Compare revisions

Matthias Schiffer · Matthias Schiffer · Matthias Schiffer · Matthias Schiffer · Matthias Fritzsche · Matthias Schiffer
--- a/Makefile
+++ b/Makefile
@@ -26,6 +26,9 @@ GLUON_RELEASE ?= $(error GLUON_RELEASE not set. GLUON_RELEASE can be set in site

 export GLUON_RELEASE GLUON_ATH10K_MESH GLUON_REGION GLUON_DEBUG

+show-release:
+	@echo '$(GLUON_RELEASE)'
+

 update: FORCE
 	@GLUON_SITEDIR='$(GLUON_SITEDIR)' scripts/update.sh

--- a/README.md
+++ b/README.md
@@ -18,8 +18,8 @@ the future development of Gluon.
 ## Use a release!

 Please refrain from using the `master` branch for anything else but development purposes!
-Use the most recent release instead. You can list all relaseses by running `git tag`
-and switch to one by running `git checkout v2017.1 && make update`.
+Use the most recent release instead. You can list all releases by running `git tag`
+and switch to one by running `git checkout v2017.1.5 && make update`.

 If you're using the autoupdater, do not autoupdate nodes with anything but releases.
 If you upgrade using random master commits the nodes *will break* eventually.

--- a/docs/conf.py
+++ b/docs/conf.py
@@ -54,9 +54,9 @@ copyright = '2015-2017, Project Gluon'
 # built documents.
 #
 # The short X.Y version.
-version = '2017.1'
+version = '2017.1.5'
 # The full version, including alpha/beta/rc tags.
-release = '2017.1'
+release = '2017.1.5'

 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.

--- a/docs/dev/wan.rst
+++ b/docs/dev/wan.rst
@@ -46,4 +46,4 @@ so the WAN DNS servers aren't leaked to the primary DNS daemon.
 *libpacketmark* is used to make the secondary DNS daemon send its requests over the WAN interface.

 The package ``gluon-mesh-vpn-fastd`` provides an iptables rule which will redirect all DNS requests from processes running
-with the primary group ``gluon-fastd`` to ``127.0.0.1:54``, thus making fastd use the secondary DNS daemon.
+with the primary group ``gluon-mesh-vpn`` to ``127.0.0.1:54``, thus making fastd use the secondary DNS daemon.
--- a/docs/index.rst
+++ b/docs/index.rst
@@ -64,7 +64,13 @@ Several Freifunk communities in Germany use Gluon as the foundation of their Fre
   :caption: Releases
   :maxdepth: 1

+   releases/v2017.1.5
+   releases/v2017.1.4
+   releases/v2017.1.3
+   releases/v2017.1.2
+   releases/v2017.1.1
   releases/v2017.1
+   releases/v2016.2.7
   releases/v2016.2.6
   releases/v2016.2.5
   releases/v2016.2.4

--- a/docs/releases/v2016.2.7.rst
+++ b/docs/releases/v2016.2.7.rst
+Gluon 2016.2.7
+==============
+
+This release only fixes a single regression introduced in Gluon v2016.2.6, and
+add support for building using Perl 5.26.
+
+Bugfixes
+~~~~~~~~
+
+* Improve sysupgrade error handling (`#1160 <https://github.com/freifunk-gluon/gluon/issues/1160>`_)
+
+  If for some reason processes don't react to SIGKILL (usually because of a kernel bug),
+  a node could hang forever in sysupgrade, requiring a power cycle. This has been
+  fixed, triggering a reboot instead.
+
+* Backport fixes to support building with Perl 5.26 or newer (`76753ed <https://github.com/freifunk-gluon/gluon/commit/76753ede0da78e24208f10675fa288247deec961>`_)
+
+Known Issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
--- a/docs/releases/v2017.1.1.rst
+++ b/docs/releases/v2017.1.1.rst
+Gluon 2017.1.1
+==============
+
+Bugfixes
+~~~~~~~~
+
+* The autoupdater manifest has been extended to allow automatic upgrades from
+  old *x86-kvm* and *x86-xen_domu* systems to the new *x86-generic* image
+  (`869ceb4 <https://github.com/freifunk-gluon/gluon/commit/869ceb425cd5f9db3eafddcc52377fd94c6ba0dd>`_)
+
+* Make flash writable again on Ubiquiti PicoStations with certain bootloader
+  versions (and possibly other devices)
+  (`9a787c9 <https://github.com/freifunk-gluon/gluon/commit/9a787c9878069158151c843b8fd9aa338815d61e>`_)
+
+  Units affected by this issue running Gluon v2017.1 can't leave config mode and
+  no regular sysupgrades are possible. TFTP recovery is necessary to make them
+  work again.
+
+* Add workaround to prevent sporadic segfaults of busybox (ash) when running shell scripts on ar71xx
+  (`#1157 <https://github.com/freifunk-gluon/gluon/issues/1157>`_)
+
+* Disable batman-adv multicast optimizations to work around issue causing large
+  amounts of management traffic
+  (`819758f <https://github.com/freifunk-gluon/gluon/commit/819758f4250af8820851945ba1a6c17748b0ab4b>`_)
+
+  Multicast optimizations will be enabled again when a proper fix is available.
+
+Known issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
--- a/docs/releases/v2017.1.2.rst
+++ b/docs/releases/v2017.1.2.rst
+Gluon 2017.1.2
+==============
+
+New features
+~~~~~~~~~~~~
+
+* Preserve *gw_mode* on sysupgrades (`#1196 <https://github.com/freifunk-gluon/gluon/issues/1196>`_)
+
+  When a Gluon node is used as uplink (for example by connecting it to a router with
+  a DHCP server directly, instead of using non-Gluon servers for the internet uplink),
+  the *gw_mode* must be set to *server* on that node. The changed *gw_mode* is now
+  preserved on upgrades.
+
+* Allow configuring the batman-adv routing algorithm (*BATMAN IV* or *BATMAN V*)
+  in *site.conf* (`#1185 <https://github.com/freifunk-gluon/gluon/issues/1185>`_)
+
+  *BATMAN V* still hasn't received extensive testing (and is incompatible with *BATMAN IV*).
+  This new option allows to set up *BATMAN V*-based test meshes. If unset, the routing
+  algorithm will default to *BATMAN IV*.
+
+  Configuration:
+
+  .. code-block:: lua
+
+    mesh = {
+      batman_adv = {
+        routing_algo = 'BATMAN_V'
+      }
+    }
+
+* New *show-release* Make target
+
+  The command ``make show-release`` can be used to print the release number
+  defined by *GLUON_RELEASE* to the standard output. This can be useful for build scripts
+  when a ``$(shell ...)`` expression is used in *site.mk* to generate the release
+  number.
+
+Bugfixes
+~~~~~~~~
+
+* The image build code used for some devices has been fixed, solving multiple
+  issues (`#1193 <https://github.com/freifunk-gluon/gluon/issues/1193>`_)
+
+  Problems caused by this issue include:
+
+  - sysupgrade rejecting Allnet images
+  - OpenMesh devices losing their configuration on upgrades
+
+  This is a regression introduced in Gluon v2017.1.
+
+* Improve sysupgrade error handling (`#1160 <https://github.com/freifunk-gluon/gluon/issues/1160>`_)
+
+  If for some reason processes don't react to SIGKILL (usually because of a kernel bug),
+  a node could hang forever in sysupgrade, requiring a power cycle. This has been
+  fixed, triggering a reboot instead.
+
+* Also display *gluon-config-mode:novpn* message when Tunneldigger is installed, but disabled
+  (`#1172 <https://github.com/freifunk-gluon/gluon/issues/1172>`_)
+
+  It was only displayed on nodes with fastd before.
+
+* Fix migration of enabled/disabled state between fastd and Tunneldigger
+  (`#1187 <https://github.com/freifunk-gluon/gluon/issues/1187>`_)
+
+Known issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
+
+* Sporadic segfaults of busybox (ash) when running shell scripts on ar71xx
+  (`#1157 <https://github.com/freifunk-gluon/gluon/issues/1157>`_)
+
+  The workaround added in Gluon v2017.1.1 has greatly reduced the frequency of
+  segfaults, but did not make them disappear completely.
--- a/docs/releases/v2017.1.3.rst
+++ b/docs/releases/v2017.1.3.rst
+Gluon 2017.1.3
+==============
+
+The LEDE base of Gluon has been updated to v17.01.3, including various updates,
+stability improvements and security fixes. This includes some critical fixes
+to core packages like dnsmasq (see below for details); upgrading all Gluon
+nodes to v2017.1.3 is highly recommended.
+
+
+Bugfixes
+~~~~~~~~
+
+* dnsmasq has been upgraded to v2.78, fixing CVE-2017-13704, CVE-2017-14491,
+  CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, 2017-CVE-14495 and
+  2017-CVE-14496
+
+  While many of the most severe (remote code execution) vulnarabilities are in
+  the DHCP component of dnsmasq, which is not active on a Gluon node unless in
+  Config Mode, CVE-2017-14491 does affect us. An attacker can cause memory
+  corruption and possibly remote code execution by deploying a malicious DNS
+  server and tricking a node into querying this server.
+
+* The Linux kernel has been upgraded to v4.4.89
+
+* Multiple security issues have been fixed in packages that are not usually part
+  of the Gluon build, including tcpdump, curl and mbedtls
+
+  Please refer to the
+  `LEDE commit log <https://git.lede-project.org/?p=source.git;a=shortlog;h=refs/heads/lede-17.01>`_
+  for details.
+
+* Filtering of multicast packets between the mesh and the *local-node* interface
+  has been fixed (`#1230 <https://github.com/freifunk-gluon/gluon/issues/1230>`_)
+
+  This issue was causing gluon-radvd to send a router advertisement to the local
+  clients whenever a router solicitation from the mesh was received. In busy
+  meshes, it would continuously send router advertisements every 3 seconds.
+
+* Reject autoupdater mirror URLs not starting with ``http://`` during build
+  (`9ab93992d1fc <https://github.com/freifunk-gluon/gluon/commit/9ab93992d1fca1b9cfa09c54d39cc92d3699055a>`_)
+
+* Fix MAC addresses on TP-Link TL-WR1043ND v4 when installing Gluon over newer
+  stock firmwares (`#1223 <https://github.com/freifunk-gluon/gluon/issues/1223>`_)
+
+
+Known issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
+
+* Sporadic segfaults of busybox (ash) when running shell scripts on ar71xx
+  (`#1157 <https://github.com/freifunk-gluon/gluon/issues/1157>`_)
+
+  The workaround added in Gluon v2017.1.1 has greatly reduced the frequency of
+  segfaults, but did not make them disappear completely.
--- a/docs/releases/v2017.1.4.rst
+++ b/docs/releases/v2017.1.4.rst
+Gluon 2017.1.4
+==============
+
+Added hardware support
+~~~~~~~~~~~~~~~~~~~~~~
+
+ar71xx-generic
+^^^^^^^^^^^^^^
+
+* GL Innovations GL-AR300M
+
+
+Bugfixes
+~~~~~~~~
+
+* LEDE has been updated to the latest stable commit, including various fixes for
+  the kernel (including security updates), and making opkg work again. This also
+  includes fixes for the KRACK issue (which is irrelevant for most Gluon
+  deployments, as Gluon nodes are rarely used as WLAN clients)
+  (`b62af904bbfd <https://github.com/freifunk-gluon/gluon/commit/b62af904bbfd6360ed728fc9ae69af3d8e8db1d7>`_,
+  `ba56b41ddaf6 <https://github.com/freifunk-gluon/gluon/commit/ba56b41ddaf6033e3cdef18d30da6b34cd438e8c>`_,
+  `ad0824136e5b <https://github.com/freifunk-gluon/gluon/commit/ad0824136e5b47482e11483c50e7bc88ba2c506e>`_,
+  `017fbe88bb8a <https://github.com/freifunk-gluon/gluon/commit/017fbe88bb8a89623464b02e09178696c1d077a6>`_)
+
+* Fix DNS resolution for mesh VPN (fastd / tunneldigger) on ARM-based targets
+  (`#1245 <https://github.com/freifunk-gluon/gluon/issues/1245>`_)
+
+* Fix a build issue in *kmod-jool*
+  (`06842728233a <https://github.com/freifunk-gluon/gluon/commit/06842728233a39784c437767eb9df4167ab07a87>`_)
+
+* Fix enabling/disabling PoE Passthrough in *site.conf* or in the
+  advanced settings
+  (`7268e49a301f <https://github.com/freifunk-gluon/gluon/commit/7268e49a301fcd643a49b329bd6097a0f85bdaBb>`_,
+  `7c2636d28264 <https://github.com/freifunk-gluon/gluon/commit/7c2636d28264df20b448b0160b69f5059c40b84a>`_)
+
+
+Known issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
+
+* Sporadic segfaults of busybox (ash) when running shell scripts on ar71xx
+  (`#1157 <https://github.com/freifunk-gluon/gluon/issues/1157>`_)
+
+  The workaround added in Gluon v2017.1.1 has greatly reduced the frequency of
+  segfaults, but it did not make them disappear completely.
--- a/docs/releases/v2017.1.5.rst
+++ b/docs/releases/v2017.1.5.rst
+Gluon 2017.1.5
+==============
+
+Added hardware support
+~~~~~~~~~~~~~~~~~~~~~~
+
+ar71xx-generic
+^^^^^^^^^^^^^^
+
+* TP-Link TL-WR1043N v5
+
+ramips-mt7621
+^^^^^^^^^^^^^
+
+* Ubiquiti EdgeRouter-X
+* Ubiquiti EdgeRouter-X SFP
+
+
+Bugfixes
+~~~~~~~~
+
+* Fix build with empty ``site/modules``
+  (`#1262 <https://github.com/freifunk-gluon/gluon/issues/1262>`_)
+
+* Fix Ethernet stalls at high throughput on certain devices
+  (`#1101 <https://github.com/freifunk-gluon/gluon/issues/1101>`_)
+
+* Update Tunneldigger to support connections with servers running newer kernel
+  versions (`9ed6ff752eb7 <https://github.com/freifunk-gluon/gluon/commit/9ed6ff752eb7972d90b138197641f12eeb4572fb>`_)
+
+* Fix batman-adv Bridge Loop Avoidance (BLA) with *gluon-ebtables-filter-multicast*
+  (`#1198 <https://github.com/freifunk-gluon/gluon/issues/1198>`_)
+
+
+Known issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
+
+* Sporadic segfaults of busybox (ash) when running shell scripts on ar71xx
+  (`#1157 <https://github.com/freifunk-gluon/gluon/issues/1157>`_)
+
+  The workaround added in Gluon v2017.1.1 has greatly reduced the frequency of
+  segfaults, but it did not make them disappear completely.
+
+* Frequent reboots due to out-of-memory on weak hardware in larger meshes
+  (`#1243 <https://github.com/freifunk-gluon/gluon/issues/1243>`_)
--- a/docs/releases/v2017.1.rst
+++ b/docs/releases/v2017.1.rst
@@ -13,6 +13,10 @@ many hacks that were required to make the build work with older OpenWrt releases
 The *output/modules* directory is now called *output/packages* and provides a
 replacement for the whole repository with target-specific packages of LEDE (in
 contrast to packages that are common for all targets of the same architecture).
+Another change to the build system makes it necessary that the same *GLUON_RELEASE*
+value that is used to build the images is also set for ``make manifest``.
+
+GCC 4.8 or newer is now required to build Gluon.

 **Note: There is an issue in all Gluon versions before 2016.2.6 that will
 lead to x86 systems losing their configuration when upgrading to Gluon 2017.1!**
@@ -127,7 +131,8 @@ site.mk
 ^^^^^^^

 * The *gluon-legacy* package does not exist anymore
-* All *gluon-luci-* packages have been renamed to *gluon-web-*
+* All *gluon-luci-* packages have been renamed to *gluon-web-*;
+  *gluon-luci-portconfig* is now called *gluon-web-network*
 * The *gluon-next-node* package has been merged into the Gluon core and must not
  be specified in *site.mk* anymore


--- a/docs/site-example/site.conf
+++ b/docs/site-example/site.conf
-- This is an example site configuration for Gluon v2017.1
+-- This is an example site configuration for Gluon v2017.1.5
 --
 -- Take a look at the documentation located at
 -- http://gluon.readthedocs.org/ for details.

--- a/docs/site-example/site.mk
+++ b/docs/site-example/site.mk
@@ -25,7 +25,6 @@ GLUON_SITE_PACKAGES := \
 	gluon-setup-mode \
 	gluon-status-page \
 	haveged \
-	iptables \
 	iwinfo

 ##	DEFAULT_GLUON_RELEASE

--- a/docs/user/getting_started.rst
+++ b/docs/user/getting_started.rst
@@ -8,7 +8,7 @@ Gluon's releases are managed using `Git tags`_. If you are just getting
 started with Gluon we recommend to use the latest stable release of Gluon.

 Take a look at the `list of gluon releases`_ and notice the latest release,
-e.g. *v2017.1*. Always get Gluon using git and don't try to download it
+e.g. *v2017.1.5*. Always get Gluon using git and don't try to download it
 as a Zip archive as the archive will be missing version information.

 Please keep in mind that there is no "default Gluon" build; a site configuration
@@ -43,7 +43,7 @@ Building the images
 -------------------

 To build Gluon, first check out the repository. Replace *RELEASE* with the
-version you'd like to checkout, e.g. *v2017.1*.
+version you'd like to checkout, e.g. *v2017.1.5*.

 ::


--- a/docs/user/site.rst
+++ b/docs/user/site.rst
@@ -512,7 +512,7 @@ This is a non-exhaustive list of site-repos from various communities:
 * `site-ffgoe <https://github.com/freifunk-goettingen/site-ffgoe>`_ (Göttingen)
 * `site-ffgt-rhw <https://github.com/ffgtso/site-ffgt-rhw>`_ (Guetersloh)
 * `site-ffhh <https://github.com/freifunkhamburg/site-ffhh>`_ (Hamburg)
-* `site-ffho <https://git.c3pb.de/freifunk-pb/site-ffho>`_ (Hochstift)
+* `site-ffho <https://git.ffho.net/freifunkhochstift/ffho-site>`_ (Hochstift)
 * `site-ffhgw <https://github.com/lorenzo-greifswald/site-ffhgw>`_ (Greifswald)
 * `site-ffka <https://github.com/ffka/site-ffka>`_ (Karlsruhe)
 * `site-ffki <http://git.freifunk.in-kiel.de/ffki-site/>`_ (Kiel)

--- a/modules
+++ b/modules
 GLUON_FEEDS='openwrt gluon routing luci'

-LEDE_REPO=https://git.lede-project.org/source.git
+LEDE_REPO=https://git.lede-project.org/openwrt/openwrt.git
 LEDE_BRANCH=lede-17.01
-LEDE_COMMIT=65eec8bd5f6337956b972d07fde49eb5db9cb4a0
+LEDE_COMMIT=c3cdc53164f14fce729b4a5b32a63b6cc79aa5e0

 PACKAGES_OPENWRT_REPO=https://github.com/openwrt/packages.git
 PACKAGES_OPENWRT_BRANCH=lede-17.01
-PACKAGES_OPENWRT_COMMIT=8844d7e2d4f717898c55c6345ad3b43fca52c440
+PACKAGES_OPENWRT_COMMIT=82ef2fd773987a72678a32b862f50085c3f57d56

 PACKAGES_GLUON_REPO=https://github.com/freifunk-gluon/packages.git
-PACKAGES_GLUON_COMMIT=71823713c0e9451d1cd459cb10309f468188eb6e
+PACKAGES_GLUON_BRANCH=v2017.1.x
+PACKAGES_GLUON_COMMIT=906f5ef13ec91dd7433bd1a6bd4ffbd15614bbb3

 PACKAGES_ROUTING_REPO=https://github.com/openwrt-routing/packages.git
-PACKAGES_ROUTING_COMMIT=8d9d70510b2c86f7503962308846ec874f0eb39f
+PACKAGES_ROUTING_COMMIT=e656a6e0e69dd45b7caa24775bc86b6eb5dcfe7f

 PACKAGES_LUCI_REPO=https://github.com/openwrt/luci.git
 PACKAGES_LUCI_BRANCH=lede-17.01

--- a/package/gluon-autoupdater/check_site.lua
+++ b/package/gluon-autoupdater/check_site.lua
@@ -6,7 +6,7 @@ local function check_branch(k, _)
   local prefix = string.format('autoupdater.branches[%q].', k)

   need_string(prefix .. 'name')
-   need_string_array(prefix .. 'mirrors')
+   need_string_array_match(prefix .. 'mirrors', '^http://')
   need_number(prefix .. 'good_signatures')
   need_string_array_match(prefix .. 'pubkeys', '^%x+$')
 end

--- a/package/gluon-config-mode-mesh-vpn/luasrc/lib/gluon/config-mode/reboot/0100-mesh-vpn.lua
+++ b/package/gluon-config-mode-mesh-vpn/luasrc/lib/gluon/config-mode/reboot/0100-mesh-vpn.lua
 local uci = require("simple-uci").cursor()
 local lutil = require "gluon.web.util"
+local fs = require "nixio.fs"

 local site = require 'gluon.site_config'
 local sysconfig = require 'gluon.sysconfig'
@@ -8,7 +9,10 @@ local util = require "gluon.util"
 local pretty_hostname = require 'pretty_hostname'


-local meshvpn_enabled = uci:get_bool("fastd", "mesh_vpn", "enabled")
+
+local has_fastd = fs.access('/lib/gluon/mesh-vpn/fastd')
+local has_tunneldigger = fs.access('/lib/gluon/mesh-vpn/tunneldigger')
+

 local hostname = pretty_hostname.get(uci)
 local contact = uci:get_first("gluon-node-info", "owner", "contact")
@@ -16,11 +20,20 @@ local contact = uci:get_first("gluon-node-info", "owner", "contact")
 local pubkey
 local msg

-if meshvpn_enabled then
-	pubkey = util.trim(lutil.exec("/etc/init.d/fastd show_key mesh_vpn"))
-	msg = _translate('gluon-config-mode:pubkey')
-else
-	msg = _translate('gluon-config-mode:novpn')
+
+if has_tunneldigger then
+	local tunneldigger_enabled = uci:get_bool("tunneldigger", "mesh_vpn", "enabled")
+	if not tunneldigger_enabled then
+		msg = _translate('gluon-config-mode:novpn')
+	end
+elseif has_fastd then
+	local fastd_enabled = uci:get_bool("fastd", "mesh_vpn", "enabled")
+	if fastd_enabled then
+		pubkey = util.trim(lutil.exec("/etc/init.d/fastd show_key mesh_vpn"))
+		msg = _translate('gluon-config-mode:pubkey')
+	else
+		msg = _translate('gluon-config-mode:novpn')
+	end
 end

 if not msg then return end

--- a/package/gluon-core/luasrc/lib/gluon/upgrade/110-network
+++ b/package/gluon-core/luasrc/lib/gluon/upgrade/110-network
@@ -5,78 +5,67 @@ local sysctl = require 'gluon.sysctl'
 local sysconfig = require 'gluon.sysconfig'


-uci:section('network', 'interface', 'wan',
-	    {
-	      ifname = sysconfig.wan_ifname,
-	      type = 'bridge',
-	      igmp_snooping = true,
-	      multicast_querier = false,
-	      peerdns = false,
-	      auto = true,
-	    }
-)
+uci:section('network', 'interface', 'wan', {
+	ifname = sysconfig.wan_ifname,
+	type = 'bridge',
+	igmp_snooping = true,
+	multicast_querier = false,
+	peerdns = false,
+	auto = true,
+})

 if not uci:get('network', 'wan', 'proto') then
-  uci:set('network', 'wan', 'proto', 'dhcp')
+	uci:set('network', 'wan', 'proto', 'dhcp')
 end


-uci:section('network', 'interface', 'wan6',
-	    {
-	      ifname = 'br-wan',
-	      peerdns = false,
-	      ip6table = 1,
-	      sourcefilter = false,
-	    }
-)
+uci:section('network', 'interface', 'wan6', {
+	ifname = 'br-wan',
+	peerdns = false,
+	ip6table = 1,
+	sourcefilter = false,
+	reqprefix = 'no',
+})

 if not uci:get('network', 'wan6', 'proto') then
-  uci:set('network', 'wan6', 'proto', 'dhcpv6')
+	uci:set('network', 'wan6', 'proto', 'dhcpv6')
 end


-uci:section('network', 'rule6', 'wan6_lookup',
-	    {
-	       mark = '0x01/0x01',
-	       lookup = 1,
-	    }
-)
-
-uci:section('network', 'route6', 'wan6_unreachable',
-	    {
-	       type = 'unreachable',
-	       interface = 'loopback',
-	       target = '::/0',
-	       gateway = '::',
-	       table = 1,
-	       metric = 65535,
-	    }
-)
+uci:section('network', 'rule6', 'wan6_lookup', {
+	mark = '0x01/0x01',
+	lookup = 1,
+})
+
+uci:section('network', 'route6', 'wan6_unreachable', {
+	type = 'unreachable',
+	interface = 'loopback',
+	target = '::/0',
+	gateway = '::',
+	table = 1,
+	metric = 65535,
+})

 uci:save('network')


-uci:section('firewall', 'rule', 'wan_igmp',
-	    {
-	       name = 'Allow-IGMP',
-	       src = 'wan',
-	       proto = 'igmp',
-	       family = 'ipv4',
-	       target = 'ACCEPT',
-	    }
-)
-
-uci:section('firewall', 'rule', 'wan_mld',
-	    {
-	       name = 'Allow-MLD',
-	       src = 'wan',
-	       proto = 'icmp',
-	       src_ip = 'fe80::/10',
-	       icmp_type = { '130/0', '131/0', '132/0', '143/0', },
-	       family = 'ipv6',
-	       target = 'ACCEPT',
-	    }
-)
+uci:section('firewall', 'rule', 'wan_igmp', {
+	name = 'Allow-IGMP',
+	src = 'wan',
+	proto = 'igmp',
+	family = 'ipv4',
+	target = 'ACCEPT',
+})
+
+uci:section('firewall', 'rule', 'wan_mld', {
+	name = 'Allow-MLD',
+	src = 'wan',
+	proto = 'icmp',
+	src_ip = 'fe80::/10',
+	icmp_type = { '130/0', '131/0', '132/0', '143/0', },
+	family = 'ipv6',
+	target = 'ACCEPT',
+})

 uci:save('firewall')
No results found