Makefile

@@ -26,6 +26,9 @@ GLUON_RELEASE ?= $(error GLUON_RELEASE not set. GLUON_RELEASE can be set in site
 
 export GLUON_RELEASE GLUON_ATH10K_MESH GLUON_REGION GLUON_DEBUG
 
+show-release:
+	@echo '$(GLUON_RELEASE)'
+
 
 update: FORCE
 	@GLUON_SITEDIR='$(GLUON_SITEDIR)' scripts/update.sh

README.md

@@ -18,8 +18,8 @@ the future development of Gluon.
 ## Use a release!
 
 Please refrain from using the `master` branch for anything else but development purposes!
-Use the most recent release instead. You can list all relaseses by running `git tag`
-and switch to one by running `git checkout v2017.1 && make update`.
+Use the most recent release instead. You can list all releases by running `git tag`
+and switch to one by running `git checkout v2017.1.2 && make update`.
 
 If you're using the autoupdater, do not autoupdate nodes with anything but releases.
 If you upgrade using random master commits the nodes *will break* eventually.

docs/conf.py

@@ -54,9 +54,9 @@ copyright = '2015-2017, Project Gluon'
 # built documents.
 #
 # The short X.Y version.
-version = '2017.1'
+version = '2017.1.2'
 # The full version, including alpha/beta/rc tags.
-release = '2017.1'
+release = '2017.1.2'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.

docs/index.rst

@@ -64,7 +64,10 @@ Several Freifunk communities in Germany use Gluon as the foundation of their Fre
    :caption: Releases
    :maxdepth: 1
 
+   releases/v2017.1.2
+   releases/v2017.1.1
    releases/v2017.1
+   releases/v2016.2.7
    releases/v2016.2.6
    releases/v2016.2.5
    releases/v2016.2.4

docs/releases/v2016.2.7.rst

+Gluon 2016.2.7
+==============
+
+This release only fixes a single regression introduced in Gluon v2016.2.6, and
+add support for building using Perl 5.26.
+
+Bugfixes
+~~~~~~~~
+
+* Improve sysupgrade error handling (`#1160 <https://github.com/freifunk-gluon/gluon/issues/1160>`_)
+
+  If for some reason processes don't react to SIGKILL (usually because of a kernel bug),
+  a node could hang forever in sysupgrade, requiring a power cycle. This has been
+  fixed, triggering a reboot instead.
+
+* Backport fixes to support building with Perl 5.26 or newer (`76753ed <https://github.com/freifunk-gluon/gluon/commit/76753ede0da78e24208f10675fa288247deec961>`_)
+
+Known Issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.

docs/releases/v2017.1.1.rst

+Gluon 2017.1.1
+==============
+
+Bugfixes
+~~~~~~~~
+
+* The autoupdater manifest has been extended to allow automatic upgrades from
+  old *x86-kvm* and *x86-xen_domu* systems to the new *x86-generic* image
+  (`869ceb4 <https://github.com/freifunk-gluon/gluon/commit/869ceb425cd5f9db3eafddcc52377fd94c6ba0dd>`_)
+
+* Make flash writable again on Ubiquiti PicoStations with certain bootloader
+  versions (and possibly other devices)
+  (`9a787c9 <https://github.com/freifunk-gluon/gluon/commit/9a787c9878069158151c843b8fd9aa338815d61e>`_)
+
+  Units affected by this issue running Gluon v2017.1 can't leave config mode and
+  no regular sysupgrades are possible. TFTP recovery is necessary to make them
+  work again.
+
+* Add workaround to prevent sporadic segfaults of busybox (ash) when running shell scripts on ar71xx
+  (`#1157 <https://github.com/freifunk-gluon/gluon/issues/1157>`_)
+
+* Disable batman-adv multicast optimizations to work around issue causing large
+  amounts of management traffic
+  (`819758f <https://github.com/freifunk-gluon/gluon/commit/819758f4250af8820851945ba1a6c17748b0ab4b>`_)
+
+  Multicast optimizations will be enabled again when a proper fix is available.
+
+Known issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.

docs/releases/v2017.1.2.rst

+Gluon 2017.1.2
+==============
+
+New features
+~~~~~~~~~~~~
+
+* Preserve *gw_mode* on sysupgrades (`#1196 <https://github.com/freifunk-gluon/gluon/issues/1196>`_)
+
+  When a Gluon node is used as uplink (for example by connecting it to a router with
+  a DHCP server directly, instead of using non-Gluon servers for the internet uplink),
+  the *gw_mode* must be set to *server* on that node. The changed *gw_mode* is now
+  preserved on upgrades.
+
+* Allow configuring the batman-adv routing algorithm (*BATMAN IV* or *BATMAN V*)
+  in *site.conf* (`#1185 <https://github.com/freifunk-gluon/gluon/issues/1185>`_)
+
+  *BATMAN V* still hasn't received extensive testing (and is incompatible with *BATMAN IV*).
+  This new option allows to set up *BATMAN V*-based test meshes. If unset, the routing
+  algorithm will default to *BATMAN IV*.
+
+  Configuration:
+
+  .. code-block:: lua
+
+    mesh = {
+      batman_adv = {
+        routing_algo = 'BATMAN_V'
+      }
+    }
+
+* New *show-release* Make target
+
+  The command ``make show-release`` can be used to print the release number
+  defined by *GLUON_RELEASE* to the standard output. This can be useful for build scripts
+  when a ``$(shell ...)`` expression is used in *site.mk* to generate the release
+  number.
+
+Bugfixes
+~~~~~~~~
+
+* The image build code used for some devices has been fixed, solving multiple
+  issues (`#1193 <https://github.com/freifunk-gluon/gluon/issues/1193>`_)
+
+  Problems caused by this issue include:
+
+  - sysupgrade rejecting Allnet images
+  - OpenMesh devices losing their configuration on upgrades
+
+  This is a regression introduced in Gluon v2017.1.
+
+* Improve sysupgrade error handling (`#1160 <https://github.com/freifunk-gluon/gluon/issues/1160>`_)
+
+  If for some reason processes don't react to SIGKILL (usually because of a kernel bug),
+  a node could hang forever in sysupgrade, requiring a power cycle. This has been
+  fixed, triggering a reboot instead.
+
+* Also display *gluon-config-mode:novpn* message when Tunneldigger is installed, but disabled
+  (`#1172 <https://github.com/freifunk-gluon/gluon/issues/1172>`_)
+
+  It was only displayed on nodes with fastd before.
+
+* Fix migration of enabled/disabled state between fastd and Tunneldigger
+  (`#1187 <https://github.com/freifunk-gluon/gluon/issues/1187>`_)
+
+Known issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
+
+* Sporadic segfaults of busybox (ash) when running shell scripts on ar71xx
+  (`#1157 <https://github.com/freifunk-gluon/gluon/issues/1157>`_)
+
+  The workaround added in Gluon v2017.1.1 has greatly reduced the frequency of
+  segfaults, but did not make them disappear completely.

docs/releases/v2017.1.rst

@@ -13,6 +13,10 @@ many hacks that were required to make the build work with older OpenWrt releases
 The *output/modules* directory is now called *output/packages* and provides a
 replacement for the whole repository with target-specific packages of LEDE (in
 contrast to packages that are common for all targets of the same architecture).
+Another change to the build system makes it necessary that the same *GLUON_RELEASE*
+value that is used to build the images is also set for ``make manifest``.
+
+GCC 4.8 or newer is now required to build Gluon.
 
 **Note: There is an issue in all Gluon versions before 2016.2.6 that will
 lead to x86 systems losing their configuration when upgrading to Gluon 2017.1!**
@@ -127,7 +131,8 @@ site.mk
 ^^^^^^^
 
 * The *gluon-legacy* package does not exist anymore
-* All *gluon-luci-* packages have been renamed to *gluon-web-*
+* All *gluon-luci-* packages have been renamed to *gluon-web-*;
+  *gluon-luci-portconfig* is now called *gluon-web-network*
 * The *gluon-next-node* package has been merged into the Gluon core and must not
   be specified in *site.mk* anymore
 

docs/site-example/site.conf

--- This is an example site configuration for Gluon v2017.1
+-- This is an example site configuration for Gluon v2017.1.2
 --
 -- Take a look at the documentation located at
 -- http://gluon.readthedocs.org/ for details.

docs/site-example/site.mk

@@ -25,7 +25,6 @@ GLUON_SITE_PACKAGES := \
 	gluon-setup-mode \
 	gluon-status-page \
 	haveged \
-	iptables \
 	iwinfo
 
 ##	DEFAULT_GLUON_RELEASE

docs/user/getting_started.rst

@@ -8,7 +8,7 @@ Gluon's releases are managed using `Git tags`_. If you are just getting
 started with Gluon we recommend to use the latest stable release of Gluon.
 
 Take a look at the `list of gluon releases`_ and notice the latest release,
-e.g. *v2017.1*. Always get Gluon using git and don't try to download it
+e.g. *v2017.1.2*. Always get Gluon using git and don't try to download it
 as a Zip archive as the archive will be missing version information.
 
 Please keep in mind that there is no "default Gluon" build; a site configuration
@@ -43,7 +43,7 @@ Building the images
 -------------------
 
 To build Gluon, first check out the repository. Replace *RELEASE* with the
-version you'd like to checkout, e.g. *v2017.1*.
+version you'd like to checkout, e.g. *v2017.1.2*.
 
 ::
 

modules

@@ -2,7 +2,7 @@ GLUON_FEEDS='openwrt gluon routing luci'
 
 LEDE_REPO=https://git.lede-project.org/source.git
 LEDE_BRANCH=lede-17.01
-LEDE_COMMIT=65eec8bd5f6337956b972d07fde49eb5db9cb4a0
+LEDE_COMMIT=ee32de4426daa3599fd9a3ffc0da8225aa016679
 
 PACKAGES_OPENWRT_REPO=https://github.com/openwrt/packages.git
 PACKAGES_OPENWRT_BRANCH=lede-17.01
@@ -12,7 +12,7 @@ PACKAGES_GLUON_REPO=https://github.com/freifunk-gluon/packages.git
 PACKAGES_GLUON_COMMIT=71823713c0e9451d1cd459cb10309f468188eb6e
 
 PACKAGES_ROUTING_REPO=https://github.com/openwrt-routing/packages.git
-PACKAGES_ROUTING_COMMIT=8d9d70510b2c86f7503962308846ec874f0eb39f
+PACKAGES_ROUTING_COMMIT=e656a6e0e69dd45b7caa24775bc86b6eb5dcfe7f
 
 PACKAGES_LUCI_REPO=https://github.com/openwrt/luci.git
 PACKAGES_LUCI_BRANCH=lede-17.01

package/gluon-autoupdater/check_site.lua

@@ -6,7 +6,7 @@ local function check_branch(k, _)
    local prefix = string.format('autoupdater.branches[%q].', k)
 
    need_string(prefix .. 'name')
-   need_string_array(prefix .. 'mirrors')
+   need_string_array_match(prefix .. 'mirrors', '^http://')
    need_number(prefix .. 'good_signatures')
    need_string_array_match(prefix .. 'pubkeys', '^%x+$')
 end

package/gluon-config-mode-mesh-vpn/luasrc/lib/gluon/config-mode/reboot/0100-mesh-vpn.lua

 local uci = require("simple-uci").cursor()
 local lutil = require "gluon.web.util"
+local fs = require "nixio.fs"
 
 local site = require 'gluon.site_config'
 local sysconfig = require 'gluon.sysconfig'
@@ -8,7 +9,10 @@ local util = require "gluon.util"
 local pretty_hostname = require 'pretty_hostname'
 
 
-local meshvpn_enabled = uci:get_bool("fastd", "mesh_vpn", "enabled")
+
+local has_fastd = fs.access('/lib/gluon/mesh-vpn/fastd')
+local has_tunneldigger = fs.access('/lib/gluon/mesh-vpn/tunneldigger')
+
 
 local hostname = pretty_hostname.get(uci)
 local contact = uci:get_first("gluon-node-info", "owner", "contact")
@@ -16,12 +20,21 @@ local contact = uci:get_first("gluon-node-info", "owner", "contact")
 local pubkey
 local msg
 
-if meshvpn_enabled then
+
+if has_tunneldigger then
+	local tunneldigger_enabled = uci:get_bool("tunneldigger", "mesh_vpn", "enabled")
+	if not tunneldigger_enabled then
+		msg = _translate('gluon-config-mode:novpn')
+	end
+elseif has_fastd then
+	local fastd_enabled = uci:get_bool("fastd", "mesh_vpn", "enabled")
+	if fastd_enabled then
 		pubkey = util.trim(lutil.exec("/etc/init.d/fastd show_key mesh_vpn"))
 		msg = _translate('gluon-config-mode:pubkey')
 	else
 		msg = _translate('gluon-config-mode:novpn')
 	end
+end
 
 if not msg then return end
 

package/gluon-mesh-batman-adv/check_site.lua

 if need_table('mesh', nil, false) and  need_table('mesh.batman_adv', nil, false) then
 	need_number('mesh.batman_adv.gw_sel_class', false)
+	need_one_of('mesh.batman_adv.routing_algo', {'BATMAN_IV', 'BATMAN_V'}, false)
 end

package/gluon-mesh-batman-adv/files/lib/gluon/ebtables/250-next-node

 local site = require 'gluon.site_config'
 local next_node = site.next_node
 
+rule('FORWARD --logical-out br-client -i bat0 -o local-port -j DROP')
+rule('FORWARD --logical-out br-client -i local-port -o bat0 -j DROP')
+
 rule('FORWARD --logical-out br-client -o bat0 -d ' .. next_node.mac .. ' -j DROP')
 rule('OUTPUT --logical-out br-client -o bat0 -d ' .. next_node.mac .. ' -j DROP')
 rule('FORWARD --logical-out br-client -o bat0 -s ' .. next_node.mac .. ' -j DROP')

package/gluon-mesh-batman-adv/files/lib/netifd/proto/gluon_bat0.sh

@@ -41,6 +41,10 @@ proto_gluon_bat0_setup() {
 	ip link add primary0 type dummy
 	echo 1 > /proc/sys/net/ipv6/conf/primary0/disable_ipv6
 	ip link set primary0 address "$primary0_mac" mtu 1532 up
+
+	local routing_algo="$(uci -q get batman-adv.bat0.routing_algo || echo 'BATMAN_IV')"
+	(echo "$routing_algo" >/sys/module/batman_adv/parameters/routing_algo) 2>/dev/null
+
 	echo bat0 > /sys/class/net/primary0/batman_adv/mesh_iface
 
 	proto_init_update primary0 1

package/gluon-mesh-batman-adv/luasrc/lib/gluon/radvd/arguments

 #!/usr/bin/lua
+
 local site = require "gluon.site_config"
+
 io.write("-i local-node -p " .. site.prefix6)
-if site.dns and site.dns.servers then
+
+if site.dns and site.dns.servers and site.next_node and site.next_node.ip6 then
 	io.write(" --rdnss " .. site.next_node.ip6)
 end

package/gluon-mesh-batman-adv/luasrc/lib/gluon/upgrade/310-gluon-mesh-batman-adv-mesh

@@ -7,17 +7,23 @@ local util = require 'gluon.util'
 local uci = require('simple-uci').cursor()
 
 
-local gw_sel_class
+local gw_mode, gw_sel_class, routing_algo
+
+gw_mode = uci:get('batman-adv', 'bat0', 'gw_mode') or 'client'
+
 if site.mesh and site.mesh.batman_adv then
 	gw_sel_class = site.mesh.batman_adv.gw_sel_class
+	routing_algo = site.mesh.batman_adv.routing_algo
 end
 
+
 uci:delete('batman-adv', 'bat0')
 uci:section('batman-adv', 'mesh', 'bat0', {
 	orig_interval = 5000,
-	gw_mode = 'client',
+	gw_mode = gw_mode,
 	gw_sel_class = gw_sel_class,
 	hop_penalty = 15,
+	routing_algo = routing_algo,
 	multicast_mode = false,
 })
 uci:save('batman-adv')

package/gluon-mesh-vpn-core/luasrc/lib/gluon/upgrade/400-mesh-vpn → package/gluon-mesh-vpn-core/luasrc/lib/gluon/upgrade/500-mesh-vpn

@@ -62,15 +62,36 @@ uci:save('firewall')
 
 -- VPN migration
 local has_fastd = fs.access('/lib/gluon/mesh-vpn/fastd')
-local fastd_enabled = uci:get_bool("fastd", "mesh_vpn", "enabled")
+local fastd_enabled = uci:get('fastd', 'mesh_vpn', 'enabled')
 
 local has_tunneldigger = fs.access('/lib/gluon/mesh-vpn/tunneldigger')
-local tunneldigger_enabled = uci:get_bool("tunneldigger", "mesh_vpn", "enabled")
-
-local enabled = fastd_enabled or tunneldigger_enabled or false
+local tunneldigger_enabled = uci:get('tunneldigger', 'mesh_vpn', 'enabled')
+
+local enabled
+
+-- If the installed VPN package has its enabled state set, keep the value
+if has_fastd and fastd_enabled then
+	enabled = fastd_enabled == '1'
+elseif has_tunneldigger and tunneldigger_enabled then
+	enabled = tunneldigger_enabled == '1'
+-- Otherwise, migrate the other package's value if any is set
+elseif fastd_enabled or tunneldigger_enabled then
+	enabled = fastd_enabled == '1' or tunneldigger_enabled == '1'
+-- If nothing is set, use the default
+else
+	enabled = site.mesh_vpn.enabled or false
+end
 
-uci:set("fastd", "mesh_vpn", "enabled", has_fastd and enabled)
-uci:save("fastd")
+if has_fastd then
+	uci:set('fastd', 'mesh_vpn', 'enabled', enabled)
+else
+	uci:delete('fastd', 'mesh_vpn')
+end
+uci:save('fastd')
 
-uci:set("tunneldigger", "mesh_vpn", "enabled", has_tunneldigger and enabled)
-uci:save("tunneldigger")
+if has_tunneldigger then
+	uci:set('tunneldigger', 'mesh_vpn', 'enabled', enabled)
+else
+	uci:delete('tunneldigger', 'mesh_vpn')
+end
+uci:save('tunneldigger')