Difuse/packages
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'openwrt:master' into master

Browse source
This commit is contained in:
Hayzam Sherif 2023-05-14 20:26:03 +05:30 committed by GitHub
commit c91693d848
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
31 changed files with 529 additions and 294 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
admin/netatop/patches/100-fix-compilation-warning-fallthrough.patch Normal file
View file

@ -0,0 +1,11 @@
--- a/module/netatop.c
+++ b/module/netatop.c
@@ -1617,7 +1617,7 @@ getsockopt(struct sock *sk, int cmd, void __user *user, int *len)
case NETATOP_GETCNT_TGID:
tasktype = 'g';
- // fall through
+ fallthrough;
case NETATOP_GETCNT_PID:
if (*len < sizeof(pid_t))
return -EINVAL;

11
libs/dmx_usb_module/patches/100-fix-compilation-warning-wrong-cast.patch Normal file
View file

@ -0,0 +1,11 @@
--- a/dmx_usb.c
+++ b/dmx_usb.c
@@ -406,7 +406,7 @@ static ssize_t dmx_usb_write (struct file *file, const char *buffer, size_t coun
dev = (struct dmx_usb_device *)file->private_data;
- dbg("%s - minor %d, count = %d", __FUNCTION__, dev->minor, count);
+ dbg("%s - minor %d, count = %zu", __FUNCTION__, dev->minor, count);
/* lock this object */
down (&dev->sem);

30
libs/libpfring/patches/100-fix-compilation-warning.patch Normal file
View file

@ -0,0 +1,30 @@
--- a/kernel/pf_ring.c
+++ b/kernel/pf_ring.c
@@ -3940,7 +3940,7 @@ static int hash_pkt_cluster(ring_cluster_element *cluster_ptr,
break;
}
/* else, fall through, because it's like 2-tuple for non-TCP packets */
-
+ fallthrough;
case cluster_per_flow_2_tuple:
case cluster_per_inner_flow_2_tuple:
flags |= mask_2_tuple;
@@ -5485,8 +5485,7 @@ static int ring_release(struct socket *sock)
remove_cluster_referee(pfr);
if((pfr->zc_device_entry != NULL)
- && pfr->zc_device_entry->zc_dev.dev
- && pfr->zc_device_entry->zc_dev.dev->name) {
+ && pfr->zc_device_entry->zc_dev.dev) {
pfring_release_zc_dev(pfr);
}
@@ -5617,8 +5616,6 @@ static int ring_bind(struct socket *sock, struct sockaddr *sa, int addr_len)
return(-EINVAL);
if(sa->sa_family != PF_RING)
return(-EINVAL);
- if(sa->sa_data == NULL)
- return(-EINVAL);
memcpy(name, sa->sa_data, sizeof(sa->sa_data));

2
libs/libvorbis/Makefile
View file

@ -7,7 +7,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=libvorbis
PKG_VERSION:=1.3.7
PKG_RELEASE:=1
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=http://downloads.xiph.org/releases/vorbis/

44
libs/libvorbis/patches/010-cmake_soname.patch Normal file
View file

@ -0,0 +1,44 @@
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -28,8 +28,8 @@ set(PROJECT_VERSION_MINOR ${CMAKE_MATCH_
set(PROJECT_VERSION_PATCH ${CMAKE_MATCH_3})
set(PROJECT_VERSION ${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}.${PROJECT_VERSION_PATCH})
-# Helper function to get version-info
-function(get_version_info result current_var_name age_var_name revision_var_name)
+# Helper function to get library versions
+function(get_lib_versions version_result soversion_result current_var_name age_var_name revision_var_name)
string(REGEX MATCH "${current_var_name}=([0-9]*)" DUMMY ${CONFIGURE_AC_CONTENTS})
set(VERSION_INFO_CURRENT ${CMAKE_MATCH_1})
@@ -41,7 +41,8 @@ function(get_version_info result current
math(EXPR VERSION_INFO_CURRENT_MINUS_AGE "${VERSION_INFO_CURRENT} - ${VERSION_INFO_AGE}")
- set(${result} "${VERSION_INFO_CURRENT_MINUS_AGE}.${VERSION_INFO_AGE}.${VERSION_INFO_REVISION}" PARENT_SCOPE)
+ set(${version_result} "${VERSION_INFO_CURRENT_MINUS_AGE}.${VERSION_INFO_AGE}.${VERSION_INFO_REVISION}" PARENT_SCOPE)
+ set(${soversion_result} "${VERSION_INFO_CURRENT_MINUS_AGE}" PARENT_SCOPE)
endfunction()
# Helper function to configure pkg-config files
--- a/lib/CMakeLists.txt
+++ b/lib/CMakeLists.txt
@@ -78,12 +78,12 @@ if (NOT BUILD_FRAMEWORK)
add_library(vorbisenc ${VORBISENC_SOURCES})
add_library(vorbisfile ${VORBISFILE_SOURCES})
- get_version_info(VORBIS_VERSION_INFO "V_LIB_CURRENT" "V_LIB_AGE" "V_LIB_REVISION")
- set_target_properties(vorbis PROPERTIES SOVERSION ${VORBIS_VERSION_INFO})
- get_version_info(VORBISENC_VERSION_INFO "VE_LIB_CURRENT" "VE_LIB_AGE" "VE_LIB_REVISION")
- set_target_properties(vorbisenc PROPERTIES SOVERSION ${VORBISENC_VERSION_INFO})
- get_version_info(VORBISFILE_VERSION_INFO "VF_LIB_CURRENT" "VF_LIB_AGE" "VF_LIB_REVISION")
- set_target_properties(vorbisfile PROPERTIES SOVERSION ${VORBISFILE_VERSION_INFO})
+ get_lib_versions(VORBIS_VERSION VORBIS_SOVERSION "V_LIB_CURRENT" "V_LIB_AGE" "V_LIB_REVISION")
+ set_target_properties(vorbis PROPERTIES VERSION ${VORBIS_VERSION} SOVERSION ${VORBIS_SOVERSION})
+ get_lib_versions(VORBISENC_VERSION VORBISENC_SOVERSION "VE_LIB_CURRENT" "VE_LIB_AGE" "VE_LIB_REVISION")
+ set_target_properties(vorbisenc PROPERTIES VERSION ${VORBISENC_VERSION} SOVERSION ${VORBISENC_SOVERSION})
+ get_lib_versions(VORBISFILE_VERSION VORBISFILE_SOVERSION "VF_LIB_CURRENT" "VF_LIB_AGE" "VF_LIB_REVISION")
+ set_target_properties(vorbisfile PROPERTIES VERSION ${VORBISFILE_VERSION} SOVERSION ${VORBISFILE_SOVERSION})
target_include_directories(vorbis
PUBLIC

42
libs/xr_usb_serial_common/patches/100-fix-compilation-warning-unused-function.patch Normal file
View file

@ -0,0 +1,42 @@
--- a/xr_usb_serial_common-1a/xr_usb_serial_common.c
+++ b/xr_usb_serial_common-1a/xr_usb_serial_common.c
@@ -258,7 +258,9 @@ static void xr_usb_serial_ctrl_irq(struct urb *urb)
{
struct xr_usb_serial *xr_usb_serial = urb->context;
struct usb_cdc_notification *dr = urb->transfer_buffer;
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(3, 9, 0)
struct tty_struct *tty;
+#endif
unsigned char *data;
int newctrl;
int retval;
@@ -390,7 +392,9 @@ static int xr_usb_serial_submit_read_urbs(struct xr_usb_serial *xr_usb_serial, g
}
static void xr_usb_serial_process_read_urb(struct xr_usb_serial *xr_usb_serial, struct urb *urb)
{
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(3, 9, 0)
struct tty_struct *tty;
+#endif
if (!urb->actual_length)
return;
#if LINUX_VERSION_CODE > KERNEL_VERSION(3, 9, 0)
@@ -465,7 +469,9 @@ static void xr_usb_serial_write_bulk(struct urb *urb)
static void xr_usb_serial_softint(struct work_struct *work)
{
struct xr_usb_serial *xr_usb_serial = container_of(work, struct xr_usb_serial, work);
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(3, 9, 0)
struct tty_struct *tty;
+#endif
dev_vdbg(&xr_usb_serial->data->dev, "%s\n", __func__);
#if LINUX_VERSION_CODE > KERNEL_VERSION(3, 9, 0)
@@ -1631,7 +1637,9 @@ err_out:
static int xr_usb_serial_reset_resume(struct usb_interface *intf)
{
struct xr_usb_serial *xr_usb_serial = usb_get_intfdata(intf);
+#if LINUX_VERSION_CODE <= KERNEL_VERSION(3, 9, 0)
struct tty_struct *tty;
+#endif
if (tty_port_initialized(&xr_usb_serial->port)){
#if LINUX_VERSION_CODE > KERNEL_VERSION(3, 9, 0)
tty_port_tty_hangup(&xr_usb_serial->port, false);

6
mail/dovecot/Makefile
View file

@ -8,12 +8,12 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=dovecot
PKG_VERSION:=2.3.18
PKG_RELEASE:=2
PKG_VERSION:=2.3.20
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://dovecot.org/releases/2.3
PKG_HASH:=06e73f668c6c093c45bdeeeb7c20398ab8dc49317234f4b5781ac5e2cc5d6c33
PKG_HASH:=caa832eb968148abdf35ee9d0f534b779fa732c0ce4a913d9ab8c3469b218552
PKG_MAINTAINER:=Lucian Cristian <lucian.cristian@gmail.com>
PKG_LICENSE:=LGPL-2.1-only MIT BSD-3-Clause

4
mail/pigeonhole/Makefile
View file

@ -8,7 +8,7 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=dovecot-pigeonhole
PKG_VERSION_PLUGIN:=0.5.19
PKG_VERSION_PLUGIN:=0.5.20
PKG_VERSION_DOVECOT:=$(shell make --no-print-directory -C ../dovecot/ val.PKG_VERSION V=s)
PKG_VERSION:=$(PKG_VERSION_DOVECOT)-$(PKG_VERSION_PLUGIN)
PKG_RELEASE:=1
@ -17,7 +17,7 @@ DOVECOT_VERSION:=2.3
PKG_SOURCE:=dovecot-$(DOVECOT_VERSION)-pigeonhole-$(PKG_VERSION_PLUGIN).tar.gz
PKG_SOURCE_URL:=https://pigeonhole.dovecot.org/releases/$(DOVECOT_VERSION)
PKG_HASH:=637709a83fb1338c918e5398049f96b7aeb5ae00696794ed1e5a4d4c0ca3f688
PKG_HASH:=ae32bd4870ea2c1328ae09ba206e9ec12128046d6afca52fbbc9ef7f75617c98
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
PKG_LICENSE:=LGPL-2.1-or-later

43
net/aardvark-dns/Makefile Normal file
View file

@ -0,0 +1,43 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=aardvark-dns
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/containers/aardvark-dns.git
PKG_SOURCE_DATE:=2023-05-12
PKG_SOURCE_VERSION:=6e06736707d8a84240858e968a54a083083e3a09
PKG_MIRROR_HASH:=407d73c0a01b9fd6248a1ce058541707580db46a7d18f776780fe7922ba97391
PKG_MAINTAINER:=Oskari Rauta <oskari.rauta@gmail.com>
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
PKG_BUILD_DEPENDS:=rust/host
include $(INCLUDE_DIR)/package.mk
include ../../lang/rust/rust-package.mk
define Package/aardvark-dns
SECTION:=net
CATEGORY:=Network
DEPENDS:=$(RUST_ARCH_DEPENDS)
TITLE:=authoritative dns server for container records
URL:=https://github.com/containers/aardvark-dns
endef
define Package/aardvark-dns/description
Aardvark-dns is an authoritative dns server for A/AAAA container records.
It can forward other requests to configured resolvers.
It is mostly intended to be used with Netavark which will
launch it automatically if both are installed.
endef
define Package/aardvark-dns/install
$(INSTALL_DIR) $(1)/usr/lib/podman
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/bin/aardvark-dns $(1)/usr/lib/podman/
endef
$(eval $(call RustBinPackage,aardvark-dns))
$(eval $(call BuildPackage,aardvark-dns))

4
net/banip/Makefile
View file

@ -5,8 +5,8 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=banip
PKG_VERSION:=0.8.5
PKG_RELEASE:=2
PKG_VERSION:=0.8.6
PKG_RELEASE:=1
PKG_LICENSE:=GPL-3.0-or-later
PKG_MAINTAINER:=Dirk Brenken <dev@brenken.org>

149
net/banip/files/banip-functions.sh
View file

@ -75,6 +75,7 @@ ban_fetchinsecure=""
ban_fetchretry="5"
ban_cores=""
ban_memory=""
ban_packages=""
ban_trigger=""
ban_triggerdelay="10"
ban_resolver=""
@ -90,8 +91,9 @@ f_system() {
ban_debug="$(uci_get banip global ban_debug)"
ban_cores="$(uci_get banip global ban_cores)"
fi
ban_packages="$(${ban_ubuscmd} -S call rpc-sys packagelist '{ "all": true }' 2>/dev/null)"
ban_memory="$("${ban_awkcmd}" '/^MemAvailable/{printf "%s",int($2/1000)}' "/proc/meminfo" 2>/dev/null)"
ban_ver="$(${ban_ubuscmd} -S call rpc-sys packagelist '{ "all": true }' 2>/dev/null | jsonfilter -ql1 -e '@.packages.banip')"
ban_ver="$(printf "%s" "${ban_packages}" | jsonfilter -ql1 -e '@.packages.banip')"
ban_sysver="$(${ban_ubuscmd} -S call system board 2>/dev/null | jsonfilter -ql1 -e '@.model' -e '@.release.description' |
"${ban_awkcmd}" 'BEGIN{RS="";FS="\n"}{printf "%s, %s",$1,$2}')"
if [ -z "${ban_cores}" ]; then
@ -171,6 +173,19 @@ f_trim() {
printf "%s" "${string}"
}
# remove logservice
#
f_rmpid() {
local ppid pid pids
ppid="$("${ban_catcmd}" "${ban_pidfile}" 2>/dev/null)"
[ -n "${ppid}" ] && pids="$(pgrep -P "${ppid}" 2>/dev/null)" || return 0
for pid in ${pids}; do
kill -INT "${pid}" >/dev/null 2>&1
done
: >"${ban_pidfile}"
}
# write log messages
#
f_log() {
@ -253,30 +268,54 @@ f_conf() {
[ "${ban_action}" = "boot" ] && [ -z "${ban_trigger}" ] && sleep ${ban_triggerdelay}
}
# prepare fetch utility
# get nft/monitor actuals
#
f_fetch() {
local item utils packages insecure
f_actual() {
local nft monitor
if [ -z "${ban_fetchcmd}" ] || [ ! -x "$(command -v "${ban_fetchcmd}")" ]; then
packages="$(${ban_ubuscmd} -S call rpc-sys packagelist '{ "all": true }' 2>/dev/null)"
[ -z "${packages}" ] && f_log "err" "no local package repository"
if "${ban_nftcmd}" -t list set inet banIP allowlistvMAC >/dev/null 2>&1; then
nft="$(f_char "1")"
else
nft="$(f_char "0")"
fi
if pgrep -f "logread" -P "$("${ban_catcmd}" "${ban_pidfile}" 2>/dev/null)" >/dev/null 2>&1; then
monitor="$(f_char "1")"
else
monitor="$(f_char "0")"
fi
printf "%s" "nft: ${nft}, monitor: ${monitor}"
}
# get fetch utility
#
f_getfetch() {
local item utils insecure update="0"
if { [ "${ban_fetchcmd}" = "uclient-fetch" ] && printf "%s" "${ban_packages}" | "${ban_grepcmd}" -q '"libustream-'; } ||
{ [ "${ban_fetchcmd}" = "wget" ] && printf "%s" "${ban_packages}" | "${ban_grepcmd}" -q '"wget-ssl'; } ||
[ "${ban_fetchcmd}" = "curl" ] || [ "${ban_fetchcmd}" = "aria2c" ]; then
ban_fetchcmd="$(command -v "${ban_fetchcmd}")"
else
ban_fetchcmd=""
fi
if [ "${ban_autodetect}" = "1" ] && [ ! -x "${ban_fetchcmd}" ]; then
utils="aria2c curl wget uclient-fetch"
for item in ${utils}; do
if { [ "${item}" = "uclient-fetch" ] && printf "%s" "${packages}" | "${ban_grepcmd}" -q '"libustream-'; } ||
{ [ "${item}" = "wget" ] && printf "%s" "${packages}" | "${ban_grepcmd}" -q '"wget-ssl'; } ||
if { [ "${item}" = "uclient-fetch" ] && printf "%s" "${ban_packages}" | "${ban_grepcmd}" -q '"libustream-'; } ||
{ [ "${item}" = "wget" ] && printf "%s" "${ban_packages}" | "${ban_grepcmd}" -q '"wget-ssl'; } ||
[ "${item}" = "curl" ] || [ "${item}" = "aria2c" ]; then
ban_fetchcmd="$(command -v "${item}")"
if [ -x "${ban_fetchcmd}" ]; then
uci_set banip global ban_fetchcmd "${ban_fetchcmd##*/}"
update="1"
uci_set banip global ban_fetchcmd "${item}"
uci_commit "banip"
break
fi
fi
done
else
ban_fetchcmd="$(command -v "${ban_fetchcmd}")"
fi
[ ! -x "${ban_fetchcmd}" ] && f_log "err" "no download utility with SSL support"
case "${ban_fetchcmd##*/}" in
"aria2c")
@ -297,38 +336,7 @@ f_fetch() {
;;
esac
f_log "debug" "f_fetch ::: cmd: ${ban_fetchcmd:-"-"}, parm: ${ban_fetchparm:-"-"}"
}
# remove logservice
#
f_rmpid() {
local ppid pid pids
ppid="$("${ban_catcmd}" "${ban_pidfile}" 2>/dev/null)"
[ -n "${ppid}" ] && pids="$(pgrep -P "${ppid}" 2>/dev/null)" || return 0
for pid in ${pids}; do
kill -INT "${pid}" >/dev/null 2>&1
done
: >"${ban_pidfile}"
}
# get nft/monitor actuals
#
f_actual() {
local nft monitor
if "${ban_nftcmd}" -t list set inet banIP allowlistvMAC >/dev/null 2>&1; then
nft="$(f_char "1")"
else
nft="$(f_char "0")"
fi
if pgrep -f "logread" -P "$("${ban_catcmd}" "${ban_pidfile}" 2>/dev/null)" >/dev/null 2>&1; then
monitor="$(f_char "1")"
else
monitor="$(f_char "0")"
fi
printf "%s" "nft: ${nft}, monitor: ${monitor}"
f_log "debug" "f_getfetch ::: auto/update: ${ban_autodetect}/${update}, cmd: ${ban_fetchcmd:-"-"}, parm: ${ban_fetchparm:-"-"}"
}
# get wan interfaces
@ -1355,6 +1363,59 @@ f_mail() {
f_log "debug" "f_mail ::: notification: ${ban_mailnotification}, template: ${ban_mailtemplate}, profile: ${ban_mailprofile}, receiver: ${ban_mailreceiver}, rc: ${?}"
}
# log monitor
#
f_monitor() {
local nft_expiry line proto ip log_raw log_count
if [ -x "${ban_logreadcmd}" ] && [ -n "${ban_logterm%%??}" ] && [ "${ban_loglimit}" != "0" ]; then
f_log "info" "start detached banIP log service"
[ -n "${ban_nftexpiry}" ] && nft_expiry="timeout $(printf "%s" "${ban_nftexpiry}" | "${ban_grepcmd}" -oE "([0-9]+[d|h|m|s])+$")"
# read log continuously with given logterms
#
"${ban_logreadcmd}" -fe "${ban_logterm%%??}" 2>/dev/null |
while read -r line; do
proto=""
# IPv4 log parsing
#
ip="$(printf "%s" "${line}" | "${ban_awkcmd}" 'BEGIN{RS="(([0-9]{1,3}\\.){3}[0-9]{1,3})+"}{if(!seen[RT]++)printf "%s ",RT}')"
ip="$(f_trim "${ip}")"
ip="${ip##* }"
[ -n "${ip}" ] && proto="v4"
if [ -z "${proto}" ]; then
# IPv6 log parsing
#
ip="$(printf "%s" "${line}" | "${ban_awkcmd}" 'BEGIN{RS="([A-Fa-f0-9]{1,4}::?){3,7}[A-Fa-f0-9]{1,4}"}{if(!seen[RT]++)printf "%s ",RT}')"
ip="$(f_trim "${ip}")"
ip="${ip##* }"
[ -n "${ip}" ] && proto="v6"
fi
if [ -n "${proto}" ] && ! "${ban_nftcmd}" get element inet banIP blocklist"${proto}" "{ ${ip} }" >/dev/null 2>&1; then
f_log "info" "suspicious IP${proto} '${ip}'"
log_raw="$("${ban_logreadcmd}" -l "${ban_loglimit}" 2>/dev/null)"
log_count="$(printf "%s\n" "${log_raw}" | "${ban_grepcmd}" -c "suspicious IP${proto} '${ip}'")"
if [ "${log_count}" -ge "${ban_logcount}" ]; then
if "${ban_nftcmd}" add element inet banIP "blocklist${proto}" "{ ${ip} ${nft_expiry} }" >/dev/null 2>&1; then
f_log "info" "add IP${proto} '${ip}' (expiry: ${ban_nftexpiry:-"-"}) to blocklist${proto} set"
if [ -z "${ban_nftexpiry}" ] && [ "${ban_autoblocklist}" = "1" ] && ! "${ban_grepcmd}" -q "^${ip}" "${ban_blocklist}"; then
printf "%-42s%s\n" "${ip}" "# added on $(date "+%Y-%m-%d %H:%M:%S")" >>"${ban_blocklist}"
f_log "info" "add IP${proto} '${ip}' to local blocklist"
fi
fi
fi
fi
done
# start detached no-op service loop
#
else
f_log "info" "start detached no-op banIP service"
while :; do
sleep 1
done
fi
}
# initial sourcing
#
if [ -r "/lib/functions.sh" ] && [ -r "/lib/functions/network.sh" ] && [ -r "/usr/share/libubox/jshn.sh" ]; then

54
net/banip/files/banip-service.sh
View file

@ -18,7 +18,7 @@ f_log "info" "start banIP processing (${ban_action})"
f_log "debug" "f_system ::: system: ${ban_sysver:-"n/a"}, version: ${ban_ver:-"n/a"}, memory: ${ban_memory:-"0"}, cpu_cores: ${ban_cores}"
f_genstatus "processing"
f_tmp
f_fetch
f_getfetch
f_getif
f_getdev
f_getuplink
@ -162,54 +162,6 @@ fi
json_cleanup
rm -rf "${ban_lock}"
# start detached log service
# start detached log service (infinite loop)
#
if [ -x "${ban_logreadcmd}" ] && [ -n "${ban_logterm%%??}" ] && [ "${ban_loglimit}" != "0" ]; then
f_log "info" "start detached banIP log service"
nft_expiry="$(printf "%s" "${ban_nftexpiry}" | grep -oE "([0-9]+[h|m|s]$)")"
[ -n "${nft_expiry}" ] && nft_expiry="timeout ${nft_expiry}"
# read log continuously with given logterms
#
"${ban_logreadcmd}" -fe "${ban_logterm%%??}" 2>/dev/null |
while read -r line; do
proto=""
# IPv4 log parsing
#
ip="$(printf "%s" "${line}" | "${ban_awkcmd}" 'BEGIN{RS="(([0-9]{1,3}\\.){3}[0-9]{1,3})+"}{if(!seen[RT]++)printf "%s ",RT}')"
ip="$(f_trim "${ip}")"
ip="${ip##* }"
[ -n "${ip}" ] && proto="v4"
if [ -z "${proto}" ]; then
# IPv6 log parsing
#
ip="$(printf "%s" "${line}" | "${ban_awkcmd}" 'BEGIN{RS="([A-Fa-f0-9]{1,4}::?){3,7}[A-Fa-f0-9]{1,4}"}{if(!seen[RT]++)printf "%s ",RT}')"
ip="$(f_trim "${ip}")"
ip="${ip##* }"
[ -n "${ip}" ] && proto="v6"
fi
if [ -n "${proto}" ] && ! "${ban_nftcmd}" get element inet banIP blocklist"${proto}" "{ ${ip} }" >/dev/null 2>&1; then
f_log "info" "suspicious IP${proto} '${ip}'"
log_raw="$("${ban_logreadcmd}" -l "${ban_loglimit}" 2>/dev/null)"
log_count="$(printf "%s\n" "${log_raw}" | grep -c "suspicious IP${proto} '${ip}'")"
if [ "${log_count}" -ge "${ban_logcount}" ]; then
if "${ban_nftcmd}" add element inet banIP "blocklist${proto}" "{ ${ip} ${nft_expiry} }" >/dev/null 2>&1; then
f_log "info" "add IP${proto} '${ip}' (expiry: ${nft_expiry:-"-"}) to blocklist${proto} set"
if [ "${ban_autoblocklist}" = "1" ] && ! grep -q "^${ip}" "${ban_blocklist}"; then
printf "%-42s%s\n" "${ip}" "# added on $(date "+%Y-%m-%d %H:%M:%S")" >>"${ban_blocklist}"
f_log "info" "add IP${proto} '${ip}' to local blocklist"
fi
fi
fi
fi
done
# start detached no-op service loop
#
else
f_log "info" "start detached no-op banIP service"
while :; do
sleep 1
done
fi
f_monitor

17
net/lighttpd/Makefile
View file

@ -8,14 +8,14 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=lighttpd
PKG_VERSION:=1.4.69
PKG_RELEASE:=3
PKG_VERSION:=1.4.70
PKG_RELEASE:=1
# release candidate ~rcX testing; remove for release
#PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(PKG_VERSION)
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://download.lighttpd.net/lighttpd/releases-1.4.x
PKG_HASH:=16ac8db95e719629ba61949b99f8a26feba946a81d185215b28379bb4116b0b4
PKG_HASH:=921ebe1cf4b6b9897e03779ab7a23a31f4ba40a1abe2067525c33cd3ce61fe85
PKG_MAINTAINER:=W. Michael Petullo <mike@flyn.org>
PKG_LICENSE:=BSD-3-Clause
@ -60,7 +60,7 @@ PKG_BUILD_DEPENDS:= \
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/meson.mk
# choose crypto lib for lighttpd to use for crypto algorithms (default: nettle)
# choose crypto lib for lighttpd to use for crypto algorithms
# (separate from lighttpd TLS modules, which are each standalone)
cryptolibdep= \
+LIGHTTPD_CRYPTOLIB_NETTLE:libnettle \
@ -69,8 +69,6 @@ cryptolibdep= \
ifdef CONFIG_LIGHTTPD_CRYPTOLIB_MBEDTLS
TARGET_CPPFLAGS += -DFORCE_MBEDTLS_CRYPTO
else ifdef CONFIG_LIGHTTPD_CRYPTOLIB_WOLFSSL
# (Note: if CONFIG_LIGHTTPD_CRYPTOLIB_WOLFSSL is set,
# then lighttpd-mod-mbedtls should not be selected to also be built)
TARGET_CPPFLAGS += -DFORCE_WOLFSSL_CRYPTO
endif
@ -123,7 +121,7 @@ config LIGHTTPD_PCRE2
if PACKAGE_lighttpd
choice
prompt "crypto library"
default LIGHTTPD_CRYPTOLIB_NETTLE
default LIGHTTPD_CRYPTOLIB_MBEDTLS
help
library to use for cryptographic algorithms
@ -177,7 +175,7 @@ MESON_ARGS += \
-Dwith_zlib=$(if $(CONFIG_PACKAGE_lighttpd-mod-deflate),enabled,disabled) \
-Dwith_zstd=disabled
BASE_MODULES:=dirlisting
BASE_MODULES:=dirlisting h2
define Package/lighttpd/conffiles
/etc/lighttpd/lighttpd.conf
@ -307,8 +305,9 @@ server.modules += ( \"mod_$(1)\" )" $$(1)/etc/lighttpd/conf.d/$(4)-$(1).conf ; \
$$(eval $$(call BuildPackage,lighttpd-mod-$(1)))
endef
# included in BASE_MODULES:=dirlisting
# included in BASE_MODULES:=dirlisting h2
#$(eval $(call BuildPlugin,dirlisting,dirlisting,,30))
#$(eval $(call BuildPlugin,h2,HTTP/2,,30))
# included in base lighttpd executable;
# no longer loaded as separate dynamic modules

2
net/lighttpd/patches/020-meson-mod_webdav_min.patch
View file

@ -9,7 +9,7 @@ Subject: [PATCH] [meson] mod_webdav_min w/o deps: xml2 sqlite3 uuid
--- a/src/meson.build
+++ b/src/meson.build
@@ -865,6 +865,16 @@ if libsasl.found()
@@ -879,6 +879,16 @@ if libsasl.found()
]
endif

34
net/lighttpd/patches/030-meson-check-FORCE_._CRYPTO.patch
View file

@ -1,34 +0,0 @@
From e91ad65e4aacde815679c06cb687931dd7beb9b3 Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Thu, 20 Apr 2023 21:27:36 -0400
Subject: [PATCH] [meson] check FORCE_{WOLFSSL,MBEDTLS}_CRYPTO
---
src/meson.build | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
--- a/src/meson.build
+++ b/src/meson.build
@@ -358,15 +358,19 @@ if get_option('with_mbedtls')
libmbedtls = [ compiler.find_library('mbedtls') ]
libmbedx509 = [ compiler.find_library('mbedx509') ]
libmbedcrypto = [ compiler.find_library('mbedcrypto') ]
- libcrypto = [ compiler.find_library('mbedcrypto') ]
+ if compiler.get_define('FORCE_WOLFSSL_CRYPTO') == ''
+ libcrypto = [ compiler.find_library('mbedcrypto') ]
+ endif
conf_data.set('HAVE_LIBMBEDCRYPTO', true)
endif
if get_option('with_nettle')
# manual search:
# header: nettle/nettle-types.h
# function: nettle_md5_init (-lnettle)
- libcrypto = [ dependency('nettle') ]
- conf_data.set('HAVE_NETTLE_NETTLE_TYPES_H', true)
+ if compiler.get_define('FORCE_WOLFSSL_CRYPTO') == '' and compiler.get_define('FORCE_MBEDTLS_CRYPTO') == ''
+ libcrypto = [ dependency('nettle') ]
+ conf_data.set('HAVE_NETTLE_NETTLE_TYPES_H', true)
+ endif
endif
if get_option('with_gnutls')
# manual search:

87
net/lighttpd/patches/030-mod_h2-HTTP-2-separate-mod.patch Normal file
View file

@ -0,0 +1,87 @@
From 2892a7bf3f8ce92f41134fab25fbc2057f4a36bf Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Wed, 10 May 2023 19:06:42 -0400
Subject: [PATCH] [mod_h2] HTTP/2 separate module; no longer builtin
---
src/CMakeLists.txt | 3 ---
src/Makefile.am | 9 +++------
src/SConscript | 4 +---
src/meson.build | 3 ---
4 files changed, 4 insertions(+), 15 deletions(-)
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -922,10 +922,7 @@ set(SERVER_SRC
response.c
connections.c
h1.c
- h2.c
sock_addr_cache.c
- ls-hpack/lshpack.c
- algo_xxhash.c
fdevent_impl.c
http_range.c
network.c
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -70,12 +70,10 @@ common_src=base64.c buffer.c burl.c log.
common_src += fdevent_win32.c fs_win32.c
-src = server.c response.c connections.c h1.c h2.c \
+src = server.c response.c connections.c h1.c \
sock_addr_cache.c \
network.c \
network_write.c \
- ls-hpack/lshpack.c \
- algo_xxhash.c \
fdevent_impl.c \
http_range.c \
data_config.c \
@@ -428,6 +426,8 @@ lighttpd_LDADD = \
$(FAM_LIBS) $(LIBEV_LIBS) $(LIBUNWIND_LIBS)
lighttpd_LDFLAGS = -export-dynamic
+lighttpd_SOURCES += h2.c ls-hpack/lshpack.c algo_xxhash.c
+lighttpd_LDADD += $(XXHASH_LIBS)
if BUILD_WITH_MAXMINDDB
lighttpd_SOURCES += mod_maxminddb.c
lighttpd_LDADD += $(MAXMINDDB_LIB)
@@ -489,9 +489,6 @@ lighttpd_SOURCES += mod_wolfssl.c
lighttpd_CPPFLAGS += $(WOLFSSL_CFLAGS)
lighttpd_LDADD += $(WOLFSSL_LIBS)
endif
-#(until switch to mod_h2)
-#lighttpd_SOURCES += h2.c ls-hpack/lshpack.c algo_xxhash.c
-#lighttpd_LDADD += $(XXHASH_LIBS)
else
--- a/src/SConscript
+++ b/src/SConscript
@@ -75,10 +75,8 @@ common_src = Split("base64.c buffer.c bu
ck.c \
")
-src = Split("server.c response.c connections.c h1.c h2.c \
+src = Split("server.c response.c connections.c h1.c \
sock_addr_cache.c \
- ls-hpack/lshpack.c \
- algo_xxhash.c \
fdevent_impl.c \
http_range.c \
network.c \
--- a/src/meson.build
+++ b/src/meson.build
@@ -560,10 +560,7 @@ main_src = files(
'connections.c',
'data_config.c',
'h1.c',
- 'h2.c',
'sock_addr_cache.c',
- 'ls-hpack/lshpack.c',
- 'algo_xxhash.c',
'fdevent_impl.c',
'http_range.c',
'network_write.c',

23
net/lighttpd/patches/031-mod_mbedtls-check-MBEDTLS_DEBUG_C.patch
View file

@ -1,23 +0,0 @@
From 37cbdacda78f9df4aba4c39e60472025d93bb7ba Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Fri, 28 Apr 2023 03:17:16 -0400
Subject: [PATCH] [mod_mbedtls] check MBEDTLS_DEBUG_C for debug func
---
src/mod_mbedtls.c | 2 ++
1 file changed, 2 insertions(+)
--- a/src/mod_mbedtls.c
+++ b/src/mod_mbedtls.c
@@ -2357,9 +2357,11 @@ CONNECTION_FUNC(mod_mbedtls_handle_con_a
* overlap, and so this debug setting is not reset upon connection close.
* Once enabled, debug hook will remain so for this mbedtls_ssl_config */
if (hctx->conf.ssl_log_noise) {/* volume level for debug message callback */
+ #ifdef MBEDTLS_DEBUG_C
#if MBEDTLS_VERSION_NUMBER >= 0x02000000 /* mbedtls 2.0.0 */
mbedtls_debug_set_threshold(hctx->conf.ssl_log_noise);
#endif
+ #endif
mbedtls_ssl_conf_dbg(hctx->ssl_ctx, mod_mbedtls_debug_cb,
(void *)(intptr_t)hctx->conf.ssl_log_noise);
}

20
net/lighttpd/patches/032-meson-build-fix-for-builtin_mods.patch
View file

@ -1,20 +0,0 @@
From 2fc157f37ea4644ba9ac776de1926b9e518ec42b Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Sat, 29 Apr 2023 00:43:55 -0400
Subject: [PATCH] [meson] build fix for builtin_mods
---
src/meson.build | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/src/meson.build
+++ b/src/meson.build
@@ -656,7 +656,7 @@ executable('lighttpd-angel',
)
executable('lighttpd', configparser,
- sources: common_src + main_src,
+ sources: common_src + main_src + builtin_mods,
dependencies: [ common_flags, lighttpd_flags
, libattr
, libcrypto

51
net/netavark/Makefile Normal file
View file

@ -0,0 +1,51 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=netavark
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://github.com/containers/netavark.git
PKG_SOURCE_DATE:=2023-05-12
PKG_SOURCE_VERSION:=07d63eadef1def977f2ece25b0f464f7e5d77be1
PKG_MIRROR_HASH:=f7597d70528d039b984b2ecc6ef0e1f1c17aacfc7862907e5a79789ebe98aa89
PKG_MAINTAINER:=Oskari Rauta <oskari.rauta@gmail.com>
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
PKG_BUILD_DEPENDS:= \
rust/host \
protobuf/host
include $(INCLUDE_DIR)/package.mk
include ../../lang/rust/rust-package.mk
define Package/netavark
SECTION:=net
CATEGORY:=Network
DEPENDS:=$(RUST_ARCH_DEPENDS)
TITLE:=A container network stack
URL:=https://github.com/containers/netavark
endef
define Package/netavark/description
Netavark is a rust based network stack for containers. It is being designed to work with Podman but is also
applicable for other OCI container management applications.
endef
define Package/netavark/conffiles
/etc/config/netavark
endef
CARGO_VARS += \
PROTOC=$(STAGING_DIR_HOSTPKG)/bin/protoc
define Package/netavark/install
$(INSTALL_DIR) $(1)/etc/config $(1)/usr/lib/podman
$(INSTALL_CONF) ./files/netavark-config $(1)/etc/config/netavark
$(INSTALL_BIN) ./files/netavark-wrapper $(1)/usr/lib/podman/netavark
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/bin/netavark $(1)/usr/lib/podman/netavark-bin
endef
$(eval $(call RustBinPackage,netavark))
$(eval $(call BuildPackage,netavark))

3
net/netavark/files/netavark-config Normal file
View file

@ -0,0 +1,3 @@
config firewall
option driver 'none'

6
net/netavark/files/netavark-wrapper Executable file
View file

@ -0,0 +1,6 @@
#!/bin/sh
FW_DRIVER=$(uci -q get 'netavark.@firewall[0].driver')
[ -z "$FW_DRIVER" ] && FW_DRIVER="none"
NETAVARK_FW="$FW_DRIVER" /usr/lib/podman/netavark-bin $@

2
net/pbr/Makefile
View file

@ -5,7 +5,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=pbr
PKG_VERSION:=1.1.1
PKG_RELEASE:=5
PKG_RELEASE:=7
PKG_LICENSE:=GPL-3.0-or-later
PKG_MAINTAINER:=Stan Grishin <stangri@melmac.ca>

13
net/pbr/files/etc/init.d/pbr.init
View file

@ -307,7 +307,7 @@ get_nft_sets() { [ -x "$nft" ] && "$nft" list table inet "$nftTable" 2>/dev/null
is_ipset_type_supported() { ipset help hash:"$1" >/dev/null 2>&1; }
ubus_get_status() { ubus call service list "{ 'name': '$packageName' }" | jsonfilter -e "@.${packageName}.instances.main.data.status.${1}"; }
ubus_get_iface() { ubus call service list "{ 'name': '$packageName' }" | jsonfilter -e "@.${packageName}.instances.main.data.interfaces[@.name='${1}']${2:+.$2}"; }
opkg_get_version() { grep -m1 -A1 "$1" '/usr/lib/opkg/status' | grep -m1 'Version: ' | sed 's|Version: \(.*\)|\1|'; }
opkg_get_version() { grep -m1 -A1 "Package: $1$" '/usr/lib/opkg/status' | grep -m1 'Version: ' | sed 's|Version: \(.*\)|\1|'; }
load_package_config() {
config_load "$packageName"
@ -1776,7 +1776,8 @@ EOF
while read -r i; do
i="$(echo "$i" | sed 's/ linkdown$//')"
i="$(echo "$i" | sed 's/ onlink$//')"
$ip_bin -6 route add "$i" table "$tid" >/dev/null 2>&1 || ipv6_error=1
# shellcheck disable=SC2086
$ip_bin -6 route add $i table "$tid" >/dev/null 2>&1 || ipv6_error=1
done << EOF
$($ip_bin -6 route list table main | grep " dev $dev6 ")
EOF
@ -1855,7 +1856,8 @@ EOF
$ip_bin -6 route add unreachable default table "$tid" || ipv6_error=1
elif $ip_bin -6 route list table main | grep -q " dev $dev6 "; then
while read -r i; do
$ip_bin -6 route add "$i" table "$tid" >/dev/null 2>&1 || ipv6_error=1
# shellcheck disable=SC2086
$ip_bin -6 route add $i table "$tid" >/dev/null 2>&1 || ipv6_error=1
done << EOF
$($ip_bin -6 route list table main | grep " dev $dev6 ")
EOF
@ -2335,6 +2337,11 @@ status_service_nft() {
echo "IPv4 table $((wan_tid + i)) route: $($ip_bin -4 route show table $((wan_tid + i)) | grep default)"
echo "IPv4 table $((wan_tid + i)) rule(s):"
$ip_bin -4 rule list table "$((wan_tid + i))"
if [ -n "$ipv6_enabled" ]; then
echo "IPv6 table $((wan_tid + i)) route: $($ip_bin -6 route show table $((wan_tid + i)) | grep default)"
echo "IPv6 table $((wan_tid + i)) rule(s):"
$ip_bin -6 route show table $((wan_tid + i))
fi
i=$((i + 1))
done
}

35
net/siit/src/siit.c
View file

@ -985,10 +985,10 @@ static int ip6_ip4(char *src, int len, char *dst, int include_flag)
static int ip4_fragment(struct sk_buff *skb, int len, int hdr_len, struct net_device *dev, struct ethhdr *eth_h)
{
struct sk_buff *skb2 = NULL; /* pointer to new struct sk_buff for transleded packet */
char buff[FRAG_BUFF_SIZE+hdr_len]; /* buffer to form new fragment packet */
char *buff; /* buffer to form new fragment packet */
char *cur_ptr = skb->data+hdr_len; /* pointter to current packet data with len = frag_len */
struct iphdr *ih4 = (struct iphdr *) skb->data;
struct iphdr *new_ih4 = (struct iphdr *) buff; /* point to new IPv4 hdr */
struct iphdr *new_ih4; /* point to new IPv4 hdr */
struct ethhdr *new_eth_h; /* point to ether hdr, need to set hard header data in fragment */
int data_len = len - hdr_len; /* origin packet data len */
int rest_len = data_len; /* rest data to fragment */
@ -999,6 +999,8 @@ static int ip4_fragment(struct sk_buff *skb, int len, int hdr_len, struct net_de
__u16 frag_offset = 0; /* fragment offset */
unsigned int csum;
unsigned short udp_len;
int ret = 0;
#ifdef SIIT_DEBUG
printk("siit: it's DF == 0 and result IPv6 packet will be > 1280\n");
@ -1035,6 +1037,14 @@ static int ip4_fragment(struct sk_buff *skb, int len, int hdr_len, struct net_de
new_id = ih4->id;
buff = kcalloc(FRAG_BUFF_SIZE+hdr_len, sizeof(*buff), GFP_KERNEL);
if (!buff) {
printk("siit: Failed to allocate buf\n");
return -1;
}
new_ih4 = (struct iphdr *) buff;
while(1) {
if (rest_len <= FRAG_BUFF_SIZE) {
/* it's last fragmen */
@ -1072,7 +1082,8 @@ static int ip4_fragment(struct sk_buff *skb, int len, int hdr_len, struct net_de
if (!skb2) {
printk(KERN_DEBUG "%s: alloc_skb failure - packet dropped.\n", dev->name);
dev_kfree_skb(skb2);
return -1;
ret = -1;
goto exit;
}
/* allocate skb->data portion for IP header len, fragment data len and ether header len
* and copy to head ether header from origin skb
@ -1094,7 +1105,8 @@ static int ip4_fragment(struct sk_buff *skb, int len, int hdr_len, struct net_de
/* call translation function */
if ( ip4_ip6(buff, frag_len+hdr_len, skb2->data, 0) == -1) {
dev_kfree_skb(skb2);
return -1;
ret = -1;
goto exit;
}
/*
@ -1123,7 +1135,9 @@ static int ip4_fragment(struct sk_buff *skb, int len, int hdr_len, struct net_de
frag_offset = (frag_offset*8 + frag_len)/8;
}
return 0;
exit:
kfree(buff);
return ret;
}
/*
* Transmit a packet (called by the kernel)
@ -1156,7 +1170,6 @@ static int siit_xmit(struct sk_buff *skb, struct net_device *dev)
int len; /* original packets length */
int new_packet_len;
int skb_delta = 0; /* delta size for allocate new skb */
char new_packet_buff[2048];
/* Check pointer to sk_buff and device structs */
if (skb == NULL || dev == NULL)
@ -1303,6 +1316,14 @@ static int siit_xmit(struct sk_buff *skb, struct net_device *dev)
* IPv6 paket
*/
else if (ntohs(skb->protocol) == ETH_P_IPV6) {
char *new_packet_buff;
new_packet_buff = kcalloc(2048, sizeof(*new_packet_buff), GFP_KERNEL);
if (!new_packet_buff) {
printk(KERN_DEBUG "%s: alloc new_packet_buff failure, packet dropped.\n", dev->name);
siit_stats(dev)->rx_dropped++;
goto end;
}
#ifdef SIIT_DEBUG
siit_print_dump(skb->data, sizeof(struct ipv6hdr), "siit: (in) ip6_hdr dump");
@ -1315,6 +1336,7 @@ static int siit_xmit(struct sk_buff *skb, struct net_device *dev)
{
PDEBUG("siit_xmit(): error translation ipv6->ipv4, packet dropped.\n");
siit_stats(dev)->rx_dropped++;
kfree(new_packet_buff);
goto end;
}
@ -1323,6 +1345,7 @@ static int siit_xmit(struct sk_buff *skb, struct net_device *dev)
if (!skb2) {
printk(KERN_DEBUG "%s: alloc_skb failure, packet dropped.\n", dev->name);
siit_stats(dev)->rx_dropped++;
kfree(new_packet_buff);
goto end;
}
memcpy(skb_put(skb2, new_packet_len + dev->hard_header_len), (char *)eth_h, dev->hard_header_len);

8
utils/gl-mifi-mcu/src/module.c
View file

@ -164,7 +164,7 @@ static enum hrtimer_restart handle_rx(struct hrtimer* timer)
return result;
}
static int __init init(void)
static int __init gl_mifi_mcu_init(void)
{
bool success = true;
@ -193,7 +193,7 @@ static int __init init(void)
return success;
}
static void __exit exit(void)
static void __exit gl_mifi_mcu_exit(void)
{
disable_irq(gpio_to_irq(gpio_rx));
hrtimer_cancel(&timer_tx);
@ -205,6 +205,6 @@ static void __exit exit(void)
remove_proc_entry("gl_mifi_mcu", NULL);
}
module_init(init);
module_exit(exit);
module_init(gl_mifi_mcu_init);
module_exit(gl_mifi_mcu_exit);

24
utils/podman/Makefile
View file

@ -1,18 +1,18 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=podman
PKG_VERSION:=4.4.2
PKG_VERSION:=4.5.0
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/containers/podman/archive/v$(PKG_VERSION)
PKG_HASH:=59cec158438efa8a3e651b19e150d9afd90f7e3f07c30605a997e18b8c54b67c
PKG_HASH:=830a633630bf6e61f2b8d4ca00efdd9a173ef25cdd49d4a4364c293e088561df
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE
PKG_MAINTAINER:=Oskari Rauta <oskari.rauta@gmail.com>
PKG_BUILD_DEPENDS:=golang/host protobuf/host
PKG_BUILD_DEPENDS:=golang/host protobuf/host btrfs-progs
PKG_BUILD_PARALLEL:=1
PKG_BUILD_FLAGS:=no-mips16
PKG_INSTALL:=1
@ -39,7 +39,7 @@ define Package/podman
CATEGORY:=Utilities
TITLE:=Podman
URL:=https://podman.io
DEPENDS:=$(GO_ARCH_DEPENDS) +conmon +cni +cni-plugins +btrfs-progs +glib2 +gnupg2 +uci-firewall +libgpg-error +libseccomp +libgpgme +nsenter +zoneinfo-simple +kmod-veth +PODMAN_SELINUX_SUPPORT:libselinux
DEPENDS:=$(GO_ARCH_DEPENDS) +conmon +libgpgme +libseccomp +nsenter +zoneinfo-simple +kmod-veth +slirp4netns +netavark +aardvark-dns +PODMAN_SELINUX_SUPPORT:libselinux
endef
define Package/podman/description
@ -53,10 +53,6 @@ define Package/podman/config
bool "Enable SELinux support"
default n
config PODMAN_IPTABLES_FW
bool "Add iptabels firewall options to default podman network"
default n
endmenu
endef
@ -65,7 +61,7 @@ define Package/podman/conffiles
/etc/containers/storage.conf
/etc/containers/registries.conf
/etc/containers/containers.conf
/etc/cni/net.d/87-podman-bridge.conflist
/etc/containers/networks/podman.json
endef
ifdef CONFIG_PODMAN_SELINUX_SUPPORT
@ -74,12 +70,6 @@ else
GO_PKG_TAGS=seccomp,exclude_graphdriver_devicemapper,apparmor
endif
ifdef CONFIG_PODMAN_IPTABLES_FW
CNIFILE:=87-podman-bridge-iptables.conflist
else
CNIFILE:=87-podman-bridge.conflist
endif
MAKE_VARS += \
GO_INSTALL_BIN_PATH="$(strip $(GO_PKG_INSTALL_BIN_PATH))" \
BUILD_DIR="$(PKG_BUILD_DIR)" \
@ -126,8 +116,8 @@ define Package/podman/install
$(INSTALL_DATA) $(DL_DIR)/registries.fedora-da9a9c8778 $(1)/etc/containers/registries.conf
$(INSTALL_DATA) $(PKG_BUILD_DIR)/vendor/github.com/containers/storage/storage.conf $(1)/etc/containers/storage.conf
$(INSTALL_DATA) ./files/containers.conf $(1)/etc/containers/containers.conf
$(INSTALL_DIR) $(1)/etc/cni/net.d
$(INSTALL_CONF) ./files/$(CNIFILE) $(1)/etc/cni/net.d/87-podman-bridge.conflist
$(INSTALL_DIR) $(1)/etc/containers/networks
$(INSTALL_CONF) ./files/podman.json $(1)/etc/containers/networks
$(INSTALL_DIR) $(1)/usr/share/containers
$(INSTALL_DATA) $(PKG_BUILD_DIR)/vendor/github.com/containers/common/pkg/seccomp/seccomp.json $(1)/usr/share/containers/
$(INSTALL_DIR) $(1)/etc/init.d

37
utils/podman/files/87-podman-bridge-iptables.conflist
View file

@ -1,37 +0,0 @@
{
"cniVersion": "0.4.0",
"name": "podman",
"plugins": [
{
"type": "bridge",
"bridge": "cni-podman0",
"isGateway": true,
"ipMasq": true,
"hairpinMode": true,
"ipam": {
"type": "host-local",
"routes": [{ "dst": "0.0.0.0/0" }],
"ranges": [
[
{
"subnet": "10.88.0.0/16",
"gateway": "10.88.0.1"
}
]
]
}
},
{
"type": "portmap",
"capabilities": {
"portMappings": true
}
},
{
"type": "firewall"
},
{
"type": "tuning"
}
]
}

28
utils/podman/files/87-podman-bridge.conflist
View file

@ -1,28 +0,0 @@
{
"cniVersion": "0.4.0",
"name": "podman",
"plugins": [
{
"type": "bridge",
"bridge": "cni-podman0",
"isGateway": true,
"ipMasq": true,
"hairpinMode": true,
"ipam": {
"type": "host-local",
"routes": [{ "dst": "0.0.0.0/0" }],
"ranges": [
[
{
"subnet": "10.88.0.0/16",
"gateway": "10.88.0.1"
}
]
]
}
},
{
"type": "tuning"
}
]
}

6
utils/podman/files/containers.conf
View file

@ -30,10 +30,8 @@ default_sysctls = [
]
[network]
cni_plugin_dirs = [
"/usr/lib/cni"
]
network_config_dir = "/etc/cni/net.d/"
network_backend = "netavark"
network_config_dir = "/etc/containers/networks/"
default_network = "podman"
[engine]

19
utils/podman/files/podman.json Normal file
View file

@ -0,0 +1,19 @@
{
"name": "podman",
"id": "5ef894788befd4d42498314b6e66282ca730aa2e1e82f9b9597bf4d1725ca074",
"driver": "bridge",
"network_interface": "podman0",
"created": "2023-02-20T08:56:34.652030952Z",
"subnets": [
{
"subnet": "10.88.0.0/16",
"gateway": "10.88.0.1"
}
],
"ipv6_enabled": false,
"internal": false,
"dns_enabled": true,
"ipam_options": {
"driver": "host-local"
}
}

4
utils/podman/patches/010-do-not-build-docs.patch
View file

@ -1,6 +1,6 @@
--- a/Makefile
+++ b/Makefile
@@ -206,7 +206,7 @@ GV_SHA=aab0ac9367fc5142f5857c36ac2352bcb
@@ -209,7 +209,7 @@ GV_SHA=aab0ac9367fc5142f5857c36ac2352bcb
default: all
.PHONY: all
@ -9,7 +9,7 @@
.PHONY: binaries
ifeq ($(shell uname -s),FreeBSD)
@@ -797,7 +797,7 @@ package-install: package ## Install rpm
@@ -790,7 +790,7 @@ package-install: package ## Install rpm
/usr/bin/podman info # will catch a broken conmon
.PHONY: install