From 71ed9ce7e3858f81d2aeb2dd6a6221656edc21a3 Mon Sep 17 00:00:00 2001
From: CyberMind-FR <gandalf@Gk2.net>
Date: Sat, 10 Jan 2026 18:35:31 +0100
Subject: [PATCH] fix: Install zstandard 0.23.0 first for musllinux wheel
 support

The zstandard package required by mitmproxy 8.1.1 doesn't have musllinux
wheels in older versions, causing pip to try compiling from source which
fails without gcc on the router.

Fix: Pre-install zstandard 0.23.0 which has musllinux aarch64 wheels
before installing mitmproxy.

Changes:
- Bump version to 2.1.0
- Revert to pip-based installation (native build requires full toolchain)
- Add zstandard 0.23.0 pre-install step in postinst
- Restore wrapper scripts for mitmproxy/mitmdump/mitmweb

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .../secubox/secubox-app-mitmproxy/Makefile    | 53 ++++++++++++++-----
 .../files/usr/bin/mitmdump                    |  2 +
 .../files/usr/bin/mitmproxy                   |  2 +
 .../files/usr/bin/mitmweb                     |  2 +
 4 files changed, 46 insertions(+), 13 deletions(-)
 create mode 100755 package/secubox/secubox-app-mitmproxy/files/usr/bin/mitmdump
 create mode 100755 package/secubox/secubox-app-mitmproxy/files/usr/bin/mitmproxy
 create mode 100755 package/secubox/secubox-app-mitmproxy/files/usr/bin/mitmweb

diff --git a/package/secubox/secubox-app-mitmproxy/Makefile b/package/secubox/secubox-app-mitmproxy/Makefile
index 9af89daa..1e4880dd 100644
--- a/package/secubox/secubox-app-mitmproxy/Makefile
+++ b/package/secubox/secubox-app-mitmproxy/Makefile
@@ -5,18 +5,23 @@
 #
 # secubox-app-mitmproxy - mitmproxy integration for SecuBox
 # Provides init scripts, UCI configuration, and control utilities
-# Uses native mitmproxy package (no pip required)
+# mitmproxy is installed via pip at runtime (with pre-built wheels)
 #
 
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=secubox-app-mitmproxy
-PKG_VERSION:=2.0.0
+PKG_VERSION:=2.1.0
 PKG_RELEASE:=1
 
 PKG_MAINTAINER:=CyberMind <contact@cybermind.fr>
 PKG_LICENSE:=MIT
 
+# mitmproxy version to install
+MITMPROXY_VERSION:=8.1.1
+# zstandard version with musllinux aarch64 wheels
+ZSTANDARD_VERSION:=0.23.0
+
 include $(INCLUDE_DIR)/package.mk
 
 define Package/secubox-app-mitmproxy
@@ -25,15 +30,16 @@ define Package/secubox-app-mitmproxy
   SUBMENU:=SecuBox Apps
   TITLE:=mitmproxy - Interactive HTTPS Proxy (SecuBox Integration)
   URL:=https://mitmproxy.org/
-  DEPENDS:=+mitmproxy +jq +openssl-util
+  DEPENDS:=+python3 +python3-pip +jq +openssl-util
   PKGARCH:=all
 endef
 
 define Package/secubox-app-mitmproxy/description
-  SecuBox integration package for mitmproxy.
+  SecuBox integration package for mitmproxy $(MITMPROXY_VERSION).
   Provides init scripts, UCI configuration, and control utilities.
 
-  Uses native mitmproxy package - no pip or runtime installation required.
+  mitmproxy is installed via pip during post-install with pre-built
+  musllinux wheels for optimal compatibility.
 
   Features:
   - Intercept and modify HTTP/HTTPS traffic
@@ -41,7 +47,6 @@ define Package/secubox-app-mitmproxy/description
   - Scripting API for automation
   - SSL/TLS certificate generation
   - Transparent proxy mode with iptables
-  - QUIC/HTTP3 support
 endef
 
 define Package/secubox-app-mitmproxy/conffiles
@@ -52,6 +57,12 @@ define Build/Compile
 endef
 
 define Package/secubox-app-mitmproxy/install
+	# Wrapper scripts
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) ./files/usr/bin/mitmproxy $(1)/usr/bin/mitmproxy
+	$(INSTALL_BIN) ./files/usr/bin/mitmdump $(1)/usr/bin/mitmdump
+	$(INSTALL_BIN) ./files/usr/bin/mitmweb $(1)/usr/bin/mitmweb
+
 	# Config
 	$(INSTALL_DIR) $(1)/etc/config
 	$(INSTALL_CONF) ./files/etc/config/mitmproxy $(1)/etc/config/mitmproxy
@@ -66,10 +77,6 @@ define Package/secubox-app-mitmproxy/install
 
 	# CA certificate directory
 	$(INSTALL_DIR) $(1)/etc/mitmproxy
-
-	# Runtime directories
-	$(INSTALL_DIR) $(1)/var/lib/mitmproxy
-	$(INSTALL_DIR) $(1)/tmp/mitmproxy
 endef
 
 define Package/secubox-app-mitmproxy/postinst
@@ -78,12 +85,32 @@ define Package/secubox-app-mitmproxy/postinst
 	# Create runtime directories
 	mkdir -p /var/lib/mitmproxy /tmp/mitmproxy /etc/mitmproxy
 
+	# Install mitmproxy via pip if not present
+	if ! python3 -c "import mitmproxy" 2>/dev/null; then
+		echo "Installing mitmproxy dependencies..."
+
+		# IMPORTANT: Install zstandard first with musllinux wheel
+		# Older versions don't have musllinux wheels and fail to compile
+		pip3 install --no-cache-dir zstandard==0.23.0 || {
+			echo "Warning: zstandard installation failed"
+		}
+
+		echo "Installing mitmproxy 8.1.1..."
+		pip3 install --no-cache-dir mitmproxy==8.1.1 || {
+			echo "Error: mitmproxy installation failed"
+			echo "Try manually: pip3 install zstandard==0.23.0 mitmproxy==8.1.1"
+			exit 1
+		}
+	else
+		echo "mitmproxy already installed"
+	fi
+
 	# Generate CA certificate if needed
 	if [ ! -f /etc/mitmproxy/mitmproxy-ca.pem ]; then
 		echo "Generating mitmproxy CA certificate..."
-		mitmdump --set confdir=/etc/mitmproxy -q &
-		sleep 3
-		killall mitmdump 2>/dev/null || true
+		/usr/bin/mitmdump --set confdir=/etc/mitmproxy -q &
+		sleep 5
+		killall mitmdump 2>/dev/null || killall python3 2>/dev/null || true
 	fi
 
 	/etc/init.d/mitmproxy enable
diff --git a/package/secubox/secubox-app-mitmproxy/files/usr/bin/mitmdump b/package/secubox/secubox-app-mitmproxy/files/usr/bin/mitmdump
new file mode 100755
index 00000000..33357128
--- /dev/null
+++ b/package/secubox/secubox-app-mitmproxy/files/usr/bin/mitmdump
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec python3 -m mitmproxy.tools.dump "$@"
diff --git a/package/secubox/secubox-app-mitmproxy/files/usr/bin/mitmproxy b/package/secubox/secubox-app-mitmproxy/files/usr/bin/mitmproxy
new file mode 100755
index 00000000..3493559c
--- /dev/null
+++ b/package/secubox/secubox-app-mitmproxy/files/usr/bin/mitmproxy
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec python3 -m mitmproxy "$@"
diff --git a/package/secubox/secubox-app-mitmproxy/files/usr/bin/mitmweb b/package/secubox/secubox-app-mitmproxy/files/usr/bin/mitmweb
new file mode 100755
index 00000000..843e2bac
--- /dev/null
+++ b/package/secubox/secubox-app-mitmproxy/files/usr/bin/mitmweb
@@ -0,0 +1,2 @@
+#!/bin/sh
+exec python3 -m mitmproxy.tools.web "$@"