use File::Temp qw/ tempfile tempdir /;
use strict;
use Archive::Zip qw(:ERROR_CODES :CONSTANTS);
+use Sort::Naturally;
require '/var/ipfire/general-functions.pl';
require "${General::swroot}/lang.pl";
require "${General::swroot}/header.pl";
unlink ("${General::swroot}/ovpn/certs/$hexvalue.pem");
}
}
-
sub checkportfw {
- my $KEY2 = $_[0]; # key2
- my $SRC_PORT = $_[1]; # src_port
- my $PROTOCOL = $_[2]; # protocol
- my $SRC_IP = $_[3]; # sourceip
-
- my $pfwfilename = "${General::swroot}/portfw/config";
- open(FILE, $pfwfilename) or die 'Unable to open config file.';
- my @pfwcurrent = <FILE>;
- close(FILE);
- my $pfwkey1 = 0; # used for finding last sequence number used
- foreach my $pfwline (@pfwcurrent)
- {
- my @pfwtemp = split(/\,/,$pfwline);
-
- chomp ($pfwtemp[8]);
- if ($KEY2 eq "0"){ # if key2 is 0 then it is a portfw addition
- if ( $SRC_PORT eq $pfwtemp[3] &&
- $PROTOCOL eq $pfwtemp[2] &&
- $SRC_IP eq $pfwtemp[7])
- {
- $errormessage = "$Lang::tr{'source port in use'} $SRC_PORT";
- }
- # Check if key2 = 0, if it is then it is a port forward entry and we want the sequence number
- if ( $pfwtemp[1] eq "0") {
- $pfwkey1=$pfwtemp[0];
- }
- # Darren Critchley - Duplicate or overlapping Port range check
- if ($pfwtemp[1] eq "0" &&
- $PROTOCOL eq $pfwtemp[2] &&
- $SRC_IP eq $pfwtemp[7] &&
- $errormessage eq '')
- {
- &portchecks($SRC_PORT, $pfwtemp[5]);
-# &portchecks($pfwtemp[3], $pfwtemp[5]);
-# &portchecks($pfwtemp[3], $SRC_IP);
+ my $DPORT = shift;
+ my $DPROT = shift;
+ my %natconfig =();
+ my $confignat = "${General::swroot}/firewall/config";
+ $DPROT= uc ($DPROT);
+ &General::readhasharray($confignat, \%natconfig);
+ foreach my $key (sort keys %natconfig){
+ my @portarray = split (/\|/,$natconfig{$key}[30]);
+ foreach my $value (@portarray){
+ if ($value =~ /:/i){
+ my ($a,$b) = split (":",$value);
+ if ($DPROT eq $natconfig{$key}[12] && $DPORT gt $a && $DPORT lt $b){
+ $errormessage= "$Lang::tr{'source port in use'} $DPORT";
+ }
+ }else{
+ if ($DPROT eq $natconfig{$key}[12] && $DPORT eq $value){
+ $errormessage= "$Lang::tr{'source port in use'} $DPORT";
+ }
+ }
}
}
- }
-# $errormessage="$KEY2 $SRC_PORT $PROTOCOL $SRC_IP";
-
- return;
+ return;
}
sub checkportoverlap
return 0;
}
}
-# Darren Critchley - Duplicate or overlapping Port range check
-sub portchecks
-{
- my $p1 = $_[0]; # New port range
- my $p2 = $_[1]; # existing port range
-# $_ = $_[0];
- our ($prtrange1, $prtrange2);
- $prtrange1 = 0;
-# if (m/:/ && $prtrange1 == 1) { # comparing two port ranges
-# unless (&checkportoverlap($p1,$p2)) {
-# $errormessage = "$Lang::tr{'source port overlaps'} $p1";
-# }
-# }
- if (m/:/ && $prtrange1 == 0 && $errormessage eq '') { # compare one port to a range
- unless (&checkportinc($p2,$p1)) {
- $errormessage = "$Lang::tr{'srcprt within existing'} $p1";
- }
- }
- $prtrange1 = 1;
- if (! m/:/ && $prtrange1 == 1 && $errormessage eq '') { # compare one port to a range
- unless (&checkportinc($p1,$p2)) {
- $errormessage = "$Lang::tr{'srcprt range overlaps'} $p2";
- }
- }
- return;
-}
# Darren Critchley - certain ports are reserved for IPFire
# TCP 67,68,81,222,445
if ($sovpnsettings{DHCP_WINS} ne '') {
print CONF "max-clients $sovpnsettings{MAX_CLIENTS}\n";
}
- print CONF "tls-verify /var/ipfire/ovpn/verify\n";
+ print CONF "tls-verify /usr/lib/openvpn/verify\n";
print CONF "crl-verify /var/ipfire/ovpn/crls/cacrl.pem\n";
print CONF "user nobody\n";
print CONF "group nobody\n";
if ($cgiparams{'ENABLED'} eq 'on'){
- &checkportfw(0,$cgiparams{'DDEST_PORT'},$cgiparams{'DPROTOCOL'},'0.0.0.0');
+ &checkportfw($cgiparams{'DDEST_PORT'},$cgiparams{'DPROTOCOL'});
}
if ($errormessage) { goto SETTINGS_ERROR; }
</tr>
END
;
- my $id = 0;
- my $gif;
- foreach my $key (sort { uc($confighash{$a}[1]) cmp uc($confighash{$b}[1]) } keys %confighash) {
- if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
-
+ my $id = 0;
+ my $gif;
+ foreach my $key (sort { ncmp ($confighash{$a}[1],$confighash{$b}[1]) } keys %confighash) {
+ if ($confighash{$key}[0] eq 'on') { $gif = 'on.gif'; } else { $gif = 'off.gif'; }
if ($id % 2) {
print "<tr bgcolor='$color{'color20'}'>\n";
} else {
NAME="IPFire" # Software name
SNAME="ipfire" # Short name
VERSION="2.13" # Version number
- CORE="74" # Core Level (Filename)
+ CORE="75" # Core Level (Filename)
PAKFIRE_CORE="74" # Core Level (PAKFIRE)
GIT_BRANCH=`git status | head -n1 | cut -d" " -f4` # Git Branch
SLOGAN="www.ipfire.org" # Software slogan
CONFIG_ROOT=/var/ipfire # Configuration rootdir
NICE=10 # Nice level
MAX_RETRIES=1 # prefetch/check loop
-BUILD_IMAGES=1 # Build USB, Flash and Xen Images
+BUILD_IMAGES=1 # Flash and Xen Downloader
KVER=`grep --max-count=1 VER lfs/linux | awk '{ print $3 }'`
MACHINE=`uname -m`
GIT_TAG=$(git tag | tail -1) # Git Tag
GIT_LASTCOMMIT=$(git log | head -n1 | cut -d" " -f2 |head -c8) # Last commit
-TOOLCHAINVER=6
+TOOLCHAINVER=7
BUILDMACHINE=$MACHINE
if [ "$MACHINE" = "x86_64" ]; then
[ -z $EDITOR ] && exiterror "You should have installed an editor."
fi
+# Prepare string for /etc/system-release.
+SYSTEM_RELEASE="${NAME} ${VERSION} (${MACHINE})"
+if [ "$(git status -s | wc -l)" == "0" ]; then
+ GIT_STATUS=""
+else
+ GIT_STATUS="-dirty"
+fi
+case "$GIT_BRANCH" in
+ core*|beta?|rc?)
+ SYSTEM_RELEASE="${SYSTEM_RELEASE} - $GIT_BRANCH$GIT_STATUS"
+ ;;
+ *)
+ SYSTEM_RELEASE="${SYSTEM_RELEASE} - Development Build: $GIT_BRANCH/$GIT_LASTCOMMIT$GIT_STATUS"
+ ;;
+esac
+
prepareenv() {
############################################################################
# #
lfsmake2 make
lfsmake2 man
lfsmake2 mktemp
- lfsmake2 module-init-tools
+ lfsmake2 kmod
lfsmake2 net-tools
lfsmake2 patch
lfsmake2 psmisc
lfsmake2 sysvinit
lfsmake2 tar
lfsmake2 texinfo
- lfsmake2 udev
lfsmake2 util-linux
+ lfsmake2 udev
lfsmake2 vim
lfsmake2 xz
+ lfsmake2 paxctl
lfsmake2 grub
}
ipfiremake dhcp
ipfiremake dhcpcd
ipfiremake libusb
+ ipfiremake libusbx
ipfiremake libpcap
ipfiremake ppp
ipfiremake pptp
ipfiremake dvb-firmwares
ipfiremake zd1211-firmware
ipfiremake rpi-firmware
+ ipfiremake bc
ipfiremake u-boot
if [ "${MACHINE_TYPE}" != "arm" ]; then
- # x86-xen (Legacy XEN) kernel build
- ipfiremake linux2 KCFG="-xen"
- ipfiremake v4l-dvb KCFG="-xen"
- ipfiremake mISDN KCFG="-xen"
- ipfiremake cryptodev KCFG="-xen"
- ipfiremake compat-drivers KCFG="-xen"
- ipfiremake r8169 KCFG="-xen"
- ipfiremake r8168 KCFG="-xen"
- ipfiremake r8101 KCFG="-xen"
- ipfiremake e1000 KCFG="-xen"
- ipfiremake e1000e KCFG="-xen"
- ipfiremake igb KCFG="-xen"
-
# x86-pae (Native and new XEN) kernel build
ipfiremake linux KCFG="-pae"
- ipfiremake kvm-kmod KCFG="-pae"
- ipfiremake v4l-dvb KCFG="-pae"
- ipfiremake mISDN KCFG="-pae"
+# ipfiremake kvm-kmod KCFG="-pae"
+# ipfiremake v4l-dvb KCFG="-pae"
+# ipfiremake mISDN KCFG="-pae"
ipfiremake cryptodev KCFG="-pae"
- ipfiremake compat-drivers KCFG="-pae"
- ipfiremake r8169 KCFG="-pae"
- ipfiremake r8168 KCFG="-pae"
- ipfiremake r8101 KCFG="-pae"
- ipfiremake e1000e KCFG="-pae"
- ipfiremake igb KCFG="-pae"
+# ipfiremake compat-drivers KCFG="-pae"
+# ipfiremake r8169 KCFG="-pae"
+# ipfiremake r8168 KCFG="-pae"
+# ipfiremake r8101 KCFG="-pae"
+# ipfiremake e1000e KCFG="-pae"
+# ipfiremake igb KCFG="-pae"
# x86 kernel build
ipfiremake linux KCFG=""
- ipfiremake kvm-kmod KCFG=""
- ipfiremake v4l-dvb KCFG=""
- ipfiremake mISDN KCFG=""
+# ipfiremake kvm-kmod KCFG=""
+# ipfiremake v4l-dvb KCFG=""
+# ipfiremake mISDN KCFG=""
ipfiremake cryptodev KCFG=""
- ipfiremake compat-drivers KCFG=""
- ipfiremake r8169 KCFG=""
- ipfiremake r8168 KCFG=""
- ipfiremake r8101 KCFG=""
- ipfiremake e1000e KCFG=""
- ipfiremake igb KCFG=""
+# ipfiremake compat-drivers KCFG=""
+# ipfiremake r8169 KCFG=""
+# ipfiremake r8168 KCFG=""
+# ipfiremake r8101 KCFG=""
+# ipfiremake e1000e KCFG=""
+# ipfiremake igb KCFG=""
else
# arm-rpi (Raspberry Pi) kernel build
ipfiremake linux KCFG="-rpi"
- ipfiremake v4l-dvb KCFG="-rpi"
- ipfiremake mISDN KCFG="-rpi" NOPCI=1
+# ipfiremake v4l-dvb KCFG="-rpi"
+# ipfiremake mISDN KCFG="-rpi" NOPCI=1
ipfiremake cryptodev KCFG="-rpi"
- ipfiremake compat-drivers KCFG="-rpi"
+# ipfiremake compat-drivers KCFG="-rpi"
- # arm-omap (Panda Board) kernel build
- ipfiremake linux KCFG="-omap"
- ipfiremake v4l-dvb KCFG="-omap"
- ipfiremake mISDN KCFG="-omap" NOPCI=1
- ipfiremake cryptodev KCFG="-omap"
- ipfiremake compat-drivers KCFG="-omap"
+ # arm multi platform (Panda, Wandboard ...) kernel build
+ ipfiremake linux KCFG="-multi"
+ ipfiremake cryptodev KCFG="-multi"
# arm-kirkwood (Dreamplug, ICY-Box ...) kernel build
ipfiremake linux KCFG="-kirkwood"
- ipfiremake v4l-dvb KCFG="-kirkwood"
- ipfiremake mISDN KCFG="-kirkwood"
+# ipfiremake v4l-dvb KCFG="-kirkwood"
+# ipfiremake mISDN KCFG="-kirkwood"
ipfiremake cryptodev KCFG="-kirkwood"
- ipfiremake compat-drivers KCFG="-kirkwood"
- ipfiremake r8169 KCFG="-kirkwood"
- ipfiremake r8168 KCFG="-kirkwood"
- ipfiremake r8101 KCFG="-kirkwood"
-# ipfiremake e1000e KCFG="-kirkwood"
- ipfiremake igb KCFG="-kirkwood"
+# ipfiremake compat-drivers KCFG="-kirkwood"
+# ipfiremake r8169 KCFG="-kirkwood"
+# ipfiremake r8168 KCFG="-kirkwood"
+# ipfiremake r8101 KCFG="-kirkwood"
+# ipfiremake e1000e KCFG="-kirkwood"
+# ipfiremake igb KCFG="-kirkwood"
fi
ipfiremake pkg-config
ipfiremake gdbm
ipfiremake pam
ipfiremake openssl
+ ipfiremake openssl-compat
ipfiremake curl
ipfiremake tcl
ipfiremake sqlite
ipfiremake apache2
ipfiremake php
ipfiremake apache2 PASS=C
+ ipfiremake jquery
ipfiremake arping
ipfiremake beep
ipfiremake dvdrtools
ipfiremake lzo
ipfiremake openvpn
ipfiremake pammysql
+ ipfiremake mpage
+ ipfiremake dbus
ipfiremake cups
ipfiremake ghostscript
ipfiremake foomatic
ipfiremake mpc
ipfiremake git
ipfiremake squidclamav
- ipfiremake bc
ipfiremake vnstat
ipfiremake vnstati
ipfiremake iw
ipfiremake syslinux
ipfiremake tftpd
ipfiremake cpufrequtils
- ipfiremake dbus
ipfiremake bluetooth
ipfiremake gutenprint
ipfiremake apcupsd
ipfiremake arm
ipfiremake wavemon
ipfiremake iptraf-ng
- echo Build on $HOSTNAME > $BASEDIR/build/var/ipfire/firebuild
- cat /proc/version >> $BASEDIR/build/var/ipfire/firebuild
- echo >> $BASEDIR/build/var/ipfire/firebuild
- git log -1 >> $BASEDIR/build/var/ipfire/firebuild
- echo >> $BASEDIR/build/var/ipfire/firebuild
- git status >> $BASEDIR/build/var/ipfire/firebuild
- echo >> $BASEDIR/build/var/ipfire/firebuild
- cat /proc/cpuinfo >> $BASEDIR/build/var/ipfire/firebuild
- echo $PAKFIRE_CORE > $BASEDIR/build/opt/pakfire/db/core/mine
- if [ "$(git status -s | wc -l)" == "0" ]; then
- GIT_STATUS=""
- else
- GIT_STATUS="-dirty"
- fi
- case "$GIT_BRANCH" in
- core*|beta?|rc?)
- echo "$NAME $VERSION ($MACHINE) - $GIT_BRANCH$GIT_STATUS" > $BASEDIR/build/etc/system-release
- ;;
- *)
- echo "$NAME $VERSION ($MACHINE) - Development Build: $GIT_BRANCH/$GIT_LASTCOMMIT$GIT_STATUS" > $BASEDIR/build/etc/system-release
- ;;
- esac
+ ipfiremake iotop
}
buildinstaller() {
# Run installer scripts one by one
LOGFILE="$BASEDIR/log/_build.installer.log"
export LOGFILE
- ipfiremake as86
- ipfiremake mbr
ipfiremake memtest
ipfiremake installer
installmake strip
# Check if there is a loop device for building in virtual environments
if [ $BUILD_IMAGES == 1 ] && ([ -e /dev/loop/0 ] || [ -e /dev/loop0 ]); then
- if [ "${MACHINE_TYPE}" != "arm" ]; then
- ipfiremake usb-stick
- fi
ipfiremake flash-images
fi
ipfirepackages
- # Check if there is a loop device for building in virtual environments
- if [ $BUILD_IMAGES == 1 ] && ([ -e /dev/loop/0 ] || [ -e /dev/loop0 ]) && [ "${MACHINE_TYPE}" != "arm" ]; then
- cp -f $BASEDIR/packages/linux-xen-*.ipfire $LFS/install/packages/
- cp -f $BASEDIR/packages/meta-linux-xen $LFS/install/packages/
- cp -f $BASEDIR/packages/linux-pae-*.ipfire $LFS/install/packages/
- cp -f $BASEDIR/packages/meta-linux-pae $LFS/install/packages/
- ipfiremake xen-image
- rm -rf $LFS/install/packages/linux-xen-*.ipfire
- rm -rf $LFS/install/packages/meta-linux-xen
- fi
+ ipfiremake xen-image
mv $LFS/install/images/*.bz2 $BASEDIR >> $LOGFILE 2>&1
cd $BASEDIR
projects / people / teissler / ipfire-2.x.git / commitdiff
