Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found
Select Git revision

Target

Select target project
  • firmware/gluon
  • 0x4A6F/gluon
  • patrick/gluon
3 results
Select Git revision
Show changes
Show whitespace changes
Inline Side-by-side
Showing
with 1390 additions and 791 deletions
docs/user/getting_started.rst
View file @ 02fd2d04
......@@ -8,7 +8,7 @@ Gluon's releases are managed using `Git tags`_. If you are just getting
started with Gluon we recommend to use the latest stable release of Gluon.
Take a look at the `list of gluon releases`_ and notice the latest release,
e.g. *v2020.2*. Always get Gluon using git and don't try to download it
e.g. *v2023.2.5*. Always get Gluon using git and don't try to download it
as a Zip archive as the archive will be missing version information.
Please keep in mind that there is no "default Gluon" build; a site configuration
......@@ -25,26 +25,40 @@ An example configuration can be found in the Gluon repository at *docs/site-exam
Dependencies
------------
To build Gluon, several packages need to be installed on the system. On a
freshly installed Debian Stretch system the following packages are required:
freshly installed Debian Bullseye system the following packages are required:
* `clang`
* `git` (to get Gluon and other dependencies)
* `subversion`
* `python` (Python 3 doesn't work)
* `python3`
* `python3-dev`
* `python3-pyelftools`
* `python3-setuptools`
* `build-essential`
* `gawk`
* `unzip`
* `libncurses-dev` (actually `libncurses5-dev`)
* `libz-dev` (actually `zlib1g-dev`)
* `libssl-dev`
* `libelf-dev` (to build x86-64)
* `llvm`
* `wget`
* `rsync`
* `time` (built-in `time` doesn't work)
* `qemu-utils`
* `ecdsautils` (to sign firmware, see `contrib/sign.sh`)
* `swig`
We also provide a container environment that already tracks all these dependencies. It quickly gets you up and running, if you already have either Docker or Podman installed locally.
::
./scripts/container.sh
Building the images
-------------------
To build Gluon, first check out the repository. Replace *RELEASE* with the
version you'd like to checkout, e.g. *v2020.2*.
version you'd like to checkout, e.g. *v2023.2.5*.
::
......@@ -80,18 +94,18 @@ Extensive documentation about the site configuration can be found at:
site directory should always be a git repository by itself; committing site-specific files
to the Gluon main repository should be avoided, as it will make updates more complicated.
Next go back to the top-level Gluon directory and build Gluon::
Next go back to the top-level Gluon directory and build Gluon\ [#make_update]_::
cd ..
make update # Get other repositories used by Gluon
make GLUON_TARGET=ar71xx-generic # Build Gluon
make GLUON_TARGET=ath79-generic # Build Gluon
In case of errors read the messages carefully and try to fix the stated issues
(e.g. install missing tools not available or look for Troubleshooting_ in the wiki.
.. _Troubleshooting: https://github.com/freifunk-gluon/gluon/wiki/Troubleshooting
``ar71xx-generic`` is the most common target and will generate images for most of the supported hardware.
``ath79-generic`` is the most common target and will generate images for most of the supported hardware.
To see a complete list of supported targets, call ``make`` without setting ``GLUON_TARGET``.
To build all targets use a loop like this::
......@@ -119,12 +133,22 @@ These can be used for debugging and should be stored along with the images to
allow debugging of kernel problems on devices in the field.
See :ref:`Debugging <dev-debugging-kernel-oops>` for more information.
.. rubric:: Footnotes
.. [#make_update] ``make update`` only needs to be called again after updating the
Gluon repository (using ``git pull`` or similar) or after changing branches,
not for each build. Running it more often than necessary is undesirable, as
the update will take some time, and may undo manual modifications of the
external repositories while developing on Gluon.
See :ref:`working-with-repositories` for more information.
Cleaning the build tree
.......................
There are two levels of `make clean`::
make clean GLUON_TARGET=ar71xx-generic
make clean GLUON_TARGET=ath79-generic
will ensure all packages are rebuilt for a single target. This is usually not
necessary, but may fix certain kinds of build failures.
......@@ -159,6 +183,14 @@ to sign the generated package repository).
OpenWrt will handle the generation and handling of the keys itself.
When making firmware releases based on Gluon, it might make sense to store
the keypair, so updating the module repository later is possible.
In fact you should take care to reuse the same opkg keypair, so you don't pollute the key
store (see ``/etc/opkg/keys``) on the node.
The signing-key is stored at ``openwrt/key-build.pub``, ``openwrt/key-build``,
``key-build.ucert`` and ``key-build.ucert.revoke``.
The ``openwrt`` directory is the Git checkout, that gets created after calling ``make update``.
After making a fresh clone copy the key files to the aforementioned locations.
.. _getting-started-make-variables:
......@@ -171,10 +203,12 @@ usually be set on the command line or in ``site.mk``.
Common variables
................
GLUON_BRANCH
Sets the default branch of the autoupdater. If unset, the autoupdater is disabled
by default. For the ``make manifest`` command, GLUON_BRANCH defines the branch to
generate a manifest for.
GLUON_AUTOUPDATER_BRANCH
Overrides the default branch of the autoupdater set in ``site.conf``. For the ``make manifest`` command,
``GLUON_AUTOUPDATER_BRANCH`` defines the branch to generate a manifest for.
GLUON_AUTOUPDATER_ENABLED
Set to ``1`` to enable the autoupdater by default for newly installed nodes.
GLUON_DEPRECATED
Controls whether images for deprecated devices should be built. The following
......@@ -187,7 +221,7 @@ GLUON_DEPRECATED
Usually, devices are deprecated because their flash size is insufficient to
support future Gluon versions. The recommended setting is ``0`` for new sites,
and ``upgrade`` for existing configurations (where upgrades for existing
deployments of low-flash devices are required).
deployments of low-flash devices are required). Defaults to ``0``.
GLUON_LANGS
Space-separated list of languages to include for the config mode/advanced settings. Defaults to ``en``.
......@@ -208,6 +242,11 @@ GLUON_RELEASE
is available. The same GLUON_RELEASE has to be passed to ``make`` and ``make manifest``
to generate a correct manifest.
GLUON_SITE_VERSION
Version of the site configuration. This string is displayed in the config mode
and ``gluon-info``. If unset, Gluon generates a version string using ``git describe``
on the site folder.
GLUON_TARGET
Target architecture to build.
......@@ -217,12 +256,21 @@ Special variables
GLUON_AUTOREMOVE
Setting ``GLUON_AUTOREMOVE=1`` enables the ``CONFIG_AUTOREMOVE`` OpenWrt setting, which will delete package build
directories after a package build has finished to save space. This is mostly useful for CI builds from scratch. Do
not set this flag during development (or generally, when you want you reuse your build tree for subsequent builds),
not set this flag during development (or generally, when you want to reuse your build tree for subsequent builds),
as it significantly increases incremental build times.
GLUON_DEBUG
Setting ``GLUON_DEBUG=1`` will provide firmware images including debugging symbols usable with GDB or
similar tools. Requires a device or target with at least 16 MB of flash space, e.g. `x86-64`. Unset by default.
The following values are supported:
- ``0``: Remove symbol tables and debug information as well as most section and other
information not strictly necessary for execution using ``sstrip``. This saves a small amount
of flash space over the default ``strip`` command (roughly 70kiB for ath79), but makes any
kind of binary analysis much more difficult, as common tools like objdump and gdb can't
handle such files at all.
- ``1``: Remove symbol tables and debug information from binaries using the standard ``strip``
command. This is the default.
- ``2``: Include debugging symbols usable with GDB or similar tools in all binaries of the image.
Requires a device or target with at least 16 MB of flash space, e.g. ``x86-64``.
GLUON_MINIFY
Setting ``GLUON_MINIFY=0`` will omit the minification of scripts during the build process. By
......
docs/user/mtu.rst 0 → 100644
View file @ 02fd2d04
.. _mtu:
MTU for Mesh-VPN
================
What is a good MTU on the mesh-vpn?
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Setting the MTU on the transport interface requires careful consideration, as
setting it too low will cause excessive fragmentation and setting it too high
may leave peers with a broken tunnel due to packet loss.
Consider these key values:
- Payload: Allow for the transport of IPv6 packets, by adhering to the minimum MTU
of 1280 Byte specified in RFC 2460
- and configure `MSS clamping`_ accordingly,
- and announce your link MTU via Router Advertisements and DHCP
.. _MSS clamping: https://tldp.org/HOWTO/Adv-Routing-HOWTO/lartc.cookbook.mtu-mss.html
- Encapsulation: Account for the overhead created by the configured mesh protocol
encapsulating the payload, which is up to 32 Byte (14 Byte Ethernet + 18 Byte
batman-adv).
- PMTU: What MTU does the path between your gateway and each of its peers support?
For reference, the complete MTU stack looks like this:
.. image:: mtu-diagram_v5.png
Example for Minimum MTU
-----------------------
Calculate the minimum transport MTU by adding the encapsulation overhead to the
minimum payload MTU required. This is the lowest recommended value, since going
lower would cause unnecessary fragmentation for clients which respect the announced
link MTU.
.. editorconfig-checker-disable
Example: Our network currently uses batman-adv v15, it therefore requires up
to 32 Bytes of encapsulation overhead on top of the minimal link MTU required for
transporting IPv6.::
\ 1312 1294 1280 0
\---------+-----------------+-------------+----------------------------------+
\TAP | batman-adv v15 | Ethernet | Payload |
\-------+-----------------+-------------+----------------------------------+
\ ^
|
MTU_LOW = 1280 Byte + 14 Byte + 18 Byte = 1312 Byte
Example for Maximum MTU
-----------------------
Calculating the maximum transport MTU is interesting, because it increases the
throughput, by allowing larger payloads to be transported, but also more difficult
as you have to take into account the tunneling overhead and each peers PMTU, which
varies between providers.
The underlying reasons are mostly PPPoE, tunneling and IPv6 transition technologies
like DS-Lite.
Example: The peer with the smallest MTU on your network is behind DS-Lite and can
transport IPv4 packets up to 1436 Bytes in size. Your tunnel uses IPv4 (20 Byte),
UDP (8 Byte), Fastd (24 byte) and you require TAP (14 Byte) for Layer 2 (Ethernet)
tunneling.::
1436 1416 1408 1384 1370 \
+-------------------+--------+-----------------------+-------------+------\
| IP | UDP | Fastd | TAP | bat\
+-------------------+--------+-----------------------+-------------+--------\
^ \
|
MTU_HIGH = 1436 Byte - 20 Byte - 8 Byte - 24 Byte - 14 Byte = 1370 Byte
.. editorconfig-checker-enable
Tables for Different VPN Providers
----------------------------------
VPN Protocol Overhead (IPv4)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Overhead of the VPN protocol layers in bytes on top of an Ethernet frame.
+----------+-------+-----------+
| | fastd | WireGuard |
+==========+=======+===========+
| IPv4 | 20 | 20 |
+----------+-------+-----------+
| UDP | 8 | 8 |
+----------+-------+-----------+
| Protocol | 24 | 32 |
+----------+-------+-----------+
| TAP | 14 | / |
+----------+-------+-----------+
| Sum | 66 | 60 |
+----------+-------+-----------+
Intermediate Layer Overhead
^^^^^^^^^^^^^^^^^^^^^^^^^^^
Overhead of additional layers on top of the VPN packet needed for different VPN
providers.
+------------+-------+-----------+
| | fastd | WireGuard |
+============+=======+===========+
| IPv6 | / | 40 |
+------------+-------+-----------+
| vxlan | / | 16 |
+------------+-------+-----------+
| Ethernet | / | 14 |
+------------+-------+-----------+
| Batman v15 | 18 | 18 |
+------------+-------+-----------+
| Ethernet | 14 | 14 |
+------------+-------+-----------+
| Sum | 32 | 102 |
+------------+-------+-----------+
Minimum MTU
^^^^^^^^^^^
Calculation of different derived MTUs based on a 1280 byte payload to
avoid fragmentation.
Suggestions:
- This configuration is only suggested for fastd.
- For WireGuard, this configuration is **unsuitable**. To obtain a 1280 byte
payload with our protocol stack (see below), the Ethernet frame payload would
be 1442 bytes long (for IPv4). As we assume that the WAN network might have
a (worst case) MTU of only 1436 (with DSLite), this packet would be too long
for the WAN network.
+-------------------------------+-------+-----------+
| | fastd | WireGuard |
+===============================+=======+===========+
| max unfragmented payload\* | 1280 | 1280 |
+-------------------------------+-------+-----------+
| intermediate layer overhead | 32 | 102 |
+-------------------------------+-------+-----------+
| VPN MTU\*\* | 1312 | 1382 |
+-------------------------------+-------+-----------+
| protocol overhead (IPv4) | 66 | 60 |
+-------------------------------+-------+-----------+
| min acceptable WAN MTU (IPv4) | 1378 | **1442** |
+-------------------------------+-------+-----------+
| min acceptable WAN MTU (IPv6) | 1398 | 1462 |
+-------------------------------+-------+-----------+
\* Maximum size of payload going into the bat0 interface, that will not be
fragmented by batman.
\*\* This is the MTU that is set in the site.conf.
Maximum MTU
^^^^^^^^^^^
Calculation of different derived MTUs based on a maximum WAN MTU of 1436.
Suggestions:
- This configuration can be used for fastd.
- For WireGuard, this is the recommended configuration. batman-adv will
fragment larger packets transparently to avoid packet loss.
+-------------------------------+-------+-----------+
| | fastd | WireGuard |
+===============================+=======+===========+
| min acceptable WAN MTU (IPv4) | 1436 | 1436 |
+-------------------------------+-------+-----------+
| protocol overhead (IPv4) | 66 | 60 |
+-------------------------------+-------+-----------+
| VPN MTU\*\* | 1370 | 1376 |
+-------------------------------+-------+-----------+
| intermediate layer overhead | 32 | 102 |
+-------------------------------+-------+-----------+
| max unfragmented payload\* | 1338 | 1274 |
+-------------------------------+-------+-----------+
| min acceptable WAN MTU (IPv6) | 1398 | 1462 |
+-------------------------------+-------+-----------+
\* Maximum size of payload going into the bat0 interface, that will not be
fragmented by batman.
\*\* This is the MTU that is set in the site.conf.
Suggested MSS Values
^^^^^^^^^^^^^^^^^^^^
It is highly advised to use MSS clamping for TCP on the gateways/supernodes in
order to avoid the fragmentation mechanism of batman whenever possible.
Especially on small embedded devices, fragmentation costs performance.
As batmans fragmentation is transparent to the TCP layer, clamping the MSS
automatically to the PMTU does not work. Instead, the MSS must be specified
explicitly. In iptables, this is done via :code:`-j TCPMSS --set-mss X`,
whereby :code:`X` is the desired MSS.
Since the MSS is specified in terms of payload of a TCP packet, the MSS is
different for IPv4 and IPv6. Here are some examples for different max
unfragmented payloads:
+---------------------------------+------+------+------+------+
| max unfragmented payload | 1274 | 1280 | 1338 | 1354 |
+=================================+======+======+======+======+
| suggested MSS (IPv4, -40 bytes) | 1234 | 1240 | 1298 | 1314 |
+---------------------------------+------+------+------+------+
| suggested MSS (IPv6, -60 bytes) | 1214 | 1220 | 1278 | 1294 |
+---------------------------------+------+------+------+------+
Conclusion
^^^^^^^^^^
Determining the maximum MTU can be a tedious process, especially since the PMTU
of peers could change at any time. The general recommendation for maximized
compatibility is therefore an MTU of 1312 bytes for fastd
and 1376 bytes for WireGuard.
docs/user/site.rst
View file @ 02fd2d04
......@@ -27,55 +27,40 @@ domain_seed
mesh, but should be different for firmware that is not supposed to mesh with
each other.
The recommended way to generate a value for a new site is:
::
The recommended way to generate a value for a new site is::
echo $(hexdump -v -n 32 -e '1/1 "%02x"' </dev/urandom)
prefix4 \: optional
The IPv4 Subnet of your community mesh network in CIDR notation, e.g.
::
The IPv4 Subnet of your community mesh network in CIDR notation, e.g. ::
prefix4 = '10.111.111.0/18'
Required if ``next_node.ip4`` is set.
prefix6
The IPv6 subnet of your community mesh network, e.g.
::
The IPv6 subnet of your community mesh network, e.g. ::
prefix6 = 'fdca::ffee:babe:1::/64'
node_prefix6
The ipv6 prefix from which the unique IP-addresses for nodes are selected
in babel-based networks. This may overlap with prefix6. e.g.
::
in olsr-based networks. This may overlap with prefix6. e.g. ::
node_prefix6 = 'fdca::ffee:babe:2::/64'
node_client_prefix6
The ipv6 prefix from which the client-specific IP-address is calculated that
is assigned to each node by l3roamd to allow efficient communication when
roaming. This is exclusively useful when running a routing mesh protocol
like babel. e.g.
::
node_client_prefix6 = 'fdca::ffee:babe:3::/64'
timezone
The timezone of your community live in, e.g.
::
The timezone of your community live in, e.g. ::
-- Europe/Berlin
timezone = 'CET-1CEST,M3.5.0,M10.5.0/3'
ntp_servers
List of NTP servers available in your community or used by your community, e.g.:
::
List of NTP servers available in your community or used by your community, e.g.::
ntp_servers = {'1.ntp.services.ffac','2.ntp.services.ffac'}
This NTP servers must be reachable via IPv6 from the nodes. If you don't want to set an IPv6 address
These NTP servers must be reachable via IPv6 from the nodes. If you don't want to set an IPv6 address
explicitly, but use a hostname (which is recommended), see also the :ref:`FAQ <faq-dns>`.
opkg \: optional
......@@ -102,15 +87,14 @@ opkg \: optional
- ``%d`` is replaced by the OpenWrt distribution name ("openwrt")
- ``%v`` is replaced by the OpenWrt version number (e.g. "17.01")
- ``%S`` is replaced by the target board (e.g. "ar71xx/generic")
- ``%S`` is replaced by the target board (e.g. "ath79/generic")
- ``%A`` is replaced by the target architecture (e.g. "mips_24kc")
- ``%GS`` is replaced by the Gluon site code (as specified in ``site.conf``)
- ``%GV`` is replaced by the Gluon version
- ``%GR`` is replaced by the Gluon release (as specified in ``site.mk``)
regdom \: optional
The wireless regulatory domain responsible for your area, e.g.:
::
The wireless regulatory domain responsible for your area, e.g. ::
regdom = 'DE'
......@@ -123,7 +107,6 @@ wifi24 \: optional
time units (TU). A time unit is equivalent to 1024 µs.
If not set, the default value of 100 TU (=102.4 ms) is used.
There are currently two interface types available. You may choose to
configure any subset of them:
......@@ -140,8 +123,8 @@ wifi24 \: optional
For an OWE secured network, the ``owe_ssid`` string has to be set. It sets the
SSID for the opportunistically encrypted wireless network, to which compatible
clients can connect to.
For OWE to work, the ``wireless-encryption-wpa3`` has to be enabled (usually by
adding it to ``GLUON_FEATURES_standard``) in your ``site.mk``.
For OWE to work, the ``wireless-encryption-wpa3`` has to be enabled as a feature
in your site.
To utilize the OWE transition mode, ``owe_transition_mode`` has to be set to true.
When ``owe_transition_mode`` is enabled, the OWE secured SSID will be hidden.
Compatible devices will automatically connect to the OWE secured SSID when selecting
......@@ -158,6 +141,7 @@ wifi24 \: optional
``mesh`` also accepts an optional ``mcast_rate`` (kbit/s) parameter for
setting the multicast bitrate. Increasing the default value of 1000 to something
like 12000 is recommended.
::
wifi24 = {
......@@ -176,7 +160,7 @@ wifi24 \: optional
.. _user-site-wifi5:
wifi5 \: optional
Same as `wifi24` but for the 5Ghz radio.
Same as `wifi24` but for the 5 GHz radio.
Additionally a range of channels that are safe to use outsides on the 5 GHz band can
be set up through ``outdoor_chanlist``, which allows for a space-separated list of
......@@ -188,6 +172,12 @@ wifi5 \: optional
When set to ``true`` all 5 GHz radios will use outdoor channels, while on ``false``
the outdoor mode will be completely disabled. The default setting is ``'preset'``,
which will enable outdoor mode automatically on outdoor-capable devices.
It can be beneficial to look up the WLAN channels that are used by `weather radars`_
when constructing ``outdoor_chanlist`` to try and minimize the impact of DFS events.
.. _weather radars: https://homepage.univie.ac.at/albert.rafetseder/RADARs/help.html
::
wifi5 = {
......@@ -199,6 +189,7 @@ wifi5 \: optional
next_node \: package
Configuration of the local node feature of Gluon
::
next_node = {
......@@ -289,13 +280,13 @@ mesh_vpn
The `enabled` option can be set to true to enable the VPN by default. `mtu`
defines the MTU of the VPN interface, determining a proper MTU value is described
in the :ref:`FAQ <faq-mtu>`.
in :doc:`mtu`.
By default the public key of a node's VPN daemon is not added to announced respondd
data; this prevents malicious ISPs from correlating VPN sessions with specific mesh
nodes via public respondd data. If this is of no concern in your threat model,
this behaviour can be disabled (and thus announcing the public key be enabled) by
setting `pubkey_privacy` to `false`. At the moment, this option only affects fastd.
setting `pubkey_privacy` to `false`.
The `fastd` section configures settings specific to the *fastd* VPN
implementation.
......@@ -318,24 +309,17 @@ mesh_vpn
to the peer list, removal and modification of peers can be prevented by
setting the *preserve* option of a peer to ``1`` in UCI.
The `tunneldigger` section is used to define the *tunneldigger* broker list.
**Note:** It doesn't make sense to include both `fastd` and `tunneldigger`
sections in the same configuration file, as only one of the packages *gluon-mesh-vpn-fastd*
and *gluon-mesh-vpn-tunneldigger* should be installed with the current
implementation.
**Note:** It may be interesting to include the package *gluon-iptables-clamp-mss-to-pmtu*
in the build when using *gluon-mesh-babel* to work around icmp blackholes on the internet.
in the build when using *gluon-mesh-olsrd* to work around ICMP black holes on the internet.
::
mesh_vpn = {
-- enabled = true,
mtu = 1312,
-- pubkey_privacy = true,
fastd = {
mtu = 1312,
methods = {'salsa2012+umac'},
-- configurable = true,
-- syslog_level = 'warn',
......@@ -384,8 +368,18 @@ mesh_vpn
},
},
tunneldigger = {
brokers = {'vpn1.alpha-centauri.freifunk.net'}
wireguard = {
mtu = 1376,
peers = {
vpn1 = {
public_key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=',
endpoint = 'vpn1.alpha-centauri.freifunk.net:51810',
},
vpn2 = {
public_key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX=',
endpoint = 'vpn2.alpha-centauri.freifunk.net:51810',
},
},
},
bandwidth_limit = {
......@@ -400,17 +394,46 @@ mesh_vpn
},
}
mesh_on_wan \: optional
Enables the mesh on the WAN port (``true`` or ``false``).
.. _user-site-interfaces:
interfaces \: optional
Default setup for Ethernet ports.
::
mesh_on_wan = true,
interfaces = {
lan = {
default_roles = { 'client', 'mesh' },
},
wan = {
default_roles = { 'uplink', 'mesh' },
},
single = {
default_roles = { 'uplink', 'mesh' },
},
},
For devices that have two distinct Ethernet ports or port groups (often
labeled WAN and LAN), the ``lan`` and ``wan`` sections are used. When there
is only one port (group), ``single`` is used instead.
mesh_on_lan \: optional
Enables the mesh on the LAN port (``true`` or ``false``).
::
Available interface roles:
- ``client``: Port allows regular clients to connect to the mesh
- ``uplink``: Port is used to establish Mesh VPN connections
- ``mesh``: Wired meshing to another Gluon or Gluon-compatible node
mesh_on_lan = true,
The ``client`` role requires exclusive control over an interface. When
the ``client`` role is assigned to an interface at the same time as other
roles (like ``'client', 'mesh'`` in the above example), the other roles take
precedence (enabling ``mesh``, but not ``client`` in the example). In that
case, the ``client`` role is removed from the config of the interface.
All interface settings are optional. If unset, the following defaults are
used:
- ``lan``: ``{ 'client' }``
- ``wan``: ``{ 'uplink' }``
- ``single``: Same as ``wan``
poe_passthrough \: optional
Enable PoE passthrough by default on hardware with such a feature.
......@@ -418,18 +441,25 @@ poe_passthrough \: optional
autoupdater \: package
Configuration for the autoupdater feature of Gluon.
Specifying a default branch in *site.conf* is optional. See
:doc:`../features/autoupdater` for information how to change the behaviour
of the autoupdater during image build.
The mirrors are checked in random order until the manifest could be downloaded
successfully or all mirrors have been tried.
::
autoupdater = {
branch = 'stable',
branch = 'stable', -- optional
branches = {
stable = {
name = 'stable',
mirrors = {
'http://[fdca:ffee:babe:1::fec1]/firmware/stable/sysupgrade/',
'http://autoupdate.alpha-centauri.freifunk.net/firmware/stable/sysupgrade/',
-- Requires the tls feature in image-customization.lua
'https://autoupdate.alpha-centauri.freifunk.net/firmware/stable/sysupgrade/',
-- Uses http or https depending on the tls feature in image-customization.lua
'//autoupdate2.alpha-centauri.freifunk.net/firmware/stable/sysupgrade/',
},
-- Number of good signatures required
good_signatures = 2,
......@@ -444,6 +474,16 @@ autoupdater \: package
All configured mirrors must be reachable from the nodes via IPv6. If you don't want to set an IPv6 address
explicitly, but use a hostname (which is recommended), see also the :ref:`FAQ <faq-dns>`.
HTTPS URLs can be used if the **tls** feature is enabled in **image-customization.lua**.
Use protocol-less ``//server/path`` URLs to use HTTPS if the **tls** feature is available,
but fall back to HTTP otherwise. The server **must** allow HTTPS connections and provide
a valid certificate in this case; the autoupdater will not fall back to HTTP if the **tls**
feature is enabled, but the HTTPS connection fails.
Note that the validity period of TLS certificates is checked as well, so care must be taken
to provide working NTP servers in addition to the update mirrors when using HTTPS.
.. _user-site-config_mode:
config_mode \: optional
......@@ -464,9 +504,14 @@ config_mode \: optional
The *geo_location.osm* section is only relevant when the *gluon-config-mode-geo-location-osm*
package is used. The *center.lon* and *center.lat* values are mandatory in this case and
define the default center of the map when no position has been picked yet. The *zoom* level
defaults to 12 in this case. *openlayers_url* allows to override the base URL of the
defaults to 12 in this case.
*openlayers_url* allows to override the base URL of the
*build/ol.js* and *css/ol.css* files (the default is
``https://cdn.rawgit.com/openlayers/openlayers.github.io/master/en/v5.2.0``).
``https://cdn.jsdelivr.net/gh/openlayers/openlayers.github.io@35ffe7626ce16c372143f3c903950750075e7068/en/v5.3.0``).
It is also possible to replace the default tile layer (which is OpenStreetMap)
with a custom one using the *tile_layer* section. Only XYZ layers are supported
at this point.
The remote login page only shows SSH key configuration by default. A
password form can be displayed by setting *remote_login.show_password_form*
......@@ -488,6 +533,11 @@ config_mode \: optional
},
zoom = 13,
-- openlayers_url = 'http://ffac.example.org/openlayer',
-- tile_layer = {
-- type = 'XYZ',
-- url = 'https://{a-c}.tile.openstreetmap.org/{z}/{x}/{y}.png',
-- attributions = '&#169; <a href="https://www.openstreetmap.org/copyright" target="_blank">OpenStreetMap</a> contributors.',
-- },
},
},
remote_login = {
......@@ -549,34 +599,7 @@ GLUON_DEPRECATED
Usually, devices are deprecated because their flash size is insufficient to
support future Gluon versions. The recommended setting is ``0`` for new sites,
and ``upgrade`` for existing configurations (where upgrades for existing
deployments of low-flash devices are required).
GLUON_FEATURES
Defines a list of features to include. Depending on the device, the feature list
defined from this value is combined with the feature list for either the standard
or the tiny device-class. The resulting feature list is used to generate the default
package set.
GLUON_FEATURES_standard
Defines a list of additional features to include or exclude for devices of
the standard device-class.
GLUON_FEATURES_tiny
Defines a list of additional features to include or exclude for devices of
the tiny device-class.
GLUON_SITE_PACKAGES
Defines a list of packages which should be installed in addition to the
default package set. It is also possible to remove packages from the
default set by prepending a minus sign to the package name.
GLUON_SITE_PACKAGES_standard
Defines a list of additional packages to include or exclude for devices of
the standard device-class.
GLUON_SITE_PACKAGES_tiny
Defines a list of additional packages to include or exclude for devices of
the tiny device-class.
deployments of low-flash devices are required). Defaults to ``0``.
GLUON_RELEASE
The current release version Gluon should use.
......@@ -614,8 +637,8 @@ leading to entangled package names like *gluon-mesh-vpn-fastd-respondd* or
*gluon-status-page-mesh-batman-adv-i18n-de*.
For this reason, we have introduced *feature flags*, which can be specified
in the *GLUON_FEATURES* variable. These flags allow to specify a set of features
on a higher level than individual package names.
using the ``image-customization.lua`` file. These flags allow to specify
a set of features on a higher level than individual package names.
Most Gluon packages can simply be specified as feature flags by removing the ``gluon-``
prefix: The feature flag corresponding to the package *gluon-mesh-batman-adv-15* is
......@@ -637,9 +660,10 @@ flags using a flexible ruleset defined in the Gluon repo or site package feeds.
To some extent, it will even allow us to further modularize existing Gluon packages,
without necessitating changes to existing site configurations.
It is still possible to override such automatic rules using *GLUON_SITE_PACKAGES*
(e.g., ``-gluon-status-page-mesh-batman-adv`` to remove the automatically added
package *gluon-status-page-mesh-batman-adv*).
It is still possible to override such automatic rules by removing them using
*packages* in the ``image-customization.lua`` file
(e.g., ``features { '-gluon-status-page-mesh-batman-adv' }`` to remove
the automatically added package *gluon-status-page-mesh-batman-adv*).
For convenience, there are two feature flags that do not directly correspond to a Gluon
package:
......@@ -647,19 +671,70 @@ package:
* web-wizard
Includes the *gluon-config-mode-...* base packages (hostname, geolocation and contact info),
as well as the *gluon-config-mode-autoupdater* (when *autoupdater* is in *GLUON_FEATURES*),
and *gluon-config-mode-mesh-vpn* (when *mesh-vpn-fastd* or *mesh-vpn-tunneldigger* are in
*GLUON_FEATURES*)
as well as the *gluon-config-mode-autoupdater* (when *autoupdater* is an enabled feature),
and *gluon-config-mode-mesh-vpn* (when *mesh-vpn-fastd* or `mesh-vpn-wireguard` are
enabled features)
* web-advanced
Includes the *gluon-web-...* base packages (admin, network, WiFi config),
as well as the *gluon-web-autoupdater* (when *autoupdater* is in *GLUON_FEATURES*)
as well as the *gluon-web-autoupdater* (when *autoupdater* is an enabled feature),
We recommend to use *GLUON_SITE_PACKAGES* for non-Gluon OpenWrt packages only and
completely rely on *GLUON_FEATURES* for Gluon packages, as it is shown in the
We recommend to include packages for non-Gluon OpenWrt packages only and
completely rely on features for Gluon packages, as it is shown in the
example *site.mk*.
.. _site-image-customization:
Image customization
^^^^^^^^^^^^^^^^^^^
Gluon allows configuration of the build parameters for the images. This
configuration must always exist to configure the basic features included in a
Gluon build.
The file ``image-customization.lua`` in the root of the site configuration is
used for this purpose, making use of a Domain Specific Language based on Lua.
See the :ref:`site-examples` section for a simple example showing both basic
setup and a device-specific alteration.
The following functions are available:
device(device_name_list)
Returns true in case the current device is in the list of devices specified in ``device_name_list``.
``device_name_list`` is a table of strings.
target(openwrt_target, openwrt_subtarget)
Returns true in case the current device is of the specified OpenWrt target and subtarget.
The parameter ```openwrt_subtarget``` is optional. If it is not specified, only the target is matched.
device_class(dev_class)
Returns true in case the current device is of the specified device class.
features(feature_table)
Includes the specified list of features in the image. ``feature_table`` is a table of strings.
These strings can be prefixed with a dash to exclude features included earlier in the file.
packages(package_table)
Includes the specified list of packages in the image. ``package_table`` is a table of strings.
These strings can be prefixed with a dash to exclude packages included earlier in the file.
broken(broken_state)
Overrides the broken state specified by Gluon. Can be used to mark a device as broken or
remove the pre-defined broken state.
disable()
Disables image generation.
disable_factory()
Disables factory image generation. Sysupgrade images are still generated and stored in the image
output directory.
Technically, the image customization file is evaluated once for each device, allowing
to make use of regular Lua *if* statements for device-specific configuration as
can be seen in the example.
.. _site-config-mode-texts:
Config mode texts
......@@ -717,7 +792,7 @@ to supply additional package feeds from which packages are built. The git reposi
specified here are retrieved in addition to the default feeds when ``make update``
is called.
This file's format is very similar to the toplevel ``modules`` file of the Gluon
This file's format is very similar to the top-level ``modules`` file of the Gluon
tree, with the important different that the list of feeds must be assigned to
the variable ``GLUON_SITE_FEEDS``. Multiple feed names must be separated by spaces,
for example::
......@@ -736,13 +811,14 @@ PACKAGES_${feed}_COMMIT
PACKAGES_${feed}_BRANCH
Optional: The branch of the repository the given commit ID can be found in.
Defaults to the default branch of the repository (usually ``master``)
Defaults to the default branch of the repository (usually ``main`` or ``master``)
These variables are always all uppercase, so for an entry ``foo`` in GLUON_SITE_FEEDS,
the corresponding configuration variables would be ``PACKAGES_FOO_REPO``,
``PACKAGES_FOO_COMMIT`` and ``PACKAGES_FOO_BRANCH``. Slashes in feed names are
replaced by underscores to get valid shell variable identifiers.
.. _site-examples:
Examples
--------
......@@ -759,6 +835,12 @@ site.conf
.. literalinclude:: ../site-example/site.conf
:language: lua
image-customization.lua
^^^^^^^^^^^^^^^^^^^^^^^
.. literalinclude:: ../site-example/image-customization.lua
:language: lua
i18n/en.po
^^^^^^^^^^
......
docs/user/supported_devices.rst
View file @ 02fd2d04
Supported Devices & Architectures
=================================
ar71xx-generic
--------------
armsr-armv7
-----------
* 8devices
* Arm SystemReady (EFI) 32-bit
- Carambola 2
armsr-armv8
-----------
* ALFA Network
* Arm SystemReady (EFI) 64-bit
- AP121 [#deprecated]_ [#device-class-tiny]_
- AP121F
- AP121U [#deprecated]_ [#device-class-tiny]_
ath79-generic
--------------
* Allnet
* ALFA Network
- ALL0315N
- AP121F
* AVM
- Fritz!Box 4020 [#avmflash]_
- Fritz!WLAN Repeater 300E [#avmflash]_
- FRITZ!WLAN Repeater 300E [#avmflash]_
- Fritz!WLAN Repeater 450E [#avmflash]_
- Fritz!Box 4020 [#avmflash]_
* Buffalo
- WZR-HP-AG300H / WZR-600DHP
- WZR-HP-G300NH
- WZR-HP-G300NH2
- WZR-HP-G450H
- WZR-HP-G300NH (rtl8366s)
* devolo
- WiFi pro 1200e [#lan_as_wan]_
- WiFi pro 1200i
- WiFi pro 1750c
- WiFi pro 1750e [#lan_as_wan]_
- WiFi pro 1750i
- WiFi pro 1750x
* D-Link
- DAP-1330 (A1)
- DIR-505 (A1, A2)
- DIR-825 (B1)
- DAP-1330 A1 [#lan_as_wan]_
- DAP-1365 A1 [#lan_as_wan]_
- DAP-2660 A1 [#lan_as_wan]_
- DAP-2680 A1 [#lan_as_wan]_
- DAP-2695 A1 [#lan_as_wan]_
- DIR-505 A1 [#lan_as_wan]_
- DIR-505 A2 [#lan_as_wan]_
- DIR-825 B1
* Enterasys
- WS-AP3705i
* Extreme Networks
- WS-AP3805i
* GL.iNet
- 6408A
- 6416A
- GL-AR150
- GL-AR300M
- GL-AR300M-Lite
- GL-AR750
- GL-USB150 (Microuter)
* Linksys
* Joy-IT
- JT-OR750i
- WRT160NL [#device-class-tiny]_
* LibreRouter
* Netgear
- LibreRouter v1 [#missing_radios]_
* NETGEAR
- WNDR3700 (v1, v2)
- WNDR3800
- WNR2200 (8M, 16M)
- WNDRMAC (v2)
* OCEDO
- Koala
- Raccoon
* Onion
- Omega [#modular_ethernet]_
* OpenMesh
......@@ -70,142 +100,99 @@ ar71xx-generic
- OM2P-HS (v1, v2, v3, v4)
- OM2P-LC
- OM5P
- OM5P-AN
- OM5P-AC (v1, v2)
- OM5P-AN
* Plasma Cloud
- PA300
- PA300E
* Siemens
- WS-AP3610
* Sophos
- AP15C
- AP100
- AP100c
- AP55
- AP55c
* Teltonika
- RUT230 (v1)
* TP-Link
- Archer A7 (v5)
- Archer C5 (v1)
- Archer C59 (v1)
- Archer C6 (v2 EU/RU/JP)
- Archer C7 (v2, v4, v5)
- CPE210 (v1.0, v1.1, v2.0, v3.0)
- CPE220 (v1.1)
- CPE510 (v1.0, v1.1)
- CPE520 (v1.1)
- RE450 (v1) [#device-class-tiny]_
- TD-W8970 (v1) [#lan_as_wan]_
- Archer C59 (v1)
- Archer C60 (v1)
- CPE210 (v1.0, v1.1, v2.0, v3.0, v3.1, v3.20)
- CPE220 (v3.0)
- CPE510 (v1.0, v1.1, v2.0, v3.0)
- CPE710 (v1.0)
- EAP225-Outdoor (v1, v3)
- TL-WDR3500 (v1)
- TL-WDR3600 (v1)
- TL-WDR4300 (v1)
- TL-WR710N (v1, v2.1)
- TL-WR810N (v1)
- TL-WR842N/ND (v1, v2, v3)
- TL-WR1043N/ND (v1, v2, v3, v4, v5)
- TL-WR842N/ND (v3)
- TL-WR1043N/ND (v2, v3, v4, v5)
- TL-WR2543N/ND (v1)
- WBS210 (v1.20)
- WBS210 (v1.20, v2.0)
- WBS510 (v1.20)
* Ubiquiti
- Air Gateway [#device-class-tiny]_
- Air Gateway LR [#device-class-tiny]_
- Air Gateway PRO [#device-class-tiny]_
- Air Router [#device-class-tiny]_
- Bullet M2/M5 [#device-class-tiny]_
- Loco M2/M5 [#device-class-tiny]_
- Loco M2/M5 XW
- Nanostation M2/M5 [#device-class-tiny]_
- Nanostation M2/M5 XW
- Picostation M2 [#device-class-tiny]_
- Rocket M2/M5
- Rocket M2/M5 Ti
- Rocket M2/M5 XW
- NanoBeam 5AC 19 (XC)
- NanoBeam M5 (XW)
- NanoStation Loco M2/M5 (XW)
- NanoStation M2/M5 (XW)
- UniFi AC Lite
- UniFi AC LR
- UniFi AC Mesh
- UniFi AC Mesh Pro
- UniFi AC Pro
- UniFi AP
- UniFi AP AC Lite
- UniFi AP AC LR
- UniFi AP AC Pro
- UniFi AP LR
- UniFi AP Pro
- UniFi AP Outdoor
- UniFi AP Outdoor+
- UniFi AP PRO
- UniFi Swiss Army Knife Ultra
* Western Digital
- My Net N600
- My Net N750
ath79-mikrotik
--------------
* ZyXEL
* Mikrotik
- NBG6616
- RB951Ui-2nD (hAP)
- RBwAPR-2nD (wAP R)
ar71xx-nand
-----------
ath79-nand
----------
* Aerohive
- HiveAP 121
* Netgear
- WNDR3700 (v4)
- WNDR4300 (v1)
* ZyXEL
- NBG6716
ar71xx-tiny [#deprecated]_ [#device-class-tiny]_
------------------------------------------------
* D-Link
- DIR-615 (C1)
* TP-Link
- TL-MR13U (v1)
- TL-MR3020 (v1)
- TL-MR3040 (v1, v2)
- TL-MR3220 (v1, v2)
- TL-MR3420 (v1, v2)
- TL-WA701N/ND (v1, v2)
- TL-WA730RE (v1)
- TL-WA750RE (v1)
- TL-WA801N/ND (v1, v2, v3)
- TL-WA830RE (v1, v2)
- TL-WA850RE (v1)
- TL-WA860RE (v1)
- TL-WA901N/ND (v1, v2, v3, v4, v5)
- TL-WA7210N (v2)
- TL-WA7510N (v1)
- TL-WR703N (v1)
- TL-WR710N (v2)
- TL-WR740N (v1, v3, v4, v5)
- TL-WR741N/ND (v1, v2, v4, v5)
- TL-WR743N/ND (v1, v2)
- TL-WR840N (v2)
- TL-WR841N/ND (v3, v5, v7, v8, v9, v10, v11, v12)
- TL-WR843N/ND (v1)
- TL-WR940N (v1, v2, v3, v4, v5, v6)
- TL-WR941ND (v2, v3, v4, v5, v6)
ath79-generic
--------------
* devolo
- WiFi pro 1200e [#lan_as_wan]_
- WiFi pro 1200i
- WiFi pro 1750c
- WiFi pro 1750e [#lan_as_wan]_
- WiFi pro 1750i
- WiFi pro 1750x
* GL.iNet
- GL-AR300M-Lite
- GL-AR300M
- GL-AR750S
- GL-XE300
* OCEDO
* NETGEAR
- Raccoon
- WNDR3700 (v4)
- WNDR4300 (v1)
* TP-Link
* Zyxel
- Archer C6 (v2)
- CPE220 (v3.0)
- NBG6716
brcm2708-bcm2708
----------------
......@@ -221,22 +208,33 @@ brcm2708-bcm2709
ipq40xx-generic
---------------
* 8devices
- Jalapeno
* Aruba
- AP-303
- AP-303H
- AP-365
- Instant On AP11
- Instant On AP11D
- Instant On AP17
* AVM
- FRITZ!Box 4040 [#avmflash]_
- FRITZ!Box 7520 (v1) [#eva_ramboot]_ [#lan_as_wan]_
- FRITZ!Box 7530 [#eva_ramboot]_ [#lan_as_wan]_
- FRITZ!Repeater 1200 [#eva_ramboot]_
* EnGenius
* Extreme Networks
- ENS620EXT
- WS-AP3915i
* GL.iNet
- GL-AP1300
- GL-B1300
* Linksys
......@@ -253,10 +251,23 @@ ipq40xx-generic
- A42
- A62
* ZyXEL
* Plasma Cloud
- PA1200
- PA2200
* Zyxel
- NBG6617
- WRE6606 [#device-class-tiny]_
ipq40xx-mikrotik
----------------
* Mikrotik
- DISC Lite5 ac (RBDiscG-5acD)
- hAP ac2
- SXTsq 5 ac (RBSXTsqG-5acD)
ipq806x-generic
---------------
......@@ -265,9 +276,17 @@ ipq806x-generic
- R7800
* Ubiquiti
- UniFi AC HD
lantiq-xrx200
-------------
* Arcadyan
- VGV7510KW22 (o2 Box 6431)
* AVM
- FRITZ!Box 7360 (v1, v2) [#avmflash]_ [#lan_as_wan]_
......@@ -275,6 +294,13 @@ lantiq-xrx200
- FRITZ!Box 7362 SL [#eva_ramboot]_ [#lan_as_wan]_
- FRITZ!Box 7412 [#eva_ramboot]_
lantiq-xrx200_legacy
--------------------
* TP-Link
- TD-W8970 (v1) [#lan_as_wan]_
lantiq-xway
-----------
......@@ -286,9 +312,69 @@ lantiq-xway
- DGN3500B [#lan_as_wan]_
mpc85xx-generic
mediatek-filogic
----------------
* ASUS
- RT-AX52
- TUF AX4200
- TUF AX6000
* Cudy
- AP3000 Outdoor (v1)
- TR3000 (v1)
- WR3000 (v1)
* D-Link
- AQUILA PRO AI M30 A1
- AQUILA PRO AI M60 A1
* GL.iNet
- GL-MT2500
- GL-MT3000
* NETGEAR
- WAX220
* OpenWrt
- One
* Ubiquiti
- UniFi 6 Plus
* Zyxel
- NWA50AX Pro
mediatek-mt7622
---------------
* Linksys
- E8450
* Ubiquiti
- UniFi 6 LR (v1)
mpc85xx-p1010
-------------
* Enterasys
- WS-AP3715i
* Sophos
- RED 15w Rev.1
* TP-Link
- TL-WDR4900 (v1)
......@@ -304,19 +390,37 @@ mpc85xx-p1020
- WS-AP3710i
* OCEDO
* Extreme Networks
- WS-AP3825i
* Hewlett-Packard
- MSM460
* Ocedo
- Panda
ramips-mt7620
-------------
* ASUS
- RT-AC51U
* GL.iNet
- GL-MT300A
- GL-MT300N
- GL-MT750
* NETGEAR
- EX3700
- EX3800
- EX6130
* Nexx
- WT3020AD/F/H
......@@ -337,69 +441,130 @@ ramips-mt7621
* ASUS
- RT-AC57U
- RT-AC57U (v1)
- RT-AX53U
* Cudy
- WR1300 (v1)
- WR2100
- X6 (v1, v2)
* D-Link
- COVR-X1860 (A1)
- DAP-X1860 (A1)
- DIR-860L (B1)
- DIR-878 (A1)
- DIR-882 (A1)
* Genexis
- Pulse EX400
* GL.iNet
- GL-MT1300
* MERCUSYS
- MR70X (v1)
* NETGEAR
- EX6150 (v1)
- R6220
- R6260
- WAC104
- WAX202
* TP-Link
- EAX11 (v2)
- EAX12
- EAX15 (v2)
- EAP615-Wall (v1)
- RE500 (v1)
- RE650 (v1)
* Ubiquiti
- EdgeRouter X
- EdgeRouter X-SFP
- UniFi 6 Lite
- UniFi nanoHD
* Wavlink
* ZBT
- WS-WN572HP3 (4G)
* Xiaomi
- Xiaomi Mi Router 3G (v1, v2)
- Xiaomi Mi Router 4A (Gigabit Edition v1, v2)
* Zbtlink
- WG3526-16M
- WG3526-32M
* Zyxel
- NWA50AX
- WSM20
ramips-mt76x8
-------------
* Cudy
- TR1200 (v1)
- WR1000 (v1)
* GL.iNet
- GL-MT300N (v2)
- microuter-N300
- VIXMINI
* NETGEAR
- R6020
- R6120
* RAVPower
- RP-WD009
* TP-Link
- Archer C50 (v3)
- Archer C50 (v4)
- Archer C20 (v4, v5)
- Archer C50 (v3, v4)
- RE200 (v2, v3, v4)
- TL-MR3020 (v3)
- TL-MR3420 (v5)
- TL-MR6400 (v5)
- TL-WA801ND (v5)
- TL-WR841N (v13)
- TL-WR902AC (v3)
- TL-WR902AC (v3, v4)
* VoCore
- VoCore2
ramips-rt305x [#deprecated]_ [#device-class-tiny]_
---------------------------------------------------
* Xiaomi
* A5-V11
- Xiaomi Mi Router 4A (100M Edition) - MIR4A
- Xiaomi Mi Router 4A (100M International Edition) - R4AC
- Xiaomi Mi Router 4A (100M International Edition v2) - R4ACv2
- Xiaomi Mi Router 4C - R4CM
* D-Link
rockchip-armv8
--------------
- DIR-615 (D1, D2, D3, D4, H1)
* FriendlyElec
* VoCore
- VoCore (8M, 16M)
- NanoPi R2S
- NanoPi R3S
- NanoPi R4S (4GB LPDDR4)
sunxi-cortexa7
--------------
......@@ -436,18 +601,8 @@ See also: :doc:`x86`
Footnotes
---------
.. [#deprecated]
The device or target is reaching its end of life soon. This means that support
in the next major release of Gluon is doubtful.
.. [#device-class-tiny]
These devices only support a subset of Gluons capabilities due to flash or memory
size constraints. Devices are classified as tiny in they provide less than 7M of usable
flash space or have a low amount of system memory. For more information, see the
developer documentation: :ref:`device-class-definition`.
.. [#avmflash]
For instructions on how to flash AVM devices, visit https://fritzfla.sh
For instructions on how to flash AVM devices, visit https://fritz-tools.readthedocs.io
.. [#eva_ramboot]
For instructions on how to flash AVM NAND devices, see the respective
......@@ -455,3 +610,14 @@ Footnotes
.. [#lan_as_wan]
All LAN ports on this device are used as WAN.
.. [#missing_radios]
This device contains more than two WLAN radios, which is currently
unsupported by Gluon. Only the first two radios will work.
.. [#modular_ethernet]
These devices follow a modular principle,
which means even basic functionality like ethernet is provided by an expansion-board,
that may not be bundled with the device itself.
Such expansions are recommended for the config mode, but are not strictly necessary,
as exposed serial ports may grant sufficient access as well.
docs/user/x86.rst
View file @ 02fd2d04
......@@ -9,21 +9,26 @@ Targets
The following targets for x86 images exist:
`x86-generic`
Generic x86 support with many different ethernet drivers; should run on
most x86 systems.
`x86-64`
Generic x86 64-bit support with many different ethernet drivers; should run on
most x86 systems with 64-bit support.
There are three images:
* `generic` (compressed "raw" image, can written to a disk directly or booted with qemu)
* `generic` (compressed "raw" image, can be written to a disk directly or booted with qemu)
* `virtualbox` (VDI image)
* `vmware` (VMDK image)
These images differ in the image file format, the content is the same. Therefore
a single `x86-generic` sysupgrade image is provided, only.
a single `x86-64` sysupgrade image is provided, only.
`x86-generic`
32-bit version of `x86-64` for hardware not supporting 64-bit images.
Also comes with `virtualbox` and `vmware` factory installs.
`x86-geode`
x86 image for Geode CPUs.
`x86-64`
64bit version of `x86-generic`.
`x86-legacy`
x86 image for very old PC hardware like i586.
modules
View file @ 02fd2d04
GLUON_FEEDS='packages routing gluon'
GLUON_FEEDS='gluon packages routing'
OPENWRT_REPO=https://github.com/openwrt/openwrt.git
OPENWRT_BRANCH=openwrt-19.07
OPENWRT_COMMIT=9cafcbe0bdd601d07ed55bee0136f5d8393c37a8
OPENWRT_BRANCH=openwrt-24.10
OPENWRT_COMMIT=e709e9bc067f0e97f9ccc43fdec451ff83bba2d5
PACKAGES_PACKAGES_REPO=https://github.com/openwrt/packages.git
PACKAGES_PACKAGES_BRANCH=openwrt-19.07
PACKAGES_PACKAGES_COMMIT=e76090945523c71c2406276f6d42b2e7f078a2d8
PACKAGES_GLUON_REPO=https://github.com/freifunk-gluon/packages.git
PACKAGES_GLUON_COMMIT=bae34a0f53b25dbd691c57c8ab2d0b7cfe811517
PACKAGES_ROUTING_REPO=https://github.com/openwrt-routing/packages.git
PACKAGES_ROUTING_BRANCH=openwrt-19.07
PACKAGES_ROUTING_COMMIT=9b42e24a54f03ebb6f58224b49036e8f739b175f
PACKAGES_PACKAGES_REPO=https://github.com/openwrt/packages.git
PACKAGES_PACKAGES_BRANCH=openwrt-24.10
PACKAGES_PACKAGES_COMMIT=acd385976da5bd26c8837e847b76146a3c1b8ad7
PACKAGES_GLUON_REPO=https://github.com/freifunk-gluon/packages.git
PACKAGES_GLUON_COMMIT=12e41d0ff07ec54bbd67a31ab50d12ca04f2238c
PACKAGES_ROUTING_REPO=https://github.com/openwrt/routing.git
PACKAGES_ROUTING_BRANCH=openwrt-24.10
PACKAGES_ROUTING_COMMIT=f2ee837d3714f86e9d636302e9f69612c71029cb
package/features
View file @ 02fd2d04
nodefault 'web-wizard'
-- Feature definition file
--
-- See the page `dev/packages` (Developer Documentation / Package development)
-- in the `docs` directory or on gluon.readthedocs.io for information on the
-- file format
packages 'web-wizard' \
'gluon-config-mode-hostname' \
'gluon-config-mode-geo-location' \
'gluon-config-mode-contact-info' \
'gluon-config-mode-outdoor'
packages 'web-wizard & autoupdater' \
'gluon-config-mode-autoupdater'
feature('web-wizard', {
'gluon-config-mode-hostname',
'gluon-config-mode-geo-location',
'gluon-config-mode-contact-info',
'gluon-config-mode-outdoor',
})
packages 'web-wizard & (mesh-vpn-fastd | mesh-vpn-tunneldigger)' \
'gluon-config-mode-mesh-vpn'
when(_'web-wizard' and _'autoupdater', {
'gluon-config-mode-autoupdater',
})
when(_'web-wizard' and (
_'mesh-vpn-fastd' or
_'mesh-vpn-fastd-l2tp' or
_'mesh-vpn-wireguard'
), {
'gluon-config-mode-mesh-vpn',
})
nodefault 'web-advanced'
packages 'web-advanced' \
'gluon-web-admin' \
'gluon-web-network' \
'gluon-web-wifi-config'
feature('web-advanced', {
'gluon-web-admin',
'gluon-web-network',
'gluon-web-wifi-config',
})
packages 'web-advanced & autoupdater' \
'gluon-web-autoupdater'
when(_'web-advanced' and _'autoupdater', {
'gluon-web-autoupdater',
})
packages 'status-page & mesh-batman-adv-15' \
'gluon-status-page-mesh-batman-adv'
packages 'mesh-batman-adv-15' \
'gluon-ebtables-limit-arp' \
'gluon-radvd'
when(_'mesh-batman-adv-15', {
'gluon-ebtables-limit-arp',
'gluon-radvd',
})
packages 'mesh-babel' \
'gluon-radvd'
when(_'status-page' and _'mesh-batman-adv-15', {
'gluon-status-page-mesh-batman-adv',
})
packages '!wireless-encryption-wpa3' \
'hostapd-mini'
when(_'mesh-olsrd', {
'gluon-radvd',
})
when(not _'wireless-encryption-wpa3', {
'hostapd-mini',
})
package/gluon-alfred/Makefile
View file @ 02fd2d04
include $(TOPDIR)/rules.mk
PKG_NAME:=gluon-alfred
PKG_VERSION:=1
PKG_RELEASE:=1
include ../gluon.mk
......
package/gluon-alfred/files/usr/lib/autoupdater/abort.d/60gluon-alfred
View file @ 02fd2d04
#!/bin/sh
# shellcheck source=package/gluon-autoupdater/files/lib/gluon/autoupdater/lib.sh
. /lib/gluon/autoupdater/lib.sh
start_enabled alfred
package/gluon-alfred/files/usr/lib/autoupdater/download.d/40gluon-alfred
View file @ 02fd2d04
#!/bin/sh
# shellcheck source=package/gluon-autoupdater/files/lib/gluon/autoupdater/lib.sh
. /lib/gluon/autoupdater/lib.sh
stop alfred
package/gluon-authorized-keys/Makefile
View file @ 02fd2d04
include $(TOPDIR)/rules.mk
PKG_NAME:=gluon-authorized-keys
PKG_VERSION:=2
include ../gluon.mk
......
package/gluon-autoupdater/Config.in 0 → 100644
View file @ 02fd2d04
if PACKAGE_gluon-autoupdater
config GLUON_AUTOUPDATER_BRANCH
string "Autoupdater branch"
default ""
config GLUON_AUTOUPDATER_ENABLED
bool "Enable autoupdater by default"
endif
package/gluon-autoupdater/Makefile
View file @ 02fd2d04
include $(TOPDIR)/rules.mk
PKG_NAME:=gluon-autoupdater
PKG_VERSION:=4
PKG_CONFIG_DEPENDS := CONFIG_GLUON_BRANCH
PKG_CONFIG_DEPENDS := CONFIG_GLUON_AUTOUPDATER_BRANCH CONFIG_GLUON_AUTOUPDATER_ENABLED
include ../gluon.mk
......@@ -13,18 +12,18 @@ define Package/gluon-autoupdater
endef
define Package/gluon-autoupdater/config
config GLUON_BRANCH
string "Gluon autoupdater branch"
depends on PACKAGE_gluon-autoupdater
default ""
source "$(SOURCE)/Config.in"
endef
define Package/gluon-autoupdater/install
$(Gluon/Build/Install)
ifneq ($(CONFIG_GLUON_BRANCH),"")
$(INSTALL_DIR) $(1)/lib/gluon/autoupdater
echo '$(call qstrip,$(CONFIG_GLUON_BRANCH))' > $(1)/lib/gluon/autoupdater/default_branch
ifneq ($(CONFIG_GLUON_AUTOUPDATER_BRANCH),"")
echo '$(call qstrip,$(CONFIG_GLUON_AUTOUPDATER_BRANCH))' > $(1)/lib/gluon/autoupdater/default_branch
endif
ifneq ($(CONFIG_GLUON_AUTOUPDATER_ENABLED),)
touch $(1)/lib/gluon/autoupdater/default_enabled
endif
endef
......
package/gluon-autoupdater/check_site.lua
View file @ 02fd2d04
need_string(in_site({'autoupdater', 'branch'}))
local has_tls = (function()
local f = io.open((os.getenv('IPKG_INSTROOT') or '') .. '/lib/gluon/features/tls')
if f then
f:close()
return true
end
return false
end)()
need_table({'autoupdater', 'branches'}, function(branch)
local branches = table_keys(need_table({'autoupdater', 'branches'}, function(branch)
need_alphanumeric_key(branch)
need_string(in_site(extend(branch, {'name'})))
need_string_array_match(extend(branch, {'mirrors'}), '^http://')
need_array(extend(branch, {'mirrors'}), function(mirror)
alternatives(function()
need_string_match(mirror, 'http://')
end, function()
need_string_match(mirror, 'https://')
need(mirror, function() return has_tls end, nil,
"use HTTPS only if the 'tls' feature is enabled")
end, function()
need_string_match(mirror, '^//')
end)
end)
local pubkeys = need_string_array_match(in_site(extend(branch, {'pubkeys'})), '^%x+$')
need_number(in_site(extend(branch, {'good_signatures'})))
need_string_array_match(in_site(extend(branch, {'pubkeys'})), '^%x+$')
need(in_site(extend(branch, {'good_signatures'})), function(good_signatures)
return good_signatures <= #pubkeys
end, nil, string.format('be less than or equal to the number of public keys (%d)', #pubkeys))
obsolete(in_site(extend(branch, {'probability'})), 'Use GLUON_PRIORITY in site.mk instead.')
end)
end))
need_one_of(in_site({'autoupdater', 'branch'}), branches, false)
-- Check GLUON_AUTOUPDATER_BRANCH
local default_branch
local f = io.open((os.getenv('IPKG_INSTROOT') or '') .. '/lib/gluon/autoupdater/default_branch')
if f then
default_branch = f:read('*line')
f:close()
end
need_one_of(value('GLUON_AUTOUPDATER_BRANCH', default_branch), branches, false)
package/gluon-autoupdater/files/usr/lib/autoupdater/abort.d/90gluon-autoupdater
View file @ 02fd2d04
#!/bin/sh
# shellcheck source=package/gluon-autoupdater/files/lib/gluon/autoupdater/lib.sh
. /lib/gluon/autoupdater/lib.sh
......
package/gluon-autoupdater/files/usr/lib/autoupdater/download.d/10gluon-autoupdater
View file @ 02fd2d04
#!/bin/sh
# shellcheck source=package/gluon-autoupdater/files/lib/gluon/autoupdater/lib.sh
. /lib/gluon/autoupdater/lib.sh
......
package/gluon-autoupdater/luasrc/lib/gluon/upgrade/500-autoupdater
View file @ 02fd2d04
......@@ -2,34 +2,69 @@
local site = require 'gluon.site'
local uci = require('simple-uci').cursor()
local unistd = require 'posix.unistd'
local has_tls = unistd.access('/lib/gluon/features/tls') ~= nil
local default_scheme = has_tls and 'https:' or 'http:'
local min_branch
local function mirror_urls(mirrors)
local ret = {}
for _, mirror in ipairs(mirrors) do
if string.match(mirror, '^//') ~= nil then
table.insert(ret, default_scheme .. mirror)
else
table.insert(ret, mirror)
end
end
return ret
end
for name, config in pairs(site.autoupdater.branches()) do
uci:delete('autoupdater', name)
uci:section('autoupdater', 'branch', name, {
name = config.name,
mirror = config.mirrors,
mirror = mirror_urls(config.mirrors),
good_signatures = config.good_signatures,
pubkey = config.pubkeys,
})
end
if not uci:get('autoupdater', 'settings') then
local enabled = false
local branch = site.autoupdater.branch()
if not min_branch or (name < min_branch) then
min_branch = name
end
end
local function default_branch()
local f = io.open('/lib/gluon/autoupdater/default_branch')
if f then
enabled = true
branch = f:read('*line')
local ret = f:read('*line')
f:close()
return ret
end
return site.autoupdater.branch(min_branch)
end
local enabled, branch
if not uci:get('autoupdater', 'settings') then
enabled = unistd.access('/lib/gluon/autoupdater/default_enabled') ~= nil
end
local old_branch = uci:get('autoupdater', 'settings', 'branch')
if not old_branch or not uci:get('autoupdater', old_branch) then
branch = default_branch()
if not branch then
enabled = false
end
end
uci:section('autoupdater', 'autoupdater', 'settings', {
enabled = enabled,
branch = branch,
})
end
uci:set('autoupdater', 'settings', 'version_file', '/lib/gluon/release')
......
package/gluon-autoupdater/src/respondd.c
View file @ 02fd2d04
/*
Copyright (c) 2016, Matthias Schiffer <mschiffer@universe-factory.net>
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice,
this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
/* SPDX-FileCopyrightText: 2016, Matthias Schiffer <mschiffer@universe-factory.net> */
/* SPDX-License-Identifier: BSD-2-Clause */
#include <respondd.h>
......

Impressum - Datenschutz