The common pattern for global variable is, to write the variable name in
capital letters. This improves maintainability in shell scripts.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
The variable 'auth_file' is not used in the following programm sequence.
It therefore only makes sense to add it as a call parameter via 'append'
when calling the the 'proto_run_commmand'.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
This was forgotten during renameing of this option.
Fixes: e026ce0f ("openvpn: handle ovpnproto exclusively")
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Use the ALTERNATIVES symlink handling to avoid conflicts with busybox
lsusb tool. Otherwise this package can not be installed if you also have
enabled lsusb from busybox.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Use the ALTERNATIVES symlink handling to avoid conflicts with busybox
lspci tool. Otherwise this package can not be installed if you also have
enabled lspci from busybox.
Signed-off-by: Martin Schiller <ms@dev.tdt.de>
Bump PKG_RELEASE to reflect fixes to UCI init script config
generation for missing/unset options and RestrictOID handling.
Signed-off-by: Eric McDonald <librick-openwrt@proton.me>
snmpd_access_default_add, snmpd_access_HostName_add, and
snmpd_access_HostIP_add check if RestrictOID is `yes` or `no`
but fail to write a newline for other values of RestrictOID
(e.g., `true`, `false`) or if unset, corrupting the generated config.
Fix by using config_get_bool and restructuring to write either
a complete line or nothing. Also require RestrictedOID to be
non-empty when RestrictOID is enabled.
This is a breaking change for configs where RestrictOID is set
to a value that the old code did not match as `yes` (e.g., `true`,
`1`, `on`, `enabled`) but config_get_bool evaluates as true. In
practice, this is unlikely to affect existing installs unless a
user is unknowingly relying on unintended behavior or is deliberately
relying on the old code's non-standard boolean evaluation; this
latter case is considered unlikely by this commit's author. Configs
where RestrictOID is enabled but RestrictedOID is empty are also
affected; previously a directive with a trailing space was written,
now no directive is written.
Signed-off-by: Eric McDonald <librick-openwrt@proton.me>
snmpd_access_HostIP_add would write unintended output to the
config file if the IPMask option is not specified. Add an early
return to prevent writing in that case.
This is a breaking change for configs where IPMask is unset.
Previously, an empty IPMask option would result in a malformed
directive containing a trailing slash with no guaranteed newline,
the exact form of which depended on the values of other options.
Now, no directive is written.
Signed-off-by: Eric McDonald <librick-openwrt@proton.me>
snmpd_access_HostIP_add would write unintended output to the
config file if the HostIP option is not specified. Add an early
return to prevent writing in that case.
This is a breaking change for configs where HostIP is unset.
Previously, an empty HostIP option would result in a malformed
directive containing a bare /mask with no guaranteed newline, the
exact form of which depended on the values of other options.
Now, no directive is written.
Signed-off-by: Eric McDonald <librick-openwrt@proton.me>
snmpd_access_HostName_add would write unintended output to the
config file if the HostName option is not specified. Add an early
return to prevent writing in that case.
This is a breaking change for configs where HostName is unset.
Previously, an empty HostName option would result in a malformed
directive with a trailing space and no guaranteed newline, the
exact form of which depended on the values of other options.
Now, no directive is written.
Signed-off-by: Eric McDonald <librick-openwrt@proton.me>
snmpd_access_default_add, snmpd_access_HostName_add, and
snmpd_access_HostIP_add would write unintended output to the
config file if the CommunityName option is not specified. Add an
early return to each function to prevent writing in that case.
This is a breaking change for configs where CommunityName is
unset. Previously, an empty CommunityName option would result in
a malformed directive with a double space and no guaranteed
newline, the exact form of which depended on the values of other
options. Now, no directive is written.
Signed-off-by: Eric McDonald <librick-openwrt@proton.me>
snmpd_access_default_add, snmpd_access_HostName_add, and
snmpd_access_HostIP_add would write unintended output to the
config file if the Mode option is not specified. Add an early
return to each function to prevent writing in that case.
This is a breaking change for configs where Mode is unset.
Previously, an empty Mode option would result in a malformed
directive with a leading space and no guaranteed newline, the
exact form of which depended on the values of other options.
Now, no directive is written.
Signed-off-by: Eric McDonald <librick-openwrt@proton.me>
Changelog: https://github.com/netbirdio/netbird/releases/tag/v0.66.2
NetBird `v0.66.x` adds support for exposing a local HTTP service
from the CLI with the `netbird expose`[1] command, but only for
self-hosted deployments. Cloud support is coming.
[1]: https://docs.netbird.io/manage/reverse-proxy/expose-from-cli
---
`0.65.x` highlights
Changelog: https://github.com/netbirdio/netbird/releases/tag/v0.65.3
NetBird `v0.65.x` now includes a built-in reverse proxy[1], but only for
self-hosted deployments and is currently in beta. Cloud support is
coming soon.
Important: pre-shared keys or Rosenpass are currently incompatible with
the reverse proxy feature.
[1]: https://docs.netbird.io/manage/reverse-proxy
---
`v0.63.x` highlights
Changelog: https://github.com/netbirdio/netbird/releases/tag/v0.63.0
NetBird now supports private DNS zones[1].
[1]: https://docs.netbird.io/manage/dns/custom-zones
---
`v0.62.x` highlights
Changelog: https://github.com/netbirdio/netbird/releases/tag/v0.62.3
Upstream minimum Go requirement raised from `v1.24.x` to `v1.25.x`,
see the go.mod[1].
[1]: https://github.com/netbirdio/netbird/blob/v0.62.3/go.mod#L3-L5
---
Building `netbird` with Go 1.26.x fails with errors:
```
[...]
/builder/dl/go-mod-cache/gvisor.dev/gvisor@v0.0.0-20251031020517-ecfcdd2f171c/pkg/sync/runtime_constants_go126.go:22:2: WaitReasonSelect redeclared in this block
/builder/dl/go-mod-cache/gvisor.dev/gvisor@v0.0.0-20251031020517-ecfcdd2f171c/pkg/sync/runtime_constants_go125.go:22:2: other declaration of WaitReasonSelect
/builder/dl/go-mod-cache/gvisor.dev/gvisor@v0.0.0-20251031020517-ecfcdd2f171c/pkg/sync/runtime_constants_go126.go:23:2: WaitReasonChanReceive redeclared in this block
/builder/dl/go-mod-cache/gvisor.dev/gvisor@v0.0.0-20251031020517-ecfcdd2f171c/pkg/sync/runtime_constants_go125.go:23:2: other declaration of WaitReasonChanReceive
/builder/dl/go-mod-cache/gvisor.dev/gvisor@v0.0.0-20251031020517-ecfcdd2f171c/pkg/sync/runtime_constants_go126.go:24:2: WaitReasonSemacquire redeclared in this block
/builder/dl/go-mod-cache/gvisor.dev/gvisor@v0.0.0-20251031020517-ecfcdd2f171c/pkg/sync/runtime_constants_go125.go:24:2: other declaration of WaitReasonSemacquire
[...]
```
Upstream Issue: https://github.com/netbirdio/netbird/issues/5290
Upstream PR: https://github.com/netbirdio/netbird/pull/5447
Signed-off-by: Wesley Gimenes <wehagy@proton.me>
Add `NB_DNS_STATE_FILE="/var/lib/netbird/state.json"` to the init
environment. This moves the state from the directory
`/root/.config/netbird` to the file `/var/lib/netbird/state.json` to
avoid storage wear. Note: the file is not preserved across reboots.
The state file contains information such as locally disabled routes and
other data primarily useful for desktop clients. In OpenWrt setups,
these changes are normally handled by the NetBird `management` server.
This matches the behavior prior to `netbird` v0.52.x, I have not
received any reports that this file caused problems before, so it is
unlikely to cause issues now.
The previous state file `/root/.config/netbird/state.json` can be removed.
Signed-off-by: Wesley Gimenes <wehagy@proton.me>
* the suspend/resume function now uses the external
DNS bridge when this function is used
* refine the f_nftadd function
* more file debug logging
* LuCI: add unfiltered DNS-Server to the DNS bridge selection
* LuCI: minor fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
* add support for OpenVPN netifd detection (thanks @egc112)
* add support for disable LAN->WAN forwarding when `strict_enforcement` is
set on start and restart (thanks @egc112)
* fix: always create marking chains for interfaces
* fix: insert DSCP/ICMP-related nft rules after marking chains
* fix: shellcheck-related improvements
Signed-off-by: Stan Grishin <stangri@melmac.ca>
* bugfix: always print errors/warnings on non-quiet start
* bugfix: return proper enabled status in RPCD
* bugfix: return stupped status in RPCD when procd data is empty
* bugfix: correctly process verbosity=0
* delete LICENSE file and only keep it upstream
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Use wan_$DEVICENAME naming scheme instead of using consecutive numbering
for the network name.
This makes it easier to match the network interface to the corresponding
network.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
Set the device option for the network. This is solely for the ease of
matching the network to the corresponding network interface.
Signed-off-by: Chester A. Unal <chester.a.unal@arinc9.com>
The previous commit 09c14817 introduced TS_NO_LOGS_NO_SUPPORT but
used procd_set_param for a subsequent environment variable. This
overwrote the previous env setting, causing fw_mode to be missed.
Switch to procd_append_param to ensure all environment variables are
properly passed to the process.
Signed-off-by: Tung-Yi Chen <cmtsij@gmail.com>
bridge-utils is obsolete software because ip command has
bridge functionality. And OpenWrt uses BusyBox's brctl
by default, so most users will not be affected by this change.
Signed-off-by: Yanase Yuki <dev@zpc.st>
This software seems no longer maintained by upstream.
The latest upstream release is 10 years ago,
and no package depends on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
This software seems no longer maintained by upstream.
The latest upstream commit is 8 years ago,
and no package depends on this.
Signed-off-by: Yanase Yuki <dev@zpc.st>
These LLVM builds get deleted after a certain time, causing Rust builds
to break as the LLVM build can no longer be downloaded.
Fixes#27331.
Signed-off-by: Orne Brocaar <info@brocaar.com>
* fixed the debug errorfile handling
* fixed a typo in the nftadd function
* minor cornercase improvements
* LuCI: minor cleanups & fixes
Signed-off-by: Dirk Brenken <dev@brenken.org>
By moving the file to a subdirectory, it is easier to track where the file
is located on the target without having to check the Makefile every time.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
By moving the file to a subdirectory, it is easier to track where the file
is located on the target without having to check the Makefile every time.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
Move the 'INSTALL_DIR' creation in the make install target to the location
where the files are also installed. This prevents directories that are no
longer needed from being forgotten during refactoring.
Signed-off-by: Florian Eckert <fe@dev.tdt.de>
* bugfix: support TMP and final block-list destination on different
partitions
* update pause-related code/defaults/validation
Signed-off-by: Stan Grishin <stangri@melmac.ca>
Rather than having a database selection for SQLITE which prevents
the server or frontend from building, we add a 'basic'
variant for the proxy which uses sqlite3, and have the database
Kconfig affect only the server and frontend.
* There are now only three variants:
1. full, which is the default. It includes the full monitoring feature
set currently available on openwrt, including netsnmp, curl-based
checks, and ldap. In addition these features, plus the choice of
database and ssl provider (or no ssl) are configuration options for
this variant.
2. basic, which provides basic functions with openssl support
3. no-configure, for packages which are not part of the main Zabbix
compile process (including the WebUI which only requires copying
files for use by a web server with PHP CGI support).
* Full is the default variant for agentd and proxy, which are the only
packages with a choice between full and basic. All other packages only
are part of one variant.
* Full variants are the base version of the packages (that is
zabbix-agentd is the 'full' version while zabbix-agentd-basic is the
core version). The proxy version is named zabbix-proxy-basic-sqlite to
announce that it is using the sqlite3 database and not a database
server.
* get and sender only build if at least one of agentd, server, or proxy
are built. Therefore prevent selection get or sender when they would not
build.
* Zabbix's use of NetSNMP requires that Zabbix be build with OpenSSL
* While we are here, enable support for dates after 2038 (64-bit time_t)
* https://github.com/openwrt/packages/pull/28585#issuecomment-3984978895
* we updated the name to reflect that it is for basic functionality
that can standalone, rather then being a core the other packages
build on.
* basic has been used rather than tiny or small since the sentence
'Provides only tiny/small functionality with SSL/TLS' in the
description, sounds strange, but using basic this reads properly.
Signed-off-by: Daniel F. Dickinson <dfdpublic@wildtechgarden.ca>
Florian Eckert
Wei-Ting Yang
Martin Schiller
Eric McDonald
Niklas Thorild
Afiq Nazrie
Chester A. Unal
Vladimir Ulrich
Oliver Sedlbauer
Wesley Gimenes
Dirk Brenken
Stan Grishin
George Sapkin
Tung-Yi Chen
Yanase Yuki
Orne Brocaar
Sandro Jäckel
Daniel F. Dickinson