merged sad to v2015.1

2024-12-28 11:21:50 +01:00 · 2015-05-20 17:23:58 +02:00 · 2015-05-20 17:23:58 +02:00 · bbe3ae05c6
commit bbe3ae05c6
parent 2e74c1ffee fb5a466391
7 changed files with 201 additions and 234 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,5 +1,15 @@
 # Freifunk Regensburg Firmware Changelog
 ## v2015.1-ffrgb
 - Update to Gluon v2015.1
 - Integrated no_rebroadcast fix on mesh-vpn from Gluon Upstream
 - Added FFMuc custom gluon packages with ebtables rules:
   - mcast-drop-non-site to prohibit arp traffic except 10.8.0.0/16
   - mcast-drop-arp to drop arp traffic from/to 0.0.0.0
   - mcast-allow-cjdns to allow cjdns multicast traffic
 - Changed default download/upload traffic shaping to 12.000/1.200 kbit/s
 - Added support for several new devices
 ## snapshot~20150303
 - forked to Regensburg in preparation for Infrastructure Split
--- a/28
+++ b/28
@ -1,9 +1,14 @@
 GLUON_BUILD_DIR := gluon-build
-GLUON_GIT_URL := git://github.com/freifunk-gluon/gluon.git
+GLUON_GIT_URL := https://github.com/freifunk-gluon/gluon.git
-GLUON_GIT_REF := v2014.4
+GLUON_GIT_REF := v2015.1
 SECRET_KEY_FILE ?= ${HOME}/.gluon-secret-key
 GLUON_TARGETS ?= \
 	ar71xx-generic \
 	ar71xx-nand \
 	x86-kvm_guest
 GLUON_RELEASE := $(shell git describe --tags 2>/dev/null)
 ifneq (,$(shell git describe --exact-match --tags 2>/dev/null))
  GLUON_BRANCH := stable
@ -13,24 +18,27 @@ endif
 JOBS ?= $(shell cat /proc/cpuinfo | grep processor | wc -l)
 JOBS = 1
 GLUON_MAKE := ${MAKE} -j ${JOBS} -C ${GLUON_BUILD_DIR} \
-                      GLUON_RELEASE=${GLUON_RELEASE} \
+			GLUON_RELEASE=${GLUON_RELEASE} \
-                      GLUON_BRANCH=${GLUON_BRANCH}
+			GLUON_BRANCH=${GLUON_BRANCH}
 all: info
 	${MAKE} gluon-clean
 	${MAKE} manifest
-	${MAKE} gluon-clean
+
 info:
 	@echo
 	@echo '#########################'
 	@echo '# FFRGB Firmare build'
 	@echo '# Building release ${GLUON_RELEASE} for branch ${GLUON_BRANCH}'
-	@echo	
+	@echo
-	
+
 build: gluon-prepare
-	${GLUON_MAKE}
+	for target in ${GLUON_TARGETS}; do \
 		echo ""Building target $$target""; \
 		${GLUON_MAKE} GLUON_TARGET="$$target"; \
 	done
 manifest: build
 	${GLUON_MAKE} manifest
--- a/i18n/de.po
+++ b/i18n/de.po
@ -0,0 +1,37 @@
 msgid ""
 msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Project-Id-Version: PACKAGE VERSION\n"
 "PO-Revision-Date: 2015-05-16 19:31+0200\n"
 "Last-Translator: Bastian Maeuser <mephisto@mephis.to>\n"
 "Language-Team: German\n"
 "Language: de\n"
 "MIME-Version: 1.0\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 msgid "gluon-config-mode:welcome"
 msgstr ""
 "Willkommen zum Einrichtungsassistenten für deinen neuen Regensburger "
 "Freifunk-Knoten. Fülle das folgende Formular deinen Vorstellungen "
 "entsprechend aus und sende es ab."
 msgid "gluon-config-mode:pubkey"
 msgstr ""
 msgid "gluon-config-mode:reboot"
 msgstr ""
 "<p>Dein Knoten startet gerade neu und wird anschließend versuchen, sich "
 "mit anderen Freifunk-Knoten in seiner Nähe zu verbinden. Weitere "
 "Informationen zur Regensburger Freifunk-Community findest du auf "
 "<a href=\"http://regensburg.freifunk.net/\">unserer Webseite</a>. Wenn "
 "alles geklappt hat, wirst du in ein paar Minuten unter "
 "<a href=\"http://regensburg.freifunk.net/meshviewer/\">regensburg.freifunk.net/meshviewer/</a> "
 "deinen Knoten finden.</p> "
 "<p>Um zu dieser Konfigurationsseite zurückzugelangen, drücke im normalen "
 "Betrieb für drei Sekunden den Reset-Button. Das Gerät wird dann im Config "
 "Mode neustarten.</p>"
 "<p>Wenn Du mehr über Freifunk in Regensburg erfahren möchtest, dann besuche "
 "uns doch einfach Montag in der <a href=\"http://www.binary-kitchen.de\">Binary Kitchen</a> "
 "wo meistens jemand von uns jemand zugegen ist, oder im IRC Netz hackint/#freifunkR </p> "
 "<p>Viel Spaß mit deinem Knoten und der Erkundung von Freifunk!</p> "
--- a/i18n/en.po
+++ b/i18n/en.po
@ -0,0 +1,30 @@
 msgid ""
 msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Project-Id-Version: PACKAGE VERSION\n"
 "PO-Revision-Date: 2015-05-16 19:31+0200\n"
 "Last-Translator: Bastian Maeuser <mephisto@mephis.to>\n"
 "Language-Team: English\n"
 "Language: en\n"
 "MIME-Version: 1.0\n"
 "Content-Transfer-Encoding: 8bit\n"
 "Plural-Forms: nplurals=2; plural=(n != 1);\n"
 msgid "gluon-config-mode:welcome"
 msgstr ""
 "Welcome the the setup wizard of your new Freifunk Regensburg node. "
 "Please fill out the following form and transmit it."
 msgid "gluon-config-mode:pubkey"
 msgstr ""
 msgid "gluon-config-mode:reboot"
 msgstr ""
 "<p>Your node is currently rebooting and will try to connect to other "
 "nearby Freifunk nodes. It should appear on our map at "
 "<a href=\"http://regensburg.freifunk.net/meshviewer/\">regensburg.freifunk.net/meshviewer/</a> "
 "in a few minutes.</p> "
 "<p>To get back to this configuration interface, press the reset button for "
 "3 seconds during normal operation. The device will then reboot into config "
 "mode.</p>"
 "<p>Have fun with your node and exploring the Freifunk network!</p>"
--- a/3
+++ b/3
@ -0,0 +1,3 @@
 GLUON_SITE_FEEDS='ffmuc_packages'
 PACKAGES_FFMUC_PACKAGES_REPO=https://github.com/freifunkMUC/gluon-packages.git
 PACKAGES_FFMUC_PACKAGES_COMMIT=82e721ad5d7c9eca8728954cfa1ab1d5b9168487
--- a/site.conf
+++ b/site.conf
@ -1,235 +1,106 @@
 --[[	
 	gluon site.conf ffrgb
        This file contains the Munich freifunk site.conf which was adopted from the original freifunk suite used in Luebeck. 
 	There are comments added to most switches to explain the usage of gluon.
 	This is lua code now, not perl anymore.
 	Happy compiling!
 ]]
 {
-	--[[	Community settings
+  hostname_prefix = 'freifunk',
-	hostname_prefix:	Nodename prefix
+  site_name = 'Freifunk Regensburg',
-	freifunk-abcdef123456 (hex-part is generated from node's MAC address)
+  site_code = 'ffsad-bat15',
-	site_name:			Name of your community
+  opkg_repo = 'http://openwrt.draic.info/barrier_breaker/14.07/%S/packages',
 	site_code:			Shortcode of your community
 	]]
-	hostname_prefix = 'freifunk',
+  prefix4 = '10.90.0.0/16',
-	site_name = 'Freifunk Regensburg',
+  prefix6 = 'fdef:f00f:1337:cafe/64',
-	site_code = 'ffrgb-bat15',
+
-	opkg_repo = 'http://openwrt.draic.info/barrier_breaker/14.07/%S/packages',
+  timezone = 'CET-1CEST,M3.5.0,M10.5.0/3',
  ntp_servers = {'1.ntp.services.ffrgb','2.ntp.services.ffrgb'},
  mesh_on_wan = true,
  regdom = 'DE',
  wifi24 = {
    ssid = 'schwandorf.freifunk.net',
    channel = 1,
    htmode = 'HT40+',
    mesh_ssid = 'mesh.ffrgb',
    mesh_bssid = '02:0E:8E:1E:61:17',
    mesh_mcast_rate = 12000,
  },
  wifi5 = {
    ssid = 'schwandorf.freifunk.net',
    channel = 44,
    htmode = 'HT40+',
    mesh_ssid = 'mesh.ffrgb',
    mesh_bssid = '02:0E:8E:1E:61:17',
    mesh_mcast_rate = 12000,
  },
  next_node = {
    ip4 = '10.90.0.1',
    ip6 = 'fdef:f00f:1337:cafe::1',
    mac = '16:41:95:40:f7:dd',
  },
-	--[[	General network settings
+  fastd_mesh_vpn = {
-	prefix4:			IPv4 range of your community
+    methods = {'salsa2012+umac'},
-	prefix6:			IPv6 range of your community
+    mtu = 1426,
-		is also required for radvd  ]]
+    groups = {
-
+      backbone = {
-	prefix4 = '10.90.0.0/16',
+      limit = 2,
-	prefix6 = 'fdef:f00f:1337:cafe/64',
+        peers = {
-
+          gw01 = {   --[[ sven ]]
-
+            key = '58c2ac30c4693e8fde59c3794ac4c09748ec6a969e9688c42e144f5382e16e66',
-	--[[	NTP settings
+            remotes = {
-		Synchronize the time of the nodes
+              'ipv4 "78.47.168.108" port 10000',
-		timezone: Timezone of your community
+            },
-		http://wiki.openwrt.org/doc/uci/system#time.zones
+          },
-		ntp_servers: List of NTP-Servers to query. You can use any public and/or your private NTP-Servers of your community.
+          gw04 = {   --[[ mephisto ]]
-		http://www.pool.ntp.org/zone/de ]]
+            key = '40ebfaf04da006d9150d3d8adeaab0dfa62ca645b416403537cb009bbf2125b5',
-
+            remotes = {
-	timezone = 'CET-1CEST,M3.5.0,M10.5.0/3',
+              'ipv4 "213.166.225.5" port 10000',
-	ntp_servers = {'1.ntp.services.ffrgb','2.ntp.services.ffrgb'},
+            },
-
+          },
 	--[[	Wireless settings
 		regdom: IEEE 802.11 Regulatory Domain
 		http://en.wikipedia.org/wiki/IEEE_802.11#Regulatory_domains_and_legal_compliance
 		wifi24: Wifi settings for 2.4 GHz frequency devices
 		wifi5: Wifi settings for 5 GHz frequency devices
 		sub
 		ssid: Wifi name shown to the user (We recommend %site_code%.freifunk.net)
 		channel: Wifi channel to use
 		htmode:	Specifies the channel width in 802.11n and 802.11ac mode, possible values are:
 						HT20 (single 20MHz channel),
 						HT40- (2x 20MHz channels, primary/control channel is upper, secondary channel is below)
 						HT40+ (2x 20MHz channels, primary/control channel is lower, secondary channel is above).
 						VHT20 / VHT40 / VHT80 / VHT160 (channel width in 802.11ac, extra channels are picked according to the specification)
 		http://wiki.openwrt.org/doc/uci/wireless#common.options (-> htmode)
 		mesh_ssid: SSID of the mesh-interface, an ugly SSID prevent clients from connecting (We recommend not to change this)
 		mesh_bssid: BSSID of the mesh-interface
 		mesh_mcast_rate: multicast rate of the mesh-interface ]]
 	regdom = 'DE',
 	wifi24 = {
 		ssid = 'schwandorf.freifunk.net',
 		channel = 1,
 		htmode = 'HT40+',
 		mesh_ssid = 'mesh.ffrgb',
 		mesh_bssid = '02:0E:8E:1E:61:17',  --[[ from https://muenchen.freifunk.net/wiki/Knoten#B.A.T.M.A.N._Advanced ]]
 		mesh_mcast_rate = 12000,
 	},
 	wifi5 = {
 		ssid = 'schwandorf.freifunk.net',
 		channel = 44,
 		htmode = 'HT40+',
 		mesh_ssid = 'mesh.ffrgb',
 		mesh_bssid = '02:0E:8E:1E:61:17',
 		mesh_mcast_rate = 12000,
 	},
 	--[[	Next-Node
 		next_node: Howto reach the node you are currently connected to
 		The node will always be reachable at that address, and it's the same on all nodes. Because next_node packets are redirected within the node itself, there will be no conflicts.
 		sub
 		ip4: IPv4 Address to use
 		ip6: IPv6 Address to use
 		mac: MAC Address to use
 		(TODO: What is the purpose of this MAC-Address here?) ]]
 	next_node = {
 		 ip4 = '10.90.0.1',
 		 ip6 = 'fdef:f00f:1337:cafe::1',
 		 mac = '16:41:95:40:f7:dd',
 	},
 	--[[	Gateway settings
 		fastd_mesh_vpn:	fastd vpn settings
 		https://projects.universe-factory.net/projects/fastd/wiki/User_manual
 		sub
 		methods: encryption algorithms to use
 		https://projects.universe-factory.net/projects/fastd/wiki/Methods
 		When multiple method statements are given, the first one has the highest preference.
 		mtu: package size
 		backbone: fastd vpn gateways of your community
 		sub
 		limit: Number of gateways each node connects to
 		On startup, each node tries to connect to every gateway, and then chooses the number of 'limit' fastest gateways it could reach
 		peers: Gateways
 		sub sub
 		key: public fastd key of your gateway
 		https://github.com/tcatm/ecdsautils
 		remotes: List of fastd configuration strings to connect to your gateway server ]]
 	fastd_mesh_vpn = {
                methods = {'salsa2012+umac','salsa2012+gmac'},
                mtu = 1426,
                backbone = {
                        limit = 2,
                        peers = {
                                 vpn_gw01 = {   --[[ VPN Server von Sven (hetzner) ]]
                                        key = '58c2ac30c4693e8fde59c3794ac4c09748ec6a969e9688c42e144f5382e16e66',
                                        remotes = {'ipv4 "78.47.168.108" port 10000'},
                                        },
                                 vpn_gw04 = {   --[[ VPN Server von mephisto ]]
                                        key = '40ebfaf04da006d9150d3d8adeaab0dfa62ca645b416403537cb009bbf2125b5',
                                        remotes = {'ipv4 "213.166.225.5" port 10000'},
                                        },
                                },
                           },
                     },
       --[[	gluon autoupdater section 
 		a how-to can be found here: http://gluon.readthedocs.org/en/latest/features/autoupdater.html
 		enable: 0, 1 
 		branch: stable, beta, experimental
 		name: name of the branch
 		mirrors: comma separated ipv6 based mirror-servers to access the firmware image
 		good_signatures: number of at leased good signatures signed by the authors of the firmware
 		pubkeys: public keys of the authors of the firmware image ]]
 autoupdater = {
 		enabled = 1,
 		branch = 'stable',
 		branches = {
 			stable = {
 				name = 'stable',
 				mirrors = {
          'http://[fdef:f00f:1337:cafe::11]/firmware-sad/stable/sysupgrade/',
        },
-				probability = 0.08,
+      },
-				good_signatures = 2,
+    },
-				pubkeys = {
+  },
  autoupdater = {
    enabled = 1,
    branch = 'stable',
    branches = {
      stable = {
        name = 'stable',
        mirrors = {
          'http://[fdef:f00f:1337:cafe::11]/sad/firmware/stable/sysupgrade/',
        },
        probability = 0.1,
        good_signatures = 1,
        pubkeys = {
          '4d6b1a8e2ecfdb59469c38c3659916dd6046cd5270ddd31c3319b21c508eaa07', -- mephisto
-	  '130ff01b6c8df0349c977a5c9539775209493bc771b713e5b3e58cc1d7c4145a', -- duff
+          '130ff01b6c8df0349c977a5c9539775209493bc771b713e5b3e58cc1d7c4145a', -- sven
-				},
+        },
-			},
+      },
-			experimental = {
+      experimental = {
        name = 'experimental',
-				mirrors = {
+        mirrors = {
-          'http://[fdef:f00f:1337:cafe::11]/firmware-sad/experimental/sysupgrade/',
+          'http://[fdef:f00f:1337:cafe::11]/sad/firmware/experimental/sysupgrade/',
        },
-				probability = 0.1,
+        probability = 0.5,
-				good_signatures = 1,
+        good_signatures = 1,
-				pubkeys = {
+        pubkeys = {
          '4d6b1a8e2ecfdb59469c38c3659916dd6046cd5270ddd31c3319b21c508eaa07', -- mephisto
-				},
+	  '130ff01b6c8df0349c977a5c9539775209493bc771b713e5b3e58cc1d7c4145a', -- sven
-			},
+        },
-		},
+      },
-	},
+    },
  },
-
+  simple_tc = {
-
+    mesh_vpn = {
-	--[[	Simple TC settings to limit the bandwidth of the vpn-uplink
+      ifname = 'mesh-vpn',
-		mesh_vpn:
+      enabled = false,
-		sub
+      limit_egress = 1200,
-		ifname:		name of the interface/bridge
+      limit_ingress = 12000,
-		enabled:	default-value
+    },
-		limit_egress:	default-value
+  },
 		limit_ingress:	default-value ]]
 	simple_tc = {
 		mesh_vpn = {
 			ifname = 'mesh-vpn',
 			enabled = false,
 			limit_egress = 200,
 			limit_ingress = 3000,
 		},
 	},
 	--[[	Config Mode settings
 		Text shown on local website on node while in config mode (after initial flashing or after a long press and hold on the primary button and reboot). You can use html here.
 		msg_welcome: Welcome message shown at startup
 		msg_pubkey: Instructions for the user how your community handles the key exchange
 		only shown if VPN setting is selected
 		msg_reboot: Message shown when configuration is finished while the node is rebooting.
 		Variables
 		Within the text given here you can use variables which are
 		replaced when the respective website is delivered to the user.
 		Variables must be used in the format <%=NAME%>. See msg_pubkey for an example.
 		hostname: hostname of the node
 		pubkey: fastd public key of the node
 		sysconfig.primary_mac	the primary mac of the node, also found printed beneath the device
 		... other sysconfig.* variables: config_ifname, lan_ifname, wan_ifname ]]
 	config_mode = {
 		msg_welcome = [[
 Willkommen zum Einrichtungsassistenten für deinen neuen Regensburger
 Freifunk-Knoten. Fülle das folgende Formular deinen Vorstellungen
 entsprechend aus und sende es ab.
 ]],
 		msg_pubkey = [[
 ]],
 		msg_reboot = [[
 <p>
 Dein Knoten startet gerade neu und wird anschließend versuchen,
 sich mit anderen Freifunk-Knoten in seiner Nähe zu
 verbinden. Weitere Informationen zur
 Regensburger Freifunk-Community findest du auf
 <a href="http://regensburg.freifunk.net/">unserer Webseite</a>.
 </p>
 <p>
 Viel Spaß mit deinem Knoten und der Erkundung von Freifunk!
 </p>
 ]],
 	},
 }
 -- vim: set ft=lua:ts=2:sw=2:et
--- a/site.mk
+++ b/site.mk
@ -3,6 +3,7 @@ GLUON_SITE_PACKAGES := \
 	gluon-alfred \
 	gluon-announced \
 	gluon-autoupdater \
 	gluon-config-mode-core \
 	gluon-config-mode-autoupdater \
 	gluon-config-mode-hostname \
 	gluon-config-mode-mesh-vpn \
@ -13,14 +14,18 @@ GLUON_SITE_PACKAGES := \
 	gluon-luci-admin \
 	gluon-luci-autoupdater \
 	gluon-luci-portconfig \
 	gluon-luci-wifi-config \
 	gluon-luci-private-wifi \
 	gluon-next-node \
 	gluon-mesh-vpn-fastd \
 	gluon-radvd \
 	gluon-setup-mode \
 	gluon-status-page \
 	iwinfo \
 	iptables \
-	haveged
+	haveged \
 	gluon-ebtables-filter-arp-ffmuc \
 	gluon-ebtables-filter-multicast-ffmuc
 DEFAULT_GLUON_RELEASE := snapshot~$(shell date '+%Y%m%d')
@ -29,3 +34,6 @@ DEFAULT_GLUON_RELEASE := snapshot~$(shell date '+%Y%m%d')
 GLUON_RELEASE ?= $(DEFAULT_GLUON_RELEASE)
 GLUON_PRIORITY ?= 0
 # Languages to include
 GLUON_LANGS ?= en de