEY_ATTR_ENC_ALG_IDEA
+ #endif
+ || sa->enctype == OAKLEY_ATTR_ENC_ALG_3DES) {
+diff --git a/src/racoon/openssl_compat.c b/src/racoon/openssl_compat.c
+new file mode 100644
+index 0000000..864b5fb
+--- /dev/null
++++ b/src/racoon/openssl_compat.c
+@@ -0,0 +1,213 @@
++/*
++ * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
++ *
++ * Licensed under the OpenSSL license (the "License"). You may not use
++ * this file except in compliance with the License. You can obtain a copy
++ * in the file LICENSE in the source distribution or at
++ * https://www.openssl.org/source/license.html
++ */
++
++#include "openssl_compat.h"
++
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++
++#include <string.h>
++
++static void *OPENSSL_zalloc(size_t num)
++{
++ void *ret = OPENSSL_malloc(num);
++
++ if (ret != NULL)
++ memset(ret, 0, num);
++ return ret;
++}
++
++int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
++{
++ /* If the fields n and e in r are NULL, the corresponding input
++ * parameters MUST be non-NULL for n and e. d may be
++ * left NULL (in case only the public key is used).
++ */
++ if ((r->n == NULL && n == NULL)
++ || (r->e == NULL && e == NULL))
++ return 0;
++
++ if (n != NULL) {
++ BN_free(r->n);
++ r->n = n;
++ }
++ if (e != NULL) {
++ BN_free(r->e);
++ r->e = e;
++ }
++ if (d != NULL) {
++ BN_free(r->d);
++ r->d = d;
++ }
++
++ return 1;
++}
++
++int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
++{
++ /* If the fields p and q in r are NULL, the corresponding input
++ * parameters MUST be non-NULL.
++ */
++ if ((r->p == NULL && p == NULL)
++ || (r->q == NULL && q == NULL))
++ return 0;
++
++ if (p != NULL) {
++ BN_free(r->p);
++ r->p = p;
++ }
++ if (q != NULL) {
++ BN_free(r->q);
++ r->q = q;
++ }
++
++ return 1;
++}
++
++int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
++{
++ /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input
++ * parameters MUST be non-NULL.
++ */
++ if ((r->dmp1 == NULL && dmp1 == NULL)
++ || (r->dmq1 == NULL && dmq1 == NULL)
++ || (r->iqmp == NULL && iqmp == NULL))
++ return 0;
++
++ if (dmp1 != NULL) {
++ BN_free(r->dmp1);
++ r->dmp1 = dmp1;
++ }
++ if (dmq1 != NULL) {
++ BN_free(r->dmq1);
++ r->dmq1 = dmq1;
++ }
++ if (iqmp != NULL) {
++ BN_free(r->iqmp);
++ r->iqmp = iqmp;
++ }
++
++ return 1;
++}
++
++void RSA_get0_key(const RSA *r,
++ const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
++{
++ if (n != NULL)
++ *n = r->n;
++ if (e != NULL)
++ *e = r->e;
++ if (d != NULL)
++ *d = r->d;
++}
++
++void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
++{
++ if (p != NULL)
++ *p = r->p;
++ if (q != NULL)
++ *q = r->q;
++}
++
++void RSA_get0_crt_params(const RSA *r,
++ const BIGNUM **dmp1, const BIGNUM **dmq1,
++ const BIGNUM **iqmp)
++{
++ if (dmp1 != NULL)
++ *dmp1 = r->dmp1;
++ if (dmq1 != NULL)
++ *dmq1 = r->dmq1;
++ if (iqmp != NULL)
++ *iqmp = r->iqmp;
++}
++
++int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g)
++{
++ /* If the fields p and g in d are NULL, the corresponding input
++ * parameters MUST be non-NULL. q may remain NULL.
++ */
++ if ((dh->p == NULL && p == NULL)
++ || (dh->g == NULL && g == NULL))
++ return 0;
++
++ if (p != NULL) {
++ BN_free(dh->p);
++ dh->p = p;
++ }
++ if (q != NULL) {
++ BN_free(dh->q);
++ dh->q = q;
++ }
++ if (g != NULL) {
++ BN_free(dh->g);
++ dh->g = g;
++ }
++
++ if (q != NULL) {
++ dh->length = BN_num_bits(q);
++ }
++
++ return 1;
++}
++
++void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key)
++{
++ if (pub_key != NULL)
++ *pub_key = dh->pub_key;
++ if (priv_key != NULL)
++ *priv_key = dh->priv_key;
++}
++
++int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key)
++{
++ /* If the field pub_key in dh is NULL, the corresponding input
++ * parameters MUST be non-NULL. The priv_key field may
++ * be left NULL.
++ */
++ if (dh->pub_key == NULL && pub_key == NULL)
++ return 0;
++
++ if (pub_key != NULL) {
++ BN_free(dh->pub_key);
++ dh->pub_key = pub_key;
++ }
++ if (priv_key != NULL) {
++ BN_free(dh->priv_key);
++ dh->priv_key = priv_key;
++ }
++
++ return 1;
++}
++
++int DH_set_length(DH *dh, long length)
++{
++ dh->length = length;
++ return 1;
++}
++
++HMAC_CTX *HMAC_CTX_new(void)
++{
++ return OPENSSL_zalloc(sizeof(HMAC_CTX));
++}
++
++void HMAC_CTX_free(HMAC_CTX *ctx)
++{
++ HMAC_CTX_cleanup(ctx);
++ OPENSSL_free(ctx);
++}
++
++RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey)
++{
++ if (pkey->type != EVP_PKEY_RSA) {
++ return NULL;
++ }
++ return pkey->pkey.rsa;
++}
++
++
++#endif /* OPENSSL_VERSION_NUMBER */
+diff --git a/src/racoon/openssl_compat.h b/src/racoon/openssl_compat.h
+new file mode 100644
+index 0000000..9e152c2
+--- /dev/null
++++ b/src/racoon/openssl_compat.h
+@@ -0,0 +1,45 @@
++#ifndef OPENSSL_COMPAT_H
++#define OPENSSL_COMPAT_H
++
++#include <openssl/opensslv.h>
++#if OPENSSL_VERSION_NUMBER < 0x10100000L
++
++#include <openssl/rsa.h>
++#include <openssl/dh.h>
++#include <openssl/evp.h>
++#include <openssl/hmac.h>
++
++int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
++int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
++int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
++void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d);
++void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q);
++void RSA_get0_crt_params(const RSA *r, const BIGNUM **dmp1, const BIGNUM **dmq1, const BIGNUM **iqmp);
++
++int DH_set0_pqg(DH *dh, BIGNUM *p, BIGNUM *q, BIGNUM *g);
++void DH_get0_key(const DH *dh, const BIGNUM **pub_key, const BIGNUM **priv_key);
++int DH_set0_key(DH *dh, BIGNUM *pub_key, BIGNUM *priv_key);
++int DH_set_length(DH *dh, long length);
++
++HMAC_CTX *HMAC_CTX_new(void);
++void HMAC_CTX_free(HMAC_CTX* ctx);
++
++RSA *EVP_PKEY_get0_RSA(EVP_PKEY *pkey);
++
++#define ASN1_STRING_length(s) s->length
++#define ASN1_STRING_get0_data(s) s->data
++
++#define X509_get_subject_name(x) x->cert_info->subject
++#define X509_get_issuer_name(x) x->cert_info->issuer
++#define X509_NAME_ENTRY_get_data(n) n->value
++#define X509_NAME_ENTRY_get_object(n) n->object
++#define X509_STORE_CTX_get_current_cert(ctx) ctx->current_cert
++#define X509_STORE_CTX_get_error(ctx) ctx->error
++#define X509_STORE_CTX_get_error_depth(ctx) ctx->error_depth
++
++#define OPENSSL_VERSION SSLEAY_VERSION
++#define OpenSSL_version SSLeay_version
++
++#endif /* OPENSSL_VERSION_NUMBER */
++
++#endif /* OPENSSL_COMPAT_H */
+diff --git a/src/racoon/plainrsa-gen.c b/src/racoon/plainrsa-gen.c
+index cad1861..b949b08 100644
+--- a/src/racoon/plainrsa-gen.c
++++ b/src/racoon/plainrsa-gen.c
+@@ -60,6 +60,7 @@
+ #include "vmbuf.h"
+ #include "plog.h"
+ #include "crypto_openssl.h"
++#include "openssl_compat.h"
+
+ #include "package_version.h"
+
+@@ -90,12 +91,14 @@ mix_b64_pubkey(const RSA *key)
+ char *binbuf;
+ long binlen, ret;
+ vchar_t *res;
+-
+- binlen = 1 + BN_num_bytes(key->e) + BN_num_bytes(key->n);
++ const BIGNUM *e, *n;
++
++ RSA_get0_key(key, &n, &e, NULL);
++ binlen = 1 + BN_num_bytes(e) + BN_num_bytes(n);
+ binbuf = malloc(binlen);
+ memset(binbuf, 0, binlen);
+- binbuf[0] = BN_bn2bin(key->e, (unsigned char *) &binbuf[1]);
+- ret = BN_bn2bin(key->n, (unsigned char *) (&binbuf[binbuf[0] + 1]));
++ binbuf[0] = BN_bn2bin(e, (unsigned char *) &binbuf[1]);
++ ret = BN_bn2bin(n, (unsigned char *) (&binbuf[binbuf[0] + 1]));
+ if (1 + binbuf[0] + ret != binlen) {
+ plog(LLV_ERROR, LOCATION, NULL,
+ "Pubkey generation failed. This is really strange...\n");
+@@ -131,16 +134,20 @@ print_rsa_key(FILE *fp, const RSA *key)
+
+ fprintf(fp, "# : PUB 0s%s\n", pubkey64->v);
+ fprintf(fp, ": RSA\t{\n");
+- fprintf(fp, "\t# RSA %d bits\n", BN_num_bits(key->n));
++ const BIGNUM *n, *e, *d, *p, *q, *dmp1, *dmq1, *iqmp;
++ RSA_get0_key(key, &n, &e, &d);
++ RSA_get0_factors(key, &p, &q);
++ RSA_get0_crt_params(key, &dmp1, &dmq1, &iqmp);
++ fprintf(fp, "\t# RSA %d bits\n", BN_num_bits(n));
+ fprintf(fp, "\t# pubkey=0s%s\n", pubkey64->v);
+- fprintf(fp, "\tModulus: 0x%s\n", lowercase(BN_bn2hex(key->n)));
+- fprintf(fp, "\tPublicExponent: 0x%s\n", lowercase(BN_bn2hex(key->e)));
+- fprintf(fp, "\tPrivateExponent: 0x%s\n", lowercase(BN_bn2hex(key->d)));
+- fprintf(fp, "\tPrime1: 0x%s\n", lowercase(BN_bn2hex(key->p)));
+- fprintf(fp, "\tPrime2: 0x%s\n", lowercase(BN_bn2hex(key->q)));
+- fprintf(fp, "\tExponent1: 0x%s\n", lowercase(BN_bn2hex(key->dmp1)));
+- fprintf(fp, "\tExponent2: 0x%s\n", lowercase(BN_bn2hex(key->dmq1)));
+- fprintf(fp, "\tCoefficient: 0x%s\n", lowercase(BN_bn2hex(key->iqmp)));
++ fprintf(fp, "\tModulus: 0x%s\n", lowercase(BN_bn2hex(n)));
++ fprintf(fp, "\tPublicExponent: 0x%s\n", lowercase(BN_bn2hex(e)));
++ fprintf(fp, "\tPrivateExponent: 0x%s\n", lowercase(BN_bn2hex(d)));
++ fprintf(fp, "\tPrime1: 0x%s\n", lowercase(BN_bn2hex(p)));
++ fprintf(fp, "\tPrime2: 0x%s\n", lowercase(BN_bn2hex(q)));
++ fprintf(fp, "\tExponent1: 0x%s\n", lowercase(BN_bn2hex(dmp1)));
++ fprintf(fp, "\tExponent2: 0x%s\n", lowercase(BN_bn2hex(dmq1)));
++ fprintf(fp, "\tCoefficient: 0x%s\n", lowercase(BN_bn2hex(iqmp)));
+ fprintf(fp, " }\n");
+
+ vfree(pubkey64);
+@@ -203,11 +210,13 @@ int
+ gen_rsa_key(FILE *fp, size_t bits, unsigned long exp)
+ {
+ int ret;
+- RSA *key;
++ RSA *key = RSA_new();
++ BIGNUM *e = BN_new();
+
+- key = RSA_generate_key(bits, exp, NULL, NULL);
+- if (!key) {
++ BN_set_word(e, exp);
++ if (! RSA_generate_key_ex(key, bits, e, NULL)) {
+ fprintf(stderr, "RSA_generate_key(): %s\n", eay_strerror());
++ RSA_free(key);
+ return -1;
+ }
+
+diff --git a/src/racoon/prsa_par.y b/src/racoon/prsa_par.y
+index 1987e4d..27ce4c6 100644
+--- a/src/racoon/prsa_par.y
++++ b/src/racoon/prsa_par.y
+@@ -68,6 +68,7 @@
+ #include "isakmp_var.h"
+ #include "handler.h"
+ #include "crypto_openssl.h"
++#include "openssl_compat.h"
+ #include "sockmisc.h"
+ #include "rsalist.h"
+
+@@ -85,7 +86,18 @@ char *prsa_cur_fname = NULL;
+ struct genlist *prsa_cur_list = NULL;
+ enum rsa_key_type prsa_cur_type = RSA_TYPE_ANY;
+
+-static RSA *rsa_cur;
++struct my_rsa_st {
++ BIGNUM *n;
++ BIGNUM *e;
++ BIGNUM *d;
++ BIGNUM *p;
++ BIGNUM *q;
++ BIGNUM *dmp1;
++ BIGNUM *dmq1;
++ BIGNUM *iqmp;
++};
++
++static struct my_rsa_st *rsa_cur;
+
+ void
+ prsaerror(const char *s, ...)
+@@ -201,8 +213,12 @@ rsa_statement:
+ rsa_cur->iqmp = NULL;
+ }
+ }
+- $$ = rsa_cur;
+- rsa_cur = RSA_new();
++ RSA * rsa_tmp = RSA_new();
++ RSA_set0_key(rsa_tmp, rsa_cur->n, rsa_cur->e, rsa_cur->d);
++ RSA_set0_factors(rsa_tmp, rsa_cur->p, rsa_cur->q);
++ RSA_set0_crt_params(rsa_tmp, rsa_cur->dmp1, rsa_cur->dmq1, rsa_cur->iqmp);
++ $$ = rsa_tmp;
++ memset(rsa_cur, 0, sizeof(struct my_rsa_st));
+ }
+ | TAG_PUB BASE64
+ {
+@@ -351,10 +367,12 @@ prsa_parse_file(struct genlist *list, char *fname, enum rsa_key_type type)
+ prsa_cur_fname = fname;
+ prsa_cur_list = list;
+ prsa_cur_type = type;
+- rsa_cur = RSA_new();
++ rsa_cur = malloc(sizeof(struct my_rsa_st));
++ memset(rsa_cur, 0, sizeof(struct my_rsa_st));
+ ret = prsaparse();
+ if (rsa_cur) {
+- RSA_free(rsa_cur);
++ memset(rsa_cur, 0, sizeof(struct my_rsa_st));
++ free(rsa_cur);
+ rsa_cur = NULL;
+ }
+ fclose (fp);
+diff --git a/src/racoon/rsalist.c b/src/racoon/rsalist.c
+index f152c82..96e8363 100644
+--- a/src/racoon/rsalist.c
++++ b/src/racoon/rsalist.c
+@@ -52,6 +52,7 @@
+ #include "genlist.h"
+ #include "remoteconf.h"
+ #include "crypto_openssl.h"
++#include "openssl_compat.h"
+
+ #ifndef LIST_FIRST
+ #define LIST_FIRST(head) ((head)->lh_first)
+@@ -98,7 +99,9 @@ rsa_key_dup(struct rsa_key *key)
+ return NULL;
+
+ if (key->rsa) {
+- new->rsa = key->rsa->d != NULL ? RSAPrivateKey_dup(key->rsa) : RSAPublicKey_dup(key->rsa);
++ const BIGNUM *d;
++ RSA_get0_key(key->rsa, NULL, NULL, &d);
++ new->rsa = (d != NULL ? RSAPrivateKey_dup(key->rsa) : RSAPublicKey_dup(key->rsa));
+ if (new->rsa == NULL)
+ goto dup_error;
+ }
+--
+2.16.1
+
#
-# Copyright (C) 2006-2015 OpenWrt.org
+# Copyright (C) 2006-2018 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
PKG_NAME:=lighttpd
PKG_VERSION:=1.4.49
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://download.lighttpd.net/lighttpd/releases-1.4.x
PKG_CONFIG_DEPENDS:=CONFIG_LIGHTTPD_SSL $(patsubst %,CONFIG_PACKAGE_lighttpd-mod-%,$(REBUILD_MODULES))
include $(INCLUDE_DIR)/package.mk
+# iconv is required for lighttpd's mysql plugin
+include $(INCLUDE_DIR)/nls.mk
define Package/lighttpd/Default
SUBMENU:=Web Servers/Proxies
CONFIGURE_ARGS+= --without-ldap
endif
-ifneq ($(SDK)$(CONFIG_PACKAGE_lighttpd-mod-authn_mysql),)
+ifneq ($(SDK)$(CONFIG_PACKAGE_lighttpd-mod-authn_mysql)$(CONFIG_PACKAGE_lighttpd-mod-mysql_vhost),)
CONFIGURE_ARGS+= --with-mysql
else
CONFIGURE_ARGS+= --without-mysql
CONFIGURE_ARGS+= --without-lua
endif
-ifneq ($(SDK)$(CONFIG_PACKAGE_lighttpd-mod-mysql_vhost),)
- CONFIGURE_ARGS+= --with-mysql
-else
- CONFIGURE_ARGS+= --without-mysql
-endif
-
#ifneq ($(SDK)$(CONFIG_PACKAGE_lighttpd-mod-cml)$(CONFIG_PACKAGE_lighttpd-mod-trigger_b4_dl),)
# CONFIGURE_ARGS+= --with-memcached
#else
include $(TOPDIR)/rules.mk
PKG_NAME:=mtr
-PKG_REV:=dd2b75080bc5406ba0b438953b36b72204ba114b
-PKG_VERSION:=0.85+newdns-$(PKG_REV)
-PKG_RELEASE:=2
+PKG_VERSION:=0.92
+PKG_RELEASE:=1
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://github.com/traviscross/mtr.git
-PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=$(PKG_REV)
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
-PKG_MIRROR_HASH:=4911c96ee4b3c31692664a845dccddabdfef107646d4861b21fd4053bd2b76e8
+PKG_MAINTAINER:=Jonathan McCrohan <jmccrohan@gmail.com>
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/traviscross/mtr/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=568a52911a8933496e60c88ac6fea12379469d7943feb9223f4337903e4bc164
PKG_LICENSE:=GPL-2.0+
PKG_LICENSE_FILES:=COPYING
PKG_INSTALL:=1
+PKG_BUILD_PARALLEL:=1
PKG_FIXUP:=autoreconf
DEPENDS:=+libncurses
TITLE:=Full screen ncurses traceroute tool
URL:=http://www.bitwizard.nl/mtr/
- PKG_MAINTAINER:=Jonathan McCrohan <jmccrohan@gmail.com>
endef
define Package/mtr/description
+++ /dev/null
---- a/net.c
-+++ b/net.c
-@@ -307,9 +307,11 @@ void net_send_tcp(int index)
- struct sockaddr_storage local;
- struct sockaddr_storage remote;
- struct sockaddr_in *local4 = (struct sockaddr_in *) &local;
-- struct sockaddr_in6 *local6 = (struct sockaddr_in6 *) &local;
- struct sockaddr_in *remote4 = (struct sockaddr_in *) &remote;
-+#ifdef ENABLE_IPV6
-+ struct sockaddr_in6 *local6 = (struct sockaddr_in6 *) &local;
- struct sockaddr_in6 *remote6 = (struct sockaddr_in6 *) &remote;
-+#endif
- socklen_t len;
-
- ttl = index + 1;
-@@ -566,8 +568,10 @@ void net_send_query(int index)
-
- /* sendto() assumes packet length includes the IPv4 header but not the
- IPv6 header. */
-- spacketsize = abs(packetsize) -
-- ( ( af == AF_INET ) ? 0 : sizeof (struct ip6_hdr) );
-+ spacketsize = abs(packetsize);
-+#ifdef ENABLE_IPV6
-+ spacketsize -= ( ( af == AF_INET ) ? 0 : sizeof (struct ip6_hdr) );
-+#endif
- rv = sendto(sendsock, packet, spacketsize, 0, remotesockaddr, salen);
- if (first && (rv < 0) && ((errno == EINVAL) || (errno == EMSGSIZE))) {
- /* Try the first packet again using host byte order. */
---- a/dns.c
-+++ b/dns.c
-@@ -49,7 +49,7 @@
- #include <unistd.h>
- #include <fcntl.h>
- //#include <ctype.h>
--//#include <string.h>
-+#include <string.h>
- #include <stdio.h>
- #include <stdlib.h>
- #include <signal.h>
---- a/net.h
-+++ b/net.h
-@@ -20,6 +20,7 @@
- #include <netdb.h>
- #include <arpa/inet.h>
- #include <netinet/in.h>
-+#include <sys/select.h>
- #include <sys/socket.h>
- #ifdef ENABLE_IPV6
- #include <netinet/ip6.h>
include $(TOPDIR)/rules.mk
PKG_NAME:=nginx
-PKG_VERSION:=1.15.1
-PKG_RELEASE:=3
+PKG_VERSION:=1.15.2
+PKG_RELEASE:=1
PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://nginx.org/download/
-PKG_HASH:=c7206858d7f832b8ef73a45c9b8f8e436bcb1ee88db2bc85b8e438ecec9d5460
+PKG_HASH:=eeba09aecfbe8277ac33a5a2486ec2d6731739f3c1c701b42a0c3784af67ad90
PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de> \
Ansuel Smith <ansuelsmth@gmail.com>
ifeq ($(CONFIG_NGINX_LUA),y)
define Download/lua-nginx
- VERSION:=576a10d246daf81c0ce1b959c50ee807769c01a8
+ VERSION:=e94f2e5d64daa45ff396e262d8dab8e56f5f10e0
SUBDIR:=lua-nginx
FILE:=lua-nginx-module-$(PKG_VERSION)-$$(VERSION).tar.gz
URL:=https://github.com/openresty/lua-nginx-module.git
- MIRROR_HASH:=85ab2fc752d4e09f266209fdec507b30c57bb966c34bbff148cf3459ae5cac80
+ MIRROR_HASH:=ae439f9a8b3c34d7240735b844db72ee721af4791bbaff5692bca20e6785f541
PROTO:=git
endef
$(eval $(call Download,lua-nginx))
--- a/auto/options
+++ b/auto/options
-@@ -391,8 +391,7 @@
+@@ -397,8 +397,7 @@ $0: warning: the \"--with-sha1-asm\" opt
--test-build-solaris-sendfilev) NGX_TEST_BUILD_SOLARIS_SENDFILEV=YES ;;
*)
PKG_NAME:=p910nd
PKG_VERSION:=0.97
-PKG_RELEASE:=5
+PKG_RELEASE:=6
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
PKG_SOURCE_URL:=@SF/p910nd
#!/bin/sh /etc/rc.common
# Copyright (C) 2007 OpenWrt.org
-START=50
+START=99
USE_PROCD=1
append_bool() {
append_string "$section" port ""
procd_open_instance $name
procd_set_param command /usr/sbin/p910nd $args
+ procd_set_param respawn
procd_close_instance
fi
}
include $(TOPDIR)/rules.mk
PKG_NAME:=rtorrent
-PKG_VERSION:=0.9.6-git-1
-PKG_RELEASE=$(PKG_SOURCE_VERSION)
+PKG_VERSION:=0.9.7
+PKG_RELEASE:=1
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=https://github.com/rakshasa/rtorrent.git
-PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=62cb5a4605c0664bc522e0e0da9c72f09cf643a9
-PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
-PKG_MIRROR_HASH:=3c6834b12ebfa8d62618f6e9dbc06dfa593861fa0b435d2fd1bddb0e886fc77b
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://github.com/rakshasa/rtorrent/releases/download/v$(PKG_VERSION)
+PKG_HASH:=5d9842fe48c9582fbea2c7bf9f51412c1ccbba07d059b257039ad53b863fe8bb
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=COPYING
TITLE:=BitTorrent client for ncurses
URL:=http://libtorrent.rakshasa.no/
DEPENDS:=+libcurl +libtorrent +libncursesw +libsigcxx +libpthread
- MAINTAINER:=Peter Wagner <tripolar@gmx.at>
+ MAINTAINER:=Rosen Penev <rosenp@gmail.com>
endef
define Package/rtorrent/Default/description
---- a/configure.ac
-+++ b/configure.ac
-@@ -4,7 +4,6 @@ AC_DEFINE(API_VERSION, 9, api version)
-
- AM_INIT_AUTOMAKE
- AC_CONFIG_HEADERS(config.h)
--AM_PATH_CPPUNIT(1.9.6)
-
- AC_PROG_CXX
- AC_PROG_LIBTOOL
--- a/scripts/common.m4
+++ b/scripts/common.m4
@@ -153,7 +153,7 @@ dnl Need to fix this so that it uses t
- Canvas(int x = 0, int y = 0, int width = 0, int height = 0);
+ Canvas(int x = 0, int y = 0, int width = 1, int height = 1);
- ~Canvas() { delwin(m_window); }
+ ~Canvas() { if (!m_isDaemon) { delwin(m_window); } }
- void refresh() { wnoutrefresh(m_window); }
+ void refresh() { if (!m_isDaemon) { wnoutrefresh(m_window); } }
--- /dev/null
+config SAMBA4_SERVER_ACL
+ bool "ACL support (xattr)"
+ depends on PACKAGE_samba4-server
+ select PACKAGE_acl
+ help
+ installs: sharesec
+ modules: vfs_acl_xattr vfs_acl_tdb vfs_posixacl
+
+ Extended access control list support
+ default n
+
+config SAMBA4_SERVER_AD_DC
+ bool "Active Directory Domain Controller support (requires krb5-server) (EXPERIMENTAL)"
+ depends on PACKAGE_samba4-server
+ select PACKAGE_python-base
+ select PACKAGE_python-crypto
+ select PACKAGE_libopenssl
+ select PACKAGE_libgnutls
+ select PACKAGE_libopenldap
+ help
+ installs: samba (meta-daemon) python-crypt ntlm_auth
+ scripts: samba-tool
+
+ Run as a Active Directory Domain Controller
+ see: https://wiki.samba.org/index.php/Setting_up_Samba_as_an_Active_Directory_Domain_Controller
+ HINT: see section (# Using the Domain Controller as a File Server)
+ NOTE: Extroot is recommend for this setup, as it is not optimized to run completely from RAM/tempfs!
+ default n
+
+config SAMBA4_SERVER_AVAHI
+ bool "Avahi support"
+ depends on PACKAGE_samba4-server
+ select PACKAGE_libavahi-client
+ help
+ Announce Samba resources via DNS/DNS-SD using the Avahi daemon
+ default n
+
+config SAMBA4_SERVER_VFS
+ bool "Common VFS modules"
+ depends on PACKAGE_samba4-server
+ help
+ installs:
+ modules: (vfs_btrfs) vfs_fruit vfs_shadow_copy2 vfs_recycle vfs_fake_perms vfs_readonly vfs_cap vfs_offline vfs_crossrename
+
+ Commonly used VFS modules, vfs_btrfs requires kmod-fs-btrfs to be selected separately
+ default y
+
+config SAMBA4_SERVER_QUOTAS
+ bool "Disk quota support"
+ depends on PACKAGE_samba4-server
+ help
+ installs:
+ modules: vfs_default_quota
+
+ Support for disk quotas using the quotas VFS module (vfs_default_quota)
+ default n
+
+config SAMBA4_SERVER_VFSX
+ bool "Extended VFS modules"
+ depends on PACKAGE_samba4-server
+ help
+ installs:
+ modules: vfs_virusfilter vfs_shell_snap vfs_commit vfs_worm vfs_xattr_tdb vfs_streams_xattr vfs_aio_fork vfs_aio_pthread (vfs_linux_xfs_sgid) vfs_netatalk vfs_dirsort vfs_fileid vfs_catia
+
+ Additional VFS modules that aren't commonly used, vfs_linux_xfs_sgid requires kmod-fs-xfs to be selected separately
+ default n
+
+config SAMBA4_SERVER_NETBIOS
+ bool "NetBIOS support"
+ depends on PACKAGE_samba4-server
+ help
+ installs: nmbd (daemon)
+
+ Announce Samba resources via NetBIOS using the nmbd daemon
+ WSD (Web Services for Devices) replaces the functionality of NetBIOS and is provided by the wsdd2 package (selected by default).
+ Note: As of Windows 10 Fall Creators Update (1709) NetBIOS isn't supported unless the old SMB1 feature is reinstalled (not recommended).
+ Network shares can be directly accessed via network paths '\\hostname\sharename' and mounted via 'map network drive' without NetBIOS or WSD.
+ default n
+
+config SAMBA4_SERVER_WINBIND
+ bool "Winbind support"
+ depends on PACKAGE_samba4-server
+ depends on SAMBA4_SERVER_AD_DC
+ help
+ installs: winbindd (daemon) wbinfo
+
+ Support using domain users and groups in local commands, such as chown and chgrp.
+ Display domain users and groups in local command's output, such as ls.
+ see: https://wiki.samba.org/index.php/Configuring_Winbindd_on_a_Samba_AD_DC
+ default n
--- /dev/null
+# Based partially on (wongsyrone/hbl0307106015) versions
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=samba
+PKG_VERSION:=4.8.3
+PKG_RELEASE:=1
+
+PKG_MAINTAINER:=Andy Walsh <andy.walsh44+github@gmail.com>
+PKG_LICENSE:=GPL-3.0-only
+PKG_LICENSE_FILES:=COPYING
+
+PKG_SOURCE_URL:=https://download.samba.org/pub/samba/stable/
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_HASH:=e0569a8a605d5dfb49f1fdd11db796f4d36fe0351c4a7f21387ef253010b82ed
+
+# Buildroot bug? Can't add target deps via '+SAMBA4_SERVER_AD_DC:python-crypto' (as work-around we select via config.in)
+PKG_BUILD_DEPENDS:=perl/host python/host qemu-userspace/host SAMBA4_SERVER_AD_DC:python-crypto
+
+PKG_CONFIG_DEPENDS:= \
+ CONFIG_SAMBA4_SERVER_NETBIOS \
+ CONFIG_SAMBA4_SERVER_AVAHI \
+ CONFIG_SAMBA4_SERVER_VFS \
+ CONFIG_SAMBA4_SERVER_VFSX \
+ CONFIG_SAMBA4_SERVER_QUOTAS \
+ CONFIG_SAMBA4_SERVER_ACL \
+ CONFIG_SAMBA4_SERVER_AD_DC \
+ CONFIG_SAMBA4_SERVER_WINBIND \
+ CONFIG_PACKAGE_kmod-fs-btrfs \
+ CONFIG_PACKAGE_kmod-fs-xfs
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/samba4/Default
+ SECTION:=net
+ CATEGORY:=Network
+ TITLE:=Samba $(PKG_VERSION)
+ URL:=http://www.samba.org/
+endef
+
+define Package/samba4/Default/description
+ The Samba software suite is a collection of programs that implements the
+ SMB/CIFS protocol for UNIX systems, allowing you to serve files and printers.
+
+ Samba 4 implements up-to protocol version SMB v3.1.1 (Win10), supports mDNS via AVAHI and a AD-DC setup via krb5.
+ NOTE: No cluster and printer support.
+endef
+
+define Package/samba4-libs
+ $(call Package/samba4/Default)
+ TITLE+= libs
+ DEPENDS:= +zlib +libtirpc +krb5-libs +libpopt \
+ +PACKAGE_libcap:libcap +PACKAGE_jansson:jansson +PACKAGE_libpthread:libpthread +PACKAGE_libnettle:libnettle +PACKAGE_libarchive:libarchive \
+ +SAMBA4_SERVER_ACL:acl +SAMBA4_SERVER_ACL:attr \
+ +SAMBA4_SERVER_AVAHI:libavahi-client \
+ +SAMBA4_SERVER_AD_DC:python-base +SAMBA4_SERVER_AD_DC:libopenssl +SAMBA4_SERVER_AD_DC:libgnutls +SAMBA4_SERVER_AD_DC:libopenldap
+endef
+
+define Package/samba4-server
+ $(call Package/samba4/Default)
+ TITLE+= server
+ DEPENDS:= +samba4-libs
+endef
+
+define Package/samba4-server/description
+ installs: smbd (daemon) smbpasswd pdbedit testparm
+
+ This provides the basic fileserver service and is the minimum needed to serve file shares.
+ HINT: https://fitzcarraldoblog.wordpress.com/2016/10/17/a-correct-method-of-configuring-samba-for-browsing-smb-shares-in-a-home-network/
+endef
+
+define Package/samba4-server/config
+ select PACKAGE_wsdd2
+ source "$(SOURCE)/Config.in"
+endef
+
+define Package/samba4-client
+ $(call Package/samba4/Default)
+ TITLE+= client
+ DEPENDS:= +samba4-libs
+endef
+
+define Package/samba4-client/description
+ installs: smbclient cifsdd
+
+ The smbclient program implements a simple ftp-like client for accessing SMB shares
+endef
+
+define Package/samba4-admin
+ $(call Package/samba4/Default)
+ TITLE+= admin tools
+ DEPENDS:= +samba4-libs
+endef
+
+define Package/samba4-admin/description
+ installs: net smbcontrol profiles rpcclient smbcacls smbcquotas
+
+ Administration tools collection
+endef
+
+define Package/samba4-utils
+ $(call Package/samba4/Default)
+ TITLE+= utils
+ DEPENDS:= +samba4-libs
+endef
+
+define Package/samba4-utils/description
+ installs: smbstatus smbtree smbget nmblookup mvxattr
+
+ Utilities collection
+endef
+
+TARGET_CFLAGS += -ffunction-sections -fdata-sections
+TARGET_LDFLAGS += -Wl,--gc-sections
+
+CONFIGURE_VARS += \
+ CPP="$(TARGET_CROSS)cpp"
+
+CONFIGURE_CMD = ./buildtools/bin/waf
+
+# Strip options that WAF configure script does not recognize
+CONFIGURE_ARGS:=$(filter-out \
+ --host=% \
+ --build=% \
+ --program-suffix=% \
+ --disable-nls \
+ --disable-ipv6 \
+ , $(CONFIGURE_ARGS))
+
+CONFIGURE_ARGS += \
+ --hostcc="$(HOSTCC)" \
+ --cross-compile \
+ --cross-execute="qemu-$(ARCH) -L $(STAGING_DIR_ROOT)" \
+ --disable-cups \
+ --disable-iprint \
+ --disable-cephfs \
+ --disable-fault-handling \
+ --disable-glusterfs \
+ --disable-rpath \
+ --disable-rpath-install \
+ --disable-rpath-private-install \
+ --enable-fhs \
+ --without-automount \
+ --without-iconv \
+ --without-lttng \
+ --without-ntvfs-fileserver \
+ --without-pam \
+ --without-systemd \
+ --without-utmp \
+ --without-dmapi \
+ --without-fam \
+ --without-gettext \
+ --without-regedit \
+ --without-gpgme
+
+# Optional AES-NI support - https://lists.samba.org/archive/samba-technical/2017-September/122738.html
+# Support for Nettle wasn't comitted
+CONFIGURE_ARGS += --accel-aes=none
+
+CONFIGURE_ARGS += \
+ --with-lockdir=/var/lock \
+ --with-logfilebase=/var/log \
+ --with-piddir=/var/run \
+ --with-privatedir=/etc/samba
+
+CONFIGURE_ARGS += \
+ --with-system-mitkrb5 "$(STAGING_DIR)/usr" \
+ --with-system-mitkdc=/usr/sbin/krb5kdc
+
+ ## embedded-heimdal
+ # --bundled-libraries=talloc,tevent,tdb,ldb,com_err,cmocka,roken,wind,hx509,asn1,heimbase,hcrypto,krb5,gssapi,heimntlm,hdb,kdc,NONE
+
+ifeq ($(CONFIG_SAMBA4_SERVER_AVAHI),y)
+ CONFIGURE_ARGS += --enable-avahi
+else
+ CONFIGURE_ARGS += --disable-avahi
+endif
+ifeq ($(CONFIG_SAMBA4_SERVER_QUOTAS),y)
+ CONFIGURE_ARGS += --with-quotas
+else
+ CONFIGURE_ARGS += --without-quotas
+endif
+ifeq ($(CONFIG_SAMBA4_SERVER_ACL),y)
+ CONFIGURE_ARGS += --with-acl-support
+else
+ CONFIGURE_ARGS += --without-acl-support
+endif
+ifeq ($(CONFIG_SAMBA4_SERVER_AD_DC),y)
+ CONFIGURE_ARGS += --enable-gnutls --with-dnsupdate --with-ads --with-ldap
+ TARGET_CFLAGS := -I$(STAGING_DIR)/usr/include/python2.7 $(TARGET_CFLAGS)
+else
+ CONFIGURE_ARGS += --without-ad-dc --disable-python --nopyc --nopyo --disable-gnutls --without-dnsupdate --without-ads --without-ldap
+ CONFIGURE_VARS += \
+ python_LDFLAGS="" \
+ python_LIBDIR=""
+endif
+ifeq ($(CONFIG_SAMBA4_SERVER_WINBIND),y)
+ CONFIGURE_ARGS += --with-winbind
+else
+ CONFIGURE_ARGS += --without-winbind
+endif
+
+SAMBA4_IDMAP_MODULES :=
+SAMBA4_IDMAP_MODULES_SHARED :=
+SAMBA4_PDB_MODULES :=pdb_smbpasswd,pdb_tdbsam,
+SAMBA4_AUTH_MODULES :=auth_builtin,auth_sam,auth_unix,auth_script,
+SAMBA4_VFS_MODULES :=vfs_default,
+ifeq ($(CONFIG_SAMBA4_SERVER_VFS),y)
+ SAMBA4_VFS_MODULES :=$(SAMBA4_VFS_MODULES)vfs_fruit,vfs_shadow_copy2,vfs_recycle,vfs_fake_perms,vfs_readonly,vfs_cap,vfs_offline,vfs_crossrename,
+ifeq ($(CONFIG_PACKAGE_kmod-fs-btrfs),y)
+ SAMBA4_VFS_MODULES :=$(SAMBA4_VFS_MODULES)vfs_btrfs,
+endif
+endif
+ifeq ($(CONFIG_SAMBA4_SERVER_VFSX),y)
+ SAMBA4_VFS_MODULES :=$(SAMBA4_VFS_MODULES)vfs_virusfilter,vfs_shell_snap,vfs_commit,vfs_worm,vfs_xattr_tdb,vfs_streams_xattr,vfs_aio_fork,vfs_aio_pthread,vfs_netatalk,vfs_dirsort,vfs_fileid,vfs_catia,
+ifeq ($(CONFIG_PACKAGE_kmod-fs-xfs),y)
+ SAMBA4_VFS_MODULES :=$(SAMBA4_VFS_MODULES)vfs_linux_xfs_sgid,
+endif
+endif
+ifeq ($(CONFIG_SAMBA4_SERVER_QUOTAS),y)
+ SAMBA4_VFS_MODULES :=$(SAMBA4_VFS_MODULES)vfs_default_quota,
+endif
+ifeq ($(CONFIG_SAMBA4_SERVER_ACL),y)
+ SAMBA4_VFS_MODULES :=$(SAMBA4_VFS_MODULES)vfs_posixacl,vfs_acl_xattr,vfs_acl_tdb,
+ # vfs_zfsacl needs https://github.com/zfsonlinux/zfs/tree/master/include/sys/zfs_acl.h
+ # vfs_nfs4acl_xattr needs https://github.com/notriddle/libdrpc/blob/master/rpc/xdr.h
+endif
+ifeq ($(CONFIG_SAMBA4_SERVER_AD_DC),y)
+ SAMBA4_PDB_MODULES :=$(SAMBA4_PDB_MODULES)pdb_samba_dsdb,
+ SAMBA4_AUTH_MODULES :=$(SAMBA4_AUTH_MODULES)auth_samba4,
+endif
+ifeq ($(CONFIG_SAMBA4_SERVER_WINBIND),y)
+ SAMBA4_IDMAP_MODULES :=$(SAMBA4_IDMAP_MODULES)idmap_passdb,idmap_nss,idmap_tdb,idmap_tdb2,idmap_script,nss_info_template,
+ SAMBA4_IDMAP_MODULES_SHARED :=$(SAMBA4_IDMAP_MODULES_SHARED)idmap_autorid,idmap_rid,idmap_ad,idmap_rfc2307,
+ # idmap_ad needs --with-ads
+ # idmap_rfc2307 needs ldap headers
+ SAMBA4_AUTH_MODULES :=$(SAMBA4_AUTH_MODULES)auth_winbind,
+endif
+
+SAMBA4_MODULES :=${SAMBA4_AUTH_MODULES}${SAMBA4_PDB_MODULES}${SAMBA4_IDMAP_MODULES}${SAMBA4_VFS_MODULES}
+SAMBA4_MODULES_SHARDED :=${SAMBA4_IDMAP_MODULES_SHARED}
+
+CONFIGURE_ARGS += \
+ --with-static-modules=$(SAMBA4_MODULES)!DEFAULT,!FORCED \
+ --with-shared-modules=$(SAMBA4_MODULES_SHARDED)!DEFAULT,!FORCED
+
+# Setup build/install targets
+# CONFIG_PACKAGE_samba4-server
+BUILD_TARGETS_SERVER :=smbd/smbd,smbpasswd,pdbedit,testparm
+# Optional server targets
+ifeq ($(CONFIG_SAMBA4_SERVER_ACL),y)
+ BUILD_TARGETS_SERVER :=$(BUILD_TARGETS_SERVER),sharesec
+endif
+ifeq ($(CONFIG_SAMBA4_SERVER_NETBIOS),y)
+ BUILD_TARGETS_SERVER :=$(BUILD_TARGETS_SERVER),nmbd
+endif
+ifeq ($(CONFIG_SAMBA4_SERVER_AD_DC),y)
+ BUILD_TARGETS_SERVER :=$(BUILD_TARGETS_SERVER),samba,nsstest,ntlm_auth
+endif
+ifeq ($(CONFIG_SAMBA4_SERVER_WINBIND),y)
+ BUILD_TARGETS_SERVER :=$(BUILD_TARGETS_SERVER),winbindd,wbinfo,winbind_krb5_locator
+endif
+# CONFIG_PACKAGE_samba4-client
+BUILD_TARGETS_CLIENT :=client/smbclient,client/cifsdd
+# CONFIG_PACKAGE_samba4-admin
+BUILD_TARGETS_ADMIN :=net,smbcontrol,profiles,rpcclient,smbcacls,smbcquotas
+# CONFIG_PACKAGE_samba4-utils
+BUILD_TARGETS_UTILS :=smbstatus,smbtree,smbget,mvxattr,nmblookup
+
+# lib bundling
+# NOTE: Compile some unique libs into related bins, so we end-up with a unified samba4-libs base, mainly to allow package separation (server, client, admin, utils)
+CONFIGURE_ARGS += --builtin-libraries=smbclient,netapi,samba-passdb,ads,auth,cli-spoolss,libcli-lsa3,gpext,talloc,tevent,texpect,tdb,ldb,tdr,cmocka,replace
+#CONFIGURE_ARGS += --nonshared-binary=$(BUILD_TARGETS_SERVER)
+# NOTE: bundle + make private, we want to avoid version configuration (build, link) conflicts
+ifeq ($(CONFIG_SAMBA4_SERVER_AD_DC),y)
+CONFIGURE_ARGS += --bundled-libraries=talloc,tevent,texpect,tdb,ldb,tdr,cmocka,replace,pytalloc-util,pyldb-util,NONE
+else
+CONFIGURE_ARGS += --bundled-libraries=talloc,tevent,texpect,tdb,ldb,tdr,cmocka,replace,NONE
+endif
+CONFIGURE_ARGS += --private-libraries=talloc,tevent,texpect,tdb,ldb,tdr,cmocka,replace
+
+define Build/Prepare
+ $(Build/Prepare/Default)
+ifeq ($(CONFIG_SAMBA4_SERVER_AD_DC),)
+ # un-bundle dnspython
+ $(SED) '/"dns.resolver":/d' $(PKG_BUILD_DIR)/third_party/wscript
+ # unbundle iso8601
+ $(SED) '/"iso8601":/d' $(PKG_BUILD_DIR)/third_party/wscript
+endif
+endef
+
+define Build/Configure
+ $(call Build/Configure/Default,configure)
+endef
+
+# BUG: We need to use "waf install --targets=" otherwise a "make install" or "waf install" will retrigger a full recompile of all possible targets!
+define Build/Compile
+ (cd $(PKG_BUILD_DIR); \
+ ./buildtools/bin/waf install -j$(shell nproc) \
+ --targets=$(SAMBA4_MODULES)$(SAMBA4_MODULES_SHARDED)$(BUILD_TARGETS_SERVER),$(BUILD_TARGETS_UTILS),$(BUILD_TARGETS_ADMIN),$(BUILD_TARGETS_CLIENT) \
+ --destdir="$(PKG_INSTALL_DIR)" \
+ )
+endef
+
+# No default install see above
+define Build/Install
+endef
+
+define Package/samba4-libs/install
+ $(INSTALL_DIR) $(1)/usr/lib
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/*.so* $(1)/usr/lib/
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/samba/*.so* $(1)/usr/lib/
+endef
+
+define Package/samba4-client/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/{smbclient,cifsdd} $(1)/usr/bin/
+endef
+
+define Package/samba4-admin/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/{net,smbcontrol,profiles,rpcclient,smbcacls,smbcquotas} $(1)/usr/bin/
+endef
+
+define Package/samba4-utils/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/{smbstatus,smbtree,smbget,mvxattr,nmblookup} $(1)/usr/bin/
+endef
+
+define Package/samba4-server/install
+ $(INSTALL_DIR) $(1)/usr/lib/samba
+ if [ -d $(PKG_INSTALL_DIR)/usr/lib/samba/idmap ]; then \
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/samba/idmap $(1)/usr/lib/samba/; \
+ fi
+ if [ -d $(PKG_INSTALL_DIR)/usr/lib/samba/auth ]; then \
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/samba/auth $(1)/usr/lib/samba/; \
+ fi
+ if [ -d $(PKG_INSTALL_DIR)/usr/lib/samba/vfs ]; then \
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/samba/vfs $(1)/usr/lib/samba/; \
+ fi
+ if [ -d $(PKG_INSTALL_DIR)/usr/lib/samba/pdb ]; then \
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/samba/pdb $(1)/usr/lib/samba/; \
+ fi
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/{smbpasswd,pdbedit,testparm} $(1)/usr/bin/
+ $(INSTALL_DIR) $(1)/usr/sbin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/smbd $(1)/usr/sbin/
+ifeq ($(CONFIG_SAMBA4_SERVER_AD_DC),y)
+ $(CP) $(PKG_INSTALL_DIR)/usr/lib/python2.7 $(1)/usr/lib/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/{samba-tool,ntlm_auth} $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/{samba,samba_gpoupdate,samba_dnsupdate,samba_kcc,samba_spnupdate,samba_upgradedns} $(1)/usr/sbin/
+endif
+ifeq ($(CONFIG_SAMBA4_SERVER_NETBIOS),y)
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/nmbd $(1)/usr/sbin/
+endif
+ifeq ($(CONFIG_SAMBA4_SERVER_WINBIND),y)
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/wbinfo $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/winbindd $(1)/usr/sbin/
+endif
+ifeq ($(CONFIG_SAMBA4_SERVER_ACL),y)
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/sharesec $(1)/usr/bin/
+endif
+ $(INSTALL_DIR) $(1)/etc/config $(1)/etc/samba $(1)/etc/init.d
+ $(INSTALL_DATA) ./files/samba.config $(1)/etc/config/samba4
+ $(INSTALL_DATA) ./files/smb.conf.template $(1)/etc/samba
+ $(INSTALL_BIN) ./files/samba.init $(1)/etc/init.d/samba4
+endef
+
+define Package/samba4-server/conffiles
+/etc/config/samba4
+/etc/samba/smb.conf.template
+/etc/samba/smb.conf
+/etc/samba/smbpasswd
+/etc/samba/secrets.tdb
+/etc/samba/passdb.tdb
+/etc/samba/idmap.ldb
+/etc/samba/lmhosts
+/etc/nsswitch.conf
+endef
+
+$(eval $(call BuildPackage,samba4-libs))
+$(eval $(call BuildPackage,samba4-server))
+$(eval $(call BuildPackage,samba4-client))
+$(eval $(call BuildPackage,samba4-admin))
+$(eval $(call BuildPackage,samba4-utils))
--- /dev/null
+config samba
+ option 'name' 'OpenWrt-SMB'
+ option 'workgroup' 'WORKGROUP'
+ option 'description' 'Samba on OpenWrt'
+ option 'charset' 'UTF-8'
+ option 'homes' '0'
+
--- /dev/null
+#!/bin/sh /etc/rc.common
+
+START=99
+USE_PROCD=1
+
+smb_header() {
+ config_get samba_iface $1 interface "loopback lan"
+
+ # resolve interfaces
+ local interfaces=$(
+ . /lib/functions/network.sh
+
+ local net
+ for net in $samba_iface; do
+ local device
+ network_is_up $net || continue
+ network_get_device device "$net"
+ echo -n "${device:-$net} "
+ done
+ )
+
+ local name workgroup description charset
+ local hostname="$(uci_get system.@system[0].hostname)"
+
+ config_get name $1 name "${hostname:-OpenWrt}"
+ config_get workgroup $1 workgroup "${hostname:-WORKGROUP}"
+ config_get description $1 description "Samba on ${hostname:-OpenWrt}"
+ config_get charset $1 charset "UTF-8"
+
+ config_get_bool DISABLE_NETBIOS $1 disable_netbios 0
+ config_get_bool DISABLE_AD_DC $1 disable_ad_dc 0
+ config_get_bool DISABLE_WINBIND $1 disable_winbind 0
+
+ mkdir -p /var/etc
+ sed -e "s#|NAME|#$name#g" \
+ -e "s#|WORKGROUP|#$workgroup#g" \
+ -e "s#|DESCRIPTION|#$description#g" \
+ -e "s#|INTERFACES|#$interfaces#g" \
+ -e "s#|CHARSET|#$charset#g" \
+ /etc/samba/smb.conf.template > /var/etc/smb.conf
+
+ echo -e "\n######### Dynamic written config options #########\n" >> /var/etc/smb.conf
+ if [ "$DISABLE_NETBIOS" -eq 1 ] || [ ! -x /usr/sbin/nmbd ]; then
+ echo -e "\tdisable netbios = yes" >> /var/etc/smb.conf
+ fi
+
+ local homes
+ config_get_bool homes $1 homes 0
+ [ $homes -gt 0 ] && {
+ cat <<EOT >> /var/etc/smb.conf
+
+[homes]
+ comment = Home Directories
+ browsable = no
+ writable = yes
+ read only = no
+ create mask = 0750
+EOT
+ }
+
+ [ -L /etc/samba/smb.conf ] || ln -nsf /var/etc/smb.conf /etc/samba/smb.conf
+}
+
+smb_add_share() {
+ local name
+ local path
+ local users
+ local public
+ local writable
+ local printable
+ local create_mask
+
+ local browseable
+ local read_only
+ local guest_ok
+ local guest_only
+ local inherit_owner
+ local vfs_objects
+
+ config_get name $1 name
+ config_get path $1 path
+ config_get users $1 users
+ config_get public $1 public
+ config_get writable $1 writable
+ config_get printable $1 printable
+ config_get create_mask $1 create_mask
+ config_get dir_mask $1 dir_mask
+
+
+ config_get browseable $1 browseable
+ config_get read_only $1 read_only
+ config_get guest_ok $1 guest_ok
+ config_get guest_only $1 guest_only
+ config_get inherit_owner $1 inherit_owner
+ config_get vfs_objects $1 vfs_objects
+
+
+ [ -z "$name" -o -z "$path" ] && return
+
+ echo -e "\n[$name]\n\tpath = $path" >> /var/etc/smb.conf
+ [ -n "$users" ] && echo -e "\tvalid users = $users" >> /var/etc/smb.conf
+ [ -n "$public" ] && echo -e "\tpublic = $public" >> /var/etc/smb.conf
+ [ -n "$writable" ] && echo -e "\twritable = $writable" >> /var/etc/smb.conf
+ [ -n "$printable" ] && echo -e "\tprintable = $printable" >> /var/etc/smb.conf
+ [ -n "$create_mask" ] && echo -e "\tcreate mask = $create_mask" >> /var/etc/smb.conf
+ [ -n "$dir_mask" ] && echo -e "\tdirectory mask = $dir_mask" >> /var/etc/smb.conf
+
+ [ -n "$browseable" ] && echo -e "\tbrowseable = $browseable" >> /var/etc/smb.conf
+ [ -n "$read_only" ] && echo -e "\tread only = $read_only" >> /var/etc/smb.conf
+ [ -n "$guest_ok" ] && echo -e "\tguest ok = $guest_ok" >> /var/etc/smb.conf
+ [ -n "$guest_only" ] && echo -e "\tguest only = $guest_only" >> /var/etc/smb.conf
+ [ -n "$inherit_owner" ] && echo -e "\tinherit owner = $inherit_owner" >> /var/etc/smb.conf
+ [ -n "$vfs_objects" ] && echo -e "\tvfs objects = $vfs_objects" >> /var/etc/smb.conf
+}
+
+init_config() {
+ # Create samba dirs
+ [ -d /var/lib/samba ] || mkdir -p /var/lib/samba
+ [ -d /var/cache/samba ] || mkdir -p /var/cache/samba
+ [ -d /var/run/samba ] || mkdir -p /var/run/samba
+ [ -d /var/log/samba ] || mkdir -p /var/log/samba
+ [ -d /var/lock ] && chmod 0755 /var/lock || {
+ mkdir -p /var/lock
+ chmod 0755 /var/lock
+ }
+
+ config_load samba4
+ config_foreach smb_header samba
+ config_foreach smb_add_share sambashare
+}
+
+reload_service() {
+ init_config
+
+ killall -HUP samba
+ killall -HUP smbd
+ killall -HUP nmbd
+ killall -HUP winbindd
+}
+
+service_triggers() {
+ procd_add_reload_trigger samba4
+
+ local i
+ for i in $samba_iface; do
+ procd_add_reload_interface_trigger $i
+ done
+}
+
+start_service() {
+ init_config
+
+ # start main AC-DC daemon, will spawn (smbd,nmbd,winbindd) as needed/configured.
+ if [ "$DISABLE_AD_DC" -ne 1 ] && [ -x /usr/sbin/samba ]; then
+ procd_open_instance
+ procd_set_param command /usr/sbin/samba -F
+ procd_set_param respawn
+ procd_set_param file /var/etc/smb.conf
+ procd_close_instance
+ else
+ # start fileserver daemon
+ procd_open_instance
+ procd_set_param command /usr/sbin/smbd -F
+ procd_set_param respawn
+ procd_set_param file /var/etc/smb.conf
+ procd_close_instance
+
+ # start netbios daemon
+ if [ "$DISABLE_NETBIOS" -ne 1 ] && [ -x /usr/sbin/nmbd ]; then
+ procd_open_instance
+ procd_set_param command /usr/sbin/nmbd -F
+ procd_set_param respawn
+ procd_set_param file /var/etc/smb.conf
+ procd_close_instance
+ fi
+ # start winbind daemon
+ if [ "$DISABLE_WINBIND" -ne 1 ] && [ -x /usr/sbin/winbindd ]; then
+ procd_open_instance
+ procd_set_param command /usr/sbin/winbindd -F
+ procd_set_param respawn
+ procd_set_param file /var/etc/smb.conf
+ procd_close_instance
+ fi
+ fi
+ # lower priority using renice (if found)
+ if [ -x /usr/bin/renice ]; then
+ [ -x /usr/sbin/samba ] && renice -n 2 $(pidof samba)
+ [ -x /usr/sbin/smbd ] && renice -n 2 $(pidof smbd)
+ [ -x /usr/sbin/nmbd ] && renice -n 2 $(pidof nmbd)
+ [ -x /usr/sbin/winbindd ] && renice -n 2 $(pidof winbindd)
+ fi
+}
--- /dev/null
+[global]
+ netbios name = |NAME|
+ interfaces = |INTERFACES|
+ server string = |DESCRIPTION|
+ unix charset = |CHARSET|
+ workgroup = |WORKGROUP|
+
+ ## This global parameter allows the Samba admin to limit what interfaces on a machine will serve SMB requests.
+ bind interfaces only = yes
+
+ ## time for inactive connections to-be closed in minutes
+ deadtime = 15
+
+ ## disable core dumps
+ enable core files = no
+
+ ## set security (auto, user, domain, ads)
+ security = user
+
+ ## This parameter controls whether a remote client is allowed or required to use SMB encryption.
+ ## It has different effects depending on whether the connection uses SMB1 or SMB2 and newer:
+ ## If the connection uses SMB1, then this option controls the use of a Samba-specific extension to the SMB protocol introduced in Samba 3.2 that makes use of the Unix extensions.
+ ## If the connection uses SMB2 or newer, then this option controls the use of the SMB-level encryption that is supported in SMB version 3.0 and above and available in Windows 8 and newer.
+ ##(default/auto,desired,required,off)
+ #smb encrypt = default
+
+ ## set invalid users
+ invalid users = root
+
+ ## map unknow users to guest
+ map to guest = Bad User
+
+ ## allow client access to accounts that have null passwords.
+ null passwords = yes
+
+ ## The old plaintext passdb backend. Some Samba features will not work if this passdb backend is used. (NOTE: enabled for size reasons)
+ ## (tdbsam,smbpasswd,ldapsam)
+ passdb backend = smbpasswd
+
+ ## Set location of smbpasswd ('smbd -b' will show default compiled location)
+ #smb passwd file = /etc/samba/smbpasswd
+
+ ## LAN/WAN options (IPTOS_LOWDELAY TCP_NODELAY) WAN (IPTOS_THROUGHPUT)
+ socket options = IPTOS_LOWDELAY TCP_NODELAY
+
+ ## lower CPU useage if supported
+ use sendfile = yes
+
+ ## samba will behave as previous versions of Samba would and will fail the lock request immediately if the lock range cannot be obtained.
+ #blocking locks = No
+
+ ## disable loading of all printcap printers by default (iprint, cups, lpstat)
+ load printers = No
+ printcap name = /dev/null
+
+ ## Disable that nmbd is acting as a WINS server for unknow netbios names
+ #dns proxy = No
+
+ ## win/unix user mapping backend
+ #idmap config * : backend = tdb
+
+ ## Allows the server name that is advertised through MDNS to be set to the hostname rather than the Samba NETBIOS name.
+ ## This allows an administrator to make Samba registered MDNS records match the case of the hostname rather than being in all capitals.
+ ## (netbios, mdns)
+ #mdns name = mdns
+
+ ## Clients that only support netbios won't be able to see your samba server when netbios support is disabled.
+ #disable netbios = Yes
+
+ ## Setting this value to no will cause nmbd never to become a local master browser.
+ #local master = no
+
+ ## (auto, yes) If this is set to yes, on startup, nmbd will force an election, and it will have a slight advantage in winning the election. It is recommended that this parameter is used in conjunction with domain master = yes, so that nmbd can guarantee becoming a domain master.
+ #preferred master = yes
+
+ ## (445 139) Specifies which ports the server should listen on for SMB traffic.
+ ## 139 is netbios/nmbd
+ #smb ports = 445 139
+
+ ## This is a list of files and directories that are neither visible nor accessible.
+ ## Each entry in the list must be separated by a '/', which allows spaces to be included in the entry. '*' and '?' can be used to specify multiple files or directories as in DOS wildcards.
+ veto files = /Thumbs.db/.DS_Store/._.DS_Store/.apdisk/
+
+ ## If a directory that is to be deleted contains nothing but veto files this deletion will fail unless you also set the delete veto files parameter to yes.
+ delete veto files = yes
+
+################ Filesystem and creation rules ################
+ ## reported filesystem type (NTFS,Samba,FAT)
+ #fstype = FAT
+
+ ## Allows a user who has write access to the file (by whatever means, including an ACL permission) to modify the permissions (including ACL) on it.
+ #dos filemode = Yes
+
+ ## file/dir creating rules
+ #create mask = 0666
+ #directory mask = 0777
+ #force group = root
+ #force user = root
+ #inherit owner = windows and unix
+################################################################
--- /dev/null
+--- samba-4.4.0rc2/source3/wscript
++++ samba-4.4.0rc2/source3/wscript
+@@ -870,7 +870,7 @@
+ if conf.env.with_iconv:
+ conf.DEFINE('HAVE_ICONV', 1)
+
+- if Options.options.with_pam:
++ if Options.options.with_pam != False:
+ use_pam=True
+ conf.CHECK_HEADERS('security/pam_appl.h pam/pam_appl.h')
+ if not conf.CONFIG_SET('HAVE_SECURITY_PAM_APPL_H') and not conf.CONFIG_SET('HAVE_PAM_PAM_APPL_H'):
+@@ -943,6 +943,17 @@
+ conf.DEFINE('WITH_PAM', 1)
+ conf.DEFINE('WITH_PAM_MODULES', 1)
+
++ else:
++ Logs.warn("PAM disabled")
++ use_pam=False
++ conf.undefine('WITH_PAM')
++ conf.undefine('WITH_PAM_MODULES')
++ conf.undefine('HAVE_SECURITY_PAM_APPL_H')
++ conf.undefine('PAM_RHOST')
++ conf.undefine('PAM_TTY')
++ conf.undefine('HAVE_PAM_PAM_APPL_H')
++
++
+ seteuid = False
+
+ #
--- /dev/null
+samba: build dnsserver_common code
+
+Just 'install' does not seem to do it.
+
+Upstream-Status: Pending
+
+Signed-off-by: Joe Slater <joe.slater@windriver.com>
+
+--- a/source4/dns_server/wscript_build
++++ b/source4/dns_server/wscript_build
+@@ -4,7 +4,7 @@ bld.SAMBA_LIBRARY('dnsserver_common',
+ source='dnsserver_common.c',
+ deps='samba-util samba-errors ldbsamba clidns',
+ private_library=True,
+- install=bld.AD_DC_BUILD_IS_ENABLED()
++ enabled=bld.AD_DC_BUILD_IS_ENABLED()
+ )
+
+ bld.SAMBA_MODULE('service_dns',
--- /dev/null
+--- a/source3/lib/messages.c
++++ b/source3/lib/messages.c
+@@ -221,7 +221,7 @@ struct messaging_context *messaging_init
+ return NULL;
+ }
+
+- priv_path = private_path("msg.sock");
++ priv_path = lock_path("msg.sock");
+ if (priv_path == NULL) {
+ TALLOC_FREE(ctx);
+ return NULL;
+@@ -311,7 +311,7 @@ NTSTATUS messaging_reinit(struct messagi
+
+ msg_ctx->msg_dgm_ref = messaging_dgm_ref(
+ msg_ctx, msg_ctx->event_ctx, &msg_ctx->id.unique_id,
+- private_path("msg.sock"), lck_path,
++ lock_path("msg.sock"), lck_path,
+ messaging_recv_cb, msg_ctx, &ret);
+
+ if (msg_ctx->msg_dgm_ref == NULL) {
--- /dev/null
+--- a/source4/lib/messaging/messaging.c
++++ b/source4/lib/messaging/messaging.c
+@@ -323,7 +323,7 @@ struct imessaging_context *imessaging_in
+ goto fail;
+ }
+
+- msg->sock_dir = lpcfg_private_path(msg, lp_ctx, "msg.sock");
++ msg->sock_dir = lpcfg_lock_path(msg, lp_ctx, "msg.sock");
+ if (msg->sock_dir == NULL) {
+ goto fail;
+ }
--- /dev/null
+Some modules such as dynamic library maybe cann't be imported while cross compile,
+we just check whether does the module exist.
+
+Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
+
+Index: samba-4.4.2/buildtools/wafsamba/samba_bundled.py
+===================================================================
+--- samba-4.4.2.orig/buildtools/wafsamba/samba_bundled.py
++++ samba-4.4.2/buildtools/wafsamba/samba_bundled.py
+@@ -2,6 +2,7 @@
+
+ import sys
+ import Build, Options, Logs
++import imp, os
+ from Configure import conf
+ from samba_utils import TO_LIST
+
+@@ -230,17 +231,32 @@ def CHECK_BUNDLED_SYSTEM_PYTHON(conf, li
+ # versions
+ minversion = minimum_library_version(conf, libname, minversion)
+
+- try:
+- m = __import__(modulename)
+- except ImportError:
+- found = False
+- else:
++ # Find module in PYTHONPATH
++ stuff = imp.find_module(modulename, [os.environ["PYTHONPATH"]])
++ if stuff:
+ try:
+- version = m.__version__
+- except AttributeError:
++ m = imp.load_module(modulename, stuff[0], stuff[1], stuff[2])
++ except ImportError:
+ found = False
++
++ if conf.env.CROSS_COMPILE:
++ # Some modules such as dynamic library maybe cann't be imported
++ # while cross compile, we just check whether the module exist
++ Logs.warn('Cross module[%s] has been found, but can not be loaded.' % (stuff[1]))
++ found = True
+ else:
+- found = tuplize_version(version) >= tuplize_version(minversion)
++ try:
++ version = m.__version__
++ except AttributeError:
++ found = False
++ else:
++ found = tuplize_version(version) >= tuplize_version(minversion)
++ finally:
++ if stuff[0]:
++ stuff[0].close()
++ else:
++ found = False
++
+ if not found and not conf.LIB_MAY_BE_BUNDLED(libname):
+ Logs.error('ERROR: Python module %s of version %s not found, and bundling disabled' % (libname, minversion))
+ sys.exit(1)
--- /dev/null
+Don't check xsltproc manpages
+
+Signed-off-by: Bian Naimeng <biannm@cn.fujitsu.com>
+
+Index: samba-4.4.2/lib/ldb/wscript
+===================================================================
+--- samba-4.4.2.orig/lib/ldb/wscript
++++ samba-4.4.2/lib/ldb/wscript
+@@ -65,7 +65,7 @@ def configure(conf):
+ conf.define('USING_SYSTEM_LDB', 1)
+
+ if conf.env.standalone_ldb:
+- conf.CHECK_XSLTPROC_MANPAGES()
++ #conf.CHECK_XSLTPROC_MANPAGES()
+
+ # we need this for the ldap backend
+ if conf.CHECK_FUNCS_IN('ber_flush ldap_open ldap_initialize', 'lber ldap', headers='lber.h ldap.h'):
+Index: samba-4.4.2/lib/talloc/wscript
+===================================================================
+--- samba-4.4.2.orig/lib/talloc/wscript
++++ samba-4.4.2/lib/talloc/wscript
+@@ -56,7 +56,7 @@ def configure(conf):
+ if conf.env.standalone_talloc:
+ conf.env.TALLOC_COMPAT1 = Options.options.TALLOC_COMPAT1
+
+- conf.CHECK_XSLTPROC_MANPAGES()
++ #conf.CHECK_XSLTPROC_MANPAGES()
+
+ if not conf.env.disable_python:
+ # also disable if we don't have the python libs installed
+Index: samba-4.4.2/lib/tdb/wscript
+===================================================================
+--- samba-4.4.2.orig/lib/tdb/wscript
++++ samba-4.4.2/lib/tdb/wscript
+@@ -92,7 +92,7 @@ def configure(conf):
+ not conf.env.disable_tdb_mutex_locking):
+ conf.define('USE_TDB_MUTEX_LOCKING', 1)
+
+- conf.CHECK_XSLTPROC_MANPAGES()
++ #conf.CHECK_XSLTPROC_MANPAGES()
+
+ if not conf.env.disable_python:
+ # also disable if we don't have the python libs installed
--- /dev/null
+--- a/libcli/smbreadline/wscript_configure
++++ b/libcli/smbreadline/wscript_configure
+@@ -1,11 +1,13 @@
+ #!/usr/bin/env python
+
+
+-conf.CHECK_HEADERS('readline.h history.h readline/readline.h readline/history.h')
+-for termlib in ['ncurses', 'curses', 'termcap', 'terminfo', 'termlib', 'tinfo']:
+- if conf.CHECK_FUNCS_IN('tgetent', termlib):
+- conf.env['READLINE_TERMLIB'] = termlib
+- break
++#conf.CHECK_HEADERS('readline.h history.h readline/readline.h readline/history.h')
++#for termlib in ['ncurses', 'curses', 'termcap', 'terminfo', 'termlib', 'tinfo']:
++# if conf.CHECK_FUNCS_IN('tgetent', termlib):
++# conf.env['READLINE_TERMLIB'] = termlib
++# break
++
++conf.undefine('HAVE_READLINE_READLINE_H')
+
+ #
+ # Check if we need to work around readline/readline.h
CATEGORY:=Network
DEPENDS:=+libpcap
TITLE:=softflowd
- URL:=http://code.google.com/p/softflowd/
+ URL:=https://code.google.com/archive/p/softflowd/
endef
define Package/softflowd/description
PKG_NAME:=subversion
PKG_RELEASE:=1
-PKG_VERSION:=1.10.0
+PKG_VERSION:=1.10.2
PKG_SOURCE_URL:=@APACHE/subversion
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
-PKG_HASH:=2cf23f3abb837dea0585a6b0ebd70e80e01f95bddef7c1aa097c18e3eaa6b584
+PKG_HASH:=5b35e3a858d948de9e8892bf494893c9f7886782f6abbe166c0487c19cf6ed88
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
PKG_MAINTAINER:=Val Kulkov <val.kulkov@gmail.com>
PKG_FIXUP:=autoreconf
PKG_MACRO_PATHS:=build/ac-macros
+PKG_BUILD_DEPENDS:=apr-util
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/nls.mk
PKG_NAME:=transmission
PKG_VERSION:=2.94
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@GITHUB/transmission/transmission-releases/master
option group 'transmission'
option mem_percentage 50
option nice 10
+ option web_home ''
option alt_speed_down 50
option alt_speed_enabled false
option alt_speed_time_begin 540
local mem_percentage
local nice
local cmdline
+ local web_home
section_enabled "$section" || return 1
config_get mem_percentage "$cfg" 'mem_percentage' '50'
config_get config_overwrite "$cfg" config_overwrite 1
config_get nice "$cfg" nice 0
+ config_get web_home "$cfg" 'web_home'
local MEM=$(sed -ne 's!^MemTotal:[[:space:]]*\([0-9]*\) kB$!\1!p' /proc/meminfo)
if test "$MEM" -gt 1;then
logger -t transmission "Starting with $USE virt mem"
fi
+ if test -d "$web_home"; then
+ procd_set_param env TRANSMISSION_WEB_HOME="$web_home"
+ fi
+
procd_add_jail transmission log
procd_add_jail_mount $config_file
procd_add_jail_mount_rw $download_dir
include $(TOPDIR)/rules.mk
PKG_NAME:=travelmate
-PKG_VERSION:=1.2.0
+PKG_VERSION:=1.2.1
PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0+
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>
<pre><code>
~# /etc/init.d/travelmate status
::: travelmate runtime information
- + travelmate_status : connected (net ok/37)
- + travelmate_version : 1.2.0
- + station_id : blackhole/01:02:03:04:05:06
+ + travelmate_status : connected (net ok/78)
+ + travelmate_version : 1.2.1
+ + station_id : radio1/blackhole/01:02:03:04:05:06
+ station_interface : trm_wwan
- + station_radio : radio0
- + last_rundate : 04.04.2018 13:00:24
- + system : GL.iNet GL-AR750, OpenWrt SNAPSHOT r6588-16efb0c1c6
+ + faulty_stations :
+ + last_rundate : 28.07.2018 21:17:45
+ + system : TP-LINK RE450, OpenWrt SNAPSHOT r7540+5-20c4819c7b
</code></pre>
## Manual Setup
</code></pre>
## FAQ
-**Q:** What happen with misconfigured uplinks, e.g. due to outdated wlan passwords?
-**A:** Travelmate tries n times (default 3) to connect, then the respective uplink SSID will be marked / renamed to '_SSID_\_err' and travelmate no longer attends this uplink. In this case use the builtin wireless station manager to update your wireless credentials.
+**Q:** What happen with misconfigured, faulty uplinks, e.g. due to outdated wlan passwords?
+**A:** Travelmate tries n times (default 3) to connect, then the respective uplink will be marked as "faulty" in the JSON runtime file and hereafter ignored. To reset the JSON runtime file, simply restart travelmate.
**Q:** How to connect to hidden uplinks?
**A:** See 'example\_hidden' STA configuration above, option 'SSID' and 'BSSID' must be specified for successful connections.
#
LC_ALL=C
PATH="/usr/sbin:/usr/bin:/sbin:/bin"
-trm_ver="1.2.0"
+trm_ver="1.2.1"
trm_sysver="unknown"
trm_enabled=0
trm_debug=0
#
f_jsnup()
{
- local config sta_iface sta_radio sta_essid sta_bssid dev_status status="${trm_ifstatus}"
+ local config sta_iface sta_radio sta_essid sta_bssid dev_status status="${trm_ifstatus}" faulty_list faulty_station="${1}"
if [ "${status}" = "true" ]
then
fi
fi
- json_init
- json_add_object "data"
+ json_get_var faulty_list "faulty_stations"
+ if [ -n "${faulty_station}" ]
+ then
+ if [ -z "$(printf "%s" "${faulty_list}" | grep -Fo "${faulty_station}")" ]
+ then
+ faulty_list="${faulty_list} ${faulty_station}"
+ fi
+ fi
json_add_string "travelmate_status" "${status}"
json_add_string "travelmate_version" "${trm_ver}"
- json_add_string "station_id" "${sta_essid:-"-"}/${sta_bssid:-"-"}"
+ json_add_string "station_id" "${sta_radio:-"-"}/${sta_essid:-"-"}/${sta_bssid:-"-"}"
json_add_string "station_interface" "${sta_iface:-"-"}"
- json_add_string "station_radio" "${sta_radio:-"-"}"
+ json_add_string "faulty_stations" "${faulty_list}"
json_add_string "last_rundate" "$(/bin/date "+%d.%m.%Y %H:%M:%S")"
json_add_string "system" "${trm_sysver}"
- json_close_object
json_dump > "${trm_rtfile}"
- f_log "debug" "f_jsnup::: config: ${config:-"-"}, status: ${status:-"-"}, sta_iface: ${sta_iface:-"-"}, sta_radio: ${sta_radio:-"-"}, sta_essid: ${sta_essid:-"-"}, sta_bssid: ${sta_bssid:-"-"}"
+
+ f_log "debug" "f_jsnup::: config: ${config:-"-"}, status: ${status:-"-"}, sta_iface: ${sta_iface:-"-"}, sta_radio: ${sta_radio:-"-"}, sta_essid: ${sta_essid:-"-"}, sta_bssid: ${sta_bssid:-"-"}, faulty_list: ${faulty_list:-"-"}"
}
# write to syslog
#
f_main()
{
- local cnt dev config scan scan_list scan_essid scan_bssid scan_quality sta sta_essid sta_bssid sta_radio sta_iface IFS=" "
+ local cnt dev config scan scan_list scan_essid scan_bssid scan_quality sta sta_essid sta_bssid sta_radio sta_iface IFS=" " faulty_list
f_check "initial"
if [ "${trm_ifstatus}" != "true" ]
config_foreach f_prep wifi-iface
uci_commit wireless
f_check "dev" "running"
- f_log "debug" "f_main ::: iwinfo: ${trm_iwinfo}, dev_list: ${trm_devlist}, sta_list: ${trm_stalist:0:800}"
+ if [ -s "${trm_rtfile}" ]
+ then
+ json_get_var faulty_list "faulty_stations"
+ fi
+ f_log "debug" "f_main ::: iwinfo: ${trm_iwinfo}, dev_list: ${trm_devlist}, sta_list: ${trm_stalist:0:800}, faulty_list: ${faulty_list:-"-"}"
for dev in ${trm_devlist}
do
if [ -z "$(printf "%s" "${trm_stalist}" | grep -Fo "_${dev}")" ]
sta_essid="$(uci_get wireless "${config}" ssid)"
sta_bssid="$(uci_get wireless "${config}" bssid)"
sta_iface="$(uci_get wireless "${config}" network)"
+ if [ -n "$(printf "%s" "${faulty_list}" | grep -Fo "${sta_radio}/${sta_essid}/${sta_bssid}")" ]
+ then
+ continue
+ fi
IFS=","
for scan in ${scan_list}
do
elif [ ${cnt} -eq ${trm_maxretry} ]
then
uci_set wireless "${config}" disabled 1
- if [ -n "${sta_essid}" ]
- then
- uci_set wireless "${config}" ssid "${sta_essid}_err"
- fi
- if [ -n "${sta_bssid}" ]
- then
- uci_set wireless "${config}" bssid "${sta_bssid}_err"
- fi
uci_commit wireless
+ faulty_station="${sta_radio}/${sta_essid}/${sta_bssid}"
+ f_jsnup "${faulty_station}"
f_log "info" "can't connect to uplink '${sta_essid:-"-"}/${sta_bssid:-"-"}', uplink disabled (${trm_sysver})"
f_check "rev"
else
uci -q revert wireless
+ f_jsnup
f_log "info" "can't connect to uplink '${sta_essid:-"-"}/${sta_bssid:-"-"}' (${trm_sysver})"
f_check "rev"
fi
f_log "err" "system libraries not found"
fi
+# initialize json runtime file
+#
+if [ ! -s "${trm_rtfile}" ]
+then
+ json_init
+ json_add_object "data"
+else
+ json_load_file "${trm_rtfile}"
+ json_select data
+fi
+
# control travelmate actions
#
while true
PKG_NAME:=unbound
PKG_VERSION:=1.7.3
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE
$(INSTALL_DATA) ./files/iptools.sh $(1)/usr/lib/unbound/iptools.sh
$(INSTALL_BIN) ./files/odhcpd.sh $(1)/usr/lib/unbound/odhcpd.sh
$(INSTALL_DATA) ./files/odhcpd.awk $(1)/usr/lib/unbound/odhcpd.awk
- $(INSTALL_DATA) ./files/rootzone.sh $(1)/usr/lib/unbound/rootzone.sh
+ $(INSTALL_DATA) ./files/stopping.sh $(1)/usr/lib/unbound/stopping.sh
$(INSTALL_DATA) ./files/unbound.sh $(1)/usr/lib/unbound/unbound.sh
endef
## Package Overview
OpenWrt default build uses [dnsmasq](http://www.thekelleys.org.uk/dnsmasq/docs/dnsmasq-man.html) for DNS forwarding and DHCP. With a forward only resolver, dependence on the upstream recursors may be cause for concern. They are often provided by the ISP, and some users have switched to public DNS providers. Either way may result in problems due to performance, "snoop-vertising", hijacking (MiM), and other causes. Running a recursive resolver or resolver capable of TLS may be a solution.
-Unbound may be useful on consumer grade embedded hardware. It is fully DNSSEC and TLS capable. It is _intended_ to be a recursive resolver only. [NLnet Labs NSD](https://www.nlnetlabs.nl/projects/nsd/) is _intended_ for the authoritative task. This is different than [ISC Bind](https://www.isc.org/downloads/bind/) and its inclusive functions. Unbound configuration effort and memory consumption may be easier to control. A consumer could have their own recursive resolver with 8/64 MB router, and remove potential issues from forwarding resolvers outside of their control.
+Unbound may be useful on consumer grade embedded hardware. It is fully DNSSEC and TLS capable. It is _intended_ to be a recursive resolver only. NLnet Labs [NSD](https://www.nlnetlabs.nl/projects/nsd/) is _intended_ for the authoritative task. This is different than [ISC Bind](https://www.isc.org/downloads/bind/) and its inclusive functions. Unbound configuration effort and memory consumption may be easier to control. A consumer could have their own recursive resolver with 8/64 MB router, and remove potential issues from forwarding resolvers outside of their control.
This package builds on Unbounds capabilities with OpenWrt UCI. Not every Unbound option is in UCI, but rather, UCI simplifies the combination of related options. Unbounds native options are bundled and balanced within a smaller set of choices. Options include resources, DNSSEC, access control, and some TTL tweaking. The UCI also provides an escape option and works at the raw "unbound.conf" level.
**/etc/config/firewall**:
```
config rule
- option name 'Block-Public-DNS'
- option enabled '1'
- option src 'lan'
- option dest 'wan'
- option dest_port '53 853 5353'
- option proto 'tcpudp'
- option family 'any'
- option target 'REJECT'
+ option name 'Block-Public-DNS'
+ option enabled '1'
+ option src 'lan'
+ option dest 'wan'
+ option dest_port '53 853 5353'
+ option proto 'tcpudp'
+ option family 'any'
+ option target 'REJECT'
```
## HOW TO: Integrate with DHCP
Some UCI options and scripts help Unbound to work with DHCP servers to load the local DNS. The examples provided here are serial dnsmasq-unbound, parallel dnsmasq-unbound, and unbound scripted with odhcpd.
### Serial dnsmasq
-In this case, dnsmasq is not changed *much* with respect to the default [OpenWrt configuration](https://openwrt.org/docs/guide-user/base-system/dns_configuration). Here dnsmasq is forced to use the local Unbound instance as the lone upstream DNS server, instead of your ISP. This may be the easiest implementation, but performance degradation can occur in high volume networks. dnsmasq and Unbound effectively have the same information in memory, and all transfers are double handled.
+In this case, dnsmasq is not changed *much* with respect to the default [OpenWrt](https://openwrt.org/docs/guide-user/base-system/dns_configuration) configuration. Here dnsmasq is forced to use the local Unbound instance as the lone upstream DNS server, instead of your ISP. This may be the easiest implementation, but performance degradation can occur in high volume networks. Unbound and dnsmasq effectively have the same information in memory, and all transfers are double handled.
**/etc/config/unbound**:
```
option leasetime '12h'
option ra 'server'
option ra_management '1'
- # odhcpd should issue ULA [fd00::/8] by default
...
config odhcpd 'odhcpd'
The file `unbound_srv.conf` will be added into the `server:` clause. The file `unbound_ext.conf` will be added to the end of all configuration. It is for extended `forward-zone:`, `stub-zone:`, `auth-zone:`, and `view:` clauses. You can also disable unbound-control in the UCI which only allows "localhost" connections unencrypted, and then add an encrypted remote `control:` clause.
-#### DNS over TLS
-Some public servers are now offering DNS over TLS. Unbound supports acting as DNS over TLS forwarding client. You can use the override files to enable this funciton. Unbound will connect TLS without verifying keys unless you include the PEM path and install `ca-bundle` package. No connection or connection without verification will occur unless you use complete syntax with "@" and "#". See `forward-addr: 1.1.1.1@853#cloudflare-dns.com` for example. Unbound makes a new TLS connection for each query. You limit this effect using large resource and aggressive recursion setting (big cache and prefetching). You can also set memory and recursion to default and edit `unbound_srv.conf` to suit your needs. UCI improvements are in progress but not ready in OpenWrt 18.06.
+## HOW TO: Cache Zone Files
+Unbound has the ability to AXFR a whole zone from an authoritative server to prefetch the zone. This can speed up access to common zones. Some may have special bandwidth concerns for DNSSEC overhead. The following is a generic example. UCI defaults include the [root](https://www.internic.net/domain/) zone, but it is disabled as a ready to go example.
-**/etc/unbound/unbound_srv.conf**:
+**/etc/config/unbound**:
```
- tls-service-pem: /etc/ssl/certs/ca-certificates.crt
+config zone
+ option enabled '1'
+ option fallback '1'
+ option url_dir 'https://asset-management.it.example.com/zones/'
+ option zone_type 'auth_zone'
+ list server 'ns1.it.example.com'
+ list server 'ns2.it.example.com'
+ list zone_name 'example.com'
```
-**/etc/unbound/unbound_ext.conf**:
+## HOW TO: TLS Over DNS
+Unbound has the ability to be client and server in TLS mode. UCI can configure Unbound to be a client forwarding queries in TLS mode for selected domains. (Server is more complex to setup and needs to be done manually). This may be desired for privacy against stealth market tracking in some cases. Some public DNS servers seem to advertise help in this quest.
+
+Unbound will make TLS connections without validation unless you install the 'ca-bundle' package. Do **not** however forget to maintain the certification bundle. The validation chain otherwise will expire and connections will go dead. Unbound makes and breaks TCP connections per connection. To reduce the lag from TLS handshaking it may help to use more cache memory `resource`, increase record exirations `ttl_min`, enable `aggressive` searching, or manually enable prefetch options.
+
+The following is a generic example. If your looking for a better understanding, then some information can be found at [Cloudflare](https://www.cloudflare.com/) DNS [1.1.1.1](https://1.1.1.1/) for one place.
+
+**/etc/config/unbound**:
```
-forward-zone:
- name: .
- forward-addr: 1.1.1.1@853#cloudflare-dns.com
- forward-addr: 1.0.0.1@853#cloudflare-dns.com
- forward-addr: 2606:4700:4700::1111@853#cloudflare-dns.com
- forward-addr: 2606:4700:4700::1001@853#cloudflare-dns.com
- forward-tls-upstream: yes
+config zone
+ option enabled '1'
+ # question: do you want to recurse when TLS fails or not?
+ option fallback '0'
+ option tls_index 'dns.example.net'
+ option tls_upstream '1'
+ option zone_type 'forward_zone'
+ list server '192.0.2.53'
+ list server '2001:db8::53'
+ list zone_name '.'
```
## Complete List of UCI Options
Bytes. Extended DNS is necessary for DNSSEC. However, it can run
into MTU issues. Use this size in bytes to manage drop outs.
- option extended_luci '0'
- Boolean. Extends a tab hierarchy in LuCI for advanced configuration.
-
option extended_stats '0'
Boolean. extended statistics are printed from unbound-control.
Keeping track of more statistics takes time.
Boolean. Skip all this UCI nonsense. Manually edit the
configuration. Make changes to /etc/unbound/unbound.conf.
- option prefetch_root '0'
- Boolean. Cache the entire root. Enable Unbound `auth-zone:` clauses for
- "." (root), "arpa," "in-addr.arpa," and "ip6.arpa." Obtain complete zone
- files from public servers using http or AXFR. (see RFC7706)
-
option protocol 'mixed'
Unbound can limit its protocol used for recursive queries.
ip4_only - limit issues if you do not have native IPv6
embedded devices don't have a real time power off clock. NTP needs
DNS to resolve servers. This works around the chicken-and-egg.
- list domain_forward 'mail.my-isp.com'
- Domain. Do not recurse, but rather forward the domains to given DNS
- servers found in resolve.conf.auto from WAN DHCP client. This may
- provide better access to mirror servers in 'your neigborhood.' This
- may be useful in keeping local organization lookups on local subnets.
+ option verbosity '1'
+ Level. Sets Unbounds logging intensity.
list domain_insecure 'ntp.somewhere.org'
Domain. Domains that you wish to skip DNSSEC. It is one way around NTP
chicken and egg. Your DHCP servered domains are automatically included.
- list rebind_interface 'lan'
- Interface (logical). Works with 'rebind_protection' options 2 and 3.
-
list trigger_interface 'lan' 'wan'
Interface (logical). This option is a work around for netifd/procd
interaction with WAN DHCPv6. Minor RA or DHCP changes in IP6 can
cause netifd to execute procd interface reload. Limit Unbound procd
triggers to LAN and WAN (IP4 only) to prevent restart @2-3 minutes.
+
+
+config zone
+ Create Unbounds forward-zone:, stub-zone:, or auth-zone: clauses
+
+ option enabled 1
+ Boolean. Enable the zone clause.
+
+ option fallback 1
+ Boolean. Permit normal recursion when the narrowly selected servers
+ in this zone are unresponsive or return empty responses. Disable, if
+ there are security concerns (forward only internal to organization).
+
+ option port 53
+ Port. Servers are contact on this port for plain DNS operations.
+
+ option resolv_conf 0
+ Boolean. Use "resolv.conf" as it was filled by the DHCP client. This
+ can be used to forward zones within your ISP (mail.example.net) or that
+ have co-located services (streamed-movies.example.com). Recursion may
+ not yield the most local result, but forwarding may instead.
+
+ option tls_index (n/a)
+ Domain. Name TLS certificates are signed for (dns.example.net). If this
+ option is ommitted, then Unbound will make the connection but not
+ validate it.
+
+ option tls_port 853
+ Port. Servers are contact on this port for DNS over TLS operations.
+
+ option tls_upstream 0
+ Boolean. Use TLS to contact the zone server.
+
+ option url_dir
+ String. http or https path, directory part only, to the zone file for
+ auth_zone type only. Files "${zone_name}.zone" are expect in this path.
+
+ option zone_type (n/a)
+ State. Required field or the clause is effectively disabled. Check
+ Unbound documentation for clarity (unbound-conf).
+ auth_zone - prefetch whole zones from authoritative server (ICANN)
+ forward_zone - forward queries in these domains to the listed servers
+ stub_zone - force recursion of these domains to the listed servers
+
+ list server (n/a)
+ IP. Every zone must have one server. Stub and forward require IP to
+ prevent chicken and egg (due to UCI simplicity). Authoritative prefetch
+ may use a server name.
+
+ list zone_name
+ Domain. Every zone must represent some part of the DNS tree. It can be
+ all of it "." or you internal organization domain "example.com." Within
+ each zone clause all zone names will be matched to all servers.
```
+## Replaced Options
+ config unbound / option prefetch_root
+ List the domains in a zone with type auth_zone and fill in the server
+ or url fields. Root zones are ready but disabled in default install UCI.
+
+ config unbound / list domain_forward
+ List the domains in a zone with type forward_zone and enable the
+ resolv_conf option.
+
+ config unbound / list rebind_interface
+ Enable rebind_protection at 2 and all DHCP interfaces are also
+ protected for IPV6 GLA (parallel to subnets in add_local_fqdn).
+
#
##############################################################################
-UNBOUND_LIBDIR=/usr/lib/unbound
-UNBOUND_VARDIR=/var/lib/unbound
+# where are we?
+UB_LIBDIR=/usr/lib/unbound
+UB_VARDIR=/var/lib/unbound
+UB_PIDFILE=/var/run/unbound.pid
-UNBOUND_PIDFILE=/var/run/unbound.pid
+# conf deconstructed
+UB_TOTAL_CONF=$UB_VARDIR/unbound.conf
+UB_CORE_CONF=$UB_VARDIR/server.conf.tmp
+UB_HOST_CONF=$UB_VARDIR/host.conf.tmp
+UB_DHCP_CONF=$UB_VARDIR/dhcp.conf
+UB_ZONE_CONF=$UB_VARDIR/zone.conf.tmp
+UB_CTRL_CONF=$UB_VARDIR/ctrl.conf.tmp
+UB_SRVMASQ_CONF=$UB_VARDIR/dnsmasq_srv.conf.tmp
+UB_EXTMASQ_CONF=$UB_VARDIR/dnsmasq_ext.conf.tmp
+UB_SRV_CONF=$UB_VARDIR/unbound_srv.conf
+UB_EXT_CONF=$UB_VARDIR/unbound_ext.conf
-UNBOUND_SRV_CONF=$UNBOUND_VARDIR/unbound_srv.conf
-UNBOUND_EXT_CONF=$UNBOUND_VARDIR/unbound_ext.conf
-UNBOUND_DHCP_CONF=$UNBOUND_VARDIR/unbound_dhcp.conf
-UNBOUND_CONFFILE=$UNBOUND_VARDIR/unbound.conf
+# TLS keys
+UB_TLS_KEY_FILE="TLS server UCI not implemented"
+UB_TLS_PEM_FILE="TLS server UCI not implemented"
+UB_TLS_FWD_FILE=$UB_VARDIR/ca-certificates.crt
+UB_TLS_ETC_FILE=/etc/ssl/certs/ca-certificates.crt
-UNBOUND_KEYFILE=$UNBOUND_VARDIR/root.key
-UNBOUND_HINTFILE=$UNBOUND_VARDIR/root.hints
-UNBOUND_TIMEFILE=$UNBOUND_VARDIR/hotplug.time
+# start files
+UB_RKEY_FILE=$UB_VARDIR/root.key
+UB_RHINT_FILE=$UB_VARDIR/root.hints
+UB_TIME_FILE=$UB_VARDIR/hotplug.time
-UNBOUND_CTLKEY_FILE=$UNBOUND_VARDIR/unbound_control.key
-UNBOUND_CTLPEM_FILE=$UNBOUND_VARDIR/unbound_control.pem
-UNBOUND_SRVKEY_FILE=$UNBOUND_VARDIR/unbound_server.key
-UNBOUND_SRVPEM_FILE=$UNBOUND_VARDIR/unbound_server.pem
+# control app keys
+UB_CTLKEY_FILE=$UB_VARDIR/unbound_control.key
+UB_CTLPEM_FILE=$UB_VARDIR/unbound_control.pem
+UB_SRVKEY_FILE=$UB_VARDIR/unbound_server.key
+UB_SRVPEM_FILE=$UB_VARDIR/unbound_server.pem
-##############################################################################
+# similar default SOA / NS RR as Unbound uses for private ARPA zones
+UB_XSER=$(( $( date +%s ) / 60 ))
+UB_XSOA="7200 IN SOA localhost. nobody.invalid. $UB_XSER 3600 1200 9600 600"
+UB_XNS="7200 IN NS localhost."
+UB_XTXT="7200 IN TXT \"comment=local intranet dns zone\""
+UB_MTXT="7200 IN TXT \"comment=masked internet dns zone\""
+UB_LTXT="7200 IN TXT \"comment=rfc6762 multicast dns zone\""
-UNBOUND_ANCHOR=/usr/sbin/unbound-anchor
-UNBOUND_CONTROL=/usr/sbin/unbound-control
-UNBOUND_CONTROL_CFG="$UNBOUND_CONTROL -c $UNBOUND_CONFFILE"
+# helper apps
+UB_ANCHOR=/usr/sbin/unbound-anchor
+UB_CONTROL=/usr/sbin/unbound-control
+UB_CONTROL_CFG="$UB_CONTROL -c $UB_TOTAL_CONF"
##############################################################################
#
##############################################################################
+DM_D_WAN_FQDN=0
+
+DM_LIST_KNOWN_ZONES="invalid"
+DM_LIST_TRN_ZONES=""
+DM_LIST_LOCAL_DATA=""
+DM_LIST_LOCAL_PTR=""
+DM_LIST_FWD_PORTS=""
+DM_LIST_FWD_ZONES=""
+
+##############################################################################
+
+create_local_zone() {
+ local target="$1"
+ local partial domain found
+
+ case $DM_LIST_TRN_ZONES in
+ *"${target}"*)
+ found=1
+ ;;
+
+ *)
+ case $target in
+ [A-Za-z0-9]*.[A-Za-z0-9]*)
+ found=0
+ ;;
+
+ *) # no dots
+ found=1
+ ;;
+ esac
+ esac
+
+
+ if [ $found -eq 0 ] ; then
+ # New Zone! Bundle local-zones: by first two name tiers "abcd.tld."
+ partial=$( echo "$target" | awk -F. '{ j=NF ; i=j-1; print $i"."$j }' )
+ DM_LIST_TRN_ZONES="$DM_LIST_TRN_ZONES $partial"
+ DM_LIST_KNOWN_ZONES="$DM_LIST_KNOWN_ZONES $partial"
+ fi
+}
+
+##############################################################################
+
+create_host_record() {
+ local cfg="$1"
+ local ip name debug_ip
+
+ # basefiles dhcp "domain" clause which means host A, AAAA, and PRT record
+ config_get ip "$cfg" ip
+ config_get name "$cfg" name
+
+
+ if [ -n "$name" -a -n "$ip" ] ; then
+ create_local_zone "$name"
+
+
+ case $ip in
+ fe80:*|169.254.*)
+ debug_ip="$ip@$host"
+ ;;
+
+ [1-9a-f]*:*[0-9a-f])
+ DM_LIST_LOCAL_DATA="$DM_LIST_LOCAL_DATA $name.@@300@@IN@@AAAA@@$ip"
+ DM_LIST_LOCAL_PTR="$DM_LIST_LOCAL_PTR $ip@@300@@$name"
+ ;;
+
+ [1-9]*.*[0-9])
+ DM_LIST_LOCAL_DATA="$DM_LIST_LOCAL_DATA $name.@@300@@IN@@A@@$ip"
+ DM_LIST_LOCAL_PTR="$DM_LIST_LOCAL_PTR $ip@@300@@$name"
+ ;;
+ esac
+ fi
+}
+
+##############################################################################
+
+create_mx_record() {
+ local cfg="$1"
+ local domain relay pref record
+
+ # Insert a static MX record
+ config_get domain "$cfg" domain
+ config_get relay "$cfg" relay
+ config_get pref "$cfg" pref 10
+
+
+ if [ -n "$domain" -a -n "$relay" ] ; then
+ create_local_zone "$domain"
+ record="$domain.@@300@@IN@@MX@@$pref@@$relay."
+ DM_LIST_LOCAL_DATA="$DM_LIST_LOCAL_DATA $record"
+ fi
+}
+
+##############################################################################
+
+create_srv_record() {
+ local cfg="$1"
+ local srv target port class weight record
+
+ # Insert a static SRV record such as SIP server
+ config_get srv "$cfg" srv
+ config_get target "$cfg" target
+ config_get port "$cfg" port
+ config_get class "$cfg" class 10
+ config_get weight "$cfg" weight 10
+
+
+ if [ -n "$srv" -a -n "$target" -a -n "$port" ] ; then
+ create_local_zone "$srv"
+ record="$srv.@@300@@IN@@SRV@@$class@@$weight@@$port@@$target."
+ DM_LIST_LOCAL_DATA="$DM_LIST_LOCAL_DATA $record"
+ fi
+}
+
+##############################################################################
+
+create_cname_record() {
+ local cfg="$1"
+ local cname target record
+
+ # Insert static CNAME record
+ config_get cname "$cfg" cname
+ config_get target "$cfg" target
+
+
+ if [ -n "$cname" -a -n "$target" ] ; then
+ create_local_zone "$cname"
+ record="$cname.@@300@@IN@@CNAME@@$target."
+ DM_LIST_LOCAL_DATA="$DM_LIST_LOCAL_DATA $record"
+ fi
+}
+
+##############################################################################
+
dnsmasq_local_zone() {
local cfg="$1"
local fwd_port fwd_domain wan_fqdn
if [ -n "$wan_fqdn" ] ; then
- UNBOUND_D_WAN_FQDN=$wan_fqdn
+ DM_D_WAN_FQDN=$wan_fqdn
fi
+
if [ -n "$fwd_domain" -a -n "$fwd_port" -a ! "${fwd_port:-53}" -eq 53 ] ; then
# dnsmasq localhost listening ports (possible multiple instances)
- UNBOUND_N_FWD_PORTS="$UNBOUND_N_FWD_PORTS $fwd_port"
- UNBOUND_TXT_FWD_ZONE="$UNBOUND_TXT_FWD_ZONE $fwd_domain"
-
- {
- # This creates DOMAIN local privledges
- echo " private-domain: \"$fwd_domain\""
- echo " local-zone: \"$fwd_domain.\" transparent"
- echo " domain-insecure: \"$fwd_domain\""
- echo
- } >> $UNBOUND_CONFFILE
+ DM_LIST_FWD_PORTS="$DM_LIST_FWD_PORTS $fwd_port"
+ DM_LIST_FWD_ZONES="$DM_LIST_FWD_ZONES $fwd_domain"
fi
}
##############################################################################
dnsmasq_local_arpa() {
- local cfg="$1"
- local logint dhcpv4 dhcpv6 ignore
- local subnets subnets4 subnets6
- local forward arpa
- local validip4 validip6 privateip
+ local ifarpa ifsubnet
- config_get logint "$cfg" interface
- config_get dhcpv4 "$cfg" dhcpv4
- config_get dhcpv6 "$cfg" dhcpv6
- config_get_bool ignore "$cfg" ignore 0
- # Find the list of addresses assigned to a logical interface
- # Its typical to have a logical gateway split NAME and NAME6
- network_get_subnets subnets4 "$logint"
- network_get_subnets6 subnets6 "$logint"
- subnets="$subnets4 $subnets6"
+ if [ -n "$UB_LIST_NETW_LAN" ] ; then
+ for ifsubnet in $UB_LIST_NETW_LAN ; do
+ ifarpa=$( domain_ptr_any "${ifsubnet#*@}" )
+ DM_LIST_FWD_ZONES="$DM_LIST_FWD_ZONES $ifarpa"
+ done
+ fi
- network_get_subnets subnets4 "${logint}6"
- network_get_subnets6 subnets6 "${logint}6"
- subnets="$subnets $subnets4 $subnets6"
+ if [ -n "$UB_LIST_NETW_WAN" -a "$DM_D_WAN_FQDN" -gt 0 ] ; then
+ for ifsubnet in $UB_LIST_NETW_WAN ; do
+ ifarpa=$( domain_ptr_any "${ifsubnet#*@}" )
+ DM_LIST_FWD_ZONES="$DM_LIST_FWD_ZONES $ifarpa"
+ done
+ fi
+}
- if [ -z "$subnets" ] ; then
- forward=""
+##############################################################################
- elif [ -z "$UNBOUND_N_FWD_PORTS" ] ; then
- forward=""
+dnsmasq_inactive() {
+ local record
- elif [ "$ignore" -gt 0 ] ; then
- if [ "$UNBOUND_D_WAN_FQDN" -gt 0 ] ; then
- # Only forward the one gateway host.
- forward="host"
+ if [ "$UB_D_EXTRA_DNS" -gt 0 ] ; then
+ # Parasite from the uci.dhcp.domain clauses
+ DM_LIST_KNOWN_ZONES="$DM_LIST_KNOWN_ZONES $UB_TXT_DOMAIN"
+ config_load dhcp
+ config_foreach create_host_record domain
- else
- forward=""
- fi
- else
- # Forward the entire private subnet.
- forward="domain"
- fi
+ if [ "$UB_D_EXTRA_DNS" -gt 1 ] ; then
+ config_foreach create_srv_record srvhost
+ config_foreach create_mx_record mxhost
+ fi
- if [ -n "$forward" ] ; then
- for subnet in $subnets ; do
- validip4=$( valid_subnet4 $subnet )
- validip6=$( valid_subnet6 $subnet )
- privateip=$( private_subnet $subnet )
+ if [ "$UB_D_EXTRA_DNS" -gt 2 ] ; then
+ config_foreach create_cname_record cname
+ fi
- if [ "$validip4" = "ok" -a "$dhcpv4" != "disable" ] ; then
- if [ "$forward" = "domain" ] ; then
- arpa=$( domain_ptr_ip4 "$subnet" )
- else
- arpa=$( host_ptr_ip4 "$subnet" )
- fi
+ {
+ echo "# $UB_SRVMASQ_CONF generated by UCI $( date -Is )"
+ if [ -n "$DM_LIST_TRN_ZONES" ] ; then
+ for record in $DM_LIST_TRN_ZONES ; do
+ echo " local-zone: $record transparent"
+ done
+ echo
+ fi
+ if [ -n "$DM_LIST_LOCAL_DATA" ] ; then
+ for record in $DM_LIST_LOCAL_DATA ; do
+ echo " local-data: \"${record//@@/ }\""
+ done
+ echo
+ fi
+ if [ -n "$DM_LIST_LOCAL_PTR" ] ; then
+ for record in $DM_LIST_LOCAL_PTR ; do
+ echo " local-data-ptr: \"${record//@@/ }\""
+ done
+ echo
+ fi
+ } > $UB_SRVMASQ_CONF
+ fi
+}
- elif [ "$validip6" = "ok" -a "$dhcpv6" != "disable" ] ; then
- if [ "$forward" = "domain" ] ; then
- arpa=$( domain_ptr_ip6 "$subnet" )
- else
- arpa=$( host_ptr_ip6 "$subnet" )
- fi
+##############################################################################
- else
- arpa=""
- fi
+dnsmasq_active() {
+ # Look at dnsmasq settings
+ config_load dhcp
+ # Zone for DHCP / SLAAC-PING DOMAIN
+ config_foreach dnsmasq_local_zone dnsmasq
+ # Zone for DHCP / SLAAC-PING ARPA
+ dnsmasq_local_arpa
- if [ -n "$arpa" ] ; then
- if [ "$privateip" = "ok" ] ; then
- {
- # This creates ARPA local zone privledges
- echo " local-zone: \"$arpa.\" transparent"
- echo " domain-insecure: \"$arpa\""
- echo
- } >> $UNBOUND_CONFFILE
- fi
+ if [ -n "$DM_LIST_FWD_PORTS" -a -n "$DM_LIST_FWD_ZONES" ] ; then
+ {
+ # Forward to dnsmasq on same host for DHCP lease hosts
+ echo "# $UB_SRVMASQ_CONF generated by UCI $( date -Is )"
+ echo " do-not-query-localhost: no"
+ echo
+ } > $UB_SRVMASQ_CONF
+ echo "# $UB_EXTMASQ_CONF generated by UCI $( date -Is )" > $UB_EXTMASQ_CONF
- UNBOUND_TXT_FWD_ZONE="$UNBOUND_TXT_FWD_ZONE $arpa"
- fi
- done
- fi
-}
-##############################################################################
+ for fwd_domain in $DM_LIST_FWD_ZONES ; do
+ {
+ # This creates a domain with local privledges
+ echo " domain-insecure: $fwd_domain"
+ echo " private-domain: $fwd_domain"
+ echo " local-zone: $fwd_domain transparent"
+ echo
+ } >> $UB_SRVMASQ_CONF
-dnsmasq_forward_zone() {
- if [ -n "$UNBOUND_N_FWD_PORTS" -a -n "$UNBOUND_TXT_FWD_ZONE" ] ; then
- for fwd_domain in $UNBOUND_TXT_FWD_ZONE ; do
{
- # This is derived of dnsmasq_local_zone/arpa
- # but forward: clauses need to be seperate
+ # This is derived from dnsmasq local domain and dhcp service subnets
echo "forward-zone:"
- echo " name: \"$fwd_domain.\""
-
- for port in $UNBOUND_N_FWD_PORTS ; do
+ echo " name: $fwd_domain"
+ echo " forward-first: no"
+ for port in $DM_LIST_FWD_PORTS ; do
echo " forward-addr: 127.0.0.1@$port"
done
-
echo
- } >> $UNBOUND_CONFFILE
+ } >> $UB_EXTMASQ_CONF
done
fi
}
##############################################################################
dnsmasq_link() {
- # Forward to dnsmasq on same host for DHCP lease hosts
- echo " do-not-query-localhost: no" >> $UNBOUND_CONFFILE
- # Look at dnsmasq settings
- config_load dhcp
- # Zone for DHCP / SLAAC-PING DOMAIN
- config_foreach dnsmasq_local_zone dnsmasq
- # Zone for DHCP / SLAAC-PING ARPA
- config_foreach dnsmasq_local_arpa dhcp
- # Now create ALL seperate forward: clauses
- dnsmasq_forward_zone
+ if [ "$UB_D_DHCP_LINK" = "dnsmasq" ] ; then
+ dnsmasq_active
+
+ else
+ dnsmasq_inactive
+ fi
}
##############################################################################
##############################################################################
+host_ptr_any() {
+ local subnet=$1
+ local arpa validip4 validip6
+
+ validip4=$( valid_subnet4 $subnet )
+ validip6=$( valid_subnet6 $subnet )
+
+
+ if [ "$validip4" = "ok" ] ; then
+ arpa=$( host_ptr_ip4 "$subnet" )
+ elif [ "$validip6" = "ok" ] ; then
+ arpa=$( host_ptr_ip6 "$subnet" )
+ fi
+
+
+ if [ -n "$arpa" ] ; then
+ echo $arpa
+ fi
+}
+
+##############################################################################
+
if ( bconf == 1 ) {
- x = ( "local-data: \"" fqdn ". 120 IN A " adr "\"" ) ;
- y = ( "local-data-ptr: \"" adr " 120 " fqdn "\"" ) ;
+ x = ( "local-data: \"" fqdn ". 300 IN A " adr "\"" ) ;
+ y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ;
print ( x "\n" y "\n" ) > hostfile ;
}
else {
for( i=1; i<=4; i++ ) { qpr = ( ptr[i] "." qpr) ; }
- x = ( fqdn ". 120 IN A " adr ) ;
- y = ( qpr "in-addr.arpa. 120 IN PTR " fqdn ) ;
+ x = ( fqdn ". 300 IN A " adr ) ;
+ y = ( qpr "in-addr.arpa. 300 IN PTR " fqdn ) ;
print ( x "\n" y ) > hostfile ;
}
if ( bconf == 1 ) {
- x = ( "local-data: \"" fqdn ". 120 IN AAAA " adr "\"" ) ;
- y = ( "local-data-ptr: \"" adr " 120 " fqdn "\"" ) ;
+ x = ( "local-data: \"" fqdn ". 300 IN AAAA " adr "\"" ) ;
+ y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ;
print ( x "\n" y "\n" ) > hostfile ;
}
else {
qpr = ipv6_ptr( adr ) ;
- x = ( fqdn ". 120 IN AAAA " adr ) ;
- y = ( qpr ". 120 IN PTR " fqdn ) ;
+ x = ( fqdn ". 300 IN AAAA " adr ) ;
+ y = ( qpr ". 300 IN PTR " fqdn ) ;
print ( x "\n" y ) > hostfile ;
}
}
else {
if (( cdr == 128 ) && ( hst != "-" )) {
if ( bconf == 1 ) {
- x = ( "local-data: \"" fqdn ". 120 IN AAAA " adr "\"" ) ;
- y = ( "local-data-ptr: \"" adr " 120 " fqdn "\"" ) ;
+ x = ( "local-data: \"" fqdn ". 300 IN AAAA " adr "\"" ) ;
+ y = ( "local-data-ptr: \"" adr " 300 " fqdn "\"" ) ;
print ( x "\n" y "\n" ) > hostfile ;
}
else {
# only for provided hostnames and full /128 assignments
qpr = ipv6_ptr( adr ) ;
- x = ( fqdn ". 120 IN AAAA " adr ) ;
- y = ( qpr ". 120 IN PTR " fqdn ) ;
+ x = ( fqdn ". 300 IN AAAA " adr ) ;
+ y = ( qpr ". 300 IN PTR " fqdn ) ;
print ( x "\n" y ) > hostfile ;
}
}
if (( cdr2 == 128 ) && ( hst != "-" )) {
if ( bconf == 1 ) {
- x = ( "local-data: \"" fqdn ". 120 IN AAAA " adr2 "\"" ) ;
- y = ( "local-data-ptr: \"" adr2 " 120 " fqdn "\"" ) ;
+ x = ( "local-data: \"" fqdn ". 300 IN AAAA " adr2 "\"" ) ;
+ y = ( "local-data-ptr: \"" adr2 " 300 " fqdn "\"" ) ;
print ( x "\n" y "\n" ) > hostfile ;
}
else {
# odhcp puts GA and ULA on the same line (position 9 and 10)
qpr2 = ipv6_ptr( adr2 ) ;
- x = ( fqdn ". 120 IN AAAA " adr2 ) ;
- y = ( qpr2 ". 120 IN PTR " fqdn ) ;
+ x = ( fqdn ". 300 IN AAAA " adr2 ) ;
+ y = ( qpr2 ". 300 IN PTR " fqdn ) ;
print ( x "\n" y ) > hostfile ;
}
}
odhcpd_zonedata() {
local longconf dateconf
- local dns_ls_add=$UNBOUND_VARDIR/dhcp_dns.add
- local dns_ls_del=$UNBOUND_VARDIR/dhcp_dns.del
- local dhcp_ls_new=$UNBOUND_VARDIR/dhcp_lease.new
- local dhcp_ls_old=$UNBOUND_VARDIR/dhcp_lease.old
- local dhcp_ls_add=$UNBOUND_VARDIR/dhcp_lease.add
- local dhcp_ls_del=$UNBOUND_VARDIR/dhcp_lease.del
+ local dns_ls_add=$UB_VARDIR/dhcp_dns.add
+ local dns_ls_del=$UB_VARDIR/dhcp_dns.del
+ local dhcp_ls_new=$UB_VARDIR/dhcp_lease.new
+ local dhcp_ls_old=$UB_VARDIR/dhcp_lease.old
+ local dhcp_ls_add=$UB_VARDIR/dhcp_lease.add
+ local dhcp_ls_del=$UB_VARDIR/dhcp_lease.del
local dhcp_link=$( uci_get unbound.@unbound[0].dhcp_link )
local dhcp4_slaac6=$( uci_get unbound.@unbound[0].dhcp4_slaac6 )
local dhcp_origin=$( uci_get dhcp.@odhcpd[0].leasefile )
- if [ "$dhcp_link" = "odhcpd" \
- -a -f "$dhcp_origin" \
- -a -n "$dhcp_domain" ] ; then
+ if [ -f "$UB_TIME_FILE" -a "$dhcp_link" = "odhcpd" \
+ -a -f "$dhcp_origin" -a -n "$dhcp_domain" ] ; then
# Capture the lease file which could be changing often
sort $dhcp_origin > $dhcp_ls_new
- if [ ! -f $UNBOUND_DHCP_CONF -o ! -f $dhcp_ls_old ] ; then
+ if [ ! -f $UB_DHCP_CONF -o ! -f $dhcp_ls_old ] ; then
longconf=2
else
- dateconf=$(( $( date +%s ) - $( date -r $UNBOUND_DHCP_CONF +%s ) ))
+ dateconf=$(( $( date +%s ) - $( date -r $UB_DHCP_CONF +%s ) ))
if [ $dateconf > 150 ] ; then
if [ $longconf -gt 0 ] ; then
# Go through the messy business of coding up A, AAAA, and PTR records
# This static conf will be available if Unbound restarts asynchronously
- awk -v hostfile=$UNBOUND_DHCP_CONF -v domain=$dhcp_domain \
+ awk -v hostfile=$UB_DHCP_CONF -v domain=$dhcp_domain \
-v bslaac=$dhcp4_slaac6 -v bisolt=0 -v bconf=1 \
-f /usr/lib/unbound/odhcpd.awk $dhcp_ls_new
fi
if [ -f "$dns_ls_del" ] ; then
- cat $dns_ls_del | $UNBOUND_CONTROL_CFG local_datas_remove
+ cat $dns_ls_del | $UB_CONTROL_CFG local_datas_remove
fi
if [ -f "$dns_ls_add" ] ; then
- cat $dns_ls_add | $UNBOUND_CONTROL_CFG local_datas
+ cat $dns_ls_add | $UB_CONTROL_CFG local_datas
fi
+++ /dev/null
-#!/bin/sh
-##############################################################################
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License version 2 as
-# published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# Copyright (C) 2016 Eric Luehrsen
-#
-##############################################################################
-#
-# This component will copy root.key back to /etc/unbound/ periodically, but
-# avoid ROM flash abuse (UCI option).
-#
-##############################################################################
-
-roothints_update() {
- # TODO: Might not be implemented. Unbound doesn't natively update hints.
- # Unbound philosophy is built in root hints are good for machine life.
- return 0
-}
-
-##############################################################################
-
-rootkey_update() {
- local basekey_date rootkey_date rootkey_age filestuff
-
- local dnssec=$( uci_get unbound.@unbound[0].validator )
- local dnssec_ntp=$( uci_get unbound.@unbound[0].validator_ntp )
- local dnssec_age=$( uci_get unbound.@unbound[0].root_age )
-
-
- if [ "$dnssec_age" -gt 90 -o "$dnssec" -lt 1 ] ; then
- # Feature disabled
- return 0
-
- elif [ "$dnssec_ntp" -gt 0 -a ! -f "$UNBOUND_TIMEFILE" ] ; then
- # We don't have time yet
- return 0
- fi
-
-
- if [ -f /etc/unbound/root.key ] ; then
- basekey_date=$( date -r /etc/unbound/root.key +%s )
-
- else
- # No persistent storage key
- basekey_date=$( date -d 2000-01-01 +%s )
- fi
-
-
- if [ -f "$UNBOUND_KEYFILE" ] ; then
- # Unbound maintains it itself
- rootkey_date=$( date -r $UNBOUND_KEYFILE +%s )
- rootkey_age=$(( (rootkey_date - basekey_date) / 86440 ))
-
- elif [ -x "$UNBOUND_ANCHOR" ] ; then
- # No tmpfs key - use unbound-anchor
- rootkey_date=$( date -I +%s )
- rootkey_age=$(( (rootkey_date - basekey_date) / 86440 ))
- $UNBOUND_ANCHOR -a $UNBOUND_KEYFILE
-
- else
- # give up
- rootkey_age=0
- fi
-
-
- if [ "$rootkey_age" -gt "$dnssec_age" ] ; then
- filestuff=$( cat $UNBOUND_KEYFILE )
-
-
- case "$filestuff" in
- *NOERROR*)
- # Header comment for drill and dig
- logger -t unbound -s "root.key updated after $rootkey_age days"
- cp -p $UNBOUND_KEYFILE /etc/unbound/root.key
- ;;
-
- *"state=2 [ VALID ]"*)
- # Comment inline to key for unbound-anchor
- logger -t unbound -s "root.key updated after $rootkey_age days"
- cp -p $UNBOUND_KEYFILE /etc/unbound/root.key
- ;;
-
- *)
- logger -t unbound -s "root.key still $rootkey_age days old"
- ;;
- esac
- fi
-}
-
-##############################################################################
-
-rootzone_update() {
- roothints_update
- rootkey_update
-}
-
-##############################################################################
-
--- /dev/null
+#!/bin/sh
+##############################################################################
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# Copyright (C) 2016 Eric Luehrsen
+#
+##############################################################################
+#
+# This component will copy root.key back to /etc/unbound/ periodically, but
+# avoid ROM flash abuse (UCI option).
+#
+##############################################################################
+
+. /usr/lib/unbound/defaults.sh
+
+##############################################################################
+
+roothints_update() {
+ # TODO: Might not be implemented. Unbound doesn't natively update hints.
+ # Unbound philosophy is built in root hints are good for machine life.
+ return 0
+}
+
+##############################################################################
+
+rootkey_update() {
+ local basekey_date rootkey_date rootkey_age filestuff
+ local dnssec=$( uci_get unbound.@unbound[0].validator )
+ local dnssec_ntp=$( uci_get unbound.@unbound[0].validator_ntp )
+ local dnssec_age=$( uci_get unbound.@unbound[0].root_age )
+
+ # fix empty
+ [ -z "$dnssec" ] && dnssec=0
+ [ -z "$dnssec_ntp" ] && dnssec_ntp=1
+ [ -z "$dnssec_age" ] && dnssec_age=9
+
+
+ if [ "$dnssec_age" -gt 90 -o "$dnssec" -lt 1 ] ; then
+ # Feature disabled
+ return 0
+
+ elif [ "$dnssec_ntp" -gt 0 -a ! -f "$UB_TIME_FILE" ] ; then
+ # We don't have time yet
+ return 0
+ fi
+
+
+ if [ -f /etc/unbound/root.key ] ; then
+ basekey_date=$( date -r /etc/unbound/root.key +%s )
+
+ else
+ # No persistent storage key
+ basekey_date=$( date -d 2000-01-01 +%s )
+ fi
+
+
+ if [ -f "$UB_RKEY_FILE" ] ; then
+ # Unbound maintains it itself
+ rootkey_date=$( date -r $UB_RKEY_FILE +%s )
+ rootkey_age=$(( (rootkey_date - basekey_date) / 86440 ))
+
+ elif [ -x "$UB_ANCHOR" ] ; then
+ # No tmpfs key - use unbound-anchor
+ rootkey_date=$( date -I +%s )
+ rootkey_age=$(( (rootkey_date - basekey_date) / 86440 ))
+ $UB_ANCHOR -a $UB_RKEY_FILE
+
+ else
+ # give up
+ rootkey_age=0
+ fi
+
+
+ if [ "$rootkey_age" -gt "$dnssec_age" ] ; then
+ filestuff=$( cat $UB_RKEY_FILE )
+
+
+ case "$filestuff" in
+ *NOERROR*)
+ # Header comment for drill and dig
+ logger -t unbound -s "root.key updated after $rootkey_age days"
+ cp -p $UB_RKEY_FILE /etc/unbound/root.key
+ ;;
+
+ *"state=2 [ VALID ]"*)
+ # Comment inline to key for unbound-anchor
+ logger -t unbound -s "root.key updated after $rootkey_age days"
+ cp -p $UB_RKEY_FILE /etc/unbound/root.key
+ ;;
+
+ *)
+ logger -t unbound -s "root.key still $rootkey_age days old"
+ ;;
+ esac
+ fi
+}
+
+##############################################################################
+
+resolv_teardown() {
+ case $( cat /tmp/resolv.conf ) in
+ *"generated by Unbound UCI"*)
+ # our resolver file, reset to auto resolver file.
+ rm -f /tmp/resolv.conf
+ ln -s /tmp/resolv.conf.auto /tmp/resolv.conf
+ ;;
+ esac
+}
+
+##############################################################################
+
+unbound_stop() {
+ resolv_teardown
+ roothints_update
+ rootkey_update
+}
+
+##############################################################################
+
##############################################################################
boot() {
- UNBOUND_BOOT=1
+ UB_BOOT=1
start "$@"
}
##############################################################################
start_service() {
- if [ -n "$UNBOUND_BOOT" ] ; then
+ if [ -n "$UB_BOOT" ] ; then
# Load procd triggers (rc) and use event IFUP to really start
return 0
fi
# standard procd clause
procd_open_instance "unbound"
- procd_set_param command $PROG -d -c $UNBOUND_CONFFILE
+ procd_set_param command $PROG -d -c $UB_TOTAL_CONF
procd_set_param respawn
procd_close_instance
}
stop_service() {
# clean up
- . /usr/lib/unbound/unbound.sh
+ . /usr/lib/unbound/stopping.sh
unbound_stop
# Wait! on restart Unbound may take time writing closure stats to syslog
##############################################################################
# Common file location definitions
-. /usr/lib/unbound/unbound.sh
+. /usr/lib/unbound/defaults.sh
##############################################################################
-if [ "$ACTION" = stratum -a ! -f "$UNBOUND_TIMEFILE" ] ; then
- echo "ntpd: $( date )" > $UNBOUND_TIMEFILE
+if [ ! -f "$UB_TIME_FILE" -a "$ACTION" = stratum ] ; then
+ date -Is > $UB_TIME_FILE
/etc/init.d/unbound enabled && /etc/init.d/unbound restart
# Yes, hard RESTART. We need to be absolutely sure to enable DNSSEC.
fi
#
##############################################################################
-UNBOUND_B_SLAAC6_MAC=0
-UNBOUND_B_DNSSEC=0
-UNBOUND_B_DNS64=0
-UNBOUND_B_EXT_STATS=0
-UNBOUND_B_GATE_NAME=0
-UNBOUND_B_HIDE_BIND=1
-UNBOUND_B_LOCL_BLCK=0
-UNBOUND_B_LOCL_SERV=1
-UNBOUND_B_MAN_CONF=0
-UNBOUND_B_NTP_BOOT=1
-UNBOUND_B_QUERY_MIN=0
-UNBOUND_B_QRY_MINST=0
-UNBOUND_B_AUTH_ROOT=0
-
-UNBOUND_D_CONTROL=0
-UNBOUND_D_DOMAIN_TYPE=static
-UNBOUND_D_DHCP_LINK=none
-UNBOUND_D_EXTRA_DNS=0
-UNBOUND_D_LAN_FQDN=0
-UNBOUND_D_PRIV_BLCK=1
-UNBOUND_D_PROTOCOL=mixed
-UNBOUND_D_RESOURCE=small
-UNBOUND_D_RECURSION=passive
-UNBOUND_D_WAN_FQDN=0
-
-UNBOUND_IP_DNS64="64:ff9b::/96"
-
-UNBOUND_N_EDNS_SIZE=1280
-UNBOUND_N_FWD_PORTS=""
-UNBOUND_N_RX_PORT=53
-UNBOUND_N_ROOT_AGE=9
-
-UNBOUND_TTL_MIN=120
-
-UNBOUND_TXT_DOMAIN=lan
-UNBOUND_TXT_FWD_ZONE=""
-UNBOUND_TXT_HOSTNAME=thisrouter
-
-UNBOUND_LIST_FORWARD=""
-UNBOUND_LIST_INSECURE=""
+UB_B_SLAAC6_MAC=0
+UB_B_DNSSEC=0
+UB_B_DNS64=0
+UB_B_EXT_STATS=0
+UB_B_GATE_NAME=0
+UB_B_HIDE_BIND=1
+UB_B_LOCL_BLCK=0
+UB_B_LOCL_SERV=1
+UB_B_MAN_CONF=0
+UB_B_NTP_BOOT=1
+UB_B_QUERY_MIN=0
+UB_B_QRY_MINST=0
+UB_B_AUTH_ROOT=0
+
+UB_D_CONTROL=0
+UB_D_DOMAIN_TYPE=static
+UB_D_DHCP_LINK=none
+UB_D_EXTRA_DNS=0
+UB_D_LAN_FQDN=0
+UB_D_PRIV_BLCK=1
+UB_D_PROTOCOL=mixed
+UB_D_RESOURCE=small
+UB_D_RECURSION=passive
+UB_D_VERBOSE=1
+UB_D_WAN_FQDN=0
+
+UB_IP_DNS64="64:ff9b::/96"
+
+UB_N_EDNS_SIZE=1280
+UB_N_RX_PORT=53
+UB_N_ROOT_AGE=9
+
+UB_TTL_MIN=120
+UB_TXT_DOMAIN=lan
+UB_TXT_HOSTNAME=thisrouter
##############################################################################
# keep track of assignments during inserted resource records
-UNBOUND_LIST_DOMAINS=""
-UNBOUND_LIST_IFACE=""
-UNBOUND_LIST_PRV_IP6GLA=""
-UNBOUND_LIST_LAN_NET=""
-
-# Similar default SOA / NS RR as Unbound uses for private ARPA zones
-UNBOUND_XSOA="3600 IN SOA localhost. nobody.invalid. 1 3600 1200 7200 600"
-UNBOUND_XNS="3600 IN NS localhost."
+UB_LIST_NETW_ALL=""
+UB_LIST_NETW_LAN=""
+UB_LIST_NETW_WAN=""
+UB_LIST_INSECURE=""
+UB_LIST_ZONE_SERVERS=""
+UB_LIST_ZONE_NAMES=""
##############################################################################
. /usr/lib/unbound/defaults.sh
. /usr/lib/unbound/dnsmasq.sh
. /usr/lib/unbound/iptools.sh
-. /usr/lib/unbound/rootzone.sh
##############################################################################
-create_interface_dns() {
+bundle_all_networks() {
local cfg="$1"
- local ipcommand logint ignore ifname ifdashname
- local name names address addresses
- local ulaprefix if_fqdn host_fqdn
- local mode_ptr="$UNBOUND_TXT_HOSTNAME"
- local names="$UNBOUND_TXT_HOSTNAME"
-
- # Create local-data: references for this hosts interfaces (router).
- config_get logint "$cfg" interface
- config_get_bool ignore "$cfg" ignore 0
- network_get_device ifname "$cfg"
-
- ifdashname="${ifname//./-}"
- ipcommand="ip -o address show $ifname"
- addresses=$( $ipcommand | awk '/inet/{sub(/\/.*/,"",$4); print $4}' )
- ulaprefix=$( uci_get network.@globals[0].ula_prefix )
- host_fqdn="$UNBOUND_TXT_HOSTNAME.$UNBOUND_TXT_DOMAIN"
- if_fqdn="$ifdashname.$host_fqdn"
-
-
- if [ -z "$ifdashname" ] ; then
- # race conditions at init can rarely cause a blank device return
- # the record format is invalid and Unbound won't load the conf file
- mode=0
-
- elif [ -n "$UNBOUND_LIST_IFACE" ] ; then
- case "$UNBOUND_LIST_IFACE" in
- *$ifdashname*)
- # repeat such as dual WAN (eth0-1) and WAN6 (eth0-1)
- mode=0
- ;;
-
- *)
- mode=1
- ;;
- esac
-
- else
- mode=1
- fi
-
-
- if [ $mode -gt 0 ] ; then
- UNBOUND_LIST_IFACE="$UNBOUND_LIST_IFACE $ifdashname"
-
-
- if [ -z "${ulaprefix%%:/*}" ] ; then
- # Nonsense so this option isn't globbed below
- ulaprefix="fdno:such:addr::/48"
- fi
-
-
- if [ "$ignore" -gt 0 ] ; then
- mode="$UNBOUND_D_WAN_FQDN"
- else
- mode="$UNBOUND_D_LAN_FQDN"
- fi
- fi
-
-
- if [ "$mode" -gt 1 ] ; then
- case "$mode" in
- 3)
- mode_ptr="$host_fqdn"
- names="$host_fqdn $UNBOUND_TXT_HOSTNAME"
- ;;
-
- 4)
- mode_ptr="$if_fqdn"
- names="$if_fqdn $host_fqdn $UNBOUND_TXT_HOSTNAME"
- ;;
- esac
-
-
- {
- for address in $addresses ; do
- case $address in
- fe80:*|169.254.*)
- echo " # note link address $address"
- ;;
-
- [1-9a-f]*:*[0-9a-f])
- # GA and ULA IP6 for HOST IN AAA records (ip command is robust)
- for name in $names ; do
- echo " local-data: \"$name. 120 IN AAAA $address\""
- done
- echo " local-data-ptr: \"$address 120 $mode_ptr\""
- ;;
-
- [1-9]*.*[0-9])
- # Old fashioned HOST IN A records
- for name in $names ; do
- echo " local-data: \"$name. 120 IN A $address\""
- done
- echo " local-data-ptr: \"$address 120 $mode_ptr\""
- ;;
- esac
- done
- echo
- } >> $UNBOUND_CONFFILE
-
- elif [ "$mode" -gt 0 ] ; then
- {
- for address in $addresses ; do
- case $address in
- fe80:*|169.254.*)
- echo " # note link address $address"
- ;;
-
- "${ulaprefix%%:/*}"*)
- # Only this networks ULA and only hostname
- echo " local-data: \"$UNBOUND_TXT_HOSTNAME. 120 IN AAAA $address\""
- echo " local-data-ptr: \"$address 120 $UNBOUND_TXT_HOSTNAME\""
- ;;
-
- [1-9]*.*[0-9])
- echo " local-data: \"$UNBOUND_TXT_HOSTNAME. 120 IN A $address\""
- echo " local-data-ptr: \"$address 120 $UNBOUND_TXT_HOSTNAME\""
- ;;
- esac
- done
- echo
- } >> $UNBOUND_CONFFILE
- fi
-}
+ local ifname ifdashname
+ local subnet subnets subnets4 subnets6
+ local validip4 validip6
-##############################################################################
+ network_get_subnets subnets4 "$cfg"
+ network_get_subnets6 subnets6 "$cfg"
+ network_get_device ifname "$cfg"
-create_local_zone() {
- local target="$1"
- local partial domain found
+ ifdashname="${ifname//./-}"
+ subnets="$subnets4 $subnets6"
- if [ -n "$UNBOUND_LIST_DOMAINS" ] ; then
- for domain in $UNBOUND_LIST_DOMAINS ; do
- case $target in
- *"${domain}")
- found=1
- break
- ;;
+ if [ -n "$subnets" ] ; then
+ for subnet in $subnets ; do
+ validip4=$( valid_subnet4 $subnet )
+ validip6=$( valid_subnet6 $subnet )
- [A-Za-z0-9]*.[A-Za-z0-9]*)
- found=0
- ;;
- *) # no dots
- found=1
- break
- ;;
- esac
+ if [ "$validip4" = "ok" -o "$validip6" = "ok" ] ; then
+ UB_LIST_NETW_ALL="$UB_LIST_NETW_ALL $ifdashname@$subnet"
+ fi
done
- else
- found=0
- fi
-
-
- if [ $found -eq 0 ] ; then
- # New Zone! Bundle local-zones: by first two name tiers "abcd.tld."
- partial=$( echo "$target" | awk -F. '{ j=NF ; i=j-1; print $i"."$j }' )
- UNBOUND_LIST_DOMAINS="$UNBOUND_LIST_DOMAINS $partial"
- echo " local-zone: $partial transparent" >> $UNBOUND_CONFFILE
fi
}
##############################################################################
-create_host_record() {
+bundle_lan_networks() {
local cfg="$1"
- local ip name
-
- # basefiles dhcp "domain" clause which means host A, AAAA, and PRT record
- config_get ip "$cfg" ip
- config_get name "$cfg" name
-
+ local ifsubnet ifname ifdashname ignore
- if [ -n "$name" -a -n "$ip" ] ; then
- create_local_zone "$name"
-
- {
- case $ip in
- fe80:*|169.254.*)
- echo " # note link address $ip for host $name"
- ;;
+ config_get_bool ignore "$cfg" ignore 0
+ network_get_device ifname "$cfg"
+ ifdashname="${ifname//./-}"
- [1-9a-f]*:*[0-9a-f])
- echo " local-data: \"$name. 120 IN AAAA $ip\""
- echo " local-data-ptr: \"$ip 120 $name\""
- ;;
- [1-9]*.*[0-9])
- echo " local-data: \"$name. 120 IN A $ip\""
- echo " local-data-ptr: \"$ip 120 $name\""
- ;;
+ if [ "$ignore" -eq 0 -a -n "$ifdashname" -a -n "$UB_LIST_NETW_ALL" ] ; then
+ for ifsubnet in $UB_LIST_NETW_ALL ; do
+ case $ifsubnet in
+ "${ifdashname}"@*)
+ # Special GLA protection for local block; ULA protected as a catagory
+ UB_LIST_NETW_LAN="$UB_LIST_NETW_LAN $ifsubnet"
+ ;;
esac
- } >> $UNBOUND_CONFFILE
- fi
-}
-
-##############################################################################
-
-create_mx_record() {
- local cfg="$1"
- local domain relay pref
-
- # Insert a static MX record
- config_get domain "$cfg" domain
- config_get relay "$cfg" relay
- config_get pref "$cfg" pref 10
-
-
- if [ -n "$domain" -a -n "$relay" ] ; then
- create_local_zone "$domain"
- echo " local-data: \"$domain. 120 IN MX $pref $relay.\"" \
- >> $UNBOUND_CONFFILE
+ done
fi
}
##############################################################################
-create_srv_record() {
- local cfg="$1"
- local srv target port class weight
+bundle_wan_networks() {
+ local ifsubnet
- # Insert a static SRV record such as SIP server
- config_get srv "$cfg" srv
- config_get target "$cfg" target
- config_get port "$cfg" port
- config_get class "$cfg" class 10
- config_get weight "$cfg" weight 10
+ if [ -n "$UB_LIST_NETW_ALL" ] ; then
+ for ifsubnet in $UB_LIST_NETW_ALL ; do
+ case $UB_LIST_NETW_LAN in
+ *"${ifsubnet}"*)
+ # If LAN, then not WAN ...
+ ;;
- if [ -n "$srv" -a -n "$target" -a -n "$port" ] ; then
- create_local_zone "$srv"
- echo " local-data: \"$srv. 120 IN SRV $class $weight $port $target.\"" \
- >> $UNBOUND_CONFFILE
+ *)
+ UB_LIST_NETW_WAN="$UB_LIST_NETW_WAN $ifsubnet"
+ ;;
+ esac
+ done
fi
}
##############################################################################
-create_cname_record() {
- local cfg="$1"
- local cname target
-
- # Insert static CNAME record
- config_get cname "$cfg" cname
- config_get target "$cfg" target
-
-
- if [ -n "$cname" -a -n "$target" ] ; then
- create_local_zone "$cname"
- echo " local-data: \"$cname. 120 IN CNAME $target.\"" >> $UNBOUND_CONFFILE
- fi
+bundle_resolv_conf_servers() {
+ local resolvers=$( awk '/nameserver/ { print $2 }' /tmp/resolv.conf.auto )
+ UB_LIST_ZONE_SERVERS="$UB_LIST_ZONE_SERVERS $resolvers"
}
##############################################################################
-create_access_control() {
- local cfg="$1"
- local subnets subnets4 subnets6
- local validip4 validip6
-
- network_get_subnets subnets4 "$cfg"
- network_get_subnets6 subnets6 "$cfg"
- subnets="$subnets4 $subnets6"
-
-
- if [ -n "$subnets" ] ; then
- for subnet in $subnets ; do
- validip4=$( valid_subnet4 $subnet )
- validip6=$( valid_subnet6 $subnet )
-
-
- if [ "$validip4" = "ok" -o "$validip6" = "ok" ] ; then
- # For each "network" UCI add "access-control:" white list for queries
- echo " access-control: $subnet allow" >> $UNBOUND_CONFFILE
- fi
- done
- fi
+bundle_zone_names() {
+ UB_LIST_ZONE_NAMES="$UB_LIST_ZONE_NAMES $1"
}
##############################################################################
-bundle_domain_forward() {
- UNBOUND_LIST_FORWARD="$UNBOUND_LIST_FORWARD $1"
+bundle_zone_servers() {
+ UB_LIST_ZONE_SERVERS="$UB_LIST_ZONE_SERVERS $1"
}
##############################################################################
bundle_domain_insecure() {
- UNBOUND_LIST_INSECURE="$UNBOUND_LIST_INSECURE $1"
-}
-
-##############################################################################
-
-bundle_private_interface() {
- local ipcommand ifsubnet ifsubnets ifname validip4
-
- network_get_device ifname $1
-
-
- if [ -n "$ifname" ] ; then
- ipcommand="ip -o address show $ifname"
- ifsubnets=$( $ipcommand | awk '/inet/{ print $4 }' )
-
-
- if [ -n "$ifsubnets" ] ; then
- for ifsubnet in $ifsubnets ; do
- case $ifsubnet in
- [1-9][0-9a-f][0-9a-f][0-9a-f]:*[0-9a-f])
- # Special GLA protection for local block; ULA protected as a catagory
- UNBOUND_LIST_PRV_IP6GLA="$UNBOUND_LIST_PRV_IP6GLA $ifsubnet"
- ;;
-
- f[dc][0-9a-f][0-9a-f]:*[0-9a-f])
- # Used to configure specific local-zone: data
- UNBOUND_LIST_LAN_NET="$UNBOUND_LIST_LAN_NET $ifsubnet"
- ;;
-
- *)
- validip4=$( valid_subnet4 $ifsubnet )
-
-
- if [ "$validip4" = "ok" ] ; then
- UNBOUND_LIST_LAN_NET="$UNBOUND_LIST_LAN_NET $ifsubnet"
- fi
- ;;
- esac
- done
- fi
- fi
+ UB_LIST_INSECURE="$UB_LIST_INSECURE $1"
}
##############################################################################
local filestuff
- if [ "$UNBOUND_D_DHCP_LINK" = "odhcpd" ] ; then
+ if [ "$UB_D_DHCP_LINK" = "odhcpd" ] ; then
local dhcp_origin=$( uci_get dhcp.@odhcpd[0].leasefile )
local dhcp_dir=$( dirname $dhcp_origin )
fi
- if [ -f $UNBOUND_KEYFILE ] ; then
- filestuff=$( cat $UNBOUND_KEYFILE )
+ if [ -f $UB_RKEY_FILE ] ; then
+ filestuff=$( cat $UB_RKEY_FILE )
case "$filestuff" in
*"state=2 [ VALID ]"*)
# Lets not lose RFC 5011 tracking if we don't have to
- cp -p $UNBOUND_KEYFILE $UNBOUND_KEYFILE.keep
+ cp -p $UB_RKEY_FILE $UB_RKEY_FILE.keep
;;
esac
fi
- # Blind copy /etc/ to /var/lib/
- mkdir -p $UNBOUND_VARDIR
- rm -f $UNBOUND_VARDIR/dhcp_*
- touch $UNBOUND_CONFFILE
- touch $UNBOUND_SRV_CONF
- touch $UNBOUND_EXT_CONF
- cp -p /etc/unbound/* $UNBOUND_VARDIR/
+ # Blind copy /etc/unbound to /var/lib/unbound
+ mkdir -p $UB_VARDIR
+ rm -f $UB_VARDIR/dhcp_*
+ touch $UB_TOTAL_CONF
+ cp -p /etc/unbound/* $UB_VARDIR/
- if [ ! -f $UNBOUND_HINTFILE ] ; then
+ if [ ! -f $UB_RHINT_FILE ] ; then
if [ -f /usr/share/dns/root.hints ] ; then
# Debian-like package dns-root-data
- cp -p /usr/share/dns/root.hints $UNBOUND_HINTFILE
+ cp -p /usr/share/dns/root.hints $UB_RHINT_FILE
- elif [ ! -f "$UNBOUND_TIMEFILE" ] ; then
- logger -t unbound -s "default root hints (built in rootservers.net)"
+ elif [ ! -f "$UB_TIME_FILE" ] ; then
+ logger -t unbound -s "default root hints (built in root-servers.net)"
fi
fi
- if [ ! -f $UNBOUND_KEYFILE ] ; then
+ if [ ! -f $UB_RKEY_FILE ] ; then
if [ -f /usr/share/dns/root.key ] ; then
# Debian-like package dns-root-data
- cp -p /usr/share/dns/root.key $UNBOUND_KEYFILE
+ cp -p /usr/share/dns/root.key $UB_RKEY_FILE
- elif [ -x $UNBOUND_ANCHOR ] ; then
- $UNBOUND_ANCHOR -a $UNBOUND_KEYFILE
+ elif [ -x $UB_ANCHOR ] ; then
+ $UB_ANCHOR -a $UB_RKEY_FILE
- elif [ ! -f "$UNBOUND_TIMEFILE" ] ; then
+ elif [ ! -f "$UB_TIME_FILE" ] ; then
logger -t unbound -s "default trust anchor (built in root DS record)"
fi
fi
- if [ -f $UNBOUND_KEYFILE.keep ] ; then
+ if [ -f $UB_RKEY_FILE.keep ] ; then
# root.key.keep is reused if newest
- cp -u $UNBOUND_KEYFILE.keep $UNBOUND_KEYFILE
- rm -f $UNBOUND_KEYFILE.keep
+ cp -u $UB_RKEY_FILE.keep $UB_RKEY_FILE
+ rm -f $UB_RKEY_FILE.keep
+ fi
+
+
+ if [ -f $UB_TLS_ETC_FILE ] ; then
+ # copy the cert bundle into jail
+ cp -p $UB_TLS_ETC_FILE $UB_TLS_FWD_FILE
fi
# Ensure access and prepare to jail
- chown -R unbound:unbound $UNBOUND_VARDIR
- chmod 755 $UNBOUND_VARDIR
- chmod 644 $UNBOUND_VARDIR/*
+ chown -R unbound:unbound $UB_VARDIR
+ chmod 755 $UB_VARDIR
+ chmod 644 $UB_VARDIR/*
- if [ -f $UNBOUND_CTLKEY_FILE -o -f $UNBOUND_CTLPEM_FILE \
- -o -f $UNBOUND_SRVKEY_FILE -o -f $UNBOUND_SRVPEM_FILE ] ; then
+ if [ -f $UB_CTLKEY_FILE -o -f $UB_CTLPEM_FILE \
+ -o -f $UB_SRVKEY_FILE -o -f $UB_SRVPEM_FILE ] ; then
# Keys (some) exist already; do not create new ones
- chmod 640 $UNBOUND_CTLKEY_FILE $UNBOUND_CTLPEM_FILE \
- $UNBOUND_SRVKEY_FILE $UNBOUND_SRVPEM_FILE
+ chmod 640 $UB_CTLKEY_FILE $UB_CTLPEM_FILE \
+ $UB_SRVKEY_FILE $UB_SRVPEM_FILE
elif [ -x /usr/sbin/unbound-control-setup ] ; then
- case "$UNBOUND_D_CONTROL" in
- [2-3])
- # unbound-control-setup for encrypt opt. 2 and 3, but not 4 "static"
- /usr/sbin/unbound-control-setup -d $UNBOUND_VARDIR
+ case "$UB_D_CONTROL" in
+ [2-3])
+ # unbound-control-setup for encrypt opt. 2 and 3, but not 4 "static"
+ /usr/sbin/unbound-control-setup -d $UB_VARDIR
- chown -R unbound:unbound $UNBOUND_CTLKEY_FILE $UNBOUND_CTLPEM_FILE \
- $UNBOUND_SRVKEY_FILE $UNBOUND_SRVPEM_FILE
+ chown -R unbound:unbound $UB_CTLKEY_FILE $UB_CTLPEM_FILE \
+ $UB_SRVKEY_FILE $UB_SRVPEM_FILE
- chmod 640 $UNBOUND_CTLKEY_FILE $UNBOUND_CTLPEM_FILE \
- $UNBOUND_SRVKEY_FILE $UNBOUND_SRVPEM_FILE
+ chmod 640 $UB_CTLKEY_FILE $UB_CTLPEM_FILE \
+ $UB_SRVKEY_FILE $UB_SRVPEM_FILE
- cp -p $UNBOUND_CTLKEY_FILE /etc/unbound/unbound_control.key
- cp -p $UNBOUND_CTLPEM_FILE /etc/unbound/unbound_control.pem
- cp -p $UNBOUND_SRVKEY_FILE /etc/unbound/unbound_server.key
- cp -p $UNBOUND_SRVPEM_FILE /etc/unbound/unbound_server.pem
- ;;
+ cp -p $UB_CTLKEY_FILE /etc/unbound/unbound_control.key
+ cp -p $UB_CTLPEM_FILE /etc/unbound/unbound_control.pem
+ cp -p $UB_SRVKEY_FILE /etc/unbound/unbound_server.key
+ cp -p $UB_SRVPEM_FILE /etc/unbound/unbound_server.pem
+ ;;
esac
fi
+
+
+ if [ "$UB_B_NTP_BOOT" -eq 0 ] ; then
+ # time is considered okay on this device (skip /etc/hotplug/ntpd/unbound)
+ date -Is > $UB_TIME_FILE
+ fi
}
##############################################################################
unbound_control() {
- if [ "$UNBOUND_D_CONTROL" -gt 1 ] ; then
- if [ ! -f $UNBOUND_CTLKEY_FILE -o ! -f $UNBOUND_CTLPEM_FILE \
- -o ! -f $UNBOUND_SRVKEY_FILE -o ! -f $UNBOUND_SRVPEM_FILE ] ; then
+ echo "# $UB_CTRL_CONF generated by UCI $( date -Is )" > $UB_CTRL_CONF
+
+
+ if [ "$UB_D_CONTROL" -gt 1 ] ; then
+ if [ ! -f $UB_CTLKEY_FILE -o ! -f $UB_CTLPEM_FILE \
+ -o ! -f $UB_SRVKEY_FILE -o ! -f $UB_SRVPEM_FILE ] ; then
# Key files need to be present; if unbound-control-setup was found, then
# they might have been made during unbound_makedir() above.
- UNBOUND_D_CONTROL=0
+ UB_D_CONTROL=0
fi
fi
- case "$UNBOUND_D_CONTROL" in
- 1)
- {
- # Local Host Only Unencrypted Remote Control
- echo "remote-control:"
- echo " control-enable: yes"
- echo " control-use-cert: no"
- echo " control-interface: 127.0.0.1"
- echo " control-interface: ::1"
- echo
- } >> $UNBOUND_CONFFILE
- ;;
+ case "$UB_D_CONTROL" in
+ 1)
+ {
+ # Local Host Only Unencrypted Remote Control
+ echo "remote-control:"
+ echo " control-enable: yes"
+ echo " control-use-cert: no"
+ echo " control-interface: 127.0.0.1"
+ echo " control-interface: ::1"
+ echo
+ } >> $UB_CTRL_CONF
+ ;;
- 2)
- {
- # Local Host Only Encrypted Remote Control
- echo "remote-control:"
- echo " control-enable: yes"
- echo " control-use-cert: yes"
- echo " control-interface: 127.0.0.1"
- echo " control-interface: ::1"
- echo " server-key-file: $UNBOUND_SRVKEY_FILE"
- echo " server-cert-file: $UNBOUND_SRVPEM_FILE"
- echo " control-key-file: $UNBOUND_CTLKEY_FILE"
- echo " control-cert-file: $UNBOUND_CTLPEM_FILE"
- echo
- } >> $UNBOUND_CONFFILE
- ;;
+ 2)
+ {
+ # Local Host Only Encrypted Remote Control
+ echo "remote-control:"
+ echo " control-enable: yes"
+ echo " control-use-cert: yes"
+ echo " control-interface: 127.0.0.1"
+ echo " control-interface: ::1"
+ echo " server-key-file: $UB_SRVKEY_FILE"
+ echo " server-cert-file: $UB_SRVPEM_FILE"
+ echo " control-key-file: $UB_CTLKEY_FILE"
+ echo " control-cert-file: $UB_CTLPEM_FILE"
+ echo
+ } >> $UB_CTRL_CONF
+ ;;
- [3-4])
- {
- # Network Encrypted Remote Control
- # (3) may auto setup and (4) must have static key/pem files
- # TODO: add UCI list for interfaces to bind
- echo "remote-control:"
- echo " control-enable: yes"
- echo " control-use-cert: yes"
- echo " control-interface: 0.0.0.0"
- echo " control-interface: ::0"
- echo " server-key-file: $UNBOUND_SRVKEY_FILE"
- echo " server-cert-file: $UNBOUND_SRVPEM_FILE"
- echo " control-key-file: $UNBOUND_CTLKEY_FILE"
- echo " control-cert-file: $UNBOUND_CTLPEM_FILE"
- echo
- } >> $UNBOUND_CONFFILE
- ;;
+ [3-4])
+ {
+ # Network Encrypted Remote Control
+ # (3) may auto setup and (4) must have static key/pem files
+ # TODO: add UCI list for interfaces to bind
+ echo "remote-control:"
+ echo " control-enable: yes"
+ echo " control-use-cert: yes"
+ echo " control-interface: 0.0.0.0"
+ echo " control-interface: ::0"
+ echo " server-key-file: $UB_SRVKEY_FILE"
+ echo " server-cert-file: $UB_SRVPEM_FILE"
+ echo " control-key-file: $UB_CTLKEY_FILE"
+ echo " control-cert-file: $UB_CTLPEM_FILE"
+ echo
+ } >> $UB_CTRL_CONF
+ ;;
esac
-
-
- {
- # Amend your own extended clauses here like forward zones or disable
- # above (local, no encryption) and amend your own remote encrypted control
- echo
- echo "include: $UNBOUND_EXT_CONF" >> $UNBOUND_CONFFILE
- echo
- } >> $UNBOUND_CONFFILE
}
##############################################################################
-unbound_forward() {
- local fdomain fresolver resolvers
- # Forward selected domains to the upstream (WAN) stub resolver. This may be
- # faster or local pool addresses to ISP service login page. This may keep
- # internal organization lookups, well, internal to the organization.
+unbound_zone() {
+ local cfg=$1
+ local zone_sym zone_name zone_type zone_enabled zone_file
+ local tls_upstream fallback proivder
+ local server port tls_port tls_index tls_suffix url_dir
+ if [ ! -f "$UB_ZONE_CONF" ] ; then
+ echo "# $UB_ZONE_CONF generated by UCI $( date -Is )" > $UB_ZONE_CONF
+ fi
- if [ -n "$UNBOUND_LIST_FORWARD" ] ; then
- resolvers=$( grep nameserver /tmp/resolv.conf.auto | sed "s/nameserver//g" )
+ config_get_bool zone_enabled "$cfg" enabled 0
- if [ -n "$resolvers" ] ; then
- for fdomain in $UNBOUND_LIST_FORWARD ; do
- {
- echo "forward-zone:"
- echo " name: $fdomain"
- for fresolver in $resolvers ; do
- echo " forward-addr: $fresolver"
- done
- echo
- } >> $UNBOUND_CONFFILE
- done
+
+ if [ "$zone_enabled" -eq 1 ] ; then
+ # these lists are built for each zone; empty to start
+ UB_LIST_ZONE_NAMES=""
+ UB_LIST_ZONE_SERVERS=""
+
+ config_get zone_type "$cfg" zone_type ""
+ config_get port "$cfg" port ""
+ config_get tls_index "$cfg" tls_index ""
+ config_get tls_port "$cfg" tls_port 853
+ config_get url_dir "$cfg" url_dir ""
+
+ config_get_bool resolv_conf "$cfg" resolv_conf 0
+ config_get_bool fallback "$cfg" fallback 1
+ config_get_bool tls_upstream "$cfg" tls_upstream 0
+
+ config_list_foreach "$cfg" zone_name bundle_zone_names
+ config_list_foreach "$cfg" server bundle_zone_servers
+
+ # string formating for Unbound syntax
+ tls_suffix="${tls_port:+@${tls_port}${tls_index:+#${tls_index}}}"
+ [ "$fallback" -eq 0 ] && fallback=no || fallback=yes
+ [ "$tls_upstream" -eq 0 ] && tls_upstream=no || tls_upstream=yes
+
+
+ if [ $resolv_conf -eq 1 ] ; then
+ bundle_resolv_conf_servers
fi
+
+ else
+ zone_type=skip
fi
-}
-##############################################################################
-unbound_auth_root() {
- local axfrservers="lax.xfr.dns.icann.org iad.xfr.dns.icann.org"
- local httpserver="http://www.internic.net/domain/"
- local authzones="root arpa in-addr.arpa ip6.arpa"
- local server zone realzone
- # Download or AXFR the root and arpa zones to reduce the work needed at
- # top level of recursion. If your users will hit many ccTLD or you have
- # tracking logs resolving many PTR, then this can speed things up.
- # Total size of text in TMPFS could be about 5MB.
-
-
- if [ "$UNBOUND_B_AUTH_ROOT" -gt 0 ] ; then
- for zone in $authzones ; do
- if [ "$zone" = "root" ] ; then
- realzone="."
- else
- realzone=$zone
+ case $zone_type in
+ auth_zone)
+ if [ -n "$UB_LIST_ZONE_NAMES" ] \
+ && [ -n "$url_dir" -o -n "$UB_LIST_ZONE_SERVERS" ] ; then
+ for zone_name in $UB_LIST_ZONE_NAMES ; do
+ if [ "$zone_name" = "." ] ; then
+ zone_sym=.
+ zone_name=root
+ zone_file=root.zone
+ else
+ zone_sym=$zone_name
+ zone_file=$zone_name.zone
+ zone_file=${zone_file//../.}
+ fi
+
+
+ {
+ # generate an auth-zone: with switches for prefetch cache
+ echo "auth-zone:"
+ echo " name: $zone_sym"
+ for server in $UB_LIST_ZONE_SERVERS ; do
+ echo " master: $server${port:+@${port}}"
+ done
+ if [ -n "$url_dir" ] ; then
+ echo " url: $url_dir$zone_file"
+ fi
+ echo " fallback-enabled: $fallback"
+ echo " for-downstream: no"
+ echo " for-upstream: yes"
+ echo " zonefile: $zone_file"
+ echo
+ } >> $UB_ZONE_CONF
+ done
+ fi
+ ;;
+
+ forward_zone)
+ if [ ! -f $UB_TLS_FWD_FILE -a "$tls_upstream" = "yes" ] ; then
+ logger -p 4 -t unbound -s \
+ "Forward-zone TLS benefits from authentication in package 'ca-bundle'"
fi
- {
- echo "auth-zone:"
- echo " name: $realzone"
- for server in $axfrservers ; do
- echo " master: $server"
+ if [ -n "$UB_LIST_ZONE_NAMES" -a -n "$UB_LIST_ZONE_SERVERS" ] ; then
+ for zonename in $UB_LIST_ZONE_NAMES ; do
+ {
+ # generate a forward-zone with or without tls
+ echo "forward-zone:"
+ echo " name: $zonename"
+ for server in $UB_LIST_ZONE_SERVERS ; do
+ if [ "$tls_upstream" = "yes" ] ; then
+ echo " forward-addr: $server${tls_suffix}"
+ else
+ echo " forward-addr: $server${port:+@${port}}"
+ fi
+ done
+ echo " forward-first: $fallback"
+ echo " forward-tls-upstream: $tls_upstream"
+ echo
+ } >> $UB_ZONE_CONF
done
- echo " url: $httpserver$zone.zone"
- echo " fallback-enabled: yes"
- echo " for-downstream: no"
- echo " for-upstream: yes"
- echo " zonefile: $zone.zone"
- echo
- } >> $UNBOUND_CONFFILE
- done
- fi
+ fi
+ ;;
+
+ stub_zone)
+ if [ -n "$UB_LIST_ZONE_NAMES" -a -n "$UB_LIST_ZONE_SERVERS" ] ; then
+ for zonename in $UB_LIST_ZONE_NAMES ; do
+ {
+ # generate a stub-zone: or ensure short cut to authority NS
+ echo "stub-zone:"
+ echo " name: $zonename"
+ for server in $UB_LIST_ZONE_SERVERS ; do
+ echo " stub-addr: $server${port:+@${port}}"
+ done
+ echo " stub-first: $fallback"
+ echo
+ } >> $UB_ZONE_CONF
+ done
+ fi
+ ;;
+ esac
}
##############################################################################
unbound_conf() {
- local rt_mem rt_conn modulestring domain ifsubnet
-
- # Make fresh conf file
- echo > $UNBOUND_CONFFILE
-
+ local rt_mem rt_conn rt_buff modulestring domain ifsubnet nsubnet
{
- # Make fresh conf file
- echo "# $UNBOUND_CONFFILE generated by UCI $( date )"
- echo
+ # server: for this whole function
+ echo "# $UB_CORE_CONF generated by UCI $( date -Is )"
echo "server:"
echo " username: unbound"
- echo " chroot: $UNBOUND_VARDIR"
- echo " directory: $UNBOUND_VARDIR"
- echo " pidfile: $UNBOUND_PIDFILE"
- echo
+ echo " chroot: $UB_VARDIR"
+ echo " directory: $UB_VARDIR"
+ echo " pidfile: $UB_PIDFILE"
+ } > $UB_CORE_CONF
+
+
+ if [ -f "$UB_TLS_FWD_FILE" ] ; then
+ # TLS cert bundle for upstream forwarder and https zone files
+ # This is loaded before drop to root, so pull from /etc/ssl
+ echo " tls-cert-bundle: $UB_TLS_FWD_FILE" >> $UB_CORE_CONF
+ fi
+
+
+ if [ -f "$UB_RHINT_FILE" ] ; then
+ # Optional hints if found
+ echo " root-hints: $UB_RHINT_FILE" >> $UB_CORE_CONF
+ fi
+
+
+ if [ "$UB_B_DNSSEC" -gt 0 -a -f "$UB_RKEY_FILE" ] ; then
+ {
+ echo " auto-trust-anchor-file: $UB_RKEY_FILE"
+ echo
+ } >> $UB_CORE_CONF
+
+ else
+ echo >> $UB_CORE_CONF
+ fi
+
+
+ {
# No threading
echo " num-threads: 1"
echo " msg-cache-slabs: 1"
echo " infra-cache-slabs: 1"
echo " key-cache-slabs: 1"
echo
- # Interface Wildcard (access contol handled by "option local_service")
- echo " interface: 0.0.0.0"
- echo " interface: ::0"
- echo " outgoing-interface: 0.0.0.0"
- echo " outgoing-interface: ::0"
- echo
# Logging
echo " use-syslog: yes"
- echo " verbosity: 1"
echo " statistics-interval: 0"
echo " statistics-cumulative: no"
- } >> $UNBOUND_CONFFILE
+ } >> $UB_CORE_CONF
+
+ if [ "$UB_D_VERBOSE" -ge 0 -a "$UB_D_VERBOSE" -le 5 ] ; then
+ echo " verbosity: $UB_D_VERBOSE" >> $UB_CORE_CONF
+ fi
- if [ "$UNBOUND_B_EXT_STATS" -gt 0 ] ; then
+
+ if [ "$UB_B_EXT_STATS" -gt 0 ] ; then
{
# Log More
echo " extended-statistics: yes"
echo
- } >> $UNBOUND_CONFFILE
+ } >> $UB_CORE_CONF
else
{
# Log Less
echo " extended-statistics: no"
echo
- } >> $UNBOUND_CONFFILE
+ } >> $UB_CORE_CONF
fi
- case "$UNBOUND_D_PROTOCOL" in
+ case "$UB_D_PROTOCOL" in
ip4_only)
{
+ echo " edns-buffer-size: $UB_N_EDNS_SIZE"
+ echo " port: $UB_N_RX_PORT"
+ echo " outgoing-port-permit: 10240-65535"
+ echo " interface: 0.0.0.0"
+ echo " interface: ::0"
+ echo " outgoing-interface: 0.0.0.0"
echo " do-ip4: yes"
echo " do-ip6: no"
- } >> $UNBOUND_CONFFILE
+ echo
+ } >> $UB_CORE_CONF
;;
ip6_only)
{
+ echo " edns-buffer-size: $UB_N_EDNS_SIZE"
+ echo " port: $UB_N_RX_PORT"
+ echo " outgoing-port-permit: 10240-65535"
+ echo " interface: 0.0.0.0"
+ echo " interface: ::0"
+ echo " outgoing-interface: ::0"
echo " do-ip4: no"
echo " do-ip6: yes"
- } >> $UNBOUND_CONFFILE
+ echo
+ } >> $UB_CORE_CONF
;;
ip6_prefer)
{
+ echo " edns-buffer-size: $UB_N_EDNS_SIZE"
+ echo " port: $UB_N_RX_PORT"
+ echo " outgoing-port-permit: 10240-65535"
+ echo " interface: 0.0.0.0"
+ echo " interface: ::0"
+ echo " outgoing-interface: 0.0.0.0"
+ echo " outgoing-interface: ::0"
echo " do-ip4: yes"
echo " do-ip6: yes"
echo " prefer-ip6: yes"
- } >> $UNBOUND_CONFFILE
+ echo
+ } >> $UB_CORE_CONF
;;
mixed)
{
+ # Interface Wildcard (access contol handled by "option local_service")
+ echo " edns-buffer-size: $UB_N_EDNS_SIZE"
+ echo " port: $UB_N_RX_PORT"
+ echo " outgoing-port-permit: 10240-65535"
+ echo " interface: 0.0.0.0"
+ echo " interface: ::0"
+ echo " outgoing-interface: 0.0.0.0"
+ echo " outgoing-interface: ::0"
echo " do-ip4: yes"
echo " do-ip6: yes"
- } >> $UNBOUND_CONFFILE
+ echo
+ } >> $UB_CORE_CONF
;;
*)
- if [ ! -f "$UNBOUND_TIMEFILE" ] ; then
+ if [ ! -f "$UB_TIME_FILE" ] ; then
logger -t unbound -s "default protocol configuration"
fi
- ;;
- esac
- {
- # protocol level tuning
- echo " edns-buffer-size: $UNBOUND_N_EDNS_SIZE"
- echo " msg-buffer-size: 8192"
- echo " port: $UNBOUND_N_RX_PORT"
- echo " outgoing-port-permit: 10240-65535"
- echo
- } >> $UNBOUND_CONFFILE
+ {
+ # outgoing-interface has useful defaults; incoming is localhost though
+ echo " edns-buffer-size: $UB_N_EDNS_SIZE"
+ echo " port: $UB_N_RX_PORT"
+ echo " outgoing-port-permit: 10240-65535"
+ echo " interface: 0.0.0.0"
+ echo " interface: ::0"
+ echo
+ } >> $UB_CORE_CONF
+ ;;
+ esac
{
echo " harden-referral-path: no"
echo " use-caps-for-id: no"
echo
- } >> $UNBOUND_CONFFILE
-
-
- if [ -f "$UNBOUND_HINTFILE" ] ; then
- # Optional hints if found
- echo " root-hints: $UNBOUND_HINTFILE" >> $UNBOUND_CONFFILE
- fi
-
+ } >> $UB_CORE_CONF
- if [ "$UNBOUND_B_DNSSEC" -gt 0 -a -f "$UNBOUND_KEYFILE" ] ; then
- {
- echo " auto-trust-anchor-file: $UNBOUND_KEYFILE"
- echo
- } >> $UNBOUND_CONFFILE
- else
- echo >> $UNBOUND_CONFFILE
- fi
-
-
- case "$UNBOUND_D_RESOURCE" in
+ case "$UB_D_RESOURCE" in
# Tiny - Unbound's recommended cheap hardware config
- tiny) rt_mem=1 ; rt_conn=1 ;;
+ tiny) rt_mem=1 ; rt_conn=2 ; rt_buff=1 ;;
# Small - Half RRCACHE and open ports
- small) rt_mem=8 ; rt_conn=5 ;;
+ small) rt_mem=8 ; rt_conn=10 ; rt_buff=2 ;;
# Medium - Nearly default but with some added balancintg
- medium) rt_mem=16 ; rt_conn=10 ;;
+ medium) rt_mem=16 ; rt_conn=20 ; rt_buff=4 ;;
# Large - Double medium
- large) rt_mem=32 ; rt_conn=10 ;;
+ large) rt_mem=32 ; rt_conn=40 ; rt_buff=4 ;;
# Whatever unbound does
*) rt_mem=0 ; rt_conn=0 ;;
esac
if [ "$rt_mem" -gt 0 ] ; then
{
# Set memory sizing parameters
+ echo " msg-buffer-size: $(($rt_buff*8192))"
echo " outgoing-range: $(($rt_conn*64))"
echo " num-queries-per-thread: $(($rt_conn*32))"
echo " outgoing-num-tcp: $(($rt_conn))"
echo " neg-cache-size: $(($rt_mem*64))k"
echo " infra-cache-numhosts: $(($rt_mem*256))"
echo
- } >> $UNBOUND_CONFFILE
+ } >> $UB_CORE_CONF
- elif [ ! -f "$UNBOUND_TIMEFILE" ] ; then
+ elif [ ! -f "$UB_TIME_FILE" ] ; then
logger -t unbound -s "default memory configuration"
fi
modulestring="iterator"
- if [ "$UNBOUND_B_DNSSEC" -gt 0 ] ; then
- if [ ! -f "$UNBOUND_TIMEFILE" -a "$UNBOUND_B_NTP_BOOT" -gt 0 ] ; then
+ if [ "$UB_B_DNSSEC" -gt 0 ] ; then
+ if [ ! -f "$UB_TIME_FILE" -a "$UB_B_NTP_BOOT" -gt 0 ] ; then
# DNSSEC chicken and egg with getting NTP time
- echo " val-override-date: -1" >> $UNBOUND_CONFFILE
+ echo " val-override-date: -1" >> $UB_CORE_CONF
fi
echo " harden-dnssec-stripped: yes"
echo " val-clean-additional: yes"
echo " ignore-cd-flag: yes"
- } >> $UNBOUND_CONFFILE
+ } >> $UB_CORE_CONF
modulestring="validator $modulestring"
fi
- if [ "$UNBOUND_B_DNS64" -gt 0 ] ; then
- echo " dns64-prefix: $UNBOUND_IP_DNS64" >> $UNBOUND_CONFFILE
+ if [ "$UB_B_DNS64" -gt 0 ] ; then
+ echo " dns64-prefix: $UB_IP_DNS64" >> $UB_CORE_CONF
modulestring="dns64 $modulestring"
fi
# Print final module string
echo " module-config: \"$modulestring\""
echo
- } >> $UNBOUND_CONFFILE
+ } >> $UB_CORE_CONF
- case "$UNBOUND_D_RECURSION" in
+ case "$UB_D_RECURSION" in
passive)
{
# Some query privacy but "strict" will break some servers
- if [ "$UNBOUND_B_QRY_MINST" -gt 0 \
- -a "$UNBOUND_B_QUERY_MIN" -gt 0 ] ; then
+ if [ "$UB_B_QRY_MINST" -gt 0 \
+ -a "$UB_B_QUERY_MIN" -gt 0 ] ; then
echo " qname-minimisation: yes"
echo " qname-minimisation-strict: yes"
- elif [ "$UNBOUND_B_QUERY_MIN" -gt 0 ] ; then
+ elif [ "$UB_B_QUERY_MIN" -gt 0 ] ; then
echo " qname-minimisation: yes"
else
echo " qname-minimisation: no"
fi
# Use DNSSEC to quickly understand NXDOMAIN ranges
- if [ "$UNBOUND_B_DNSSEC" -gt 0 ] ; then
+ if [ "$UB_B_DNSSEC" -gt 0 ] ; then
echo " aggressive-nsec: yes"
echo " prefetch-key: no"
fi
echo " prefetch: no"
echo " target-fetch-policy: \"0 0 0 0 0\""
echo
- } >> $UNBOUND_CONFFILE
+ } >> $UB_CORE_CONF
;;
aggressive)
{
# Some query privacy but "strict" will break some servers
- if [ "$UNBOUND_B_QRY_MINST" -gt 0 \
- -a "$UNBOUND_B_QUERY_MIN" -gt 0 ] ; then
+ if [ "$UB_B_QRY_MINST" -gt 0 \
+ -a "$UB_B_QUERY_MIN" -gt 0 ] ; then
echo " qname-minimisation: yes"
echo " qname-minimisation-strict: yes"
- elif [ "$UNBOUND_B_QUERY_MIN" -gt 0 ] ; then
+ elif [ "$UB_B_QUERY_MIN" -gt 0 ] ; then
echo " qname-minimisation: yes"
else
echo " qname-minimisation: no"
fi
# Use DNSSEC to quickly understand NXDOMAIN ranges
- if [ "$UNBOUND_B_DNSSEC" -gt 0 ] ; then
+ if [ "$UB_B_DNSSEC" -gt 0 ] ; then
echo " aggressive-nsec: yes"
echo " prefetch-key: yes"
fi
echo " prefetch: yes"
echo " target-fetch-policy: \"3 2 1 0 0\""
echo
- } >> $UNBOUND_CONFFILE
+ } >> $UB_CORE_CONF
;;
*)
- if [ ! -f "$UNBOUND_TIMEFILE" ] ; then
+ if [ ! -f "$UB_TIME_FILE" ] ; then
logger -t unbound -s "default recursion configuration"
fi
;;
{
- # Reload records more than 10 hours old
+ # Reload records more than 20 hours old
# DNSSEC 5 minute bogus cool down before retry
# Adaptive infrastructure info kept for 15 minutes
- echo " cache-min-ttl: $UNBOUND_TTL_MIN"
- echo " cache-max-ttl: 36000"
+ echo " cache-min-ttl: $UB_TTL_MIN"
+ echo " cache-max-ttl: 72000"
echo " val-bogus-ttl: 300"
echo " infra-host-ttl: 900"
echo
- } >> $UNBOUND_CONFFILE
+ } >> $UB_CORE_CONF
- if [ "$UNBOUND_B_HIDE_BIND" -gt 0 ] ; then
+ if [ "$UB_B_HIDE_BIND" -gt 0 ] ; then
{
# Block server id and version DNS TXT records
echo " hide-identity: yes"
echo " hide-version: yes"
echo
- } >> $UNBOUND_CONFFILE
+ } >> $UB_CORE_CONF
fi
- if [ "$UNBOUND_D_PRIV_BLCK" -gt 0 ] ; then
+ if [ "$UB_D_PRIV_BLCK" -gt 0 ] ; then
{
# Remove _upstream_ or global reponses with private addresses.
# Unbounds own "local zone" and "forward zone" may still use these.
echo " private-address: fc00::/7"
echo " private-address: fe80::/10"
echo
- } >> $UNBOUND_CONFFILE
+ } >> $UB_CORE_CONF
fi
- if [ -n "$UNBOUND_LIST_PRV_IP6GLA" -a "$UNBOUND_D_PRIV_BLCK" -gt 1 ] ; then
- for ifsubnet in $UNBOUND_LIST_PRV_IP6GLA ; do
- # Remove global DNS responses with your local network IP6 GLA
- echo " private-address: $ifsubnet" >> $UNBOUND_CONFFILE
- done
-
-
- echo >> $UNBOUND_CONFFILE
+ if [ -n "$UB_LIST_NETW_LAN" -a "$UB_D_PRIV_BLCK" -gt 1 ] ; then
+ {
+ for ifsubnet in $UB_LIST_NETW_LAN ; do
+ case $ifsubnet in
+ *@[1-9][0-9a-f][0-9a-f][0-9a-f]:*:[0-9a-f]*)
+ # Remove global DNS responses with your local network IP6 GLA
+ echo " private-address: ${ifsubnet#*@}"
+ ;;
+ esac
+ done
+ echo
+ } >> $UB_CORE_CONF
fi
- if [ "$UNBOUND_B_LOCL_BLCK" -gt 0 ] ; then
+ if [ "$UB_B_LOCL_BLCK" -gt 0 ] ; then
{
# Remove DNS reponses from upstream with loopback IP
# Black hole DNS method for ad blocking, so consider...
echo " private-address: 127.0.0.0/8"
echo " private-address: ::1/128"
echo
- } >> $UNBOUND_CONFFILE
+ } >> $UB_CORE_CONF
fi
- if [ -n "$UNBOUND_LIST_INSECURE" ] ; then
- for domain in $UNBOUND_LIST_INSECURE ; do
- # Except and accept domains without (DNSSEC); work around broken domains
- echo " domain-insecure: $domain" >> $UNBOUND_CONFFILE
- done
-
-
- echo >> $UNBOUND_CONFFILE
+ if [ -n "$UB_LIST_INSECURE" ] ; then
+ {
+ for domain in $UB_LIST_INSECURE ; do
+ # Except and accept domains without (DNSSEC); work around broken domains
+ echo " domain-insecure: $domain"
+ done
+ echo
+ } >> $UB_CORE_CONF
fi
-}
-
-##############################################################################
-
-unbound_access() {
- # TODO: Unbound 1.6.0 added "tags" and "views", so we can add tags to
- # each access-control IP block, and then divert access.
- # -- "guest" WIFI will not be allowed to see local zone data
- # -- "child" LAN can black whole a list of domains to http~deadpixel
-
-
- if [ "$UNBOUND_B_LOCL_SERV" -gt 0 ] ; then
- # Only respond to queries from which this device has an interface.
- # Prevent DNS amplification attacks by not responding to the universe.
- config_load network
- config_foreach create_access_control interface
+ if [ "$UB_B_LOCL_SERV" -gt 0 -a -n "$UB_LIST_NETW_ALL" ] ; then
{
+ for ifsubnet in $UB_LIST_NETW_ALL ; do
+ # Only respond to queries from subnets which have an interface.
+ # Prevent DNS amplification attacks by not responding to the universe.
+ echo " access-control: ${ifsubnet#*@} allow"
+ done
echo " access-control: 127.0.0.0/8 allow"
echo " access-control: ::1/128 allow"
echo " access-control: fe80::/10 allow"
echo
- } >> $UNBOUND_CONFFILE
+ } >> $UB_CORE_CONF
else
{
echo " access-control: 0.0.0.0/0 allow"
echo " access-control: ::0/0 allow"
echo
- } >> $UNBOUND_CONFFILE
+ } >> $UB_CORE_CONF
fi
-
-
- {
- # Amend your own "server:" stuff here
- echo " include: $UNBOUND_SRV_CONF"
- echo
- } >> $UNBOUND_CONFFILE
}
##############################################################################
-unbound_adblock() {
- # TODO: Unbound 1.6.0 added "tags" and "views"; lets work with adblock team
- local adb_enabled adb_file
-
+unbound_hostname() {
+ local ifsubnet ifarpa ifaddr ifname iffqdn
+ local ulaprefix hostfqdn name names namerec ptrrec
+ local zonetype=0
- if [ ! -x /usr/bin/adblock.sh -o ! -x /etc/init.d/adblock ] ; then
- adb_enabled=0
- else
- /etc/init.d/adblock enabled && adb_enabled=1 || adb_enabled=0
- fi
+ echo "# $UB_HOST_CONF generated by UCI $( date -Is )" > $UB_HOST_CONF
- if [ "$adb_enabled" -gt 0 ] ; then
+ if [ "$UB_D_DHCP_LINK" = "dnsmasq" ] ; then
{
- # Pull in your selected openwrt/pacakges/net/adblock generated lists
- for adb_file in $UNBOUND_VARDIR/adb_list.* ; do
- echo " include: $adb_file"
- done
+ echo "# Local zone is handled by dnsmasq"
echo
- } >> $UNBOUND_CONFFILE
- fi
-}
+ } >> $UB_HOST_CONF
-##############################################################################
+ elif [ -n "$UB_TXT_DOMAIN" ] \
+ && [ "$UB_D_WAN_FQDN" -gt 0 -o "$UB_D_LAN_FQDN" -gt 0 ] ; then
+ case "$UB_D_DOMAIN_TYPE" in
+ deny|inform_deny|refuse|static)
+ {
+ # type static means only this router has your domain
+ echo " domain-insecure: $UB_TXT_DOMAIN"
+ echo " private-domain: $UB_TXT_DOMAIN"
+ echo " local-zone: $UB_TXT_DOMAIN $UB_D_DOMAIN_TYPE"
+ echo " local-data: \"$UB_TXT_DOMAIN. $UB_XSOA\""
+ echo " local-data: \"$UB_TXT_DOMAIN. $UB_XNS\""
+ echo " local-data: '$UB_TXT_DOMAIN. $UB_XTXT'"
+ echo
+ # avoid upstream involvement in RFC6762
+ echo " domain-insecure: local"
+ echo " private-domain: local"
+ echo " local-zone: local $UB_D_DOMAIN_TYPE"
+ echo " local-data: \"local. $UB_XSOA\""
+ echo " local-data: \"local. $UB_XNS\""
+ echo " local-data: 'local. $UB_LTXT'"
+ echo
+ } >> $UB_HOST_CONF
+ zonetype=2
+ ;;
-unbound_hostname() {
- local ifsubnet ifarpa
+ transparent|typetransparent)
+ {
+ # transparent will permit forward-zone: or stub-zone: clauses
+ echo " private-domain: $UB_TXT_DOMAIN"
+ echo " local-zone: $UB_TXT_DOMAIN $UB_D_DOMAIN_TYPE"
+ echo
+ } >> $UB_HOST_CONF
+ zonetype=1
+ ;;
+ esac
- if [ -n "$UNBOUND_TXT_DOMAIN" ] ; then
{
- # Hostname as TLD works, but not transparent through recursion
- echo " domain-insecure: $UNBOUND_TXT_HOSTNAME"
- echo " private-domain: $UNBOUND_TXT_HOSTNAME"
- echo " local-zone: $UNBOUND_TXT_HOSTNAME static"
- echo " local-data: \"$UNBOUND_TXT_HOSTNAME. $UNBOUND_XSOA\""
- echo " local-data: \"$UNBOUND_TXT_HOSTNAME. $UNBOUND_XNS\""
+ # Hostname as TLD works, but not transparent through recursion (singular)
+ echo " domain-insecure: $UB_TXT_HOSTNAME"
+ echo " private-domain: $UB_TXT_HOSTNAME"
+ echo " local-zone: $UB_TXT_HOSTNAME static"
+ echo " local-data: \"$UB_TXT_HOSTNAME. $UB_XSOA\""
+ echo " local-data: \"$UB_TXT_HOSTNAME. $UB_XNS\""
+ echo " local-data: '$UB_TXT_HOSTNAME. $UB_XTXT'"
echo
- } >> $UNBOUND_CONFFILE
+ } >> $UB_HOST_CONF
- case "$UNBOUND_D_DOMAIN_TYPE" in
- deny|inform_deny|refuse|static)
- if [ -n "$UNBOUND_LIST_PRV_IP6GLA" \
- -a "$UNBOUND_D_PRIV_BLCK" -gt 1 ] ; then
- for ifsubnet in $UNBOUND_LIST_PRV_IP6GLA ; do
- ifarpa=$( domain_ptr_any "$ifsubnet" )
+ if [ -f "$UB_TIME_FILE" ] ; then
+ if [ -n "$UB_LIST_NETW_WAN" ] ; then
+ for ifsubnet in $UB_LIST_NETW_WAN ; do
+ ifaddr=${ifsubnet#*@}
+ ifaddr=${ifaddr%/*}
+ ifarpa=$( host_ptr_any "$ifaddr" )
if [ -n "$ifarpa" ] ; then
- {
- # Do NOT forward queries with your GLA ip6.arpa
- echo " domain-insecure: $ifarpa"
- echo " local-zone: $ifarpa $UNBOUND_D_DOMAIN_TYPE"
- echo " local-data: \"$ifarpa. $UNBOUND_XSOA\""
- echo " local-data: \"$ifarpa. $UNBOUND_XNS\""
- echo
- } >> $UNBOUND_CONFFILE
+ if [ "$UB_D_WAN_FQDN" -gt 0 ] ; then
+ {
+ # Create a static zone for WAN host record only (singular)
+ echo " domain-insecure: $ifarpa"
+ echo " private-address: $ifaddr"
+ echo " local-zone: $ifarpa static"
+ echo " local-data: \"$ifarpa. $UB_XSOA\""
+ echo " local-data: \"$ifarpa. $UB_XNS\""
+ echo " local-data: '$ifarpa. $UB_MTXT'"
+ echo
+ } >> $UB_HOST_CONF
+
+ elif [ "$zonetype" -gt 0 ] ; then
+ {
+ echo " local-zone: $ifarpa transparent"
+ echo
+ } >> $UB_HOST_CONF
+ fi
fi
done
fi
- if [ -n "$UNBOUND_LIST_LAN_NET" \
- -a "$UNBOUND_D_PRIV_BLCK" -gt 0 ] ; then
- for ifsubnet in $UNBOUND_LIST_LAN_NET ; do
- ifarpa=$( domain_ptr_any "$ifsubnet" )
+ if [ -n "$UB_LIST_NETW_LAN" ] ; then
+ for ifsubnet in $UB_LIST_NETW_LAN ; do
+ ifarpa=$( domain_ptr_any "${ifsubnet#*@}" )
if [ -n "$ifarpa" ] ; then
- {
- # Do NOT forward queries with your ULA ip6.arpa or in-addr.arpa
- echo " domain-insecure: $ifarpa"
- echo " local-zone: $ifarpa $UNBOUND_D_DOMAIN_TYPE"
- echo " local-data: \"$ifarpa. $UNBOUND_XSOA\""
- echo " local-data: \"$ifarpa. $UNBOUND_XNS\""
- echo
- } >> $UNBOUND_CONFFILE
+ if [ "$zonetype" -eq 2 ] ; then
+ {
+ # Do NOT forward queries with your ip6.arpa or in-addr.arpa
+ echo " domain-insecure: $ifarpa"
+ echo " local-zone: $ifarpa static"
+ echo " local-data: \"$ifarpa. $UB_XSOA\""
+ echo " local-data: \"$ifarpa. $UB_XNS\""
+ echo " local-data: '$ifarpa. $UB_XTXT'"
+ echo
+ } >> $UB_HOST_CONF
+
+ elif [ "$zonetype" -eq 1 -a "$UB_D_PRIV_BLCK" -eq 0 ] ; then
+ {
+ echo " local-zone: $ifarpa transparent"
+ echo
+ } >> $UB_HOST_CONF
+ fi
fi
done
fi
- {
- # avoid upstream involvement in RFC6762
- echo " domain-insecure: local"
- echo " private-domain: local"
- echo " local-zone: local $UNBOUND_D_DOMAIN_TYPE"
- echo " local-data: \"local. $UNBOUND_XSOA\""
- echo " local-data: \"local. $UNBOUND_XNS\""
- echo " local-data: \"local. 3600 IN TXT RFC6762\""
- echo
- # type static means only this router has your domain
- # type transparent will permit forward-zone: or stub-zone: clauses
- echo " domain-insecure: $UNBOUND_TXT_DOMAIN"
- echo " private-domain: $UNBOUND_TXT_DOMAIN"
- echo " local-zone: $UNBOUND_TXT_DOMAIN $UNBOUND_D_DOMAIN_TYPE"
- echo " local-data: \"$UNBOUND_TXT_DOMAIN. $UNBOUND_XSOA\""
- echo " local-data: \"$UNBOUND_TXT_DOMAIN. $UNBOUND_XNS\""
- echo
- } >> $UNBOUND_CONFFILE
- ;;
+ ulaprefix=$( uci_get network.@globals[0].ula_prefix )
+ ulaprefix=${ulaprefix%%:/*}
+ hostfqdn="$UB_TXT_HOSTNAME.$UB_TXT_DOMAIN"
- *)
- # likely transparent domain with fordward-zone: clause to next router
- echo " domain-insecure: $UNBOUND_TXT_DOMAIN"
- echo " private-domain: $UNBOUND_TXT_DOMAIN"
- echo " local-zone: $UNBOUND_TXT_DOMAIN $UNBOUND_D_DOMAIN_TYPE"
- echo
- ;;
- esac
+ if [ -z "$ulaprefix" ] ; then
+ # Nonsense so this option isn't globbed below
+ ulaprefix="fdno:such:addr::"
+ fi
- if [ "$UNBOUND_D_LAN_FQDN" -gt 0 -o "$UNBOUND_D_WAN_FQDN" -gt 0 ] ; then
- config_load dhcp
- config_foreach create_interface_dns dhcp
- fi
+ if [ "$UB_LIST_NETW_LAN" -a "$UB_D_LAN_FQDN" -gt 0 ] ; then
+ for ifsubnet in $UB_LIST_NETW_LAN ; do
+ ifaddr=${ifsubnet#*@}
+ ifaddr=${ifaddr%/*}
+ ifname=${ifsubnet%@*}
+ iffqdn="$ifname.$hostfqdn"
- if [ -f "$UNBOUND_DHCP_CONF" ] ; then
- {
- # Seed DHCP records because dhcp scripts trigger externally
- # Incremental Unbound restarts may drop unbound-control add records
- echo " include: $UNBOUND_DHCP_CONF"
- echo
- } >> $UNBOUND_CONFFILE
- fi
- fi
-}
-##############################################################################
+ if [ "$UB_D_LAN_FQDN" -eq 4 ] ; then
+ names="$iffqdn $hostfqdn $UB_TXT_HOSTNAME"
+ ptrrec=" local-data-ptr: \"$ifaddr 300 $iffqdn\""
+ echo "$ptrrec" >> $UB_HOST_CONF
-unbound_records() {
- if [ "$UNBOUND_D_EXTRA_DNS" -gt 0 ] ; then
- # Parasite from the uci.dhcp.domain clauses
- config_load dhcp
- config_foreach create_host_record domain
- fi
+ elif [ "$UB_D_LAN_FQDN" -eq 3 ] ; then
+ names="$hostfqdn $UB_TXT_HOSTNAME"
+ ptrrec=" local-data-ptr: \"$ifaddr 300 $hostfqdn\""
+ echo "$ptrrec" >> $UB_HOST_CONF
+ else
+ names="$UB_TXT_HOSTNAME"
+ ptrrec=" local-data-ptr: \"$ifaddr 300 $UB_TXT_HOSTNAME\""
+ echo "$ptrrec" >> $UB_HOST_CONF
+ fi
- if [ "$UNBOUND_D_EXTRA_DNS" -gt 1 ] ; then
- config_foreach create_srv_record srvhost
- config_foreach create_mx_record mxhost
- fi
+ for name in $names ; do
+ case $ifaddr in
+ "${ulaprefix}"*)
+ # IP6 ULA only is assigned for OPTION 1
+ namerec=" local-data: \"$name. 300 IN AAAA $ifaddr\""
+ echo "$namerec" >> $UB_HOST_CONF
+ ;;
+
+ [1-9]*.*[0-9])
+ namerec=" local-data: \"$name. 300 IN A $ifaddr\""
+ echo "$namerec" >> $UB_HOST_CONF
+ ;;
+
+ *)
+ if [ "$UB_D_LAN_FQDN" -gt 1 ] ; then
+ # IP6 GLA is assigned for higher options
+ namerec=" local-data: \"$name. 300 IN AAAA $ifaddr\""
+ echo "$namerec" >> $UB_HOST_CONF
+ fi
+ ;;
+ esac
+ done
+ echo >> $UB_HOST_CONF
+ done
+ fi
- if [ "$UNBOUND_D_EXTRA_DNS" -gt 2 ] ; then
- config_foreach create_cname_record cname
- fi
+
+ if [ -n "$UB_LIST_NETW_WAN" -a "$UB_D_WAN_FQDN" -gt 0 ] ; then
+ for ifsubnet in $UB_LIST_NETW_WAN ; do
+ ifaddr=${ifsubnet#*@}
+ ifaddr=${ifaddr%/*}
+ ifname=${ifsubnet%@*}
+ iffqdn="$ifname.$hostfqdn"
- echo >> $UNBOUND_CONFFILE
+ if [ "$UB_D_WAN_FQDN" -eq 4 ] ; then
+ names="$iffqdn $hostfqdn $UB_TXT_HOSTNAME"
+ ptrrec=" local-data-ptr: \"$ifaddr 300 $iffqdn\""
+ echo "$ptrrec" >> $UB_HOST_CONF
+
+ elif [ "$UB_D_WAN_FQDN" -eq 3 ] ; then
+ names="$hostfqdn $UB_TXT_HOSTNAME"
+ ptrrec=" local-data-ptr: \"$ifaddr 300 $hostfqdn\""
+ echo "$ptrrec" >> $UB_HOST_CONF
+
+ else
+ names="$UB_TXT_HOSTNAME"
+ ptrrec=" local-data-ptr: \"$ifaddr 300 $UB_TXT_HOSTNAME\""
+ echo "$ptrrec" >> $UB_HOST_CONF
+ fi
+
+
+ for name in $names ; do
+ case $ifaddr in
+ "${ulaprefix}"*)
+ # IP6 ULA only is assigned for OPTION 1
+ namerec=" local-data: \"$name. 300 IN AAAA $ifaddr\""
+ echo "$namerec" >> $UB_HOST_CONF
+ ;;
+
+ [1-9]*.*[0-9])
+ namerec=" local-data: \"$name. 300 IN A $ifaddr\""
+ echo "$namerec" >> $UB_HOST_CONF
+ ;;
+
+ *)
+ if [ "$UB_D_WAN_FQDN" -gt 1 ] ; then
+ # IP6 GLA is assigned for higher options
+ namerec=" local-data: \"$name. 300 IN AAAA $ifaddr\""
+ echo "$namerec" >> $UB_HOST_CONF
+ fi
+ ;;
+ esac
+ done
+ echo >> $UB_HOST_CONF
+ done
+ fi
+ fi # end if time file
+ fi # end if uci valid
}
##############################################################################
local dnsmasqpath hostnm
hostnm=$( uci_get system.@system[0].hostname | awk '{print tolower($0)}' )
- UNBOUND_TXT_HOSTNAME=${hostnm:-thisrouter}
+ UB_TXT_HOSTNAME=${hostnm:-thisrouter}
- config_get_bool UNBOUND_B_SLAAC6_MAC "$cfg" dhcp4_slaac6 0
- config_get_bool UNBOUND_B_DNS64 "$cfg" dns64 0
- config_get_bool UNBOUND_B_EXT_STATS "$cfg" extended_stats 0
- config_get_bool UNBOUND_B_HIDE_BIND "$cfg" hide_binddata 1
- config_get_bool UNBOUND_B_LOCL_SERV "$cfg" localservice 1
- config_get_bool UNBOUND_B_MAN_CONF "$cfg" manual_conf 0
- config_get_bool UNBOUND_B_QUERY_MIN "$cfg" query_minimize 0
- config_get_bool UNBOUND_B_QRY_MINST "$cfg" query_min_strict 0
- config_get_bool UNBOUND_B_AUTH_ROOT "$cfg" prefetch_root 0
- config_get_bool UNBOUND_B_LOCL_BLCK "$cfg" rebind_localhost 0
- config_get_bool UNBOUND_B_DNSSEC "$cfg" validator 0
- config_get_bool UNBOUND_B_NTP_BOOT "$cfg" validator_ntp 1
+ config_get_bool UB_B_SLAAC6_MAC "$cfg" dhcp4_slaac6 0
+ config_get_bool UB_B_DNS64 "$cfg" dns64 0
+ config_get_bool UB_B_EXT_STATS "$cfg" extended_stats 0
+ config_get_bool UB_B_HIDE_BIND "$cfg" hide_binddata 1
+ config_get_bool UB_B_LOCL_SERV "$cfg" localservice 1
+ config_get_bool UB_B_MAN_CONF "$cfg" manual_conf 0
+ config_get_bool UB_B_QUERY_MIN "$cfg" query_minimize 0
+ config_get_bool UB_B_QRY_MINST "$cfg" query_min_strict 0
+ config_get_bool UB_B_AUTH_ROOT "$cfg" prefetch_root 0
+ config_get_bool UB_B_LOCL_BLCK "$cfg" rebind_localhost 0
+ config_get_bool UB_B_DNSSEC "$cfg" validator 0
+ config_get_bool UB_B_NTP_BOOT "$cfg" validator_ntp 1
- config_get UNBOUND_IP_DNS64 "$cfg" dns64_prefix "64:ff9b::/96"
+ config_get UB_IP_DNS64 "$cfg" dns64_prefix "64:ff9b::/96"
- config_get UNBOUND_N_EDNS_SIZE "$cfg" edns_size 1280
- config_get UNBOUND_N_RX_PORT "$cfg" listen_port 53
- config_get UNBOUND_N_ROOT_AGE "$cfg" root_age 9
+ config_get UB_N_EDNS_SIZE "$cfg" edns_size 1280
+ config_get UB_N_RX_PORT "$cfg" listen_port 53
+ config_get UB_N_ROOT_AGE "$cfg" root_age 9
- config_get UNBOUND_D_CONTROL "$cfg" unbound_control 0
- config_get UNBOUND_D_DOMAIN_TYPE "$cfg" domain_type static
- config_get UNBOUND_D_DHCP_LINK "$cfg" dhcp_link none
- config_get UNBOUND_D_EXTRA_DNS "$cfg" add_extra_dns 0
- config_get UNBOUND_D_LAN_FQDN "$cfg" add_local_fqdn 0
- config_get UNBOUND_D_PRIV_BLCK "$cfg" rebind_protection 1
- config_get UNBOUND_D_PROTOCOL "$cfg" protocol mixed
- config_get UNBOUND_D_RECURSION "$cfg" recursion passive
- config_get UNBOUND_D_RESOURCE "$cfg" resource small
- config_get UNBOUND_D_WAN_FQDN "$cfg" add_wan_fqdn 0
+ config_get UB_D_CONTROL "$cfg" unbound_control 0
+ config_get UB_D_DOMAIN_TYPE "$cfg" domain_type static
+ config_get UB_D_DHCP_LINK "$cfg" dhcp_link none
+ config_get UB_D_EXTRA_DNS "$cfg" add_extra_dns 0
+ config_get UB_D_LAN_FQDN "$cfg" add_local_fqdn 0
+ config_get UB_D_PRIV_BLCK "$cfg" rebind_protection 1
+ config_get UB_D_PROTOCOL "$cfg" protocol mixed
+ config_get UB_D_RECURSION "$cfg" recursion passive
+ config_get UB_D_RESOURCE "$cfg" resource small
+ config_get UB_D_VERBOSE "$cfg" verbosity 1
+ config_get UB_D_WAN_FQDN "$cfg" add_wan_fqdn 0
- config_get UNBOUND_TTL_MIN "$cfg" ttl_min 120
- config_get UNBOUND_TXT_DOMAIN "$cfg" domain lan
+ config_get UB_TTL_MIN "$cfg" ttl_min 120
+ config_get UB_TXT_DOMAIN "$cfg" domain lan
- config_list_foreach "$cfg" "domain_forward" bundle_domain_forward
- config_list_foreach "$cfg" "domain_insecure" bundle_domain_insecure
- config_list_foreach "$cfg" "rebind_interface" bundle_private_interface
+ config_list_foreach "$cfg" domain_insecure bundle_domain_insecure
- UNBOUND_LIST_DOMAINS="nowhere $UNBOUND_TXT_DOMAIN"
- if [ "$UNBOUND_D_DHCP_LINK" = "none" ] ; then
- config_get_bool UNBOUND_B_DNSMASQ "$cfg" dnsmasq_link_dns 0
+ if [ "$UB_D_DHCP_LINK" = "none" ] ; then
+ config_get_bool UB_B_DNSMASQ "$cfg" dnsmasq_link_dns 0
- if [ "$UNBOUND_B_DNSMASQ" -gt 0 ] ; then
- UNBOUND_D_DHCP_LINK=dnsmasq
+ if [ "$UB_B_DNSMASQ" -gt 0 ] ; then
+ UB_D_DHCP_LINK=dnsmasq
- if [ ! -f "$UNBOUND_TIMEFILE" ] ; then
+ if [ ! -f "$UB_TIME_FILE" ] ; then
logger -t unbound -s "Please use 'dhcp_link' selector instead"
fi
fi
fi
- if [ "$UNBOUND_D_DHCP_LINK" = "dnsmasq" ] ; then
+ if [ "$UB_D_DHCP_LINK" = "dnsmasq" ] ; then
if [ ! -x /usr/sbin/dnsmasq -o ! -x /etc/init.d/dnsmasq ] ; then
- UNBOUND_D_DHCP_LINK=none
+ UB_D_DHCP_LINK=none
else
- /etc/init.d/dnsmasq enabled || UNBOUND_D_DHCP_LINK=none
+ /etc/init.d/dnsmasq enabled || UB_D_DHCP_LINK=none
fi
- if [ "$UNBOUND_D_DHCP_LINK" = "none" -a ! -f "$UNBOUND_TIMEFILE" ] ; then
+ if [ ! -f "$UB_TIME_FILE" -a "$UB_D_DHCP_LINK" = "none" ] ; then
logger -t unbound -s "cannot forward to dnsmasq"
fi
fi
- if [ "$UNBOUND_D_DHCP_LINK" = "odhcpd" ] ; then
+ if [ "$UB_D_DHCP_LINK" = "odhcpd" ] ; then
if [ ! -x /usr/sbin/odhcpd -o ! -x /etc/init.d/odhcpd ] ; then
- UNBOUND_D_DHCP_LINK=none
+ UB_D_DHCP_LINK=none
else
- /etc/init.d/odhcpd enabled || UNBOUND_D_DHCP_LINK=none
+ /etc/init.d/odhcpd enabled || UB_D_DHCP_LINK=none
fi
- if [ "$UNBOUND_D_DHCP_LINK" = "none" -a ! -f "$UNBOUND_TIMEFILE" ] ; then
+ if [ ! -f "$UB_TIME_FILE" -a "$UB_D_DHCP_LINK" = "none" ] ; then
logger -t unbound -s "cannot receive records from odhcpd"
fi
fi
- if [ "$UNBOUND_N_EDNS_SIZE" -lt 512 \
- -o 4096 -lt "$UNBOUND_N_EDNS_SIZE" ] ; then
+ if [ "$UB_N_EDNS_SIZE" -lt 512 \
+ -o 4096 -lt "$UB_N_EDNS_SIZE" ] ; then
logger -t unbound -s "edns_size exceeds range, using default"
- UNBOUND_N_EDNS_SIZE=1280
+ UB_N_EDNS_SIZE=1280
fi
- if [ "$UNBOUND_N_RX_PORT" -ne 53 ] \
- && [ "$UNBOUND_N_RX_PORT" -lt 1024 -o 10240 -lt "$UNBOUND_N_RX_PORT" ] ; then
+ if [ "$UB_N_RX_PORT" -ne 53 ] \
+ && [ "$UB_N_RX_PORT" -lt 1024 -o 10240 -lt "$UB_N_RX_PORT" ] ; then
logger -t unbound -s "privileged port or in 5 digits, using default"
- UNBOUND_N_RX_PORT=53
+ UB_N_RX_PORT=53
fi
- if [ "$UNBOUND_TTL_MIN" -gt 1800 ] ; then
+ if [ "$UB_TTL_MIN" -gt 1800 ] ; then
logger -t unbound -s "ttl_min could have had awful side effects, using 300"
- UNBOUND_TTL_MIN=300
+ UB_TTL_MIN=300
fi
}
##############################################################################
-unbound_resolv_setup() {
- if [ "$UNBOUND_N_RX_PORT" != "53" ] ; then
- return
+unbound_include() {
+ local adb_enabled
+ local adb_files=$( ls $UB_VARDIR/adb_list.* 2>/dev/null )
+
+ echo "# $UB_TOTAL_CONF generated by UCI $( date -Is )" > $UB_TOTAL_CONF
+
+
+ if [ -f "$UB_CORE_CONF" ] ; then
+ # Yes this all looks busy, but it is in TMPFS. Working on separate files
+ # and piecing together is easier. UCI order is less constrained.
+ cat $UB_CORE_CONF >> $UB_TOTAL_CONF
+ rm $UB_CORE_CONF
fi
- if [ -x /etc/init.d/dnsmasq ] && /etc/init.d/dnsmasq enabled \
- && nslookup localhost 127.0.0.1#53 >/dev/null 2>&1 ; then
+ if [ -f "$UB_HOST_CONF" ] ; then
+ # UCI definitions of local host or local subnet
+ cat $UB_HOST_CONF >> $UB_TOTAL_CONF
+ rm $UB_HOST_CONF
+ fi
+
+
+ if [ -f $UB_SRVMASQ_CONF ] ; then
+ # UCI found link to dnsmasq
+ cat $UB_SRVMASQ_CONF >> $UB_TOTAL_CONF
+ rm $UB_SRVMASQ_CONF
+ fi
+
+
+ if [ -f "$UB_TIME_FILE" -a -f "$UB_DHCP_CONF" ] ; then
+ {
+ # Seed DHCP records because dhcp scripts trigger externally
+ # Incremental Unbound restarts may drop unbound-control records
+ echo "include: $UB_DHCP_CONF"
+ echo
+ }>> $UB_TOTAL_CONF
+ fi
+
+
+ if [ ! -f "$UB_TIME_FILE" -o -z "$adb_files" \
+ -o ! -x /usr/bin/adblock.sh -o ! -x /etc/init.d/adblock ] ; then
+ adb_enabled=0
+
+ elif /etc/init.d/adblock enabled ; then
+ adb_enabled=1
+ {
+ # Pull in your selected openwrt/pacakges/net/adblock generated lists
+ echo "include: $UB_VARDIR/adb_list.*"
+ echo
+ } >> $UB_TOTAL_CONF
+
+ else
+ adb_enabled=0
+ fi
+
+
+ if [ -f $UB_SRV_CONF ] ; then
+ {
+ # Pull your own "server:" options here
+ echo "include: $UB_SRV_CONF"
+ echo
+ }>> $UB_TOTAL_CONF
+ fi
+
+
+ if [ -f "$UB_ZONE_CONF" ] ; then
+ # UCI defined forward, stub, and auth zones
+ cat $UB_ZONE_CONF >> $UB_TOTAL_CONF
+ rm $UB_ZONE_CONF
+ fi
+
+
+ if [ -f "$UB_CTRL_CONF" ] ; then
+ # UCI defined control application connection
+ cat $UB_CTRL_CONF >> $UB_TOTAL_CONF
+ rm $UB_CTRL_CONF
+ fi
+
+
+ if [ -f "$UB_EXTMASQ_CONF" ] ; then
+ # UCI found link to dnsmasq
+ cat $UB_EXTMASQ_CONF >> $UB_TOTAL_CONF
+ rm $UB_EXTMASQ_CONF
+ fi
+
+
+ if [ -f "$UB_EXT_CONF" ] ; then
+ {
+ # Pull your own extend feature clauses here
+ echo "include: $UB_EXT_CONF"
+ echo
+ } >> $UB_TOTAL_CONF
+ fi
+}
+
+##############################################################################
+
+resolv_setup() {
+ if [ "$UB_N_RX_PORT" != "53" ] ; then
+ return
+
+ elif [ -x /etc/init.d/dnsmasq ] \
+ && /etc/init.d/dnsmasq enabled \
+ && nslookup localhost 127.0.0.1#53 >/dev/null 2>&1 ; then
# unbound is configured for port 53, but dnsmasq is enabled and a resolver
# listens on localhost:53, lets assume dnsmasq manages the resolver file.
# TODO:
rm -f /tmp/resolv.conf
{
- echo "# /tmp/resolv.conf generated by Unbound UCI $( date )"
+ echo "# /tmp/resolv.conf generated by Unbound UCI $( date -Is )"
echo "nameserver 127.0.0.1"
echo "nameserver ::1"
- echo "search $UNBOUND_TXT_DOMAIN."
+ echo "search $UB_TXT_DOMAIN."
} > /tmp/resolv.conf
}
##############################################################################
-unbound_resolv_teardown() {
- case $( cat /tmp/resolv.conf ) in
- *"generated by Unbound UCI"*)
- # our resolver file, reset to auto resolver file.
- rm -f /tmp/resolv.conf
- ln -s /tmp/resolv.conf.auto /tmp/resolv.conf
- ;;
- esac
-}
-
-##############################################################################
-
unbound_start() {
config_load unbound
config_foreach unbound_uci unbound
unbound_mkdir
- if [ "$UNBOUND_B_MAN_CONF" -eq 0 ] ; then
+ if [ "$UB_B_MAN_CONF" -eq 0 ] ; then
+ # iterate zones before we load other UCI
+ # forward-zone: auth-zone: and stub-zone:
+ config_foreach unbound_zone zone
+ # associate potential DNS RR with interfaces
+ config_load network
+ config_foreach bundle_all_networks interface
+ config_load dhcp
+ config_foreach bundle_lan_networks dhcp
+ bundle_wan_networks
+ # server:
unbound_conf
- unbound_access
- unbound_adblock
-
-
- if [ "$UNBOUND_D_DHCP_LINK" = "dnsmasq" ] ; then
- dnsmasq_link
- else
- unbound_hostname
- unbound_records
- fi
-
-
- unbound_forward
- unbound_auth_root
+ unbound_hostname
+ # control:
unbound_control
+ # dnsmasq
+ dnsmasq_link
+ # merge
+ unbound_include
fi
- unbound_resolv_setup
-}
-
-##############################################################################
-
-unbound_stop() {
- unbound_resolv_teardown
- rootzone_update
+ resolv_setup
}
##############################################################################
option domain 'lan'
option domain_type 'static'
option edns_size '1280'
- option extended_luci '0'
option extended_stats '0'
option hide_binddata '1'
option listen_port '53'
option localservice '1'
option manual_conf '0'
- option prefetch_root '0'
option protocol 'default'
option query_minimize '0'
option query_min_strict '0'
option unbound_control '0'
option validator '0'
option validator_ntp '1'
+ option verbosity '1'
list trigger_interface 'lan'
list trigger_interface 'wan'
- #list rebind_interface 'lan'
#list domain_insecure 'ntp.example.com'
- #list domain_forward 'mail.example.com'
+
+config zone
+ option enabled '0'
+ option fallback '1'
+ option url_dir 'https://www.internic.net/domain/'
+ option zone_type 'auth_zone'
+ list server 'lax.xfr.dns.icann.org'
+ list server 'iad.xfr.dns.icann.org'
+ list zone_name '.'
+ list zone_name 'arpa.'
+ list zone_name 'in-addr.arpa.'
+ list zone_name 'ip6.arpa.'
+
+config zone
+ option enabled '0'
+ option fallback '1'
+ option resolv_conf '1'
+ option zone_type 'forward_zone'
+ list zone_name 'isp-bill.example.com.'
+ list zone_name 'isp-mail.example.net.'
PKG_NAME:=wget
PKG_VERSION:=1.19.5
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@GNU/$(PKG_NAME)
--disable-rpath \
--disable-iri \
--with-included-libunistring \
- --without-libuuid
+ --without-libuuid \
+ --without-libpsl
CONFIGURE_VARS += \
ac_cv_header_uuid_uuid_h=no
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=wsdd2
+PKG_RELEASE:=1
+
+PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://github.com/Andy2244/wsdd2.git
+PKG_SOURCE_DATE:=2018-07-24
+PKG_SOURCE_VERSION:=2c31ba3b720af81848c47dff7ad7c6c30c0c0f50
+PKG_MIRROR_HASH:=eb903a870d99c6001996dbfc22c15e1020278c45ed2441ceb61bc5395f417afa
+
+PKG_MAINTAINER:=Andy Walsh <andy.walsh44+github@gmail.com>
+PKG_LICENSE:=GPL-3.0-only
+PKG_LICENSE_FILES:=COPYING
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/wsdd2
+ SECTION:=net
+ CATEGORY:=Network
+ SUBMENU:=IP Addresses and Names
+ TITLE:=Web Services for Devices (WSD) daemon
+ URL:=https://kb.netgear.com/2649/NETGEAR-Open-Source-Code-for-Programmers-GPL
+endef
+
+define Package/wsdd2/description
+ Web Services for Devices or Web Services on Devices (WSD),
+ is a Microsoft API to simplify programming connections to web service
+ enabled devices, such as printers, scanners and file shares.
+
+ This daemon advertises and responds to probe requests from Windows clients looking for file shares.
+ It also implements LLMNR multicast name lookup services.
+endef
+
+define Build/Compile
+ $(TARGET_CC) $(TARGET_CFLAGS) $(TARGET_LDFLAGS) $(PKG_BUILD_DIR)/{wsdd2.c,wsd.c,llmnr.c} -o $(PKG_BUILD_DIR)/wsdd2
+endef
+
+define Package/wsdd2/install
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/wsdd2 $(1)/usr/bin/
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) ./files/wsdd2.init $(1)/etc/init.d/wsdd2
+endef
+
+$(eval $(call BuildPackage,wsdd2))
--- /dev/null
+#!/bin/sh /etc/rc.common
+
+START=99
+USE_PROCD=1
+
+start_service() {
+ procd_open_instance
+ procd_set_param command /usr/bin/wsdd2 -w
+ procd_set_param respawn
+ procd_set_param file /var/etc/smb.conf
+ procd_close_instance
+}
--- /dev/null
+--- a/wsd.c 2018-07-20
++++ b/wsd.c 2018-07-20
+@@ -97,12 +97,17 @@ static void uuid_endpoint(char *uuid, si
+ FILE *fp = fopen("/etc/machine-id", "r");
+ int c, i = 0;
+
++ if (!fp) {
++ DEBUG(0, W, "Can't open '/etc/machine-id', trying '/proc/sys/kernel/random/boot_id'");
++ fp = fopen("/proc/sys/kernel/random/boot_id", "r");
++ }
++
+ if (!fp)
+ return;
+
+ while (i < 36 && (c = getc(fp)) != EOF &&
+- (isdigit(c) || (islower(c) && isxdigit(c)))) {
+- if (i == 8 || i == 13 || i == 18 || i == 23)
++ ((c == '-') || isdigit(c) || (islower(c) && isxdigit(c)))) {
++ if ((c != '-') && (i == 8 || i == 13 || i == 18 || i == 23))
+ uuid[i++] = '-';
+ uuid[i++] = c;
+ }
include $(TOPDIR)/rules.mk
PKG_NAME:=zerotier
-PKG_VERSION:=1.2.10
+PKG_VERSION:=1.2.12
PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0
PKG_SOURCE_URL:=https://codeload.github.com/zerotier/ZeroTierOne/tar.gz/$(PKG_VERSION)?
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_HASH:=1c79ec57e67764079a77704b336e642ae3cf221dc8088b0cf9e9c81e0a9c0c57
+PKG_HASH:=212799bfaeb5e7dff20f2cd83f15742c8e13b8e9535606cfb85abcfb5fb6fed4
PKG_BUILD_DIR:=$(BUILD_DIR)/ZeroTierOne-$(PKG_VERSION)
include $(TOPDIR)/rules.mk
PKG_NAME:=znc
-PKG_VERSION:=1.6.6
-PKG_RELEASE:=1
+PKG_VERSION:=1.7.1
+PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://znc.in/releases \
https://znc.in/releases/archive
-PKG_HASH:=7fb841bc71dc1749b1dc081e9eaf22ceb56ebb03c6b1d8804a4f9eb8bbd59525
+PKG_HASH:=44cfea7158ea05dc2547c7c6bc22371e66c869def90351de0ab90a9c200d39c4
-PKG_MAINTAINER:=Jonas Gorski <jogo@openwrt.org>
+PKG_MAINTAINER:=Jonas Gorski <jonas.gorski@gmail.com>
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
include $(INCLUDE_DIR)/package.mk
CONFIGURE_VARS += \
- CXXFLAGS="$(TARGET_CFLAGS) -fno-builtin -fno-rtti" \
+ CXXFLAGS="$(TARGET_CFLAGS) -fno-builtin" \
CPPFLAGS="-I$(STAGING_DIR)/usr/include -I$(STAGING_DIR)/include" \
LDFLAGS="-nodefaultlibs -lc -L$(STAGING_DIR)/usr/lib -L$(STAGING_DIR)/lib" \
LIBS="-lstdc++ -lm -lssl -lcrypto $(LIBGCC_S) -lc"
+++ /dev/null
-From adf42357c9043c38d9a9b47544a1b46445bdae19 Mon Sep 17 00:00:00 2001
-From: Jonas Gorski <jonas.gorski+openwrt@gmail.com>
-Date: Wed, 6 Apr 2011 04:10:23 +0200
-Subject: [PATCH] Move the root check to after config parsing
-
----
- src/main.cpp | 27 ++++++++++++++-------------
- 1 file changed, 14 insertions(+), 13 deletions(-)
-
---- a/src/main.cpp
-+++ b/src/main.cpp
-@@ -312,19 +312,6 @@ int main(int argc, char** argv) {
- CUtils::PrintStatus(true, "");
- }
-
-- if (isRoot()) {
-- CUtils::PrintError("You are running ZNC as root! Don't do that! There are not many valid");
-- CUtils::PrintError("reasons for this and it can, in theory, cause great damage!");
-- if (!bAllowRoot) {
-- CZNC::DestroyInstance();
-- return 1;
-- }
-- CUtils::PrintError("You have been warned.");
-- CUtils::PrintError("Hit CTRL+C now if you don't want to run ZNC as root.");
-- CUtils::PrintError("ZNC will start in 30 seconds.");
-- sleep(30);
-- }
--
- if (bMakeConf) {
- if (!pZNC->WriteNewConfig(sConfig)) {
- CZNC::DestroyInstance();
-@@ -346,6 +333,20 @@ int main(int argc, char** argv) {
- return 1;
- }
-
-+ if (isRoot()) {
-+ CUtils::PrintError("You are running ZNC as root! Don't do that! There are not many valid");
-+ CUtils::PrintError("reasons for this and it can, in theory, cause great damage!");
-+ if (!bAllowRoot) {
-+ CZNC::DestroyInstance();
-+ return 1;
-+ }
-+ CUtils::PrintError("You have been warned.");
-+ CUtils::PrintError("Hit CTRL+C now if you don't want to run ZNC as root.");
-+ CUtils::PrintError("ZNC will start in 30 seconds.");
-+ sleep(30);
-+ }
-+
-+
- if (bForeground) {
- int iPid = getpid();
- CUtils::PrintMessage("Staying open for debugging [pid: " + CString(iPid) + "]");
--- a/Makefile.in
+++ b/Makefile.in
-@@ -112,7 +112,7 @@ clean:
+@@ -128,7 +128,7 @@ clean:
distclean: clean
rm -rf $(DISTCLEAN)
$(Q)$(CXX) $(CXXFLAGS) -c -o $@ $< -MD -MF .depend/$*.dep -MT $@
--- a/modules/Makefile.in
+++ b/modules/Makefile.in
-@@ -112,12 +112,12 @@ install_datadir:
+@@ -127,12 +127,12 @@ install_datadir:
clean:
rm -rf $(CLEAN)
--- a/src/main.cpp
+++ b/src/main.cpp
-@@ -304,10 +304,12 @@ int main(int argc, char** argv) {
- CUtils::PrintStatus(false, "");
- CUtils::PrintError("No modules found. Perhaps you didn't install ZNC properly?");
- CUtils::PrintError("Read http://wiki.znc.in/Installation for instructions.");
+@@ -412,12 +412,14 @@ int main(int argc, char** argv) {
+ "No modules found. Perhaps you didn't install ZNC properly?");
+ CUtils::PrintError(
+ "Read https://wiki.znc.in/Installation for instructions.");
+#if 0
- if (!CUtils::GetBoolInput("Do you really want to run ZNC without any modules?", false)) {
- CZNC::DestroyInstance();
- return 1;
- }
+ if (!CUtils::GetBoolInput(
+ "Do you really want to run ZNC without any modules?",
+ false)) {
+ CZNC::DestroyInstance();
+ return 1;
+ }
+#endif
- }
- CUtils::PrintStatus(true, "");
- }
+ }
+ CUtils::PrintStatus(true, "");
+ }
include $(TOPDIR)/rules.mk
PKG_NAME:=mpc
-PKG_VERSION:=0.28
+PKG_VERSION:=0.30
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
-PKG_SOURCE_URL:=http://www.musicpd.org/download/mpc/0
-PKG_HASH:=a4337d06c85dc81a638821d30fce8a137a58d13d510be34a11c1cce95cabc547
+PKG_SOURCE_URL:=https://www.musicpd.org/download/mpc/0
+PKG_HASH:=65fc5b0a8430efe9acbe6e261127960682764b20ab994676371bdc797d867fce
PKG_LICENSE:=GPL-2.0+
PKG_LICENSE_FILES:=COPYING
PKG_MAINTAINER:=Ted Hess <thess@kitschensync.net>
+PKG_FIXUP:=autoreconf
+PKG_INSTALL:=1
+
include $(INCLUDE_DIR)/package.mk
define Package/mpc
this is MPC
endef
-define Build/Configure
-$(call Build/Configure/Default, \
- --disable-iconv \
-)
-endef
+CONFIGURE_ARGS+= --disable-iconv
-define Build/Compile
-$(call Build/Compile/Default,\
- CFLAGS="$(TARGET_CFLAGS) -std=gnu99" \
- prefix="/usr" \
- all \
-)
+# Newer sources require meson/ninja to build so...
+# Use our hacked-up version of the mpc v0.28 autotools.
+define Build/Prepare
+ $(call Build/Prepare/Default)
+ $(CP) ./autotools-files/* $(PKG_BUILD_DIR)/
endef
define Package/mpc/install
$(INSTALL_DIR) $(1)/usr/bin
- $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/mpc $(1)/usr/bin/
+ $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/mpc $(1)/usr/bin/
$(INSTALL_BIN) ./files/pls-handler.sh $(1)/usr/bin/
endef
--- /dev/null
+ACLOCAL_AMFLAGS = -I m4
+AUTOMAKE_OPTIONS = foreign 1.11 dist-xz subdir-objects
+
+bin_PROGRAMS = src/mpc
+
+src_mpc_SOURCES = \
+ src/main.c src/mpc.h \
+ src/list.c src/list.h \
+ src/password.c src/password.h \
+ src/status.c src/status.h \
+ src/args.c src/args.h \
+ src/format.c src/format.h \
+ src/song_format.c src/song_format.h \
+ src/util.c src/util.h \
+ src/command.c src/command.h \
+ src/queue.c src/queue.h \
+ src/sticker.c src/sticker.h \
+ src/tab.c src/tab.h \
+ src/idle.c src/idle.h \
+ src/message.c src/message.h \
+ src/search.c src/search.h \
+ src/output.c src/output.h \
+ src/options.c src/options.h \
+ src/path.c src/path.h \
+ src/Compiler.h
+
+if HAVE_ICONV
+src_mpc_SOURCES += src/charset.c src/charset.h
+endif
+
+src_mpc_CPPFLAGS = $(AM_CPPFLAGS) $(ICONV_CFLAGS) $(LIBMPDCLIENT_CFLAGS)
+src_mpc_LDADD = $(ICONV_LIBS) $(LIBMPDCLIENT_LIBS)
+
--- /dev/null
+/* config.h.in. Generated from configure.ac by autoheader. */
+
+/* Define if iconv() support is enabled */
+#undef HAVE_ICONV
+
+/* Define to 1 if you have the <inttypes.h> header file. */
+#undef HAVE_INTTYPES_H
+
+/* Define if you have <langinfo.h> and nl_langinfo(CODESET). */
+#undef HAVE_LANGINFO_CODESET
+
+/* Define to 1 if you have the <memory.h> header file. */
+#undef HAVE_MEMORY_H
+
+/* Define to 1 if you have the <stdint.h> header file. */
+#undef HAVE_STDINT_H
+
+/* Define to 1 if you have the <stdlib.h> header file. */
+#undef HAVE_STDLIB_H
+
+/* Define to 1 if you have the <strings.h> header file. */
+#undef HAVE_STRINGS_H
+
+/* Define to 1 if you have the <string.h> header file. */
+#undef HAVE_STRING_H
+
+/* Define to 1 if you have the <sys/stat.h> header file. */
+#undef HAVE_SYS_STAT_H
+
+/* Define to 1 if you have the <sys/types.h> header file. */
+#undef HAVE_SYS_TYPES_H
+
+/* Define to 1 if you have the <unistd.h> header file. */
+#undef HAVE_UNISTD_H
+
+/* Name of package */
+#undef PACKAGE
+
+/* Define to the address where bug reports for this package should be sent. */
+#undef PACKAGE_BUGREPORT
+
+/* Define to the full name of this package. */
+#undef PACKAGE_NAME
+
+/* Define to the full name and version of this package. */
+#undef PACKAGE_STRING
+
+/* Define to the one symbol short name of this package. */
+#undef PACKAGE_TARNAME
+
+/* Define to the home page for this package. */
+#undef PACKAGE_URL
+
+/* Define to the version of this package. */
+#undef PACKAGE_VERSION
+
+/* Define to 1 if you have the ANSI C header files. */
+#undef STDC_HEADERS
+
+/* Version number of package */
+#undef VERSION
--- /dev/null
+AC_PREREQ(2.60)
+AC_INIT(mpc, 0.30, musicpd-dev-team@lists.sourceforge.net)
+AC_CONFIG_MACRO_DIR([m4])
+AC_CONFIG_SRCDIR(src/main.c)
+AM_INIT_AUTOMAKE([foreign 1.11 dist-xz subdir-objects])
+AM_SILENT_RULES
+AC_CONFIG_HEADERS(config.h)
+
+
+dnl
+dnl programs
+dnl
+
+AC_PROG_CC_C99
+AC_PROG_INSTALL
+AC_PROG_MAKE_SET
+PKG_PROG_PKG_CONFIG
+
+
+dnl
+dnl declare variables
+dnl
+
+AC_SUBST(AM_CFLAGS)
+AC_SUBST(AM_CPPFLAGS)
+
+
+dnl
+dnl OS specific defaults
+dnl
+
+case "$host" in
+*-mingw32* | *-windows* | *-cygwin*)
+ AM_CFLAGS="$AM_CFLAGS -mms-bitfields -fno-strict-aliasing"
+ ;;
+esac
+
+if test -z "$prefix" || test "x$prefix" = xNONE; then
+ local_lib=
+ local_include=
+
+ # aren't autotools supposed to be smart enough to figure this out?
+ # oh well, the git-core Makefile managed to do some of the work for us :)
+ case "`uname -s | tr A-Z a-z`" in
+ darwin*)
+ local_lib='/sw/lib /opt/local/lib'
+ local_include='/sw/include /opt/local/include'
+ ;;
+ freebsd* | openbsd*)
+ local_lib=/usr/local/lib
+ local_include=/usr/local/include
+ ;;
+ netbsd*)
+ local_lib=/usr/pkg/lib
+ local_include=/usr/pkg/include
+ LDFLAGS="$LDFLAGS -Wl,-rpath,/usr/pkg/lib"
+ ;;
+ esac
+
+ for d in $local_lib; do
+ if test -d "$d"; then
+ LDFLAGS="$LDFLAGS -L$d"
+ break
+ fi
+ done
+ for d in $local_include; do
+ if test -d "$d"; then
+ CFLAGS="$CFLAGS -I$d"
+ break
+ fi
+ done
+fi
+
+
+dnl
+dnl libc features
+dnl
+
+PKG_CHECK_MODULES([LIBMPDCLIENT], [libmpdclient >= 2.9],,
+ [AC_MSG_ERROR([libmpdclient 2.9 is required])])
+
+
+dnl
+dnl i18n / l10n (iconv)
+dnl
+
+AC_ARG_ENABLE(iconv,
+ AS_HELP_STRING([--disable-iconv],
+ [disable iconv support (default: enable)]),,
+ [enable_iconv=yes])
+
+if test x$enable_iconv = xyes; then
+ AC_CHECK_FUNC(iconv,
+ [ICONV_CFLAGS="" ICONV_LIBS=""],
+ [AC_CHECK_LIB(intl, iconv,
+ [ICONV_CFLAGS="" ICONV_LIBS="-lintl"],
+ [enable_iconv=no])])
+fi
+
+if test x$enable_iconv = xyes; then
+ AC_CHECK_HEADER([locale.h],, [enable_iconv=no])
+ if test x$enable_iconv != xyes; then
+ AC_MSG_WARN(locale.h not available - disabling iconv)
+ fi
+fi
+
+if test x$enable_iconv = xyes; then
+ AC_DEFINE(HAVE_ICONV, 1, [Define if iconv() support is enabled])
+else
+ ICONV_CPPFLAGS=""
+ ICONV_LIBS=""
+fi
+
+AC_SUBST(ICONV_CPPFLAGS)
+AC_SUBST(ICONV_LIBS)
+
+AM_CONDITIONAL(HAVE_ICONV, test x$enable_iconv = xyes)
+
+
+dnl
+dnl CFLAGS
+dnl
+
+AX_APPEND_COMPILE_FLAGS([-Wall])
+AX_APPEND_COMPILE_FLAGS([-Wextra])
+AX_APPEND_COMPILE_FLAGS([-Wno-deprecated-declarations])
+AX_APPEND_COMPILE_FLAGS([-Wmissing-prototypes])
+AX_APPEND_COMPILE_FLAGS([-Wshadow])
+AX_APPEND_COMPILE_FLAGS([-Wpointer-arith])
+AX_APPEND_COMPILE_FLAGS([-Wstrict-prototypes])
+AX_APPEND_COMPILE_FLAGS([-Wcast-qual])
+AX_APPEND_COMPILE_FLAGS([-Wwrite-strings])
+
+
+dnl
+dnl build options
+dnl
+
+AC_ARG_ENABLE(werror,
+ AS_HELP_STRING([--enable-werror],
+ [Treat warnings as errors @<:@default=disabled@:>@]),,
+ enable_werror=no)
+
+if test "x$enable_werror" = xyes; then
+ AM_CFLAGS="$AM_CFLAGS -Werror -pedantic-errors"
+fi
+
+AC_ARG_ENABLE(debug,
+ AS_HELP_STRING([--enable-debug],
+ [Enable debugging @<:@default=disabled@:>@]),,
+ enable_debug=no)
+
+if test "x$enable_debug" = xno; then
+ AM_CPPFLAGS="$AM_CPPFLAGS -DNDEBUG"
+
+ AX_APPEND_COMPILE_FLAGS([-ffunction-sections])
+ AX_APPEND_COMPILE_FLAGS([-fdata-sections])
+ AX_APPEND_COMPILE_FLAGS([-fvisibility=hidden])
+
+ AX_APPEND_LINK_FLAGS([-Wl,--gc-sections])
+fi
+
+AC_ARG_ENABLE(test,
+ AS_HELP_STRING([--enable-test],
+ [build the test programs (default: disabled)]),,
+ enable_test=no)
+
+if test "x$enable_test" = xyes; then
+ AM_PATH_CHECK(,, [AC_MSG_ERROR([check not found])])
+fi
+
+AM_CONDITIONAL(ENABLE_TEST, test "x$enable_test" = xyes)
+
+
+dnl
+
+AC_OUTPUT(Makefile)
--- /dev/null
+# ===========================================================================
+# http://www.gnu.org/software/autoconf-archive/ax_append_compile_flags.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+# AX_APPEND_COMPILE_FLAGS([FLAG1 FLAG2 ...], [FLAGS-VARIABLE], [EXTRA-FLAGS])
+#
+# DESCRIPTION
+#
+# For every FLAG1, FLAG2 it is checked whether the compiler works with the
+# flag. If it does, the flag is added FLAGS-VARIABLE
+#
+# If FLAGS-VARIABLE is not specified, the current language's flags (e.g.
+# CFLAGS) is used. During the check the flag is always added to the
+# current language's flags.
+#
+# If EXTRA-FLAGS is defined, it is added to the current language's default
+# flags (e.g. CFLAGS) when the check is done. The check is thus made with
+# the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to
+# force the compiler to issue an error when a bad flag is given.
+#
+# NOTE: This macro depends on the AX_APPEND_FLAG and
+# AX_CHECK_COMPILE_FLAG. Please keep this macro in sync with
+# AX_APPEND_LINK_FLAGS.
+#
+# LICENSE
+#
+# Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
+#
+# This program is free software: you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation, either version 3 of the License, or (at your
+# option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+# Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# As a special exception, the respective Autoconf Macro's copyright owner
+# gives unlimited permission to copy, distribute and modify the configure
+# scripts that are the output of Autoconf when processing the Macro. You
+# need not follow the terms of the GNU General Public License when using
+# or distributing such scripts, even though portions of the text of the
+# Macro appear in them. The GNU General Public License (GPL) does govern
+# all other use of the material that constitutes the Autoconf Macro.
+#
+# This special exception to the GPL applies to versions of the Autoconf
+# Macro released by the Autoconf Archive. When you make and distribute a
+# modified version of the Autoconf Macro, you may extend this special
+# exception to the GPL to apply to your modified version as well.
+
+#serial 4
+
+AC_DEFUN([AX_APPEND_COMPILE_FLAGS],
+[AX_REQUIRE_DEFINED([AX_CHECK_COMPILE_FLAG])
+AX_REQUIRE_DEFINED([AX_APPEND_FLAG])
+for flag in $1; do
+ AX_CHECK_COMPILE_FLAG([$flag], [AX_APPEND_FLAG([$flag], [$2])], [], [$3])
+done
+])dnl AX_APPEND_COMPILE_FLAGS
--- /dev/null
+# ===========================================================================
+# http://www.gnu.org/software/autoconf-archive/ax_append_flag.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+# AX_APPEND_FLAG(FLAG, [FLAGS-VARIABLE])
+#
+# DESCRIPTION
+#
+# FLAG is appended to the FLAGS-VARIABLE shell variable, with a space
+# added in between.
+#
+# If FLAGS-VARIABLE is not specified, the current language's flags (e.g.
+# CFLAGS) is used. FLAGS-VARIABLE is not changed if it already contains
+# FLAG. If FLAGS-VARIABLE is unset in the shell, it is set to exactly
+# FLAG.
+#
+# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION.
+#
+# LICENSE
+#
+# Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
+# Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
+#
+# This program is free software: you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation, either version 3 of the License, or (at your
+# option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+# Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# As a special exception, the respective Autoconf Macro's copyright owner
+# gives unlimited permission to copy, distribute and modify the configure
+# scripts that are the output of Autoconf when processing the Macro. You
+# need not follow the terms of the GNU General Public License when using
+# or distributing such scripts, even though portions of the text of the
+# Macro appear in them. The GNU General Public License (GPL) does govern
+# all other use of the material that constitutes the Autoconf Macro.
+#
+# This special exception to the GPL applies to versions of the Autoconf
+# Macro released by the Autoconf Archive. When you make and distribute a
+# modified version of the Autoconf Macro, you may extend this special
+# exception to the GPL to apply to your modified version as well.
+
+#serial 6
+
+AC_DEFUN([AX_APPEND_FLAG],
+[dnl
+AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_SET_IF
+AS_VAR_PUSHDEF([FLAGS], [m4_default($2,_AC_LANG_PREFIX[FLAGS])])
+AS_VAR_SET_IF(FLAGS,[
+ AS_CASE([" AS_VAR_GET(FLAGS) "],
+ [*" $1 "*], [AC_RUN_LOG([: FLAGS already contains $1])],
+ [
+ AS_VAR_APPEND(FLAGS,[" $1"])
+ AC_RUN_LOG([: FLAGS="$FLAGS"])
+ ])
+ ],
+ [
+ AS_VAR_SET(FLAGS,[$1])
+ AC_RUN_LOG([: FLAGS="$FLAGS"])
+ ])
+AS_VAR_POPDEF([FLAGS])dnl
+])dnl AX_APPEND_FLAG
--- /dev/null
+# ===========================================================================
+# http://www.gnu.org/software/autoconf-archive/ax_append_link_flags.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+# AX_APPEND_LINK_FLAGS([FLAG1 FLAG2 ...], [FLAGS-VARIABLE], [EXTRA-FLAGS])
+#
+# DESCRIPTION
+#
+# For every FLAG1, FLAG2 it is checked whether the linker works with the
+# flag. If it does, the flag is added FLAGS-VARIABLE
+#
+# If FLAGS-VARIABLE is not specified, the linker's flags (LDFLAGS) is
+# used. During the check the flag is always added to the linker's flags.
+#
+# If EXTRA-FLAGS is defined, it is added to the linker's default flags
+# when the check is done. The check is thus made with the flags: "LDFLAGS
+# EXTRA-FLAGS FLAG". This can for example be used to force the linker to
+# issue an error when a bad flag is given.
+#
+# NOTE: This macro depends on the AX_APPEND_FLAG and AX_CHECK_LINK_FLAG.
+# Please keep this macro in sync with AX_APPEND_COMPILE_FLAGS.
+#
+# LICENSE
+#
+# Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
+#
+# This program is free software: you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation, either version 3 of the License, or (at your
+# option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+# Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# As a special exception, the respective Autoconf Macro's copyright owner
+# gives unlimited permission to copy, distribute and modify the configure
+# scripts that are the output of Autoconf when processing the Macro. You
+# need not follow the terms of the GNU General Public License when using
+# or distributing such scripts, even though portions of the text of the
+# Macro appear in them. The GNU General Public License (GPL) does govern
+# all other use of the material that constitutes the Autoconf Macro.
+#
+# This special exception to the GPL applies to versions of the Autoconf
+# Macro released by the Autoconf Archive. When you make and distribute a
+# modified version of the Autoconf Macro, you may extend this special
+# exception to the GPL to apply to your modified version as well.
+
+#serial 4
+
+AC_DEFUN([AX_APPEND_LINK_FLAGS],
+[AX_REQUIRE_DEFINED([AX_CHECK_LINK_FLAG])
+AX_REQUIRE_DEFINED([AX_APPEND_FLAG])
+for flag in $1; do
+ AX_CHECK_LINK_FLAG([$flag], [AX_APPEND_FLAG([$flag], [m4_default([$2], [LDFLAGS])])], [], [$3])
+done
+])dnl AX_APPEND_LINK_FLAGS
--- /dev/null
+# ===========================================================================
+# http://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+# AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT])
+#
+# DESCRIPTION
+#
+# Check whether the given FLAG works with the current language's compiler
+# or gives an error. (Warnings, however, are ignored)
+#
+# ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on
+# success/failure.
+#
+# If EXTRA-FLAGS is defined, it is added to the current language's default
+# flags (e.g. CFLAGS) when the check is done. The check is thus made with
+# the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to
+# force the compiler to issue an error when a bad flag is given.
+#
+# INPUT gives an alternative input source to AC_COMPILE_IFELSE.
+#
+# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this
+# macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG.
+#
+# LICENSE
+#
+# Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
+# Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
+#
+# This program is free software: you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation, either version 3 of the License, or (at your
+# option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+# Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# As a special exception, the respective Autoconf Macro's copyright owner
+# gives unlimited permission to copy, distribute and modify the configure
+# scripts that are the output of Autoconf when processing the Macro. You
+# need not follow the terms of the GNU General Public License when using
+# or distributing such scripts, even though portions of the text of the
+# Macro appear in them. The GNU General Public License (GPL) does govern
+# all other use of the material that constitutes the Autoconf Macro.
+#
+# This special exception to the GPL applies to versions of the Autoconf
+# Macro released by the Autoconf Archive. When you make and distribute a
+# modified version of the Autoconf Macro, you may extend this special
+# exception to the GPL to apply to your modified version as well.
+
+#serial 4
+
+AC_DEFUN([AX_CHECK_COMPILE_FLAG],
+[AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF
+AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl
+AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [
+ ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS
+ _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1"
+ AC_COMPILE_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])],
+ [AS_VAR_SET(CACHEVAR,[yes])],
+ [AS_VAR_SET(CACHEVAR,[no])])
+ _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags])
+AS_VAR_IF(CACHEVAR,yes,
+ [m4_default([$2], :)],
+ [m4_default([$3], :)])
+AS_VAR_POPDEF([CACHEVAR])dnl
+])dnl AX_CHECK_COMPILE_FLAGS
--- /dev/null
+# ===========================================================================
+# http://www.gnu.org/software/autoconf-archive/ax_check_link_flag.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+# AX_CHECK_LINK_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT])
+#
+# DESCRIPTION
+#
+# Check whether the given FLAG works with the linker or gives an error.
+# (Warnings, however, are ignored)
+#
+# ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on
+# success/failure.
+#
+# If EXTRA-FLAGS is defined, it is added to the linker's default flags
+# when the check is done. The check is thus made with the flags: "LDFLAGS
+# EXTRA-FLAGS FLAG". This can for example be used to force the linker to
+# issue an error when a bad flag is given.
+#
+# INPUT gives an alternative input source to AC_LINK_IFELSE.
+#
+# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this
+# macro in sync with AX_CHECK_{PREPROC,COMPILE}_FLAG.
+#
+# LICENSE
+#
+# Copyright (c) 2008 Guido U. Draheim <guidod@gmx.de>
+# Copyright (c) 2011 Maarten Bosmans <mkbosmans@gmail.com>
+#
+# This program is free software: you can redistribute it and/or modify it
+# under the terms of the GNU General Public License as published by the
+# Free Software Foundation, either version 3 of the License, or (at your
+# option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
+# Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+# As a special exception, the respective Autoconf Macro's copyright owner
+# gives unlimited permission to copy, distribute and modify the configure
+# scripts that are the output of Autoconf when processing the Macro. You
+# need not follow the terms of the GNU General Public License when using
+# or distributing such scripts, even though portions of the text of the
+# Macro appear in them. The GNU General Public License (GPL) does govern
+# all other use of the material that constitutes the Autoconf Macro.
+#
+# This special exception to the GPL applies to versions of the Autoconf
+# Macro released by the Autoconf Archive. When you make and distribute a
+# modified version of the Autoconf Macro, you may extend this special
+# exception to the GPL to apply to your modified version as well.
+
+#serial 4
+
+AC_DEFUN([AX_CHECK_LINK_FLAG],
+[AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF
+AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_ldflags_$4_$1])dnl
+AC_CACHE_CHECK([whether the linker accepts $1], CACHEVAR, [
+ ax_check_save_flags=$LDFLAGS
+ LDFLAGS="$LDFLAGS $4 $1"
+ AC_LINK_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])],
+ [AS_VAR_SET(CACHEVAR,[yes])],
+ [AS_VAR_SET(CACHEVAR,[no])])
+ LDFLAGS=$ax_check_save_flags])
+AS_VAR_IF(CACHEVAR,yes,
+ [m4_default([$2], :)],
+ [m4_default([$3], :)])
+AS_VAR_POPDEF([CACHEVAR])dnl
+])dnl AX_CHECK_LINK_FLAGS
--- /dev/null
+# ===========================================================================
+# http://www.gnu.org/software/autoconf-archive/ax_require_defined.html
+# ===========================================================================
+#
+# SYNOPSIS
+#
+# AX_REQUIRE_DEFINED(MACRO)
+#
+# DESCRIPTION
+#
+# AX_REQUIRE_DEFINED is a simple helper for making sure other macros have
+# been defined and thus are available for use. This avoids random issues
+# where a macro isn't expanded. Instead the configure script emits a
+# non-fatal:
+#
+# ./configure: line 1673: AX_CFLAGS_WARN_ALL: command not found
+#
+# It's like AC_REQUIRE except it doesn't expand the required macro.
+#
+# Here's an example:
+#
+# AX_REQUIRE_DEFINED([AX_CHECK_LINK_FLAG])
+#
+# LICENSE
+#
+# Copyright (c) 2014 Mike Frysinger <vapier@gentoo.org>
+#
+# Copying and distribution of this file, with or without modification, are
+# permitted in any medium without royalty provided the copyright notice
+# and this notice are preserved. This file is offered as-is, without any
+# warranty.
+
+#serial 1
+
+AC_DEFUN([AX_REQUIRE_DEFINED], [dnl
+ m4_ifndef([$1], [m4_fatal([macro ]$1[ is not defined; is a m4 file missing?])])
+])dnl AX_REQUIRE_DEFINED
--- /dev/null
+dnl AM_PATH_CHECK([MINIMUM-VERSION, [ACTION-IF-FOUND [, ACTION-IF-NOT-FOUND]]])
+dnl Test for check, and define CHECK_CFLAGS and CHECK_LIBS
+dnl
+
+AC_DEFUN([AM_PATH_CHECK],
+[
+ AC_MSG_WARN([A@&t@M_PATH_CHECK() is deprecated])
+ AC_MSG_WARN([[use P@&t@KG_CHECK_MODULES([CHECK], [check >= 0.9.4]) instead]])
+ AC_ARG_WITH([check],
+ [ --with-check=PATH prefix where check is installed [default=auto]])
+
+ min_check_version=ifelse([$1], ,0.8.2,$1)
+
+ AC_MSG_CHECKING(for check - version >= $min_check_version)
+
+ if test x$with_check = xno; then
+ AC_MSG_RESULT(disabled)
+ ifelse([$3], , AC_MSG_ERROR([disabling check is not supported]), [$3])
+ else
+ if test "x$with_check" != x; then
+ CHECK_CFLAGS="-I$with_check/include"
+ CHECK_LIBS="-L$with_check/lib -lcheck"
+ else
+ CHECK_CFLAGS=""
+ CHECK_LIBS="-lcheck"
+ fi
+
+ ac_save_CFLAGS="$CFLAGS"
+ ac_save_LIBS="$LIBS"
+
+ CFLAGS="$CFLAGS $CHECK_CFLAGS"
+ LIBS="$CHECK_LIBS $LIBS"
+
+ rm -f conf.check-test
+ AC_COMPILE_IFELSE([AC_LANG_SOURCE([AC_INCLUDES_DEFAULT([])
+#include <check.h>
+
+int main ()
+{
+ int major, minor, micro;
+ char *tmp_version;
+
+ system ("touch conf.check-test");
+
+ /* HP/UX 9 (%@#!) writes to sscanf strings */
+ tmp_version = strdup("$min_check_version");
+ if (sscanf(tmp_version, "%d.%d.%d", &major, &minor, µ) != 3) {
+ printf("%s, bad version string\n", "$min_check_version");
+ return 1;
+ }
+
+ if ((CHECK_MAJOR_VERSION != check_major_version) ||
+ (CHECK_MINOR_VERSION != check_minor_version) ||
+ (CHECK_MICRO_VERSION != check_micro_version))
+ {
+ printf("\n*** The check header file (version %d.%d.%d) does not match\n",
+ CHECK_MAJOR_VERSION, CHECK_MINOR_VERSION, CHECK_MICRO_VERSION);
+ printf("*** the check library (version %d.%d.%d).\n",
+ check_major_version, check_minor_version, check_micro_version);
+ return 1;
+ }
+
+ if ((check_major_version > major) ||
+ ((check_major_version == major) && (check_minor_version > minor)) ||
+ ((check_major_version == major) && (check_minor_version == minor) && (check_micro_version >= micro)))
+ {
+ return 0;
+ }
+ else
+ {
+ printf("\n*** An old version of check (%d.%d.%d) was found.\n",
+ check_major_version, check_minor_version, check_micro_version);
+ printf("*** You need a version of check being at least %d.%d.%d.\n", major, minor, micro);
+ printf("***\n");
+ printf("*** If you have already installed a sufficiently new version, this error\n");
+ printf("*** probably means that the wrong copy of the check library and header\n");
+ printf("*** file is being found. Rerun configure with the --with-check=PATH option\n");
+ printf("*** to specify the prefix where the correct version was installed.\n");
+ }
+
+ return 1;
+}
+])],, no_check=yes, [echo $ac_n "cross compiling; assumed OK... $ac_c"])
+
+ CFLAGS="$ac_save_CFLAGS"
+ LIBS="$ac_save_LIBS"
+
+ if test "x$no_check" = x ; then
+ AC_MSG_RESULT(yes)
+ ifelse([$2], , :, [$2])
+ else
+ AC_MSG_RESULT(no)
+ if test -f conf.check-test ; then
+ :
+ else
+ echo "*** Could not run check test program, checking why..."
+ CFLAGS="$CFLAGS $CHECK_CFLAGS"
+ LIBS="$CHECK_LIBS $LIBS"
+ AC_TRY_LINK([
+#include <stdio.h>
+#include <stdlib.h>
+
+#include <check.h>
+], , [ echo "*** The test program compiled, but did not run. This usually means"
+ echo "*** that the run-time linker is not finding check. You'll need to set your"
+ echo "*** LD_LIBRARY_PATH environment variable, or edit /etc/ld.so.conf to point"
+ echo "*** to the installed location Also, make sure you have run ldconfig if that"
+ echo "*** is required on your system"
+ echo "***"
+ echo "*** If you have an old version installed, it is best to remove it, although"
+ echo "*** you may also be able to get things to work by modifying LD_LIBRARY_PATH"],
+ [ echo "*** The test program failed to compile or link. See the file config.log for"
+ echo "*** the exact error that occured." ])
+
+ CFLAGS="$ac_save_CFLAGS"
+ LIBS="$ac_save_LIBS"
+ fi
+
+ CHECK_CFLAGS=""
+ CHECK_LIBS=""
+
+ rm -f conf.check-test
+ ifelse([$3], , AC_MSG_ERROR([check not found]), [$3])
+ fi
+
+ AC_SUBST(CHECK_CFLAGS)
+ AC_SUBST(CHECK_LIBS)
+
+ rm -f conf.check-test
+
+ fi
+])
include $(TOPDIR)/rules.mk
PKG_NAME:=mpd
-PKG_VERSION:=0.20.9
-PKG_RELEASE:=2
+PKG_VERSION:=0.20.20
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://www.musicpd.org/download/mpd/0.20/
-PKG_HASH:=cd77a2869e32354b004cc6b34fcb0bee56114caa2d9ed862aaa8071441e34eb7
+PKG_HASH:=a9e458c6e07cdf62649de7722e1e5a7f13aa82eeb397bfbbebc07cf5cf273584
PKG_MAINTAINER:=Ted Hess <thess@kitschensync.net>
PKG_LICENSE:=GPL-2.0
TITLE:=Music Player Daemon
URL:=http://www.musicpd.org/
DEPENDS:= +zlib +libcurl +libpthread +libmpdclient +libstdcpp $(ICONV_DEPENDS) \
- +AUDIO_SUPPORT:alsa-lib +boost +boost-container +libexpat
+ +AUDIO_SUPPORT:alsa-lib +boost +boost-container +libexpat +libflac
endef
define Package/mpd/Default/description
define Package/mpd-mini
$(call Package/mpd/Default)
TITLE+= (mini)
- DEPENDS+= +libflac +libmpg123 +libvorbisidec
+ DEPENDS+= +libmpg123 +libvorbisidec
PROVIDES:=mpd
VARIANT:=mini
endef
CONFIGURE_ARGS += \
--enable-upnp \
--enable-ffmpeg \
- --disable-flac \
--enable-id3 \
--enable-mms \
--disable-mpg123 \
--- a/src/decoder/plugins/FfmpegDecoderPlugin.cxx
+++ b/src/decoder/plugins/FfmpegDecoderPlugin.cxx
-@@ -931,6 +931,7 @@ static const char *const ffmpeg_mime_typ
+@@ -937,6 +937,7 @@ static const char *const ffmpeg_mime_typ
"audio/qcelp",
"audio/vorbis",
"audio/vorbis+ogg",
#
-# Copyright (C) 2011-2016 OpenWrt.org
+# Copyright (C) 2011-2018 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
include $(TOPDIR)/rules.mk
PKG_NAME:=pulseaudio
-PKG_VERSION:=12.1
+PKG_VERSION:=12.2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://freedesktop.org/software/pulseaudio/releases/
-PKG_HASH:=5f5dfb5e2c376e8c974b80f93b983ed77088ade7fb8b9325a575c45aa35977f3
+PKG_HASH:=809668ffc296043779c984f53461c2b3987a45b7a25eb2f0a1d11d9f23ba4055
PKG_LICENSE:=LGPL-2.1+
PKG_LICENSE_FILES:=GPL LICENSE
include $(TOPDIR)/rules.mk
PKG_NAME:=acl
-PKG_REV:=c39f7c5475e3e00d8abeb7b30e61958670fb3ee2
-PKG_VERSION:=20180121
+PKG_VERSION:=2.2.53
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_MIRROR_HASH:=0291d931bbac041f14bc12d317e505cd596e0ec6f1b8bcdfa03b9a1fad274ac2
-PKG_SOURCE_URL:=https://git.savannah.gnu.org/git/acl.git
-PKG_SOURCE_PROTO:=git
-PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
-PKG_SOURCE_VERSION:=$(PKG_REV)
+PKG_SOURCE_URL:=https://git.savannah.nongnu.org/cgit/acl.git/snapshot
+PKG_HASH:=9e905397ac10d06768c63edd0579c34b8431555f2ea8e8f2cee337b31f856805
PKG_MAINTAINER:=Maxim Storchak <m.storchak@gmail.com>
PKG_LICENSE:=LGPL-2.1 GPL-2.0
define Package/acl/Default
TITLE:=Access control list (ACL) manipulation
- URL:=http://savannah.nongnu.org/projects/acl
+ URL:=https://savannah.nongnu.org/projects/acl
SUBMENU:=Filesystem
endef
include $(TOPDIR)/rules.mk
PKG_NAME:=acpica-unix
-PKG_VERSION:=20180427
+PKG_VERSION:=20180629
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://acpica.org/sites/$(patsubst %-unix,%,$(PKG_NAME))/files/$(PKG_SOURCE_URL)
-PKG_HASH:=ae01b2d9e06192dca8fec9ccba327f766454e10935f98f608ec7de2690fd0c16
+PKG_HASH:=70d11f3f2adbdc64a5b33753e1889918af811ec8050722fbee0fdfc3bfd29a4f
PKG_MAINTAINER:=Philip Prindeville <philipp@redfish-solutions.com>
PKG_LICENSE:=GPL-2.0
include $(TOPDIR)/rules.mk
PKG_NAME:=acpid
-PKG_VERSION:=2.0.29
+PKG_VERSION:=2.0.30
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=@SF/acpid2
-PKG_HASH:=58503b27975c466e627eb741c5453dd662f97edef1a3d0aac822fd03a84203ff
+PKG_HASH:=28b77b62d3f64ebd1c2a3d16bccc6d4333b4e24a86aeacebec255fad223cf4cb
PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de>
PKG_LICENSE:=GPL-2.0
PKG_LICENSE_FILES:=COPYING
SECTION:=utils
CATEGORY:=Utilities
TITLE:=The ACPI Daemon (acpid) With Netlink Support
- URL:=http://tedfelix.com/linux/acpid-netlink.html
- DEPENDS:=+kmod-input-evdev
+ URL:=https://sourceforge.net/projects/acpid2/
+ DEPENDS:=+kmod-input-evdev
endef
define Package/acpid/description
+++ /dev/null
-Partially roll back upstream commit 4711119089e1ad08dad206f4fded68f1972fdeed
-since released versions of uClibc don't support isfdtype().
-
-Signed-off-by: Gustavo Zaarias <gustavo@zacarias.com.ar>
-
-Index: acpid-2.0.23/sock.c
-===================================================================
---- acpid-2.0.23.orig/sock.c
-+++ acpid-2.0.23/sock.c
-@@ -53,7 +53,10 @@ int non_root_clients;
- int
- is_socket(int fd)
- {
-- return (isfdtype(fd, S_IFSOCK) == 1);
-+ int v;
-+ socklen_t l = sizeof(int);
-+
-+ return (getsockopt(fd, SOL_SOCKET, SO_TYPE, (char *)&v, &l) == 0);
- }
-
- /* accept a new client connection */
include $(TOPDIR)/rules.mk
PKG_NAME:=ccrypt
-PKG_VERSION:=1.10
-PKG_RELEASE:=3
+PKG_VERSION:=1.11
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SF/ccrypt
-PKG_HASH:=87d66da2170facabf6f2fc073586ae2c7320d4689980cfca415c74688e499ba0
+PKG_HASH:=b19c47500a96ee5fbd820f704c912f6efcc42b638c0a6aa7a4e3dc0a6b51a44f
PKG_MAINTAINER:=Hannu Nyman <hannu.nyman@iki.fi>
PKG_LICENSE:=GPLv2+
---- a/configure.ac
-+++ b/configure.ac
-@@ -123,17 +123,6 @@ AC_MSG_RESULT($UINT32_TYPE)
- AC_DEFINE_UNQUOTED(UINT32_TYPE,$UINT32_TYPE,unsigned 32 bit integer type)
-
- dnl ----------------------------------------------------------------------
--dnl Internationalization
--
--GETTEXT_PACKAGE=ccrypt
--AC_SUBST(GETTEXT_PACKAGE)
--AC_DEFINE_UNQUOTED(GETTEXT_PACKAGE, "$GETTEXT_PACKAGE", [Package name for gettext])
--
--AM_GNU_GETTEXT
--AM_GNU_GETTEXT_VERSION([0.14.3])
--IT_PO_SUBDIR(po)
--
--dnl ----------------------------------------------------------------------
- dnl Libtool (needed by intl/)
-
- LT_INIT
-@@ -153,9 +142,7 @@ AC_SUBST(TAR)
- dnl ----------------------------------------------------------------------
- AC_CONFIG_FILES([doc/ccrypt.1
- doc/ccguess.1
-- po/Makefile.in
- m4/Makefile
-- intl/Makefile
- Makefile
- src/Makefile
- emacs/Makefile
+diff --git a/Makefile.am b/Makefile.am
+index bfe1d43..2f45264 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -4,7 +4,7 @@
EXTRA_DIST = m4/ChangeLog config.rpath README-WIN
+diff --git a/Makefile.in b/Makefile.in
+index 314e162..18dcff3 100644
--- a/Makefile.in
+++ b/Makefile.in
-@@ -36,7 +36,7 @@ host_triplet = @host@
- subdir = .
- DIST_COMMON = README $(am__configure_deps) $(srcdir)/Makefile.am \
- $(srcdir)/Makefile.in $(srcdir)/config.h.in \
-- $(top_srcdir)/configure $(top_srcdir)/intl/Makefile.in \
-+ $(top_srcdir)/configure \
- ABOUT-NLS AUTHORS COPYING ChangeLog INSTALL NEWS config.guess \
- config.rpath config.sub depcomp elisp-comp install-sh \
- ltmain.sh missing mkinstalldirs
-@@ -66,7 +66,7 @@ am__CONFIG_DISTCLEAN_FILES = config.stat
+@@ -117,7 +117,7 @@ am__CONFIG_DISTCLEAN_FILES = config.status config.cache config.log \
configure.lineno config.status.lineno
mkinstalldirs = $(SHELL) $(top_srcdir)/mkinstalldirs
CONFIG_HEADER = config.h
-CONFIG_CLEAN_FILES = intl/Makefile
+CONFIG_CLEAN_FILES =
CONFIG_CLEAN_VPATH_FILES =
- SOURCES =
- DIST_SOURCES =
-@@ -277,7 +277,7 @@ target_alias = @target_alias@
+ AM_V_P = $(am__v_P_@AM_V@)
+ am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
+@@ -177,7 +177,7 @@ CTAGS = ctags
+ CSCOPE = cscope
+ DIST_SUBDIRS = $(SUBDIRS)
+ am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/config.h.in \
+- $(top_srcdir)/intl/Makefile.in ABOUT-NLS AUTHORS COPYING \
++ ABOUT-NLS AUTHORS COPYING \
+ ChangeLog INSTALL NEWS README compile config.guess \
+ config.rpath config.sub install-sh ltmain.sh missing \
+ mkinstalldirs
+@@ -403,7 +403,7 @@ target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
EXTRA_DIST = m4/ChangeLog config.rpath README-WIN
ACLOCAL_AMFLAGS = -I m4
all: config.h
+diff --git a/configure.ac b/configure.ac
+index 56d11f1..6d32602 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -148,17 +148,6 @@ fi
+ AC_MSG_RESULT($UINT32_TYPE)
+ AC_DEFINE_UNQUOTED(UINT32_TYPE,$UINT32_TYPE,unsigned 32 bit integer type)
+
+-dnl ----------------------------------------------------------------------
+-dnl Internationalization
+-
+-GETTEXT_PACKAGE=ccrypt
+-AC_SUBST(GETTEXT_PACKAGE)
+-AC_DEFINE_UNQUOTED(GETTEXT_PACKAGE, "$GETTEXT_PACKAGE", [Package name for gettext])
+-
+-AM_GNU_GETTEXT
+-AM_GNU_GETTEXT_VERSION([0.19.8])
+-dnl IT_PO_SUBDIR(po)
+-
+ dnl ----------------------------------------------------------------------
+ dnl Libtool (needed by intl/)
+
+@@ -180,9 +169,7 @@ AC_SUBST(TAR)
+ dnl ----------------------------------------------------------------------
+ AC_CONFIG_FILES([doc/ccrypt.1
+ doc/ccguess.1
+- po/Makefile.in
+ m4/Makefile
+- intl/Makefile
+ Makefile
+ src/Makefile
+ emacs/Makefile
+diff --git a/src/Makefile.am b/src/Makefile.am
+index 4cb1d03..ff33d59 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -56,4 +56,4 @@ uninstall-local:
# internationalization stuff
localedir = $(datadir)/locale
- INCLUDES = -I../intl -I$(top_srcdir)/intl -DLOCALEDIR=\"$(localedir)\"
+ AM_CPPFLAGS = @EXTRA_INCLUDES@ -I../intl -I$(top_srcdir)/intl -DLOCALEDIR=\"$(localedir)\"
-LIBS = @LIBINTL@ @LIBS@
+LIBS = @LIBS@
+diff --git a/src/Makefile.in b/src/Makefile.in
+index 27c7d28..01c6764 100644
--- a/src/Makefile.in
+++ b/src/Makefile.in
-@@ -159,7 +159,7 @@ LDFLAGS = @LDFLAGS@
- LIBICONV = @LIBICONV@
- LIBINTL = @LIBINTL@
+@@ -278,7 +278,7 @@ LIBMULTITHREAD = @LIBMULTITHREAD@
LIBOBJS = @LIBOBJS@
+ LIBPTH = @LIBPTH@
+ LIBPTH_PREFIX = @LIBPTH_PREFIX@
-LIBS = @LIBINTL@ @LIBS@
+LIBS = @LIBS@
+ LIBTHREAD = @LIBTHREAD@
LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
- LN_S = @LN_S@
PKG_NAME:=lxc
PKG_VERSION:=2.1.1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_LICENSE:=LGPL-2.1+ BSD-2-Clause GPL-2.0
PKG_MAINTAINER:=Marko Ratkaj <marko.ratkaj@sartura.hr>
--- /dev/null
+From c8f05589644d6b719e5a2c7fc548604f248be9be Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Rafa=C5=82=20Mi=C5=82ecki?= <rafal@milecki.pl>
+Date: Sun, 29 Jul 2018 17:44:06 +0200
+Subject: [PATCH] nl: avoid NULL pointer dereference
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+It's a valid case to call nla_put() with NULL data and 0 len. It's done e.g. in
+the nla_put_attr().
+
+There has to be a check for data in nla_put() as passing NULL to the memcpy()
+is not allowed. Even if length is 0, both pointers have to be valid.
+
+For a reference see C99 standard (7.21.1/2), it says: "pointer arguments on
+such a call shall still have valid values".
+
+Reported-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
+Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
+[christian.brauner@ubuntu.com: adapted commit message]
+Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
+---
+ src/lxc/nl.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+--- a/src/lxc/nl.c
++++ b/src/lxc/nl.c
+@@ -61,7 +61,8 @@ static int nla_put(struct nlmsg *nlmsg,
+ rta = NLMSG_TAIL(nlmsg->nlmsghdr);
+ rta->rta_type = attr;
+ rta->rta_len = rtalen;
+- memcpy(RTA_DATA(rta), data, len);
++ if (data && len)
++ memcpy(RTA_DATA(rta), data, len);
+ nlmsg->nlmsghdr->nlmsg_len = tlen;
+ return 0;
+ }
include $(TOPDIR)/rules.mk
PKG_NAME:=owfs
-PKG_VERSION:=2.9p5
+PKG_VERSION:=3.2p2
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=@SF/$(PKG_NAME)
-PKG_HASH:=f7e11bae6cd29d58726e6d29b297834e5656d6069a407d798067ae25cb0812ea
+PKG_SOURCE_URL:=https://codeload.github.com/owfs/owfs/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=904ee3ab1d80e9d3461b310f0cc78b2175e24aa0075edc4f7f92371c667d0bb6
+
PKG_MAINTAINER:=Jo-Philipp Wich <jo@mein.io>
PKG_LICENSE:=GPL-2.0
define Package/owfs/Default
TITLE:=OWFS (1-Wire File System)
- URL:=http://owfs.sourceforge.net/
+ URL:=https://github.com/owfs/owfs
SECTION:=net
CATEGORY:=Network
SUBMENU:=Filesystem
DEPENDS:= \
+libpthread \
+LIBOW_MASTER_USB:libusb-compat \
- +LIBOW_MASTER_W1:kmod-w1
+ +LIBOW_MASTER_W1:kmod-w1 \
+ +libavahi-client
TITLE:=OWFS - common shared library
endef
+++ /dev/null
-AaAA
---- a/module/owlib/src/c/ow_w1_parse.c
-+++ b/module/owlib/src/c/ow_w1_parse.c
-@@ -237,7 +237,7 @@ enum Netlink_Read_Status W1_Process_Resp
- owfree(nlp.nlm) ;
- return nrs_nodev ;
- }
-- if ( nrs_callback == NULL ) { // status message
-+ if ( nrs_callback == NULL ) { // bus reset
- owfree(nlp.nlm) ;
- return nrs_complete ;
- }
-@@ -246,7 +246,7 @@ enum Netlink_Read_Status W1_Process_Resp
- nrs_callback( &nlp, v, pn ) ;
- LEVEL_DEBUG("Called nrs_callback");
- owfree(nlp.nlm) ;
-- if ( nlp.cn->ack != 0 ) {
-+ if ( nlp.cn->seq != nlp.cn->ack ) {
- if ( nlp.w1m->type == W1_LIST_MASTERS ) {
- continue ; // look for more data
- }
-@@ -254,7 +254,7 @@ enum Netlink_Read_Status W1_Process_Resp
- continue ; // look for more data
- }
- }
-- nrs_callback = NULL ; // now look for status message
-+ return nrs_complete ; // status message
- }
- return nrs_timeout ;
- }
+++ /dev/null
---- a/module/owlib/src/c/ow_reset.c
-+++ b/module/owlib/src/c/ow_reset.c
-@@ -21,6 +21,10 @@ RESET_TYPE BUS_reset(const struct parsed
- struct connection_in * in = pn->selected_connection ;
- STAT_ADD1_BUS(e_bus_resets, in);
-
-+ if ( in->iroutines.reset == NO_RESET_ROUTINE ) {
-+ return BUS_RESET_OK;
-+ }
-+
- switch ( (in->iroutines.reset) (pn) ) {
- case BUS_RESET_OK:
- in->reconnect_state = reconnect_ok; // Flag as good!
include $(TOPDIR)/rules.mk
PKG_NAME:=picocom
-PKG_VERSION:=1.7
-PKG_RELEASE:=2
+PKG_VERSION:=3.1
+PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://storage.googleapis.com/google-code-archive-downloads/v2/code.google.com/picocom
-PKG_HASH:=d0f31c8f7a215a76922d30c81a52b9a2348c89e02a84935517002b3bc2c1129e
+PKG_SOURCE_URL:=https://codeload.github.com/npat-efault/picocom/tar.gz/$(PKG_VERSION)?
+PKG_HASH:=e6761ca932ffc6d09bd6b11ff018bdaf70b287ce518b3282d29e0270e88420bb
PKG_MAINTAINER:=Steven Barth <cyrus@openwrt.org>
PKG_LICENSE:=GPL-2.0+
SECTION:=utils
CATEGORY:=Utilities
TITLE:=A minimal dumb-terminal emulation program
- URL:=http://code.google.com/p/picocom/
+ URL:=https://github.com/npat-efault/picocom
SUBMENU:=Terminal
endef
--- /dev/null
+diff --git a/Makefile b/Makefile
+index d6a4d60..a07d801 100644
+--- a/Makefile
++++ b/Makefile
+@@ -51,7 +51,6 @@ linenoise-1.0/linenoise.o : linenoise-1.0/linenoise.c linenoise-1.0/linenoise.h
+
+ OBJS += picocom.o term.o fdio.o split.o termios2.o custbaud_bsd.o
+ picocom : $(OBJS)
+- $(LD) $(LDFLAGS) -o $@ $(OBJS) $(LDLIBS)
+
+ picocom.o : picocom.c term.h fdio.h split.h custbaud.h
+ term.o : term.c term.h termios2.h custbaud_bsd.h custbaud.h
+++ /dev/null
-Index: picocom-1.7/term.c
-===================================================================
---- picocom-1.7.orig/term.c
-+++ picocom-1.7/term.c
-@@ -33,10 +33,11 @@
- #include <string.h>
- #include <errno.h>
- #include <unistd.h>
--#ifdef __linux__
-+#if defined(__linux__) && (defined(__GLIBC__) || defined(__UCLIBC__))
- #include <termio.h>
- #else
- #include <termios.h>
-+#include <sys/ioctl.h>
- #endif /* of __linux__ */
-
- #include "term.h"
include $(TOPDIR)/rules.mk
PKG_NAME:=prometheus-node-exporter-lua
-PKG_VERSION:=2018.06.26
+PKG_VERSION:=2018.07.23
PKG_RELEASE:=1
-PKG_MAINTAINER:=Christian Simon <simon@swine.de>
+PKG_MAINTAINER:=Etienne CHAMPETIER <champetier.etienne@gmail.com>
PKG_LICENSE:=Apache-2.0
include $(INCLUDE_DIR)/package.mk
define Package/prometheus-node-exporter-lua-openwrt
$(call Package/prometheus-node-exporter-lua/Default)
TITLE+= (openwrt collector)
+ DEPENDS:=prometheus-node-exporter-lua
endef
Build/Compile=
$(INSTALL_BIN) ./files/usr/bin/prometheus-node-exporter-lua $(1)/usr/bin/prometheus-node-exporter-lua
$(INSTALL_DIR) $(1)/usr/lib/lua/prometheus-collectors
$(INSTALL_BIN) ./files/usr/lib/lua/prometheus-collectors/cpu.lua $(1)/usr/lib/lua/prometheus-collectors/
+ $(INSTALL_BIN) ./files/usr/lib/lua/prometheus-collectors/conntrack.lua $(1)/usr/lib/lua/prometheus-collectors/
$(INSTALL_BIN) ./files/usr/lib/lua/prometheus-collectors/filefd.lua $(1)/usr/lib/lua/prometheus-collectors/
$(INSTALL_BIN) ./files/usr/lib/lua/prometheus-collectors/loadavg.lua $(1)/usr/lib/lua/prometheus-collectors/
$(INSTALL_BIN) ./files/usr/lib/lua/prometheus-collectors/meminfo.lua $(1)/usr/lib/lua/prometheus-collectors/
--- /dev/null
+local function scrape()
+ metric("node_nf_conntrack_entries", "gauge", nil,
+ string.sub(get_contents("/proc/sys/net/netfilter/nf_conntrack_count"), 1, -2))
+ metric("node_nf_conntrack_entries_limit", "gauge", nil,
+ string.sub(get_contents("/proc/sys/net/netfilter/nf_conntrack_max"), 1, -2))
+end
+
+return { scrape = scrape }
--- /dev/null
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=qemu
+PKG_VERSION:=3.0.0-rc2
+PKG_RELEASE:=1
+
+PKG_SOURCE_URL:=https://download.qemu.org/
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
+PKG_HASH:=b02b30c7d460996835416ef09161f6faef2700e339cf11cd99481ca51b5954f2
+PKG_LICENSE:=GPL-2.0
+
+PKG_MAINTAINER:=Andy Walsh <andy.walsh44+github@gmail.com>
+
+HOST_BUILD_PARALLEL:=1
+PKG_BUILD_PARALLEL:=1
+PKG_INSTALL:=1
+
+include $(INCLUDE_DIR)/host-build.mk
+include $(INCLUDE_DIR)/package.mk
+
+HOST_BUILD_DEPENDS:=glib2/host
+
+define Package/qemu-userspace
+ SECTION:=utils
+ CATEGORY:=Utilities
+ SUBMENU:=Virtualization
+ TITLE:=qemu $(PKG_VERSION) (Linux/BSD User space emulation)
+ URL:=https://www.qemu.org
+ DEPENDS:=+glib2 +zlib +libpthread @BROKEN
+endef
+
+define Package/qemu-userspace/description
+ QEMU is a generic and open source machine emulator and virtualizer.
+ (This package version is for user space emulation only, not full system.)
+endef
+
+HOST_CONFIGURE_ARGS += \
+ --audio-drv-list='' \
+ --disable-slirp \
+ --disable-debug-info \
+ --disable-modules \
+ --disable-sdl \
+ --disable-qom-cast-debug \
+ --disable-virtfs \
+ --disable-vnc \
+ --disable-debug-tcg \
+ --disable-sparse \
+ --disable-strip \
+ --disable-vnc-sasl \
+ --disable-vnc-jpeg \
+ --disable-vnc-png \
+ --disable-vde \
+ --disable-netmap \
+ --disable-xen \
+ --disable-xen-pci-passthrough \
+ --disable-xen-pv-domain-build \
+ --disable-brlapi \
+ --disable-bluez \
+ --disable-tcg-interpreter \
+ --disable-cap-ng \
+ --disable-spice \
+ --disable-libiscsi \
+ --disable-libnfs \
+ --disable-cocoa \
+ --disable-werror \
+ --disable-stack-protector \
+ --disable-curl \
+ --disable-crypto-afalg \
+ --disable-docs \
+ --disable-vhost-net \
+ --disable-vhost-scsi \
+ --disable-vhost-vsock \
+ --disable-opengl \
+ --disable-rbd \
+ --disable-xfsctl \
+ --disable-smartcard \
+ --disable-libusb \
+ --disable-usb-redir \
+ --disable-zlib-test \
+ --disable-lzo \
+ --disable-snappy \
+ --disable-bzip2 \
+ --disable-guest-agent-msi \
+ --without-vss-sdk \
+ --without-win-sdk \
+ --disable-tools \
+ --disable-glusterfs \
+ --disable-gtk \
+ --disable-gnutls \
+ --disable-nettle \
+ --disable-gcrypt \
+ --disable-rdma \
+ --disable-vte \
+ --disable-virglrenderer \
+ --disable-tpm \
+ --disable-libssh2 \
+ --disable-strip \
+ --disable-replication \
+ --disable-vxhs \
+ --disable-system \
+ --disable-guest-agent \
+ --disable-pie \
+ --disable-live-block-migration \
+ --disable-numa \
+ --disable-libxml2 \
+ --disable-capstone \
+ --disable-debug-mutex \
+ --disable-git-update \
+ --disable-hax \
+ --disable-kvm \
+ --disable-hvf \
+ --disable-whpx \
+ --disable-blobs
+
+# --disable-tcg
+# --disable-bsd-user
+# --disable-linux-aio
+# --disable-attr
+# --disable-seccomp
+# --disable-coroutine-pool
+# --disable-tcmalloc
+# --disable-jemalloc
+# --disable-vhost-user
+
+# QEMU configure script does not recognize these options
+HOST_CONFIGURE_ARGS:=$(filter-out \
+ --target=% \
+ --host=% \
+ --build=% \
+ --program-prefix=% \
+ --program-suffix=% \
+ --exec-prefix=% \
+ --disable-nls \
+ , $(HOST_CONFIGURE_ARGS))
+
+# does this do anything in usermode?
+CONFIGURE_ARGS:=$(filter-out \
+ --disable-hax \
+ --disable-kvm \
+ --disable-hvf \
+ --disable-blobs \
+ , $(HOST_CONFIGURE_ARGS))
+
+CONFIGURE_ARGS += \
+ --cross-prefix=$(TARGET_CROSS) \
+ --host-cc="$(HOSTCC)"
+
+$(eval $(call HostBuild))
+$(eval $(call BuildPackage,qemu-userspace))
include $(TOPDIR)/rules.mk
PKG_NAME:=uvcdynctrl
-PKG_VERSION:=0.2.4
-PKG_REV:=2
+PKG_VERSION:=0.2.5
+PKG_RELEASE:=1
PKG_SOURCE:=libwebcam-src-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=@SF/libwebcam
-PKG_HASH:=91741aca11f079eb6d043e31b7da6fe1f7927c28d7496590386928f8466b4297
+PKG_HASH:=3ca5199c7b8398b655a7c38e3ad4191bb053b1486503287f20d30d141bda9d41
PKG_MAINTAINER:=Roger D <rogerdammit@gmail.com>
-PKG_BUILD_DIR:=$(BUILD_DIR)/libwebcam-src-$(PKG_VERSION)
+PKG_BUILD_DIR:=$(BUILD_DIR)/libwebcam-$(PKG_VERSION)
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/cmake.mk
CATEGORY:=Utilities
DEPENDS:=+libwebcam
TITLE:=Manage dynamic controls in uvcvideo
- URL:=http://sourceforge.net/projects/libwebcam/
+ URL:=https://sourceforge.net/projects/libwebcam/
MENU:=1
endef
CATEGORY:=Libraries
DEPENDS:=+libxml2 +libiconv-full
TITLE:=Webcam library
- URL:=http://sourceforge.net/projects/libwebcam/
+ URL:=https://sourceforge.net/projects/libwebcam/
endef
define Package/libwebcam/description