diff --git a/CHANGELOG.md b/CHANGELOG.md index 85392cd..4a2e3fe 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,15 @@ # Freifunk Regensburg Firmware Changelog +## v2015.1-ffrgb + - Update to Gluon v2015.1 + - Integrated no_rebroadcast fix on mesh-vpn from Gluon Upstream + - Added FFMuc custom gluon packages with ebtables rules: + - mcast-drop-non-site to prohibit arp traffic except 10.8.0.0/16 + - mcast-drop-arp to drop arp traffic from/to 0.0.0.0 + - mcast-allow-cjdns to allow cjdns multicast traffic + - Changed default download/upload traffic shaping to 12.000/1.200 kbit/s + - Added support for several new devices + ## snapshot~20150303 - forked to Regensburg in preparation for Infrastructure Split diff --git a/Makefile b/Makefile index 8c5b02d..3c14f8f 100644 --- a/Makefile +++ b/Makefile @@ -1,9 +1,14 @@ GLUON_BUILD_DIR := gluon-build -GLUON_GIT_URL := git://github.com/freifunk-gluon/gluon.git -GLUON_GIT_REF := v2014.4 +GLUON_GIT_URL := https://github.com/freifunk-gluon/gluon.git +GLUON_GIT_REF := v2015.1 SECRET_KEY_FILE ?= ${HOME}/.gluon-secret-key +GLUON_TARGETS ?= \ + ar71xx-generic \ + ar71xx-nand \ + x86-kvm_guest + GLUON_RELEASE := $(shell git describe --tags 2>/dev/null) ifneq (,$(shell git describe --exact-match --tags 2>/dev/null)) GLUON_BRANCH := stable @@ -13,24 +18,27 @@ endif JOBS ?= $(shell cat /proc/cpuinfo | grep processor | wc -l) +JOBS = 1 + GLUON_MAKE := ${MAKE} -j ${JOBS} -C ${GLUON_BUILD_DIR} \ - GLUON_RELEASE=${GLUON_RELEASE} \ - GLUON_BRANCH=${GLUON_BRANCH} + GLUON_RELEASE=${GLUON_RELEASE} \ + GLUON_BRANCH=${GLUON_BRANCH} all: info - ${MAKE} gluon-clean ${MAKE} manifest - ${MAKE} gluon-clean - + info: @echo @echo '#########################' @echo '# FFRGB Firmare build' @echo '# Building release ${GLUON_RELEASE} for branch ${GLUON_BRANCH}' - @echo - + @echo + build: gluon-prepare - ${GLUON_MAKE} + for target in ${GLUON_TARGETS}; do \ + echo ""Building target $$target""; \ + ${GLUON_MAKE} GLUON_TARGET="$$target"; \ + done manifest: build ${GLUON_MAKE} manifest diff --git a/i18n/de.po b/i18n/de.po new file mode 100644 index 0000000..82c5f22 --- /dev/null +++ b/i18n/de.po @@ -0,0 +1,37 @@ +msgid "" +msgstr "" +"Content-Type: text/plain; charset=UTF-8\n" +"Project-Id-Version: PACKAGE VERSION\n" +"PO-Revision-Date: 2015-05-16 19:31+0200\n" +"Last-Translator: Bastian Maeuser \n" +"Language-Team: German\n" +"Language: de\n" +"MIME-Version: 1.0\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +msgid "gluon-config-mode:welcome" +msgstr "" +"Willkommen zum Einrichtungsassistenten für deinen neuen Regensburger " +"Freifunk-Knoten. Fülle das folgende Formular deinen Vorstellungen " +"entsprechend aus und sende es ab." + +msgid "gluon-config-mode:pubkey" +msgstr "" + +msgid "gluon-config-mode:reboot" +msgstr "" +"

Dein Knoten startet gerade neu und wird anschließend versuchen, sich " +"mit anderen Freifunk-Knoten in seiner Nähe zu verbinden. Weitere " +"Informationen zur Regensburger Freifunk-Community findest du auf " +"unserer Webseite. Wenn " +"alles geklappt hat, wirst du in ein paar Minuten unter " +"regensburg.freifunk.net/meshviewer/ " +"deinen Knoten finden.

" +"

Um zu dieser Konfigurationsseite zurückzugelangen, drücke im normalen " +"Betrieb für drei Sekunden den Reset-Button. Das Gerät wird dann im Config " +"Mode neustarten.

" +"

Wenn Du mehr über Freifunk in Regensburg erfahren möchtest, dann besuche " +"uns doch einfach Montag in der Binary Kitchen " +"wo meistens jemand von uns jemand zugegen ist, oder im IRC Netz hackint/#freifunkR

" +"

Viel Spaß mit deinem Knoten und der Erkundung von Freifunk!

" diff --git a/i18n/en.po b/i18n/en.po new file mode 100644 index 0000000..3c19e32 --- /dev/null +++ b/i18n/en.po @@ -0,0 +1,30 @@ +msgid "" +msgstr "" +"Content-Type: text/plain; charset=UTF-8\n" +"Project-Id-Version: PACKAGE VERSION\n" +"PO-Revision-Date: 2015-05-16 19:31+0200\n" +"Last-Translator: Bastian Maeuser \n" +"Language-Team: English\n" +"Language: en\n" +"MIME-Version: 1.0\n" +"Content-Transfer-Encoding: 8bit\n" +"Plural-Forms: nplurals=2; plural=(n != 1);\n" + +msgid "gluon-config-mode:welcome" +msgstr "" +"Welcome the the setup wizard of your new Freifunk Regensburg node. " +"Please fill out the following form and transmit it." + +msgid "gluon-config-mode:pubkey" +msgstr "" + +msgid "gluon-config-mode:reboot" +msgstr "" +"

Your node is currently rebooting and will try to connect to other " +"nearby Freifunk nodes. It should appear on our map at " +"regensburg.freifunk.net/meshviewer/ " +"in a few minutes.

" +"

To get back to this configuration interface, press the reset button for " +"3 seconds during normal operation. The device will then reboot into config " +"mode.

" +"

Have fun with your node and exploring the Freifunk network!

" diff --git a/modules b/modules new file mode 100644 index 0000000..bf79c5e --- /dev/null +++ b/modules @@ -0,0 +1,3 @@ +GLUON_SITE_FEEDS='ffmuc_packages' +PACKAGES_FFMUC_PACKAGES_REPO=https://github.com/freifunkMUC/gluon-packages.git +PACKAGES_FFMUC_PACKAGES_COMMIT=82e721ad5d7c9eca8728954cfa1ab1d5b9168487 diff --git a/site.conf b/site.conf index fa6ccd0..0665d58 100644 --- a/site.conf +++ b/site.conf @@ -1,235 +1,106 @@ ---[[ - gluon site.conf ffrgb - - This file contains the Munich freifunk site.conf which was adopted from the original freifunk suite used in Luebeck. - There are comments added to most switches to explain the usage of gluon. - - This is lua code now, not perl anymore. - - Happy compiling! -]] - { - --[[ Community settings - hostname_prefix: Nodename prefix - freifunk-abcdef123456 (hex-part is generated from node's MAC address) - site_name: Name of your community - site_code: Shortcode of your community - ]] + hostname_prefix = 'freifunk', + site_name = 'Freifunk Regensburg', + site_code = 'ffsad-bat15', + opkg_repo = 'http://openwrt.draic.info/barrier_breaker/14.07/%S/packages', - hostname_prefix = 'freifunk', - site_name = 'Freifunk Regensburg', - site_code = 'ffrgb-bat15', - opkg_repo = 'http://openwrt.draic.info/barrier_breaker/14.07/%S/packages', + prefix4 = '10.90.0.0/16', + prefix6 = 'fdef:f00f:1337:cafe/64', + + timezone = 'CET-1CEST,M3.5.0,M10.5.0/3', + ntp_servers = {'1.ntp.services.ffrgb','2.ntp.services.ffrgb'}, + + mesh_on_wan = true, + + regdom = 'DE', + + wifi24 = { + ssid = 'schwandorf.freifunk.net', + channel = 1, + htmode = 'HT40+', + mesh_ssid = 'mesh.ffrgb', + mesh_bssid = '02:0E:8E:1E:61:17', + mesh_mcast_rate = 12000, + }, + + wifi5 = { + ssid = 'schwandorf.freifunk.net', + channel = 44, + htmode = 'HT40+', + mesh_ssid = 'mesh.ffrgb', + mesh_bssid = '02:0E:8E:1E:61:17', + mesh_mcast_rate = 12000, + }, + + next_node = { + ip4 = '10.90.0.1', + ip6 = 'fdef:f00f:1337:cafe::1', + mac = '16:41:95:40:f7:dd', + }, - --[[ General network settings - prefix4: IPv4 range of your community - prefix6: IPv6 range of your community - is also required for radvd ]] - - prefix4 = '10.90.0.0/16', - prefix6 = 'fdef:f00f:1337:cafe/64', - - - --[[ NTP settings - Synchronize the time of the nodes - timezone: Timezone of your community - http://wiki.openwrt.org/doc/uci/system#time.zones - ntp_servers: List of NTP-Servers to query. You can use any public and/or your private NTP-Servers of your community. - http://www.pool.ntp.org/zone/de ]] - - timezone = 'CET-1CEST,M3.5.0,M10.5.0/3', - ntp_servers = {'1.ntp.services.ffrgb','2.ntp.services.ffrgb'}, - - --[[ Wireless settings - regdom: IEEE 802.11 Regulatory Domain - http://en.wikipedia.org/wiki/IEEE_802.11#Regulatory_domains_and_legal_compliance - wifi24: Wifi settings for 2.4 GHz frequency devices - wifi5: Wifi settings for 5 GHz frequency devices - sub - ssid: Wifi name shown to the user (We recommend %site_code%.freifunk.net) - channel: Wifi channel to use - htmode: Specifies the channel width in 802.11n and 802.11ac mode, possible values are: - HT20 (single 20MHz channel), - HT40- (2x 20MHz channels, primary/control channel is upper, secondary channel is below) - HT40+ (2x 20MHz channels, primary/control channel is lower, secondary channel is above). - VHT20 / VHT40 / VHT80 / VHT160 (channel width in 802.11ac, extra channels are picked according to the specification) - http://wiki.openwrt.org/doc/uci/wireless#common.options (-> htmode) - mesh_ssid: SSID of the mesh-interface, an ugly SSID prevent clients from connecting (We recommend not to change this) - mesh_bssid: BSSID of the mesh-interface - mesh_mcast_rate: multicast rate of the mesh-interface ]] - - regdom = 'DE', - - wifi24 = { - ssid = 'schwandorf.freifunk.net', - channel = 1, - htmode = 'HT40+', - mesh_ssid = 'mesh.ffrgb', - mesh_bssid = '02:0E:8E:1E:61:17', --[[ from https://muenchen.freifunk.net/wiki/Knoten#B.A.T.M.A.N._Advanced ]] - mesh_mcast_rate = 12000, - }, - - wifi5 = { - ssid = 'schwandorf.freifunk.net', - channel = 44, - htmode = 'HT40+', - mesh_ssid = 'mesh.ffrgb', - mesh_bssid = '02:0E:8E:1E:61:17', - mesh_mcast_rate = 12000, - }, - - - --[[ Next-Node - next_node: Howto reach the node you are currently connected to - The node will always be reachable at that address, and it's the same on all nodes. Because next_node packets are redirected within the node itself, there will be no conflicts. - sub - ip4: IPv4 Address to use - ip6: IPv6 Address to use - mac: MAC Address to use - (TODO: What is the purpose of this MAC-Address here?) ]] - - next_node = { - ip4 = '10.90.0.1', - ip6 = 'fdef:f00f:1337:cafe::1', - mac = '16:41:95:40:f7:dd', - }, - - - --[[ Gateway settings - fastd_mesh_vpn: fastd vpn settings - https://projects.universe-factory.net/projects/fastd/wiki/User_manual - sub - methods: encryption algorithms to use - https://projects.universe-factory.net/projects/fastd/wiki/Methods - When multiple method statements are given, the first one has the highest preference. - mtu: package size - backbone: fastd vpn gateways of your community - sub - limit: Number of gateways each node connects to - On startup, each node tries to connect to every gateway, and then chooses the number of 'limit' fastest gateways it could reach - peers: Gateways - sub sub - key: public fastd key of your gateway - https://github.com/tcatm/ecdsautils - remotes: List of fastd configuration strings to connect to your gateway server ]] - - - fastd_mesh_vpn = { - methods = {'salsa2012+umac','salsa2012+gmac'}, - mtu = 1426, - backbone = { - limit = 2, - peers = { - vpn_gw01 = { --[[ VPN Server von Sven (hetzner) ]] - key = '58c2ac30c4693e8fde59c3794ac4c09748ec6a969e9688c42e144f5382e16e66', - remotes = {'ipv4 "78.47.168.108" port 10000'}, - }, - vpn_gw04 = { --[[ VPN Server von mephisto ]] - key = '40ebfaf04da006d9150d3d8adeaab0dfa62ca645b416403537cb009bbf2125b5', - remotes = {'ipv4 "213.166.225.5" port 10000'}, - }, - }, - }, - }, - - --[[ gluon autoupdater section - a how-to can be found here: http://gluon.readthedocs.org/en/latest/features/autoupdater.html - enable: 0, 1 - branch: stable, beta, experimental - name: name of the branch - mirrors: comma separated ipv6 based mirror-servers to access the firmware image - good_signatures: number of at leased good signatures signed by the authors of the firmware - pubkeys: public keys of the authors of the firmware image ]] - -autoupdater = { - enabled = 1, - branch = 'stable', - branches = { - stable = { - name = 'stable', - mirrors = { - 'http://[fdef:f00f:1337:cafe::11]/firmware-sad/stable/sysupgrade/', + fastd_mesh_vpn = { + methods = {'salsa2012+umac'}, + mtu = 1426, + groups = { + backbone = { + limit = 2, + peers = { + gw01 = { --[[ sven ]] + key = '58c2ac30c4693e8fde59c3794ac4c09748ec6a969e9688c42e144f5382e16e66', + remotes = { + 'ipv4 "78.47.168.108" port 10000', + }, + }, + gw04 = { --[[ mephisto ]] + key = '40ebfaf04da006d9150d3d8adeaab0dfa62ca645b416403537cb009bbf2125b5', + remotes = { + 'ipv4 "213.166.225.5" port 10000', + }, + }, }, - probability = 0.08, - good_signatures = 2, - pubkeys = { + }, + }, + }, + + autoupdater = { + enabled = 1, + branch = 'stable', + branches = { + stable = { + name = 'stable', + mirrors = { + 'http://[fdef:f00f:1337:cafe::11]/sad/firmware/stable/sysupgrade/', + }, + probability = 0.1, + good_signatures = 1, + pubkeys = { '4d6b1a8e2ecfdb59469c38c3659916dd6046cd5270ddd31c3319b21c508eaa07', -- mephisto - '130ff01b6c8df0349c977a5c9539775209493bc771b713e5b3e58cc1d7c4145a', -- duff - }, - }, - experimental = { + '130ff01b6c8df0349c977a5c9539775209493bc771b713e5b3e58cc1d7c4145a', -- sven + }, + }, + experimental = { name = 'experimental', - mirrors = { - 'http://[fdef:f00f:1337:cafe::11]/firmware-sad/experimental/sysupgrade/', + mirrors = { + 'http://[fdef:f00f:1337:cafe::11]/sad/firmware/experimental/sysupgrade/', }, - probability = 0.1, - good_signatures = 1, - pubkeys = { + probability = 0.5, + good_signatures = 1, + pubkeys = { '4d6b1a8e2ecfdb59469c38c3659916dd6046cd5270ddd31c3319b21c508eaa07', -- mephisto - }, - }, - }, - }, + '130ff01b6c8df0349c977a5c9539775209493bc771b713e5b3e58cc1d7c4145a', -- sven + }, + }, + }, + }, - - - --[[ Simple TC settings to limit the bandwidth of the vpn-uplink - mesh_vpn: - sub - ifname: name of the interface/bridge - enabled: default-value - limit_egress: default-value - limit_ingress: default-value ]] - - simple_tc = { - mesh_vpn = { - ifname = 'mesh-vpn', - enabled = false, - limit_egress = 200, - limit_ingress = 3000, - }, - }, - - - --[[ Config Mode settings - Text shown on local website on node while in config mode (after initial flashing or after a long press and hold on the primary button and reboot). You can use html here. - msg_welcome: Welcome message shown at startup - msg_pubkey: Instructions for the user how your community handles the key exchange - only shown if VPN setting is selected - msg_reboot: Message shown when configuration is finished while the node is rebooting. - - Variables - Within the text given here you can use variables which are - replaced when the respective website is delivered to the user. - Variables must be used in the format <%=NAME%>. See msg_pubkey for an example. - hostname: hostname of the node - pubkey: fastd public key of the node - sysconfig.primary_mac the primary mac of the node, also found printed beneath the device - ... other sysconfig.* variables: config_ifname, lan_ifname, wan_ifname ]] - - - config_mode = { - msg_welcome = [[ -Willkommen zum Einrichtungsassistenten für deinen neuen Regensburger -Freifunk-Knoten. Fülle das folgende Formular deinen Vorstellungen -entsprechend aus und sende es ab. -]], - msg_pubkey = [[ -]], - msg_reboot = [[ -

-Dein Knoten startet gerade neu und wird anschließend versuchen, -sich mit anderen Freifunk-Knoten in seiner Nähe zu -verbinden. Weitere Informationen zur -Regensburger Freifunk-Community findest du auf -unserer Webseite. -

-

-Viel Spaß mit deinem Knoten und der Erkundung von Freifunk! -

-]], - }, + simple_tc = { + mesh_vpn = { + ifname = 'mesh-vpn', + enabled = false, + limit_egress = 1200, + limit_ingress = 12000, + }, + }, } -- vim: set ft=lua:ts=2:sw=2:et diff --git a/site.mk b/site.mk index 7dc3c96..e3e819b 100644 --- a/site.mk +++ b/site.mk @@ -3,6 +3,7 @@ GLUON_SITE_PACKAGES := \ gluon-alfred \ gluon-announced \ gluon-autoupdater \ + gluon-config-mode-core \ gluon-config-mode-autoupdater \ gluon-config-mode-hostname \ gluon-config-mode-mesh-vpn \ @@ -13,14 +14,18 @@ GLUON_SITE_PACKAGES := \ gluon-luci-admin \ gluon-luci-autoupdater \ gluon-luci-portconfig \ + gluon-luci-wifi-config \ gluon-luci-private-wifi \ gluon-next-node \ gluon-mesh-vpn-fastd \ gluon-radvd \ + gluon-setup-mode \ gluon-status-page \ iwinfo \ iptables \ - haveged + haveged \ + gluon-ebtables-filter-arp-ffmuc \ + gluon-ebtables-filter-multicast-ffmuc DEFAULT_GLUON_RELEASE := snapshot~$(shell date '+%Y%m%d') @@ -29,3 +34,6 @@ DEFAULT_GLUON_RELEASE := snapshot~$(shell date '+%Y%m%d') GLUON_RELEASE ?= $(DEFAULT_GLUON_RELEASE) GLUON_PRIORITY ?= 0 + +# Languages to include +GLUON_LANGS ?= en de