fix: Install zstandard 0.23.0 first for musllinux wheel support

The zstandard package required by mitmproxy 8.1.1 doesn't have musllinux wheels in older versions, causing pip to try compiling from source which fails without gcc on the router. Fix: Pre-install zstandard 0.23.0 which has musllinux aarch64 wheels before installing mitmproxy. Changes: - Bump version to 2.1.0 - Revert to pip-based installation (native build requires full toolchain) - Add zstandard 0.23.0 pre-install step in postinst - Restore wrapper scripts for mitmproxy/mitmdump/mitmweb Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-10 18:35:31 +01:00 · 2026-01-10 18:35:31 +01:00 · 71ed9ce7e3
commit 71ed9ce7e3
parent ff799a8016
4 changed files with 46 additions and 13 deletions
--- a/package/secubox/secubox-app-mitmproxy/Makefile
+++ b/package/secubox/secubox-app-mitmproxy/Makefile
@ -5,18 +5,23 @@
 #
 # secubox-app-mitmproxy - mitmproxy integration for SecuBox
 # Provides init scripts, UCI configuration, and control utilities
-# Uses native mitmproxy package (no pip required)
+# mitmproxy is installed via pip at runtime (with pre-built wheels)
 #

 include $(TOPDIR)/rules.mk

 PKG_NAME:=secubox-app-mitmproxy
-PKG_VERSION:=2.0.0
+PKG_VERSION:=2.1.0
 PKG_RELEASE:=1

 PKG_MAINTAINER:=CyberMind <contact@cybermind.fr>
 PKG_LICENSE:=MIT

+# mitmproxy version to install
+MITMPROXY_VERSION:=8.1.1
+# zstandard version with musllinux aarch64 wheels
+ZSTANDARD_VERSION:=0.23.0
+
 include $(INCLUDE_DIR)/package.mk

 define Package/secubox-app-mitmproxy
@ -25,15 +30,16 @@ define Package/secubox-app-mitmproxy
  SUBMENU:=SecuBox Apps
  TITLE:=mitmproxy - Interactive HTTPS Proxy (SecuBox Integration)
  URL:=https://mitmproxy.org/
-  DEPENDS:=+mitmproxy +jq +openssl-util
+  DEPENDS:=+python3 +python3-pip +jq +openssl-util
  PKGARCH:=all
 endef

 define Package/secubox-app-mitmproxy/description
-  SecuBox integration package for mitmproxy.
+  SecuBox integration package for mitmproxy $(MITMPROXY_VERSION).
  Provides init scripts, UCI configuration, and control utilities.

-  Uses native mitmproxy package - no pip or runtime installation required.
+  mitmproxy is installed via pip during post-install with pre-built
+  musllinux wheels for optimal compatibility.

  Features:
  - Intercept and modify HTTP/HTTPS traffic
@ -41,7 +47,6 @@ define Package/secubox-app-mitmproxy/description
  - Scripting API for automation
  - SSL/TLS certificate generation
  - Transparent proxy mode with iptables
-  - QUIC/HTTP3 support
 endef

 define Package/secubox-app-mitmproxy/conffiles
@ -52,6 +57,12 @@ define Build/Compile
 endef

 define Package/secubox-app-mitmproxy/install
+	# Wrapper scripts
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) ./files/usr/bin/mitmproxy $(1)/usr/bin/mitmproxy
+	$(INSTALL_BIN) ./files/usr/bin/mitmdump $(1)/usr/bin/mitmdump
+	$(INSTALL_BIN) ./files/usr/bin/mitmweb $(1)/usr/bin/mitmweb
+
 	# Config
 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_CONF) ./files/etc/config/mitmproxy $(1)/etc/config/mitmproxy
@ -66,10 +77,6 @@ define Package/secubox-app-mitmproxy/install

 	# CA certificate directory
 	$(INSTALL_DIR) $(1)/etc/mitmproxy
-
-	# Runtime directories
-	$(INSTALL_DIR) $(1)/var/lib/mitmproxy
-	$(INSTALL_DIR) $(1)/tmp/mitmproxy
 endef

 define Package/secubox-app-mitmproxy/postinst
@ -78,12 +85,32 @@ define Package/secubox-app-mitmproxy/postinst
 	# Create runtime directories
 	mkdir -p /var/lib/mitmproxy /tmp/mitmproxy /etc/mitmproxy

+	# Install mitmproxy via pip if not present
+	if ! python3 -c "import mitmproxy" 2>/dev/null; then
+		echo "Installing mitmproxy dependencies..."
+
+		# IMPORTANT: Install zstandard first with musllinux wheel
+		# Older versions don't have musllinux wheels and fail to compile
+		pip3 install --no-cache-dir zstandard==0.23.0 || {
+			echo "Warning: zstandard installation failed"
+		}
+
+		echo "Installing mitmproxy 8.1.1..."
+		pip3 install --no-cache-dir mitmproxy==8.1.1 || {
+			echo "Error: mitmproxy installation failed"
+			echo "Try manually: pip3 install zstandard==0.23.0 mitmproxy==8.1.1"
+			exit 1
+		}
+	else
+		echo "mitmproxy already installed"
+	fi
+
 	# Generate CA certificate if needed
 	if [ ! -f /etc/mitmproxy/mitmproxy-ca.pem ]; then
 		echo "Generating mitmproxy CA certificate..."
-		mitmdump --set confdir=/etc/mitmproxy -q &
-		sleep 3
-		killall mitmdump 2>/dev/null || true
+		/usr/bin/mitmdump --set confdir=/etc/mitmproxy -q &
+		sleep 5
+		killall mitmdump 2>/dev/null || killall python3 2>/dev/null || true
 	fi

 	/etc/init.d/mitmproxy enable
--- a/package/secubox/secubox-app-mitmproxy/files/usr/bin/mitmdump
+++ b/package/secubox/secubox-app-mitmproxy/files/usr/bin/mitmdump
@ -0,0 +1,2 @@
+#!/bin/sh
+exec python3 -m mitmproxy.tools.dump "$@"
--- a/package/secubox/secubox-app-mitmproxy/files/usr/bin/mitmproxy
+++ b/package/secubox/secubox-app-mitmproxy/files/usr/bin/mitmproxy
@ -0,0 +1,2 @@
+#!/bin/sh
+exec python3 -m mitmproxy "$@"
--- a/package/secubox/secubox-app-mitmproxy/files/usr/bin/mitmweb
+++ b/package/secubox/secubox-app-mitmproxy/files/usr/bin/mitmweb
@ -0,0 +1,2 @@
+#!/bin/sh
+exec python3 -m mitmproxy.tools.web "$@"