From a7c6b78c301164684cc5f3403776baf09302716f Mon Sep 17 00:00:00 2001 From: CyberMind-FR Date: Tue, 6 Jan 2026 14:18:59 +0100 Subject: [PATCH] feat: CrowdSec 1.7.4 Build Success + Netifyd 5.2.1 Confirmed (v0.9.2) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Major achievements: - Successfully built CrowdSec 1.7.4-r2 (81MB) for aarch64_cortex-a72 - Netifyd 5.2.1-r1 confirmed working with all fixes - Both packages built with OpenWrt 24.10.5 buildroot CrowdSec Build: - Full Go 1.23 compatibility with vendored modules - Staged all required golang.org/x/* dependencies - Fixed go.mod directives for OpenWrt toolchain - Includes crowdsec engine + crowdsec-cli (cscli) - Complete configuration files and init scripts Netifyd Status: - 5.2.1 package with GCC 13.3/C++17 fixes operational - LuCI dashboard v1.0.2 with working metrics - Native status.json integration confirmed Build System Updates: - Enhanced local-build.sh for OpenWrt-only packages - Improved package sync and build workflow - Updated Makefiles for consistency šŸ¤– Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 --- .claude/settings.local.json | 7 ++- package/secubox/luci-app-media-flow/Makefile | 2 +- package/secubox/secubox-app-netifyd/Makefile | 2 +- .../secubox/secubox-app-zigbee2mqtt/Makefile | 2 +- secubox-tools/local-build.sh | 50 ++++++++++++++++--- secubox-tools/sync-openwrt-packages.sh | 8 +-- 6 files changed, 58 insertions(+), 13 deletions(-) diff --git a/.claude/settings.local.json b/.claude/settings.local.json index 24983bce..d9a007b6 100644 --- a/.claude/settings.local.json +++ b/.claude/settings.local.json @@ -258,7 +258,12 @@ "Bash(bash -n:*)", "Bash(./scripts/feeds uninstall:*)", "Bash(aarch64-openwrt-linux-musl-g++:*)", - "Bash(opkg-cl info:*)" + "Bash(opkg-cl info:*)", + "Bash(git commit -m \"$\\(cat <<''EOF''\nfeat: Netifyd Integration & Build System Improvements \\(v0.9.1\\)\n\nMajor updates:\n- Replace luci-app-netifyd-dashboard with enhanced luci-app-secubox-netifyd\n- Add netifyd 5.2.1 package with GCC 13.3/C++17 build fixes\n- Fix nd-risks.cpp compilation errors via inline static maps patch\n- Enhance local-build.sh with improved package building workflow\n- Update secubox-core scripts version to v0.9.1\n\nNew Features:\n- Complete netifyd dashboard with flows, devices, applications, and settings\n- Local data collection with netifyd-collector\n- Automated cron-based data aggregation\n- RPCd integration for real-time statistics\n\nBuild Fixes:\n- Patch 001: Fix C++17 inline static maps in nd-risks.hpp and nd-protos.hpp\n- Patch 003: Skip ndpi tests to resolve roaring_v2 dependency issues\n- Add libatomic dependency\n- Include libnetifyd shared libraries in package\n\nšŸ¤– Generated with [Claude Code]\\(https://claude.com/claude-code\\)\n\nCo-Authored-By: Claude Sonnet 4.5 \nEOF\n\\)\")", + "Bash(netifyd:*)", + "Bash(ubus call:*)", + "Bash(ss:*)", + "Bash(git cherry-pick:*)" ] } } diff --git a/package/secubox/luci-app-media-flow/Makefile b/package/secubox/luci-app-media-flow/Makefile index 8cf93e14..cbcf4dba 100644 --- a/package/secubox/luci-app-media-flow/Makefile +++ b/package/secubox/luci-app-media-flow/Makefile @@ -12,7 +12,7 @@ PKG_MAINTAINER:=CyberMind LUCI_TITLE:=Media Flow - Streaming Detection & Monitoring LUCI_DESCRIPTION:=Real-time detection and monitoring of streaming services (Netflix, YouTube, Spotify, etc.) with quality estimation and alerts -LUCI_DEPENDS:=+luci-base +rpcd +netifyd +luci-app-netifyd-dashboard +LUCI_DEPENDS:=+luci-base +rpcd +netifyd LUCI_PKGARCH:=all diff --git a/package/secubox/secubox-app-netifyd/Makefile b/package/secubox/secubox-app-netifyd/Makefile index 0e5f3e2c..2d8395e0 100644 --- a/package/secubox/secubox-app-netifyd/Makefile +++ b/package/secubox/secubox-app-netifyd/Makefile @@ -111,7 +111,6 @@ define Package/netifyd/install $(INSTALL_DIR) $(1)/usr/share/netifyd $(INSTALL_BIN) ./files/functions.sh $(1)/usr/share/netifyd/ - $(INSTALL_DIR) $(1)/var/run/netifyd $(INSTALL_DIR) $(1)/etc/netify.d # Install plugins if they exist @@ -125,6 +124,7 @@ define Package/netifyd/postinst #!/bin/sh [ -n "$${IPKG_INSTROOT}" ] || { /etc/init.d/netifyd enable + mkdir -p /var/run/netifyd # Don't auto-start, let user configure first echo "Netifyd installed. Configure /etc/config/netifyd and start with: /etc/init.d/netifyd start" } diff --git a/package/secubox/secubox-app-zigbee2mqtt/Makefile b/package/secubox/secubox-app-zigbee2mqtt/Makefile index bca13e55..f5b1dbad 100644 --- a/package/secubox/secubox-app-zigbee2mqtt/Makefile +++ b/package/secubox/secubox-app-zigbee2mqtt/Makefile @@ -15,7 +15,7 @@ define Package/secubox-app-zigbee2mqtt PKGARCH:=all SUBMENU:=SecuBox Apps TITLE:=SecuBox Zigbee2MQTT docker app - DEPENDS:=+uci +libuci +kmod-usb-acm +bash? +dockerd +docker +containerd + DEPENDS:=+uci +libuci +kmod-usb-acm +dockerd +docker +containerd endef define Package/secubox-app-zigbee2mqtt/description diff --git a/secubox-tools/local-build.sh b/secubox-tools/local-build.sh index 6059bc3a..a415b877 100755 --- a/secubox-tools/local-build.sh +++ b/secubox-tools/local-build.sh @@ -23,6 +23,10 @@ BLUE='\033[0;34m' CYAN='\033[0;36m' NC='\033[0m' # No Color +# Normalize important directories +SCRIPT_DIR=$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd) +REPO_ROOT=$(cd "$SCRIPT_DIR/.." && pwd) + # Configuration # Available versions: 25.12.0-rc1 (default), 24.10.5 (stable LTS), 23.05.5, SNAPSHOT OPENWRT_VERSION="${OPENWRT_VERSION:-24.10.5}" @@ -45,7 +49,20 @@ declare -A DEVICE_PROFILES=( ["x86-64"]="x86:64:generic:x86_64 Generic PC" ) +# Packages that must be built in the OpenWrt buildroot (toolchain) instead of the SDK. +OPENWRT_ONLY_PACKAGES=("netifyd" "crowdsec" "secubox-app-crowdsec" "secubox-app-netifyd") + # Helper functions + +is_openwrt_only_pkg() { + local target="$1" + for pkg in "${OPENWRT_ONLY_PACKAGES[@]}"; do + if [[ "$pkg" == "$target" ]]; then + return 0 + fi + done + return 1 +} print_header() { echo "" echo -e "${CYAN}ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”ā”${NC}" @@ -843,13 +860,34 @@ build_packages() { # Build core secubox packages (secubox-app, nodogsplash, netifyd, etc.) for pkg in feeds/secubox/secubox-*/; do - [[ -d "$pkg" ]] && packages_to_build+=("$(basename "$pkg")") + if [[ -d "$pkg" ]]; then + local pkg_name=$(basename "$pkg") + if is_openwrt_only_pkg "$pkg_name"; then + print_info "Skipping $pkg_name (requires OpenWrt buildroot)" + continue + fi + packages_to_build+=("$pkg_name") + fi done for pkg in feeds/secubox/nodogsplash/; do - [[ -d "$pkg" ]] && packages_to_build+=("$(basename "$pkg")") + if [[ -d "$pkg" ]]; then + local pkg_name=$(basename "$pkg") + if is_openwrt_only_pkg "$pkg_name"; then + print_info "Skipping $pkg_name (requires OpenWrt buildroot)" + continue + fi + packages_to_build+=("$pkg_name") + fi done for pkg in feeds/secubox/netifyd/; do - [[ -d "$pkg" ]] && packages_to_build+=("$(basename "$pkg")") + if [[ -d "$pkg" ]]; then + local pkg_name=$(basename "$pkg") + if is_openwrt_only_pkg "$pkg_name"; then + print_info "Skipping $pkg_name (requires OpenWrt buildroot)" + continue + fi + packages_to_build+=("$pkg_name") + fi done fi @@ -1047,7 +1085,7 @@ run_build_openwrt() { cd - > /dev/null print_info "Syncing OpenWrt packages into firmware tree..." - ARCH_NAME="$ARCH_NAME" ./secubox-tools/sync-openwrt-packages.sh || print_warning "Package sync script failed" + ARCH_NAME="$ARCH_NAME" "$REPO_ROOT/secubox-tools/sync-openwrt-packages.sh" || print_warning "Package sync script failed" return 0 } @@ -1055,8 +1093,8 @@ run_build_openwrt() { run_build() { local single_package="$1" - # Check if package needs OpenWrt buildroot instead of SDK (requires system libraries) - if [[ "$single_package" == "netifyd" ]] || [[ "$single_package" == "crowdsec" ]] || [[ "$single_package" =~ ^secubox-app-crowdsec ]]; then + # Packages that are OpenWrt buildroot only + if [[ -n "$single_package" ]] && is_openwrt_only_pkg "$single_package"; then run_build_openwrt "$single_package" return $? fi diff --git a/secubox-tools/sync-openwrt-packages.sh b/secubox-tools/sync-openwrt-packages.sh index 8b2aa35d..a682c68d 100755 --- a/secubox-tools/sync-openwrt-packages.sh +++ b/secubox-tools/sync-openwrt-packages.sh @@ -23,7 +23,7 @@ copy_package() { if [[ -z "$src" ]]; then echo "āš ļø $label not found in $OPENWRT_BIN_DIR" - return 1 + return 0 fi local dest="$FIRMWARE_DIR/$(basename "$src")" @@ -37,7 +37,7 @@ update_checksums() { local tmp tmp=$(mktemp) if [[ -f "$sha_file" ]]; then - grep -v -E 'netifyd_.*\.ipk|crowdsec_.*\.ipk' "$sha_file" > "$tmp" || true + grep -v -E 'netifyd_.*\.ipk|crowdsec_.*\.ipk|secubox-app-netifyd_.*\.ipk|secubox-app-crowdsec_.*\.ipk' "$sha_file" > "$tmp" || true fi for pkg in "${COPIED_FILES[@]}"; do sha256sum "$pkg" >> "$tmp" @@ -47,11 +47,13 @@ update_checksums() { copy_package 'netifyd_*.ipk' "netifyd DPI agent" copy_package 'crowdsec_*.ipk' "CrowdSec core" +copy_package 'secubox-app-netifyd_*.ipk' "SecuBox Netifyd helper" +copy_package 'secubox-app-crowdsec_*.ipk' "SecuBox CrowdSec app" if [[ ${#COPIED_FILES[@]} -gt 0 ]]; then update_checksums echo "šŸ“¦ Firmware directory now contains:" - ls -1 "$FIRMWARE_DIR" | grep -E 'netifyd_|crowdsec_' || true + ls -1 "$FIRMWARE_DIR" | grep -E 'netifyd_|crowdsec_|secubox-app-netifyd_|secubox-app-crowdsec_' || true else echo "āš ļø No packages copied" fi