gandalf/secubox-openwrt
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Mise à jour des références des submodules

Browse Source
This commit is contained in:
CyberMind-FR 2025-12-23 02:23:44 +01:00
parent c81788b9c3
commit d020678c2f
14 changed files with 780 additions and 5212 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

290
CLAUDE.md Normal file
View File

@ -0,0 +1,290 @@
# CLAUDE.md
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
## Project Overview
SecuBox is a comprehensive security and network management suite for OpenWrt. The repository contains 13 LuCI application packages that provide dashboards for security monitoring, network intelligence, access control, bandwidth management, and system administration.
## Build Commands
### OpenWrt SDK Build
```bash
# Build a single package
make package/luci-app-<module-name>/compile V=s
# Clean build for a package
make package/luci-app-<module-name>/clean
make package/luci-app-<module-name>/compile V=s
# Install package to staging directory
make package/luci-app-<module-name>/install
```
### Testing Packages
```bash
# Transfer to router
scp bin/packages/*/base/luci-app-*.ipk root@192.168.1.1:/tmp/
# Install on router
ssh root@192.168.1.1
opkg install /tmp/luci-app-*.ipk
/etc/init.d/rpcd restart
/etc/init.d/uhttpd restart
```
### Validation
```bash
# Validate shell scripts (RPCD backends)
shellcheck luci-app-*/root/usr/libexec/rpcd/*
# Validate JSON files
find . -name "*.json" -exec jsonlint {} \;
# Run automated repair tool
./secubox-tools/secubox-repair.sh
# Run diagnostics
./secubox-tools/secubox-debug.sh luci-app-<module-name>
```
## Architecture
### LuCI Package Structure
All SecuBox modules follow a standard LuCI application structure:
```
luci-app-<module-name>/
├── Makefile # OpenWrt package definition
├── README.md # Module documentation
├── htdocs/luci-static/resources/
│ ├── view/<module-name>/ # JavaScript UI views
│ │ ├── overview.js # Main dashboard view
│ │ └── *.js # Additional views
│ └── <module-name>/
│ ├── api.js # RPC API client module
│ └── dashboard.css # Module-specific styles
└── root/
├── etc/config/<module-name> # UCI configuration (optional)
└── usr/
├── libexec/rpcd/<module-name> # RPCD backend script
└── share/
├── luci/menu.d/ # Menu JSON definition
│ └── luci-app-<module-name>.json
└── rpcd/acl.d/ # ACL permissions JSON
└── luci-app-<module-name>.json
```
### Frontend-Backend Communication
1. **Frontend (JavaScript)**: Located in `htdocs/luci-static/resources/`
- Views use LuCI's `form` and `view` classes
- API calls via `api.js` module using `L.resolveDefault()`
- UI components from `ui.js` (Dropdown, Checkbox, Combobox, etc.)
2. **Backend (RPCD)**: Located in `root/usr/libexec/rpcd/`
- Shell scripts that implement RPC methods
- Must output JSON to stdout
- Methods are called via ubus: `ubus call <module> <method>`
3. **Menu Definition**: `root/usr/share/luci/menu.d/luci-app-<module>.json`
- Defines menu structure and navigation
- Specifies view paths and dependencies
4. **ACL Definition**: `root/usr/share/rpcd/acl.d/luci-app-<module>.json`
- Defines access control for ubus methods
- Maps read/write permissions to user groups
### Makefile Structure
Each package Makefile must define:
- `PKG_NAME`: Package name (must match directory)
- `PKG_VERSION`: Version number
- `PKG_RELEASE`: Package release number
- `LUCI_TITLE`: Display title in LuCI
- `LUCI_DEPENDS`: Package dependencies (e.g., `+luci-base +rpcd`)
- `LUCI_DESCRIPTION`: Brief description
- `PKG_MAINTAINER`: Maintainer name and email
- `PKG_LICENSE`: License (typically Apache-2.0)
The Makefile includes `luci.mk` from the LuCI build system which handles installation.
## Common Development Patterns
### Creating a New Module
1. Copy template: `cp -r templates/luci-app-template luci-app-newmodule`
2. Update Makefile with new PKG_NAME, LUCI_TITLE, etc.
3. Create directory structure under `htdocs/` and `root/`
4. Implement RPCD backend in shell
5. Create JavaScript views
6. Define menu and ACL JSON files
### RPCD Backend Pattern
RPCD backends are shell scripts that:
- Parse `$1` for the method name
- Output valid JSON using `printf` or `echo`
- Use `case` statements for method routing
- Source UCI config if needed: `. /lib/functions.sh`
Example:
```bash
#!/bin/sh
case "$1" in
list)
echo '{ "status": {}, "stats": {} }'
;;
call)
case "$2" in
status)
# Output JSON
printf '{"running": true, "version": "1.0.0"}\n'
;;
esac
;;
esac
```
### JavaScript View Pattern
Views extend `L.view` and implement `load()` and `render()`:
```javascript
'use strict';
'require view';
'require form';
'require <module>/api as API';
return L.view.extend({
load: function() {
return Promise.all([
API.getStatus(),
API.getStats()
]);
},
render: function(data) {
var m, s, o;
m = new form.Map('config', _('Title'));
s = m.section(form.TypedSection, 'section');
// Add form fields...
return m.render();
}
});
```
## Module Categories
1. **Core Control** (2 modules)
- luci-app-secubox: Central hub
- luci-app-system-hub: System control center
2. **Security & Monitoring** (2 modules)
- luci-app-crowdsec-dashboard: CrowdSec security
- luci-app-netdata-dashboard: System monitoring
3. **Network Intelligence** (2 modules)
- luci-app-netifyd-dashboard: Deep packet inspection
- luci-app-network-modes: Network mode configuration
4. **VPN & Access Control** (3 modules)
- luci-app-wireguard-dashboard: WireGuard VPN
- luci-app-client-guardian: NAC & captive portal
- luci-app-auth-guardian: Authentication system
5. **Bandwidth & Traffic** (2 modules)
- luci-app-bandwidth-manager: QoS & quotas
- luci-app-media-flow: Media traffic detection
6. **Performance & Services** (2 modules)
- luci-app-cdn-cache: CDN proxy cache
- luci-app-vhost-manager: Virtual host manager
## CI/CD Integration
### GitHub Actions Workflows
1. **build-openwrt-packages.yml**: Compiles packages for all architectures
- Triggers on push, PR, and tags
- Matrix build for 13 architectures
- Uploads artifacts per architecture
2. **build-secubox-images.yml**: Builds custom OpenWrt images
- Creates complete firmware images with SecuBox pre-installed
3. **test-validate.yml**: Validation and testing
- Validates Makefile structure
- Checks JSON syntax
- Runs shellcheck on scripts
- Verifies file permissions
### Supported Architectures
ARM64: aarch64-cortex-a53, aarch64-cortex-a72, aarch64-generic, mediatek-filogic, rockchip-armv8, bcm27xx-bcm2711
ARM32: arm-cortex-a7-neon, arm-cortex-a9-neon, qualcomm-ipq40xx, qualcomm-ipq806x
MIPS: mips-24kc, mipsel-24kc, mipsel-74kc
x86: x86-64, x86-generic
## Key Files and Directories
- `makefiles/`: Reference Makefiles for modules (backup/templates)
- `secubox-tools/`: Repair and debugging utilities
- `secubox-repair.sh`: Auto-fixes Makefile and RPCD issues
- `secubox-debug.sh`: Validates package structure
- `templates/`: Package templates for creating new modules
- `.github/workflows/`: CI/CD automation scripts
## Common Issues and Solutions
### RPCD Not Responding
After installing/updating a package:
```bash
/etc/init.d/rpcd restart
```
### Menu Not Appearing
Check that:
1. Menu JSON is valid: `jsonlint root/usr/share/luci/menu.d/*.json`
2. ACL grants access: Check `root/usr/share/rpcd/acl.d/*.json`
3. Dependencies are installed: Check Makefile `LUCI_DEPENDS`
### Build Failures
Common causes:
1. Missing fields in Makefile (PKG_NAME, LUCI_TITLE, etc.)
2. Invalid JSON syntax in menu.d or acl.d
3. RPCD script not executable
4. Wrong include path (should be `include ../../luci.mk`)
Use repair tool: `./secubox-tools/secubox-repair.sh`
## Development Workflow
1. Make changes to module files
2. Test JSON syntax: `jsonlint <file>.json`
3. Test shell scripts: `shellcheck <script>`
4. Build package: `make package/luci-app-<name>/compile V=s`
5. Install on test router and verify functionality
6. Run repair tool if needed: `./secubox-tools/secubox-repair.sh`
7. Commit changes and push (triggers CI validation)
8. Create tag for release: `git tag -a v1.0.0 -m "Release 1.0.0"`
## Important Notes
- All modules use Apache-2.0 license
- RPCD backends must be executable (chmod +x)
- JavaScript files use strict mode: `'use strict';`
- Menu entries require proper dependency chain
- ACL must grant both ubus call and luci-cgi access
- UCI config files are optional (many modules don't need them)
- All packages build as architecture `all` (no compiled code)

670
README.md
View File

@ -1,232 +1,540 @@
# SecuBox OpenWrt CI/CD
# SecuBox - Security Suite for OpenWrt
[![Build OpenWrt Packages](https://github.com/gkerma/secubox/actions/workflows/build-openwrt-packages.yml/badge.svg)](https://github.com/gkerma/secubox/actions/workflows/build-openwrt-packages.yml)
[![Test & Validate](https://github.com/gkerma/secubox/actions/workflows/test-validate.yml/badge.svg)](https://github.com/gkerma/secubox/actions/workflows/test-validate.yml)
[![License](https://img.shields.io/badge/License-Apache%202.0-green.svg)](LICENSE)
## 🎯 Overview
Ce dépôt contient les workflows GitHub Actions pour compiler automatiquement les packages SecuBox LuCI pour **toutes les architectures OpenWrt supportées**.
SecuBox is a comprehensive security and network management suite for OpenWrt, providing a unified ecosystem of specialized dashboards and tools. All modules are compiled automatically for multiple OpenWrt architectures via GitHub Actions.
## 📦 Packages Compilés
---
| Package | Description |
|---------|-------------|
| `luci-app-crowdsec-dashboard` | Dashboard CrowdSec |
| `luci-app-netdata-dashboard` | Dashboard Netdata |
| `luci-app-netifyd-dashboard` | Dashboard Netifyd DPI |
| `luci-app-wireguard-dashboard` | Dashboard WireGuard VPN |
| `luci-app-network-modes` | Modes réseau (Router/Bridge/AP) |
| `luci-app-client-guardian` | NAC & Portail Captif |
| `luci-app-system-hub` | Centre de contrôle unifié |
## 📦 SecuBox Modules
## 🏗️ Architectures Supportées
### 🎛️ Core Control
#### **luci-app-secubox** - SecuBox Central Hub
Unified security dashboard providing central management for all SecuBox components.
**Features:**
- Centralized dashboard for all modules
- Integrated monitoring and management
- Unified navigation interface
[View Details](luci-app-secubox/README.md)
---
#### **luci-app-system-hub** - System Control Center
Central control and remote assistance dashboard for OpenWrt.
**Features:**
- 🧩 Component management (start/stop/restart all services)
- 💚 Health monitoring with score (0-100) and recommendations
- 🖥️ Remote assistance via RustDesk integration
- 🔍 Diagnostic collection with anonymization
- 📋 Unified logs from all components
- 📅 Scheduled tasks (health reports, backups)
[View Details](luci-app-system-hub/README.md)
---
### 🔒 Security & Monitoring
#### **luci-app-crowdsec-dashboard** - Collaborative Security
Modern dashboard for CrowdSec intrusion prevention on OpenWrt.
**Features:**
- 🛡️ Real-time ban monitoring and alerts
- 📊 Decision management (view, search, ban/unban IPs)
- 📈 Metrics dashboard (engine stats, parsers, scenarios)
- 🌍 Geographic threat visualization
- ⚡ Auto-refresh with dark cybersecurity theme
[View Details](luci-app-crowdsec-dashboard/README.md)
---
#### **luci-app-netdata-dashboard** - Real-time Monitoring
System monitoring dashboard with live metrics visualization.
**Features:**
- 📊 CPU, memory, disk, network monitoring
- 🌡️ Temperature sensor readings
- ⚙️ Process monitor with resource usage
- 🎨 Animated gauges and sparklines
- 🔄 2-second auto-refresh
[View Details](luci-app-netdata-dashboard/README.md)
---
### 🌐 Network Intelligence
#### **luci-app-netifyd-dashboard** - Deep Packet Inspection
Network intelligence dashboard with DPI for OpenWrt.
**Features:**
- 🔍 Application detection (Netflix, YouTube, Zoom, etc.)
- 📡 Protocol identification (HTTP, HTTPS, DNS, QUIC)
- 🔄 Live network flow tracking
- 💻 Automatic device discovery
- 📊 Traffic categorization (Web, Streaming, Gaming, VoIP)
[View Details](luci-app-netifyd-dashboard/README.md)
---
#### **luci-app-network-modes** - Network Configuration
Configure different network operation modes with one click.
**Features:**
- 🔍 **Sniffer Mode**: Transparent bridge for traffic analysis
- 📶 **Access Point**: WiFi AP with 802.11r/k/v roaming
- 🔄 **Relay/Extender**: Network relay with WireGuard
- 🌐 **Router Mode**: Full router with proxy and HTTPS frontend
- 🎛️ One-click mode switching with auto-backup
[View Details](luci-app-network-modes/README.md)
---
### 🔐 VPN & Access Control
#### **luci-app-wireguard-dashboard** - VPN Management
Modern WireGuard VPN monitoring dashboard.
**Features:**
- 🔐 Tunnel status monitoring
- 👥 Peer management (active/idle/inactive)
- 📊 Per-peer traffic statistics
- ⚙️ Configuration visualization
- 🔒 Secure (private keys never exposed)
[View Details](luci-app-wireguard-dashboard/README.md)
---
#### **luci-app-client-guardian** - Network Access Control
NAC system with captive portal, quarantine, and parental controls.
**Features:**
- 🔍 Real-time client detection and monitoring
- 🏠 Zone management (LAN, IoT, Guest, Quarantine)
- ⏳ Default quarantine policy for new clients
- 🚪 Modern captive portal with authentication
- 👨‍👩‍👧‍👦 Parental controls (time limits, content filtering)
- 🔔 SMS/Email alerts for security events
[View Details](luci-app-client-guardian/README.md)
---
#### **luci-app-auth-guardian** - Authentication System
Comprehensive authentication and session management.
**Features:**
- 🎨 Customizable captive portal
- 🔑 OAuth integration (Google, GitHub, Facebook, Twitter)
- 🎟️ Voucher system with time/bandwidth limits
- 🍪 Secure session management
- ⏭️ MAC/IP/Domain bypass rules
[View Details](luci-app-auth-guardian/README.md)
---
### 📊 Bandwidth & Traffic
#### **luci-app-bandwidth-manager** - QoS & Quotas
Advanced bandwidth management with automatic media detection.
**Features:**
- 🎯 8 configurable QoS priority classes
- 📊 Daily and monthly bandwidth quotas
- 🎬 Automatic media detection (VoIP, Gaming, Streaming)
- ⏰ Time-based scheduling (peak/off-peak)
- 👥 Per-client statistics and controls
[View Details](luci-app-bandwidth-manager/README.md)
---
#### **luci-app-media-flow** - Media Traffic Detection
Advanced streaming and media traffic monitoring.
**Features:**
- 🎬 Real-time streaming service detection
- 📡 Protocol identification (RTSP, HLS, DASH, RTP)
- 📞 VoIP/Video call monitoring
- 📊 Per-service bandwidth tracking
- 📈 Quality of experience metrics
**Supported Services:**
- Netflix, YouTube, Twitch, Disney+
- Spotify, Apple Music, Tidal
- Zoom, Teams, Google Meet, WebEx
[View Details](luci-app-media-flow/README.md)
---
### 🚀 Performance & Services
#### **luci-app-cdn-cache** - Bandwidth Optimization
Local CDN cache proxy for bandwidth savings.
**Features:**
- 💾 Smart caching of frequently accessed content
- 📊 Real-time hit ratio and bandwidth savings stats
- 📋 Configurable policies by domain/extension
- 🔧 Automatic purge and preload capabilities
- 📈 Statistical graphs and trends
**Cache Policies:**
- Windows Update, Linux Repos
- Static content (JS, CSS, images)
- Configurable TTL per content type
[View Details](luci-app-cdn-cache/README.md)
---
#### **luci-app-vhost-manager** - Virtual Hosts
Virtual host and local SaaS gateway management.
**Features:**
- 🏠 Internal virtual hosts with custom domains
- ↪️ External service redirection
- 🔒 SSL/TLS with Let's Encrypt or self-signed
- ⚙️ Automatic nginx reverse proxy configuration
**Supported Services:**
- Nextcloud, GitLab, Jellyfin
- Home Assistant and more
[View Details](luci-app-vhost-manager/README.md)
---
## 🏗️ Supported Architectures
SecuBox packages are automatically compiled for all major OpenWrt architectures:
### ARM 64-bit (AArch64)
| Target | Architecture | Devices |
|--------|--------------|---------|
| `aarch64-cortex-a53` | Cortex-A53 | **ESPRESSObin**, **Sheeva64**, BananaPi R64 |
| `aarch64-cortex-a72` | Cortex-A72 | **MOCHAbin**, Raspberry Pi 4, NanoPi R4S |
| `aarch64-generic` | Generic ARMv8 | Rock64, Pine64, QEMU ARM64 |
| `mediatek-filogic` | MT7981/MT7986 | GL.iNet MT3000, BananaPi R3 |
| `rockchip-armv8` | RK3328/RK3399 | NanoPi R4S, R5S, FriendlyARM |
| `bcm27xx-bcm2711` | BCM2711 | Raspberry Pi 4, Compute Module 4 |
| Target | Devices |
|--------|---------|
| `aarch64-cortex-a53` | ESPRESSObin, Sheeva64, BananaPi R64 |
| `aarch64-cortex-a72` | MOCHAbin, Raspberry Pi 4, NanoPi R4S |
| `aarch64-generic` | Rock64, Pine64, QEMU ARM64 |
| `mediatek-filogic` | GL.iNet MT3000, BananaPi R3 |
| `rockchip-armv8` | NanoPi R4S/R5S, FriendlyARM |
| `bcm27xx-bcm2711` | Raspberry Pi 4, Compute Module 4 |
### ARM 32-bit
| Target | Architecture | Devices |
|--------|--------------|---------|
| `arm-cortex-a7-neon` | Cortex-A7 | Orange Pi, BananaPi, Allwinner |
| `arm-cortex-a9-neon` | Cortex-A9 | Linksys WRT, Turris Omnia |
| `arm-cortex-a15-neon` | Cortex-A15 | QEMU ARM |
| `qualcomm-ipq40xx` | IPQ40xx | Google WiFi, Zyxel NBG6617 |
| `qualcomm-ipq806x` | IPQ806x | Netgear R7800, R7500 |
| Target | Devices |
|--------|---------|
| `arm-cortex-a7-neon` | Orange Pi, BananaPi, Allwinner |
| `arm-cortex-a9-neon` | Linksys WRT, Turris Omnia |
| `qualcomm-ipq40xx` | Google WiFi, Zyxel NBG6617 |
| `qualcomm-ipq806x` | Netgear R7800, R7500 |
### MIPS
| Target | Architecture | Devices |
|--------|--------------|---------|
| `mips-24kc` | MIPS 24Kc | TP-Link Archer, Ubiquiti |
| `mipsel-24kc` | MIPS LE 24Kc | Xiaomi, GL.iNet, Netgear |
| `mipsel-74kc` | MIPS LE 74Kc | Broadcom BCM47xx |
| Target | Devices |
|--------|---------|
| `mips-24kc` | TP-Link Archer, Ubiquiti |
| `mipsel-24kc` | Xiaomi, GL.iNet, Netgear |
| `mipsel-74kc` | Broadcom BCM47xx |
### x86
| Target | Devices |
|--------|---------|
| `x86-64` | PC, VMs, Docker, Proxmox |
| `x86-generic` | Legacy PC, old Atom |
| Target | Architecture | Devices |
|--------|--------------|---------|
| `x86-64` | x86_64 | PC, VMs, Docker, Proxmox |
| `x86-generic` | i386 | Legacy PC, old Atom |
---
## 🚀 Utilisation
### Compilation Automatique
Les packages sont compilés automatiquement lors de :
1. **Push sur `main`/`master`** : Compilation de test
2. **Pull Request** : Validation et test
3. **Tag `v*`** : Création de release avec tous les packages
### Compilation Manuelle
1. Aller dans **Actions** → **Build OpenWrt Packages**
2. Cliquer sur **Run workflow**
3. Sélectionner :
- **OpenWrt version** : 23.05.5, 22.03.7, ou SNAPSHOT
- **Architectures** : `all` ou liste séparée par virgules
```
# Exemples d'architectures
all # Toutes les architectures
x86-64 # Uniquement x86_64
aarch64-cortex-a53,aarch64-cortex-a72 # GlobalScale devices
mips-24kc,mipsel-24kc # MIPS routeurs
```
### Téléchargement des Artifacts
1. Aller dans **Actions** → Sélectionner un workflow
2. Cliquer sur le run souhaité
3. Télécharger les **Artifacts** en bas de page
Les artifacts sont organisés par architecture :
```
packages-x86-64/
├── luci-app-crowdsec-dashboard_1.0.0-1_all.ipk
├── luci-app-netdata-dashboard_1.0.0-1_all.ipk
├── ...
└── SHA256SUMS
```
## 📁 Structure du Dépôt
## 📁 Repository Structure
```
secubox/
├── .github/
│ └── workflows/
│ ├── build-openwrt-packages.yml # Build principal
│ └── test-validate.yml # Tests & validation
├── luci-app-crowdsec-dashboard/
│ ├── Makefile
│ ├── htdocs/luci-static/resources/
│ │ ├── view/crowdsec/ # JavaScript views
│ │ └── crowdsec/ # API & CSS
│ └── root/
│ ├── etc/config/ # UCI config
│ └── usr/
│ ├── libexec/rpcd/ # RPCD backend
│ └── share/
│ ├── luci/menu.d/ # Menu JSON
│ └── rpcd/acl.d/ # ACL JSON
├── luci-app-netdata-dashboard/
├── luci-app-netifyd-dashboard/
├── luci-app-wireguard-dashboard/
├── luci-app-network-modes/
├── luci-app-client-guardian/
├── luci-app-system-hub/
└── README.md
│ ├── build-openwrt-packages.yml # Multi-arch build CI
│ ├── build-secubox-images.yml # Custom image builder
│ └── test-validate.yml # Tests & validation
├── luci-app-secubox/ # Central hub
├── luci-app-system-hub/ # System control center
├── luci-app-crowdsec-dashboard/ # CrowdSec security
├── luci-app-netdata-dashboard/ # System monitoring
├── luci-app-netifyd-dashboard/ # DPI & traffic analysis
├── luci-app-wireguard-dashboard/ # WireGuard VPN
├── luci-app-network-modes/ # Network configuration
├── luci-app-client-guardian/ # NAC & captive portal
├── luci-app-auth-guardian/ # Authentication
├── luci-app-bandwidth-manager/ # QoS & quotas
├── luci-app-media-flow/ # Media detection
├── luci-app-cdn-cache/ # CDN proxy cache
├── luci-app-vhost-manager/ # Virtual hosts
├── makefiles/ # Reference makefiles
├── secubox-tools/ # Repair & debug tools
└── templates/ # Package templates
```
## 🔧 Créer un Nouveau Package
1. Copier le template :
```bash
cp -r templates/luci-app-template luci-app-nouveau
### Package Structure (Standard LuCI App)
```
2. Éditer `Makefile` :
```makefile
PKG_NAME:=luci-app-nouveau
PKG_VERSION:=1.0.0
LUCI_TITLE:=Mon Nouveau Dashboard
LUCI_DEPENDS:=+luci-base +nouveau-backend
```
3. Créer les fichiers requis :
```bash
luci-app-nouveau/
├── Makefile
luci-app-*/
├── Makefile # OpenWrt package definition
├── README.md # Module documentation
├── htdocs/luci-static/resources/
│ ├── view/nouveau/
│ │ └── overview.js
│ └── nouveau/
│ ├── api.js
│ └── dashboard.css
│ ├── view/*/ # JavaScript UI views
│ └── */
│ ├── api.js # RPC API client
│ └── dashboard.css # Module styles
└── root/
└── usr/share/
├── luci/menu.d/luci-app-nouveau.json
└── rpcd/acl.d/luci-app-nouveau.json
├── etc/config/ # UCI configuration
└── usr/
├── libexec/rpcd/ # RPCD backend (shell/exec)
└── share/
├── luci/menu.d/ # Menu JSON
└── rpcd/acl.d/ # ACL permissions JSON
```
4. Commit et push :
---
## 🚀 Installation
### Option 1: From Pre-built Packages
Download the latest packages from [GitHub Releases](https://github.com/gkerma/secubox/releases):
```bash
git add luci-app-nouveau/
git commit -m "feat: add luci-app-nouveau"
git push
# Install individual modules
opkg update
opkg install luci-app-secubox_*.ipk
# Or install specific modules
opkg install luci-app-system-hub_*.ipk
opkg install luci-app-crowdsec-dashboard_*.ipk
opkg install luci-app-client-guardian_*.ipk
```
## 🏷️ Créer une Release
### Option 2: Build from Source
```bash
# Créer un tag versionné
git tag -a v1.2.0 -m "Release 1.2.0"
# Clone into OpenWrt SDK package directory
cd ~/openwrt-sdk/package/
git clone https://github.com/gkerma/secubox.git
# Build all packages
cd ~/openwrt-sdk/
make package/secubox/luci-app-secubox/compile V=s
make package/secubox/luci-app-system-hub/compile V=s
# ... etc for other modules
```
### Option 3: Add to OpenWrt Feed
Add to `feeds.conf.default`:
```
src-git secubox https://github.com/gkerma/secubox.git
```
Then:
```bash
./scripts/feeds update secubox
./scripts/feeds install -a -p secubox
make menuconfig # Select modules under LuCI > Applications
make V=s
```
---
## 🔧 Development
### Create a New Module
```bash
# Copy template
cp -r templates/luci-app-template luci-app-newmodule
# Edit Makefile
cd luci-app-newmodule
vi Makefile # Update PKG_NAME, PKG_VERSION, LUCI_TITLE, LUCI_DEPENDS
# Create required files
mkdir -p htdocs/luci-static/resources/{view/newmodule,newmodule}
mkdir -p root/usr/{libexec/rpcd,share/{luci/menu.d,rpcd/acl.d}}
# Implement your module...
```
### Test Locally
```bash
# Build package
make package/luci-app-newmodule/compile V=s
# Package will be in bin/packages/<arch>/base/
scp bin/packages/*/base/luci-app-newmodule_*.ipk root@router:/tmp/
# Install on router
ssh root@router
opkg install /tmp/luci-app-newmodule_*.ipk
/etc/init.d/rpcd restart
```
### Run Tests
```bash
# Lint and validate
shellcheck luci-app-*/root/usr/libexec/rpcd/*
jsonlint luci-app-*/root/usr/share/luci/menu.d/*.json
jsonlint luci-app-*/root/usr/share/rpcd/acl.d/*.json
# Or use GitHub Actions workflow
git push # Triggers test-validate.yml
```
---
## 🤖 CI/CD
### Automated Builds
Packages are compiled automatically when:
- **Push to main/master**: Test compilation
- **Pull Request**: Validation and testing
- **Tag `v*`**: Release creation with all architectures
### Manual Build
1. Go to **Actions** → **Build OpenWrt Packages**
2. Click **Run workflow**
3. Select:
- **OpenWrt version**: 23.05.5, 22.03.7, or SNAPSHOT
- **Architectures**: `all` or comma-separated list
```bash
# Examples
all # All architectures
x86-64 # x86_64 only
aarch64-cortex-a53,aarch64-cortex-a72 # GlobalScale devices
mips-24kc,mipsel-24kc # MIPS routers
```
### Download Artifacts
1. Go to **Actions** → Select workflow run
2. Click on the run
3. Download **Artifacts** at bottom of page
Artifacts are organized by architecture:
```
packages-x86-64/
├── luci-app-secubox_1.0.0-1_all.ipk
├── luci-app-system-hub_1.0.0-1_all.ipk
├── luci-app-crowdsec-dashboard_1.0.0-1_all.ipk
├── ...
└── SHA256SUMS
```
---
## 📊 OpenWrt Compatibility
| Version | Status | Notes |
|---------|--------|-------|
| 24.10.x | 🔜 Planned | Awaiting release |
| 23.05.x | ✅ Supported | **Recommended** |
| 22.03.x | ✅ Supported | LTS |
| 21.02.x | ⚠️ Partial | End of support |
| SNAPSHOT | ✅ Supported | Unstable |
---
## 🧰 SecuBox Tools
### secubox-repair.sh
Automated repair tool for all SecuBox modules.
**Features:**
- Auto-detect and fix Makefile issues
- Generate missing RPCD files
- Validate package structure
- Batch repair all modules
```bash
./secubox-tools/secubox-repair.sh
```
### secubox-debug.sh
Debug and diagnostic tool for development.
**Features:**
- Validate package structure
- Check dependencies
- Test RPCD backends
- Generate diagnostic reports
```bash
./secubox-tools/secubox-debug.sh luci-app-module-name
```
---
## 🏷️ Creating Releases
```bash
# Create versioned tag
git tag -a v1.2.0 -m "Release 1.2.0: Add new features"
git push origin v1.2.0
```
La release sera créée automatiquement avec :
- Archives `.tar.gz` par architecture
- Archive globale toutes architectures
- Checksums SHA256
- Notes de release générées
The release will be created automatically with:
- Individual `.tar.gz` archives per architecture
- Global archive with all architectures
- SHA256 checksums
- Auto-generated release notes
## ⚙️ Configuration CI
---
### Variables d'Environnement
## 🔗 Links
| Variable | Default | Description |
|----------|---------|-------------|
| `OPENWRT_VERSION` | `23.05.5` | Version OpenWrt SDK |
- **Documentation**: [CyberMind SecuBox](https://cybermind.fr/secubox)
- **Website**: [CyberMind.fr](https://cybermind.fr)
- **OpenWrt SDK**: [Documentation](https://openwrt.org/docs/guide-developer/using_the_sdk)
- **LuCI Development**: [Wiki](https://github.com/openwrt/luci/wiki)
- **Issue Tracker**: [GitHub Issues](https://github.com/gkerma/secubox/issues)
### Secrets Requis
Aucun secret requis pour la compilation. Le `GITHUB_TOKEN` par défaut suffit pour créer les releases.
### Cache
Le SDK OpenWrt est mis en cache par architecture pour accélérer les builds suivants.
## 🧪 Tests & Validation
Le workflow `test-validate.yml` vérifie :
- ✅ Structure des Makefiles (champs requis)
- ✅ Syntaxe JSON (menu, ACL)
- ✅ Syntaxe JavaScript (views)
- ✅ Scripts shell (shellcheck)
- ✅ Permissions des fichiers
- ✅ Build test sur x86_64
## 📊 Matrice de Compatibilité
| OpenWrt | Status | Notes |
|---------|--------|-------|
| 24.10.x | 🔜 Prévu | En attente release |
| 23.05.x | ✅ Supporté | Recommandé |
| 22.03.x | ✅ Supporté | LTS |
| 21.02.x | ⚠️ Partiel | Fin de support |
| SNAPSHOT | ✅ Supporté | Instable |
## 🔗 Liens
- [OpenWrt SDK Documentation](https://openwrt.org/docs/guide-developer/using_the_sdk)
- [LuCI Development Guide](https://github.com/openwrt/luci/wiki)
- [CyberMind.fr](https://cybermind.fr)
- [SecuBox Project](https://cybermind.fr/secubox)
---
## 📄 License
Apache-2.0 © 2025 CyberMind.fr
Individual modules may have additional licensing terms - see each module's README.
---
## 🤝 Contributing
Contributions are welcome! Please:
1. Fork the repository
2. Create a feature branch (`git checkout -b feature/amazing-feature`)
3. Commit your changes (`git commit -m 'Add amazing feature'`)
4. Push to the branch (`git push origin feature/amazing-feature`)
5. Open a Pull Request
---
## 👤 Author
**Gandalf** - [CyberMind.fr](https://cybermind.fr)
---
**Made with ❤️ in France 🇫🇷**

556
build-openwrt-packages.yml
View File

@ -1,556 +0,0 @@
name: Build OpenWrt Packages
on:
push:
branches: [main, master, develop]
tags:
- 'v*'
pull_request:
branches: [main, master]
workflow_dispatch:
inputs:
openwrt_version:
description: 'OpenWrt version'
required: true
default: '23.05.5'
type: choice
options:
- '23.05.5'
- '23.05.4'
- '22.03.7'
- 'SNAPSHOT'
architectures:
description: 'Architectures to build (comma-separated or "all")'
required: false
default: 'all'
env:
OPENWRT_VERSION: ${{ github.event.inputs.openwrt_version || '23.05.5' }}
jobs:
# ============================================
# Determine build matrix
# ============================================
setup:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
version: ${{ steps.version.outputs.version }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Determine version
id: version
run: |
if [[ "${{ github.ref }}" == refs/tags/v* ]]; then
VERSION="${{ github.ref_name }}"
else
VERSION="0.0.0-$(git rev-parse --short HEAD)"
fi
echo "version=${VERSION#v}" >> $GITHUB_OUTPUT
echo "📦 Package version: ${VERSION#v}"
- name: Set build matrix
id: set-matrix
run: |
# Full architecture matrix for OpenWrt
# Format: target/subtarget -> SDK name mapping
cat > /tmp/matrix.json << 'MATRIX_EOF'
{
"include": [
{
"target": "x86-64",
"arch": "x86_64",
"sdk_name": "x86-64",
"description": "x86 64-bit (PC, VM, containers)"
},
{
"target": "x86-generic",
"arch": "i386_pentium4",
"sdk_name": "x86-generic",
"description": "x86 32-bit (legacy PC)"
},
{
"target": "aarch64-generic",
"arch": "aarch64_generic",
"sdk_name": "armsr-armv8",
"description": "ARM 64-bit generic (RPi4, Rock64)"
},
{
"target": "aarch64-cortex-a53",
"arch": "aarch64_cortex-a53",
"sdk_name": "mvebu-cortexa53",
"description": "ARM Cortex-A53 (ESPRESSObin, Sheeva64)"
},
{
"target": "aarch64-cortex-a72",
"arch": "aarch64_cortex-a72",
"sdk_name": "mvebu-cortexa72",
"description": "ARM Cortex-A72 (MOCHAbin, MACCHIATObin)"
},
{
"target": "arm-cortex-a7-neon",
"arch": "arm_cortex-a7_neon-vfpv4",
"sdk_name": "sunxi-cortexa7",
"description": "ARM Cortex-A7 (Orange Pi, Banana Pi)"
},
{
"target": "arm-cortex-a9-neon",
"arch": "arm_cortex-a9_neon",
"sdk_name": "mvebu-cortexa9",
"description": "ARM Cortex-A9 (Linksys WRT, Turris)"
},
{
"target": "arm-cortex-a15-neon",
"arch": "arm_cortex-a15_neon-vfpv4",
"sdk_name": "armvirt-32",
"description": "ARM Cortex-A15 (QEMU ARM)"
},
{
"target": "mips-24kc",
"arch": "mips_24kc",
"sdk_name": "ath79-generic",
"description": "MIPS 24Kc (TP-Link, Ubiquiti)"
},
{
"target": "mipsel-24kc",
"arch": "mipsel_24kc",
"sdk_name": "ramips-mt7621",
"description": "MIPS Little-Endian (Xiaomi, GL.iNet)"
},
{
"target": "mipsel-74kc",
"arch": "mipsel_74kc",
"sdk_name": "bcm47xx-mips74k",
"description": "MIPS 74Kc (Broadcom routers)"
},
{
"target": "mediatek-filogic",
"arch": "aarch64_cortex-a53",
"sdk_name": "mediatek-filogic",
"description": "MediaTek Filogic (MT7981, MT7986)"
},
{
"target": "qualcomm-ipq40xx",
"arch": "arm_cortex-a7_neon-vfpv4",
"sdk_name": "ipq40xx-generic",
"description": "Qualcomm IPQ40xx (Google WiFi, Zyxel)"
},
{
"target": "qualcomm-ipq806x",
"arch": "arm_cortex-a15_neon-vfpv4",
"sdk_name": "ipq806x-generic",
"description": "Qualcomm IPQ806x (Netgear R7800)"
},
{
"target": "rockchip-armv8",
"arch": "aarch64_generic",
"sdk_name": "rockchip-armv8",
"description": "Rockchip (NanoPi R4S, R5S)"
},
{
"target": "bcm27xx-bcm2711",
"arch": "aarch64_cortex-a72",
"sdk_name": "bcm27xx-bcm2711",
"description": "Raspberry Pi 4"
}
]
}
MATRIX_EOF
INPUT_ARCHS="${{ github.event.inputs.architectures }}"
if [[ -z "$INPUT_ARCHS" || "$INPUT_ARCHS" == "all" ]]; then
MATRIX=$(cat /tmp/matrix.json | jq -c '.')
else
# Filter matrix based on input
MATRIX=$(cat /tmp/matrix.json | jq -c --arg archs "$INPUT_ARCHS" '
.include |= map(select(.target as $t | $archs | split(",") | map(gsub("^\\s+|\\s+$";"")) | any(. == $t or . == "all")))
')
fi
# Use delimiter for multiline output
echo "matrix<<EOF" >> $GITHUB_OUTPUT
echo "$MATRIX" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
echo "📋 Build matrix:"
echo "$MATRIX" | jq '.'
# ============================================
# Build packages for each architecture
# ============================================
build:
needs: setup
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.setup.outputs.matrix) }}
name: Build ${{ matrix.target }}
steps:
- name: Checkout source
uses: actions/checkout@v4
- name: Free disk space
run: |
echo "🧹 Cleaning up disk space..."
sudo rm -rf /usr/share/dotnet
sudo rm -rf /usr/local/lib/android
sudo rm -rf /opt/ghc
sudo rm -rf /opt/hostedtoolcache/CodeQL
sudo docker image prune --all --force
df -h
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y \
build-essential clang flex bison g++ gawk \
gcc-multilib g++-multilib gettext git libncurses5-dev \
libssl-dev python3-setuptools python3-dev rsync \
swig unzip zlib1g-dev file wget curl jq
- name: Cache OpenWrt SDK
uses: actions/cache@v4
id: cache-sdk
with:
path: ~/sdk
key: openwrt-sdk-${{ env.OPENWRT_VERSION }}-${{ matrix.sdk_name }}
- name: Download OpenWrt SDK
if: steps.cache-sdk.outputs.cache-hit != 'true'
run: |
echo "📥 Downloading SDK for ${{ matrix.description }}..."
VERSION="${{ env.OPENWRT_VERSION }}"
SDK_NAME="${{ matrix.sdk_name }}"
if [[ "$VERSION" == "SNAPSHOT" ]]; then
BASE_URL="https://downloads.openwrt.org/snapshots/targets"
else
BASE_URL="https://downloads.openwrt.org/releases/${VERSION}/targets"
fi
# Parse target/subtarget from sdk_name
TARGET=$(echo "$SDK_NAME" | cut -d'-' -f1)
SUBTARGET=$(echo "$SDK_NAME" | cut -d'-' -f2-)
SDK_URL="${BASE_URL}/${TARGET}/${SUBTARGET}"
echo "🔍 Looking for SDK at: $SDK_URL"
# Find SDK filename
SDK_FILE=$(curl -sL "$SDK_URL/" | grep -oP 'openwrt-sdk[^"]+\.tar\.(xz|zst)' | head -1)
if [[ -z "$SDK_FILE" ]]; then
echo "⚠️ SDK not found, trying alternative URL pattern..."
SDK_FILE=$(curl -sL "$SDK_URL/sha256sums" | grep -oP 'openwrt-sdk[^\s]+' | head -1)
fi
if [[ -z "$SDK_FILE" ]]; then
echo "❌ Could not find SDK for ${{ matrix.target }}"
echo "🔗 Checked: $SDK_URL"
exit 1
fi
echo "📦 Downloading: $SDK_FILE"
wget -q --show-progress "${SDK_URL}/${SDK_FILE}" -O /tmp/sdk.tar.xz || \
wget -q --show-progress "${SDK_URL}/${SDK_FILE}" -O /tmp/sdk.tar.zst
mkdir -p ~/sdk
if [[ "$SDK_FILE" == *.zst ]]; then
zstd -d /tmp/sdk.tar.zst -o /tmp/sdk.tar
tar -xf /tmp/sdk.tar -C ~/sdk --strip-components=1
else
tar -xf /tmp/sdk.tar.xz -C ~/sdk --strip-components=1
fi
echo "✅ SDK extracted to ~/sdk"
- name: Prepare SDK
run: |
cd ~/sdk
# Update feeds
echo "📋 Updating feeds..."
./scripts/feeds update -a
./scripts/feeds install -a
# Configure SDK
echo "⚙️ Configuring SDK..."
make defconfig
- name: Copy packages to SDK
run: |
echo "📁 Copying SecuBox packages to SDK..."
# List of our packages
PACKAGES=(
"luci-app-crowdsec-dashboard"
"luci-app-netdata-dashboard"
"luci-app-netifyd-dashboard"
"luci-app-wireguard-dashboard"
"luci-app-network-modes"
"luci-app-client-guardian"
"luci-app-system-hub"
"luci-app-cdn-cache"
)
# Create package directory
mkdir -p ~/sdk/package/secubox
# Copy each package if it exists
for pkg in "${PACKAGES[@]}"; do
if [[ -d "$GITHUB_WORKSPACE/$pkg" ]]; then
echo " 📦 $pkg"
cp -r "$GITHUB_WORKSPACE/$pkg" ~/sdk/package/secubox/
else
echo " ⚠️ $pkg not found in repository"
fi
done
# If packages are in a subdirectory
if [[ -d "$GITHUB_WORKSPACE/packages" ]]; then
cp -r "$GITHUB_WORKSPACE/packages/"* ~/sdk/package/secubox/ 2>/dev/null || true
fi
# List what we have
echo "📋 Packages in SDK:"
ls -la ~/sdk/package/secubox/ || echo " (empty)"
- name: Update package version
run: |
VERSION="${{ needs.setup.outputs.version }}"
echo "📝 Setting package version to: $VERSION"
# Update Makefile version in each package
for makefile in ~/sdk/package/secubox/*/Makefile; do
if [[ -f "$makefile" ]]; then
sed -i "s/PKG_VERSION:=.*/PKG_VERSION:=$VERSION/" "$makefile"
sed -i "s/PKG_RELEASE:=.*/PKG_RELEASE:=1/" "$makefile"
echo " ✅ Updated: $(dirname $makefile | xargs basename)"
fi
done
- name: Build packages
run: |
cd ~/sdk
echo "🔨 Building SecuBox packages for ${{ matrix.description }}..."
# Enable our packages
for pkg in ~/sdk/package/secubox/*/; do
PKG_NAME=$(basename "$pkg")
echo "CONFIG_PACKAGE_${PKG_NAME}=m" >> .config
done
make defconfig
# Build with verbose output on error
make package/secubox/compile V=s -j$(nproc) || {
echo "❌ Build failed, retrying with single thread..."
make package/secubox/compile V=s -j1
}
# Generate package index
make package/index V=s
- name: Collect artifacts
id: collect
run: |
echo "📦 Collecting built packages..."
mkdir -p $GITHUB_WORKSPACE/artifacts/${{ matrix.target }}
# Find and copy .ipk files
find ~/sdk/bin -name "*.ipk" -exec cp {} $GITHUB_WORKSPACE/artifacts/${{ matrix.target }}/ \;
# Copy package index
find ~/sdk/bin -name "Packages*" -exec cp {} $GITHUB_WORKSPACE/artifacts/${{ matrix.target }}/ \; 2>/dev/null || true
# List artifacts
echo "📋 Built packages for ${{ matrix.target }}:"
ls -la $GITHUB_WORKSPACE/artifacts/${{ matrix.target }}/
# Count packages
PKG_COUNT=$(find $GITHUB_WORKSPACE/artifacts/${{ matrix.target }} -name "*.ipk" | wc -l)
echo "pkg_count=$PKG_COUNT" >> $GITHUB_OUTPUT
if [[ $PKG_COUNT -eq 0 ]]; then
echo "⚠️ No packages built!"
exit 1
fi
- name: Create checksums
run: |
cd $GITHUB_WORKSPACE/artifacts/${{ matrix.target }}
sha256sum *.ipk > SHA256SUMS
echo "✅ Checksums created"
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: packages-${{ matrix.target }}
path: artifacts/${{ matrix.target }}/
retention-days: 30
# ============================================
# Create combined release
# ============================================
release:
needs: [setup, build]
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/v')
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
path: packages
pattern: packages-*
- name: Organize packages
run: |
echo "📁 Organizing release packages..."
VERSION="${{ needs.setup.outputs.version }}"
mkdir -p release
# Create architecture-specific archives
for arch_dir in packages/packages-*/; do
ARCH=$(basename "$arch_dir" | sed 's/packages-//')
echo "📦 Processing $ARCH..."
# Create tarball
tar -czf "release/secubox-${VERSION}-${ARCH}.tar.gz" -C "$arch_dir" .
# Copy individual .ipk files to flat structure
mkdir -p "release/ipk/${ARCH}"
cp "$arch_dir"/*.ipk "release/ipk/${ARCH}/" 2>/dev/null || true
done
# Create "all architectures" mega-archive
tar -czf "release/secubox-${VERSION}-all-architectures.tar.gz" -C packages .
# Create release notes
cat > release/RELEASE_NOTES.md << EOF
# SecuBox $VERSION
## 📦 Packages Included
- luci-app-crowdsec-dashboard - CrowdSec Security Dashboard
- luci-app-netdata-dashboard - Netdata Monitoring Dashboard
- luci-app-netifyd-dashboard - Netifyd DPI Dashboard
- luci-app-wireguard-dashboard - WireGuard VPN Dashboard
- luci-app-network-modes - Network Mode Switcher
- luci-app-client-guardian - NAC & Captive Portal
- luci-app-system-hub - System Hub Control Center
## 🏗️ Supported Architectures
| Target | Architecture | Description |
|--------|--------------|-------------|
| x86-64 | x86_64 | PC, VMs, Containers |
| aarch64-cortex-a53 | aarch64 | ESPRESSObin, Sheeva64 |
| aarch64-cortex-a72 | aarch64 | MOCHAbin, RPi4 |
| arm-cortex-a7 | arm | Orange Pi, Banana Pi |
| arm-cortex-a9 | arm | Linksys WRT, Turris |
| mips-24kc | mips | TP-Link, Ubiquiti |
| mipsel-24kc | mipsel | Xiaomi, GL.iNet |
| mediatek-filogic | aarch64 | MT7981, MT7986 |
| qualcomm-ipq40xx | arm | Google WiFi |
| rockchip-armv8 | aarch64 | NanoPi R4S, R5S |
## 📥 Installation
\`\`\`bash
# Download package for your architecture
opkg update
opkg install luci-app-crowdsec-dashboard_${VERSION}_*.ipk
# ... install other packages as needed
\`\`\`
## 🔗 Links
- [Documentation](https://cybermind.fr/docs/secubox)
- [GitHub](https://github.com/gkerma)
- [CyberMind.fr](https://cybermind.fr)
---
Built with OpenWrt SDK ${{ env.OPENWRT_VERSION }}
EOF
echo "✅ Release organized"
ls -la release/
- name: Create global checksums
run: |
cd release
sha256sum *.tar.gz > SHA256SUMS
echo "✅ Global checksums created"
- name: Create GitHub Release
uses: softprops/action-gh-release@v2
with:
name: SecuBox ${{ needs.setup.outputs.version }}
body_path: release/RELEASE_NOTES.md
files: |
release/*.tar.gz
release/SHA256SUMS
draft: false
prerelease: ${{ contains(github.ref, 'alpha') || contains(github.ref, 'beta') || contains(github.ref, 'rc') }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# ============================================
# Build status summary
# ============================================
summary:
needs: [setup, build]
runs-on: ubuntu-latest
if: always()
steps:
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
path: packages
pattern: packages-*
continue-on-error: true
- name: Generate build summary
run: |
echo "# 📊 SecuBox Build Summary" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "**Version:** ${{ needs.setup.outputs.version }}" >> $GITHUB_STEP_SUMMARY
echo "**OpenWrt:** ${{ env.OPENWRT_VERSION }}" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "## Build Results" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "| Architecture | Status | Packages |" >> $GITHUB_STEP_SUMMARY
echo "|--------------|--------|----------|" >> $GITHUB_STEP_SUMMARY
for arch_dir in packages/packages-*/; do
if [[ -d "$arch_dir" ]]; then
ARCH=$(basename "$arch_dir" | sed 's/packages-//')
PKG_COUNT=$(find "$arch_dir" -name "*.ipk" 2>/dev/null | wc -l)
if [[ $PKG_COUNT -gt 0 ]]; then
echo "| $ARCH | ✅ Success | $PKG_COUNT |" >> $GITHUB_STEP_SUMMARY
else
echo "| $ARCH | ⚠️ No packages | 0 |" >> $GITHUB_STEP_SUMMARY
fi
fi
done
echo "" >> $GITHUB_STEP_SUMMARY
echo "## 📦 Artifacts" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "Download artifacts from the Actions tab above." >> $GITHUB_STEP_SUMMARY

432
build-secubox-images.yml
View File

@ -1,432 +0,0 @@
name: Build SecuBox Images (GlobalScale)
on:
workflow_dispatch:
inputs:
device:
description: 'Target device'
required: true
type: choice
options:
- espressobin-v7
- espressobin-ultra
- sheeva64
- sheeva64-wifi
- mochabin
- all
openwrt_version:
description: 'OpenWrt version'
required: true
default: '23.05.5'
type: choice
options:
- '23.05.5'
- '23.05.4'
- 'SNAPSHOT'
include_secubox:
description: 'Include SecuBox packages'
required: true
type: boolean
default: true
env:
OPENWRT_VERSION: ${{ github.event.inputs.openwrt_version }}
jobs:
# ============================================
# Generate build matrix based on input
# ============================================
setup:
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- name: Set build matrix
id: set-matrix
run: |
DEVICE="${{ github.event.inputs.device }}"
# Define all devices in a file to avoid heredoc issues
cat > /tmp/devices.json << 'DEVICES_EOF'
[
{
"device": "espressobin-v7",
"target": "mvebu",
"subtarget": "cortexa53",
"profile": "globalscale_espressobin",
"description": "ESPRESSObin V7 (1-2GB DDR4)"
},
{
"device": "espressobin-ultra",
"target": "mvebu",
"subtarget": "cortexa53",
"profile": "globalscale_espressobin-ultra",
"description": "ESPRESSObin Ultra (PoE, WiFi)"
},
{
"device": "sheeva64",
"target": "mvebu",
"subtarget": "cortexa53",
"profile": "globalscale_sheeva64",
"description": "Sheeva64 (Plug computer)"
},
{
"device": "sheeva64-wifi",
"target": "mvebu",
"subtarget": "cortexa53",
"profile": "globalscale_sheeva64",
"description": "Sheeva64 WiFi (802.11ac + BT)"
},
{
"device": "mochabin",
"target": "mvebu",
"subtarget": "cortexa72",
"profile": "globalscale_mochabin",
"description": "MOCHAbin (Quad-core A72, 10G)"
}
]
DEVICES_EOF
# Filter based on input
if [[ "$DEVICE" == "all" ]]; then
MATRIX=$(jq -c '{"include": .}' /tmp/devices.json)
else
MATRIX=$(jq -c --arg dev "$DEVICE" '{"include": [.[] | select(.device == $dev)]}' /tmp/devices.json)
fi
# Use delimiter for multiline output
echo "matrix<<EOF" >> $GITHUB_OUTPUT
echo "$MATRIX" >> $GITHUB_OUTPUT
echo "EOF" >> $GITHUB_OUTPUT
echo "📋 Build matrix:"
echo "$MATRIX" | jq '.'
# ============================================
# Build firmware images for GlobalScale devices
# ============================================
build-image:
needs: setup
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.setup.outputs.matrix) }}
name: ${{ matrix.description }}
steps:
- name: Checkout SecuBox packages
uses: actions/checkout@v4
- name: Free disk space
run: |
echo "🧹 Cleaning up disk space..."
sudo rm -rf /usr/share/dotnet /usr/local/lib/android /opt/ghc
sudo docker image prune --all --force
df -h
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y \
build-essential clang flex bison g++ gawk \
gcc-multilib g++-multilib gettext git libncurses5-dev \
libssl-dev python3-setuptools python3-dev rsync \
swig unzip zlib1g-dev file wget curl qemu-utils
- name: Clone OpenWrt
run: |
if [[ "${{ env.OPENWRT_VERSION }}" == "SNAPSHOT" ]]; then
git clone --depth 1 https://github.com/openwrt/openwrt.git openwrt
else
git clone --depth 1 --branch v${{ env.OPENWRT_VERSION }} \
https://github.com/openwrt/openwrt.git openwrt
fi
- name: Update feeds
run: |
cd openwrt
./scripts/feeds update -a
./scripts/feeds install -a
- name: Copy SecuBox packages
if: ${{ github.event.inputs.include_secubox == 'true' }}
run: |
mkdir -p openwrt/package/secubox
for pkg in luci-app-*/; do
if [[ -d "$pkg" ]]; then
echo "📦 Adding $pkg"
cp -r "$pkg" openwrt/package/secubox/
fi
done
- name: Generate SecuBox config
run: |
cd openwrt
# Base configuration
cat > .config << EOF
# Target
CONFIG_TARGET_${{ matrix.target }}=y
CONFIG_TARGET_${{ matrix.target }}_${{ matrix.subtarget }}=y
CONFIG_TARGET_${{ matrix.target }}_${{ matrix.subtarget }}_DEVICE_${{ matrix.profile }}=y
# Image settings
CONFIG_TARGET_ROOTFS_SQUASHFS=y
CONFIG_TARGET_ROOTFS_EXT4FS=y
CONFIG_TARGET_KERNEL_PARTSIZE=32
CONFIG_TARGET_ROOTFS_PARTSIZE=512
# Base packages
CONFIG_PACKAGE_luci=y
CONFIG_PACKAGE_luci-ssl=y
CONFIG_PACKAGE_luci-app-opkg=y
CONFIG_PACKAGE_luci-theme-openwrt-2020=y
# Networking essentials
CONFIG_PACKAGE_curl=y
CONFIG_PACKAGE_wget-ssl=y
CONFIG_PACKAGE_iptables=y
CONFIG_PACKAGE_ip6tables=y
CONFIG_PACKAGE_kmod-nft-core=y
# USB support
CONFIG_PACKAGE_kmod-usb-core=y
CONFIG_PACKAGE_kmod-usb3=y
CONFIG_PACKAGE_kmod-usb-storage=y
# Filesystem
CONFIG_PACKAGE_kmod-fs-ext4=y
CONFIG_PACKAGE_kmod-fs-vfat=y
CONFIG_PACKAGE_block-mount=y
# Wireless (if applicable)
CONFIG_PACKAGE_hostapd-common=y
CONFIG_PACKAGE_wpad-basic-mbedtls=y
# Monitoring tools
CONFIG_PACKAGE_htop=y
CONFIG_PACKAGE_iftop=y
CONFIG_PACKAGE_tcpdump=y
# SSH
CONFIG_PACKAGE_openssh-sftp-server=y
EOF
- name: Add SecuBox packages to config
if: ${{ github.event.inputs.include_secubox == 'true' }}
run: |
cd openwrt
# CrowdSec
cat >> .config << EOF
CONFIG_PACKAGE_crowdsec=y
CONFIG_PACKAGE_crowdsec-firewall-bouncer=y
CONFIG_PACKAGE_luci-app-crowdsec-dashboard=y
EOF
# Netdata
cat >> .config << EOF
CONFIG_PACKAGE_netdata=y
CONFIG_PACKAGE_luci-app-netdata-dashboard=y
EOF
# Netifyd
cat >> .config << EOF
CONFIG_PACKAGE_netifyd=y
CONFIG_PACKAGE_luci-app-netifyd-dashboard=y
EOF
# WireGuard
cat >> .config << EOF
CONFIG_PACKAGE_wireguard-tools=y
CONFIG_PACKAGE_kmod-wireguard=y
CONFIG_PACKAGE_luci-app-wireguard-dashboard=y
CONFIG_PACKAGE_qrencode=y
EOF
# SecuBox core
cat >> .config << EOF
CONFIG_PACKAGE_luci-app-network-modes=y
CONFIG_PACKAGE_luci-app-client-guardian=y
CONFIG_PACKAGE_luci-app-system-hub=y
EOF
- name: Add device-specific packages
run: |
cd openwrt
case "${{ matrix.device }}" in
mochabin)
# 10G networking, more RAM
cat >> .config << EOF
CONFIG_PACKAGE_kmod-sfp=y
CONFIG_PACKAGE_kmod-phy-marvell-10g=y
CONFIG_PACKAGE_prometheus-node-exporter-lua=y
EOF
;;
espressobin-ultra|sheeva64-wifi)
# WiFi support
cat >> .config << EOF
CONFIG_PACKAGE_kmod-mt76=y
CONFIG_PACKAGE_kmod-mac80211=y
EOF
;;
sheeva64*)
# Minimal for plug computer
cat >> .config << EOF
# Optimized for plug form factor
CONFIG_PACKAGE_kmod-ledtrig-heartbeat=y
EOF
;;
esac
- name: Make defconfig
run: |
cd openwrt
make defconfig
- name: Download packages
run: |
cd openwrt
make download -j$(nproc) V=s || make download -j1 V=s
- name: Build firmware
run: |
cd openwrt
echo "🔨 Building firmware for ${{ matrix.description }}..."
echo "⏱️ This may take 1-2 hours..."
make -j$(nproc) V=s 2>&1 | tee build.log || {
echo "❌ Build failed, retrying with single thread..."
make -j1 V=s 2>&1 | tee build-retry.log
}
- name: Prepare artifacts
run: |
mkdir -p artifacts
# Copy firmware images
find openwrt/bin/targets -name "*.img.gz" -exec cp {} artifacts/ \;
find openwrt/bin/targets -name "*.bin" -exec cp {} artifacts/ \;
find openwrt/bin/targets -name "*sysupgrade*" -exec cp {} artifacts/ \;
find openwrt/bin/targets -name "*factory*" -exec cp {} artifacts/ \;
# Copy packages
mkdir -p artifacts/packages
find openwrt/bin/packages -name "luci-app-*secubox*.ipk" -exec cp {} artifacts/packages/ \; 2>/dev/null || true
find openwrt/bin/packages -name "luci-app-*dashboard*.ipk" -exec cp {} artifacts/packages/ \; 2>/dev/null || true
# Generate checksums
cd artifacts
sha256sum * > SHA256SUMS 2>/dev/null || true
# Create info file
cat > BUILD_INFO.txt << EOF
SecuBox Firmware Build
=======================
Device: ${{ matrix.description }}
Profile: ${{ matrix.profile }}
Target: ${{ matrix.target }}/${{ matrix.subtarget }}
OpenWrt: ${{ env.OPENWRT_VERSION }}
SecuBox: ${{ github.event.inputs.include_secubox }}
Built: $(date -u +%Y-%m-%dT%H:%M:%SZ)
Commit: ${{ github.sha }}
EOF
echo "📦 Artifacts:"
ls -la
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: secubox-${{ matrix.device }}-${{ env.OPENWRT_VERSION }}
path: artifacts/
retention-days: 30
# ============================================
# Create combined release for all devices
# ============================================
release:
needs: [setup, build-image]
runs-on: ubuntu-latest
if: github.event.inputs.device == 'all'
steps:
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
path: firmware
pattern: secubox-*
- name: Organize release
run: |
mkdir -p release
for device_dir in firmware/secubox-*/; do
DEVICE=$(basename "$device_dir" | sed 's/secubox-//' | sed "s/-${{ env.OPENWRT_VERSION }}//")
echo "📦 Processing $DEVICE..."
# Create device archive
tar -czf "release/secubox-firmware-${DEVICE}.tar.gz" -C "$device_dir" .
done
# Global checksums
cd release
sha256sum *.tar.gz > SHA256SUMS
# Release notes
cat > RELEASE_NOTES.md << 'EOF'
# SecuBox Firmware Images
Pre-built firmware images for GlobalScale devices with SecuBox modules pre-installed.
## Included Devices
| Device | SoC | RAM | Description |
|--------|-----|-----|-------------|
| ESPRESSObin V7 | Armada 3720 | 1-2GB | Entry-level |
| ESPRESSObin Ultra | Armada 3720 | 1-2GB | WiFi + PoE |
| Sheeva64 | Armada 3720 | 1GB | Plug computer |
| MOCHAbin | Armada 7040 | 4-8GB | Quad-core + 10G |
## Pre-installed SecuBox Modules
- luci-app-crowdsec-dashboard
- luci-app-netdata-dashboard
- luci-app-netifyd-dashboard
- luci-app-wireguard-dashboard
- luci-app-network-modes
- luci-app-client-guardian
- luci-app-system-hub
## Installation
1. Download the appropriate firmware for your device
2. Flash using OpenWrt sysupgrade or manufacturer tools
3. Access LuCI at http://192.168.1.1
4. Navigate to Services → SecuBox
## Support
- [Documentation](https://cybermind.fr/docs/secubox)
- [CyberMind.fr](https://cybermind.fr)
EOF
- name: Create release
if: github.ref == 'refs/heads/main'
uses: softprops/action-gh-release@v2
with:
name: "SecuBox Firmware ${{ env.OPENWRT_VERSION }}"
tag_name: "firmware-${{ env.OPENWRT_VERSION }}-${{ github.run_number }}"
body_path: release/RELEASE_NOTES.md
files: |
release/*.tar.gz
release/SHA256SUMS
draft: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

147
cleanup-packages.sh
View File

@ -1,147 +0,0 @@
#!/bin/bash
# cleanup-packages.sh
# Script to fix common issues in SecuBox package structure
set -e
echo "🧹 SecuBox Package Cleanup Script"
echo "=================================="
echo ""
ERRORS=0
FIXES=0
# 1. Remove malformed {htdocs directories
echo "📁 Checking for malformed directories..."
for pkg in luci-app-*/; do
if [[ -d "${pkg}{htdocs" ]]; then
echo " ❌ Found malformed directory: ${pkg}{htdocs"
echo " → Removing..."
rm -rf "${pkg}{htdocs"
FIXES=$((FIXES + 1))
fi
done
# 2. Ensure htdocs structure exists
echo ""
echo "📁 Checking htdocs structure..."
for pkg in luci-app-*/; do
if [[ -d "$pkg" ]]; then
PKG_NAME=$(basename "$pkg")
# Create htdocs structure if missing
if [[ ! -d "${pkg}htdocs/luci-static/resources/view" ]]; then
echo " ⚠️ Missing htdocs structure in $PKG_NAME"
mkdir -p "${pkg}htdocs/luci-static/resources/view"
FIXES=$((FIXES + 1))
fi
fi
done
# 3. Fix file permissions
echo ""
echo "🔐 Fixing file permissions..."
for pkg in luci-app-*/; do
# RPCD scripts
if [[ -d "${pkg}root/usr/libexec/rpcd" ]]; then
for script in "${pkg}root/usr/libexec/rpcd/"*; do
if [[ -f "$script" && ! -x "$script" ]]; then
echo " → Making executable: $script"
chmod +x "$script"
FIXES=$((FIXES + 1))
fi
done
fi
# Init scripts
if [[ -d "${pkg}root/etc/init.d" ]]; then
for script in "${pkg}root/etc/init.d/"*; do
if [[ -f "$script" && ! -x "$script" ]]; then
echo " → Making executable: $script"
chmod +x "$script"
FIXES=$((FIXES + 1))
fi
done
fi
# UCI defaults
if [[ -d "${pkg}root/etc/uci-defaults" ]]; then
for script in "${pkg}root/etc/uci-defaults/"*; do
if [[ -f "$script" && ! -x "$script" ]]; then
echo " → Making executable: $script"
chmod +x "$script"
FIXES=$((FIXES + 1))
fi
done
fi
done
# 4. Validate Makefiles
echo ""
echo "📋 Validating Makefiles..."
for makefile in luci-app-*/Makefile; do
if [[ -f "$makefile" ]]; then
PKG=$(dirname "$makefile")
PKG_NAME=$(basename "$PKG")
# Check PKG_NAME matches directory
MAKEFILE_PKG_NAME=$(grep "^PKG_NAME:=" "$makefile" | cut -d'=' -f2)
if [[ "$MAKEFILE_PKG_NAME" != "$PKG_NAME" ]]; then
echo " ❌ PKG_NAME mismatch in $PKG_NAME"
echo " Directory: $PKG_NAME"
echo " Makefile: $MAKEFILE_PKG_NAME"
ERRORS=$((ERRORS + 1))
fi
# Check required fields
for field in PKG_VERSION PKG_RELEASE PKG_LICENSE; do
if ! grep -q "^${field}:=" "$makefile"; then
echo " ⚠️ Missing $field in $PKG_NAME/Makefile"
fi
done
# Check include statement
if ! grep -q "include.*luci.mk" "$makefile"; then
echo " ⚠️ Missing 'include \$(TOPDIR)/feeds/luci/luci.mk' in $PKG_NAME"
fi
fi
done
# 5. Check for required directories
echo ""
echo "📂 Checking required structure..."
for pkg in luci-app-*/; do
if [[ -d "$pkg" ]]; then
PKG_NAME=$(basename "$pkg")
REQUIRED_DIRS=(
"root/usr/share/luci/menu.d"
"root/usr/share/rpcd/acl.d"
)
for dir in "${REQUIRED_DIRS[@]}"; do
if [[ ! -d "${pkg}${dir}" ]]; then
echo " ⚠️ Creating missing: ${PKG_NAME}/${dir}"
mkdir -p "${pkg}${dir}"
FIXES=$((FIXES + 1))
fi
done
fi
done
# 6. Summary
echo ""
echo "=================================="
echo "📊 Summary"
echo "=================================="
echo "Fixes applied: $FIXES"
echo "Errors found: $ERRORS"
if [[ $ERRORS -gt 0 ]]; then
echo ""
echo "⚠️ Please fix the errors above manually"
exit 1
fi
echo ""
echo "✅ Cleanup complete!"

97
fix-makefiles.sh
View File

@ -1,97 +0,0 @@
#!/bin/bash
# fix-makefiles.sh
# Script to fix Makefiles for OpenWrt LuCI packages
set -e
echo "🔧 SecuBox Makefile Fixer"
echo "========================="
echo ""
FIXED=0
SKIPPED=0
for makefile in luci-app-*/Makefile; do
if [[ ! -f "$makefile" ]]; then
continue
fi
PKG_DIR=$(dirname "$makefile")
PKG_NAME=$(basename "$PKG_DIR")
echo "📦 Processing: $PKG_NAME"
# Check if already has luci.mk include
if grep -q 'include.*feeds/luci/luci\.mk' "$makefile"; then
echo " ✅ Already has luci.mk include"
SKIPPED=$((SKIPPED + 1))
continue
fi
# Check if has package.mk include (alternative valid format)
if grep -q 'include.*package\.mk' "$makefile" && grep -q 'BuildPackage' "$makefile"; then
echo " ✅ Uses package.mk with BuildPackage (valid)"
SKIPPED=$((SKIPPED + 1))
continue
fi
# Need to fix - create backup first
cp "$makefile" "${makefile}.bak"
# Extract existing values
PKG_VERSION=$(grep "^PKG_VERSION:=" "$makefile" | cut -d'=' -f2 || echo "1.0.0")
PKG_RELEASE=$(grep "^PKG_RELEASE:=" "$makefile" | cut -d'=' -f2 || echo "1")
PKG_LICENSE=$(grep "^PKG_LICENSE:=" "$makefile" | cut -d'=' -f2 || echo "Apache-2.0")
LUCI_TITLE=$(grep "^LUCI_TITLE:=" "$makefile" | cut -d'=' -f2- || echo "LuCI - $PKG_NAME")
LUCI_DEPENDS=$(grep "^LUCI_DEPENDS:=" "$makefile" | cut -d'=' -f2- || echo "+luci-base")
# If no LUCI_TITLE, try to extract from define Package section
if [[ -z "$LUCI_TITLE" || "$LUCI_TITLE" == "LuCI - $PKG_NAME" ]]; then
TITLE_LINE=$(grep -A5 "define Package/" "$makefile" | grep "TITLE" | head -1 | cut -d'=' -f2-)
if [[ -n "$TITLE_LINE" ]]; then
LUCI_TITLE="$TITLE_LINE"
fi
fi
# Generate new Makefile
cat > "$makefile" << MAKEFILE_EOF
include \$(TOPDIR)/rules.mk
PKG_NAME:=${PKG_NAME}
PKG_VERSION:=${PKG_VERSION:-1.0.0}
PKG_RELEASE:=${PKG_RELEASE:-1}
PKG_LICENSE:=${PKG_LICENSE:-Apache-2.0}
PKG_MAINTAINER:=CyberMind <contact@cybermind.fr>
LUCI_TITLE:=${LUCI_TITLE:-LuCI - SecuBox Module}
LUCI_DEPENDS:=${LUCI_DEPENDS:-+luci-base}
LUCI_PKGARCH:=all
include \$(TOPDIR)/feeds/luci/luci.mk
# call BuildPackage - OpenWrt buildance
MAKEFILE_EOF
echo " 🔧 Fixed Makefile (backup: ${makefile}.bak)"
FIXED=$((FIXED + 1))
done
echo ""
echo "========================="
echo "📊 Summary"
echo "========================="
echo "Fixed: $FIXED"
echo "Skipped: $SKIPPED"
echo ""
if [[ $FIXED -gt 0 ]]; then
echo "⚠️ Review the fixed Makefiles and adjust LUCI_TITLE and LUCI_DEPENDS as needed"
echo ""
echo "📝 Example correct values:"
echo " LUCI_TITLE:=LuCI - CrowdSec Security Dashboard"
echo " LUCI_DEPENDS:=+luci-base +rpcd +curl"
fi
echo ""
echo "✅ Done!"

269
generate-rpcd-files.sh
View File

@ -1,269 +0,0 @@
#!/bin/sh
# generate-rpcd-files.sh
# Generate missing RPCD scripts and ACL files for SecuBox modules
#
# Usage: ./generate-rpcd-files.sh <module-name>
# Example: ./generate-rpcd-files.sh vhost-manager
MODULE="$1"
if [ -z "$MODULE" ]; then
echo "Usage: $0 <module-name>"
echo "Example: $0 vhost-manager"
exit 1
fi
# Convert module name for different uses
# vhost-manager -> vhost_manager (for shell variables)
# vhost-manager -> vhost-manager (for ubus)
MODULE_UNDERSCORE=$(echo "$MODULE" | tr '-' '_')
UBUS_NAME="luci.$MODULE"
PKG_NAME="luci-app-$MODULE"
echo "╔══════════════════════════════════════════════════════════════╗"
echo "║ Generating RPCD files for: $MODULE"
echo "╚══════════════════════════════════════════════════════════════╝"
echo ""
# ============================================
# Create RPCD script
# ============================================
RPCD_SCRIPT="/usr/libexec/rpcd/$MODULE"
echo "→ Creating RPCD script: $RPCD_SCRIPT"
cat > "$RPCD_SCRIPT" << 'RPCD_EOF'
#!/bin/sh
# RPCD backend for MODULE_PLACEHOLDER
# Provides ubus interface: luci.MODULE_PLACEHOLDER
. /lib/functions.sh
. /usr/share/libubox/jshn.sh
# Initialize JSON
json_init
case "$1" in
list)
# List available methods
json_add_object "status"
json_close_object
json_add_object "get_config"
json_close_object
json_add_object "set_config"
json_add_string "config" "object"
json_close_object
json_add_object "get_stats"
json_close_object
json_dump
;;
call)
case "$2" in
status)
# Return module status
json_add_boolean "enabled" 1
json_add_string "status" "running"
json_add_string "version" "2.0.0"
json_add_string "module" "MODULE_PLACEHOLDER"
# Check if service is running (customize per module)
# Example: check nginx for vhost-manager
# if pgrep -x nginx > /dev/null 2>&1; then
# json_add_boolean "service_running" 1
# else
# json_add_boolean "service_running" 0
# fi
json_add_boolean "service_running" 1
json_dump
;;
get_config)
# Return current configuration
json_add_object "config"
# Read from UCI if available
if [ -f "/etc/config/MODULE_UNDERSCORE_PLACEHOLDER" ]; then
config_load "MODULE_UNDERSCORE_PLACEHOLDER"
# Add config values here
json_add_boolean "enabled" 1
else
json_add_boolean "enabled" 0
fi
json_close_object
json_dump
;;
set_config)
# Set configuration
read -r input
# Parse input JSON
json_load "$input"
json_get_var config config
# Apply configuration via UCI
# uci set MODULE_UNDERSCORE_PLACEHOLDER.global.enabled="$enabled"
# uci commit MODULE_UNDERSCORE_PLACEHOLDER
json_init
json_add_boolean "success" 1
json_add_string "message" "Configuration updated"
json_dump
;;
get_stats)
# Return statistics
json_add_object "stats"
json_add_int "uptime" "$(cat /proc/uptime | cut -d. -f1)"
json_add_string "timestamp" "$(date -Iseconds)"
json_close_object
json_dump
;;
*)
# Unknown method
json_add_int "error" -32601
json_add_string "message" "Method not found"
json_dump
;;
esac
;;
esac
RPCD_EOF
# Replace placeholders
sed -i "s/MODULE_PLACEHOLDER/$MODULE/g" "$RPCD_SCRIPT"
sed -i "s/MODULE_UNDERSCORE_PLACEHOLDER/$MODULE_UNDERSCORE/g" "$RPCD_SCRIPT"
chmod +x "$RPCD_SCRIPT"
echo " ✓ Created and made executable"
# ============================================
# Create ACL file
# ============================================
ACL_FILE="/usr/share/rpcd/acl.d/${PKG_NAME}.json"
echo "→ Creating ACL file: $ACL_FILE"
cat > "$ACL_FILE" << ACL_EOF
{
"luci-app-$MODULE": {
"description": "Grant access to LuCI app $MODULE",
"read": {
"ubus": {
"$UBUS_NAME": ["status", "get_config", "get_stats"]
},
"uci": ["$MODULE_UNDERSCORE"]
},
"write": {
"ubus": {
"$UBUS_NAME": ["set_config"]
},
"uci": ["$MODULE_UNDERSCORE"]
}
}
}
ACL_EOF
echo " ✓ Created ACL file"
# ============================================
# Create Menu file (if not exists)
# ============================================
MENU_FILE="/usr/share/luci/menu.d/${PKG_NAME}.json"
if [ ! -f "$MENU_FILE" ]; then
echo "→ Creating Menu file: $MENU_FILE"
# Convert module name to title
TITLE=$(echo "$MODULE" | sed 's/-/ /g' | awk '{for(i=1;i<=NF;i++) $i=toupper(substr($i,1,1)) tolower(substr($i,2))}1')
cat > "$MENU_FILE" << MENU_EOF
{
"admin/services/$MODULE_UNDERSCORE": {
"title": "$TITLE",
"order": 50,
"action": {
"type": "view",
"path": "$MODULE/main"
},
"depends": {
"acl": ["luci-app-$MODULE"],
"uci": {
"$MODULE_UNDERSCORE": true
}
}
}
}
MENU_EOF
echo " ✓ Created menu file"
else
echo "→ Menu file already exists: $MENU_FILE"
fi
# ============================================
# Create UCI config (if not exists)
# ============================================
UCI_CONFIG="/etc/config/$MODULE_UNDERSCORE"
if [ ! -f "$UCI_CONFIG" ]; then
echo "→ Creating UCI config: $UCI_CONFIG"
cat > "$UCI_CONFIG" << UCI_EOF
config global 'global'
option enabled '1'
option version '2.0.0'
UCI_EOF
echo " ✓ Created UCI config"
else
echo "→ UCI config already exists: $UCI_CONFIG"
fi
# ============================================
# Restart services
# ============================================
echo ""
echo "→ Restarting rpcd..."
/etc/init.d/rpcd restart
echo "→ Clearing LuCI cache..."
rm -rf /tmp/luci-*
# Wait for rpcd to initialize
sleep 2
# ============================================
# Verify
# ============================================
echo ""
echo "╔══════════════════════════════════════════════════════════════╗"
echo "║ Verification"
echo "╚══════════════════════════════════════════════════════════════╝"
echo ""
# Check ubus registration
if ubus list "$UBUS_NAME" > /dev/null 2>&1; then
echo "$UBUS_NAME is registered in ubus"
echo ""
echo "Available methods:"
ubus -v list "$UBUS_NAME"
echo ""
echo "Testing status call:"
ubus call "$UBUS_NAME" status
else
echo "$UBUS_NAME is NOT registered"
echo ""
echo "Debug steps:"
echo " 1. Check script: cat $RPCD_SCRIPT"
echo " 2. Test manually: echo '{\"method\":\"list\"}' | $RPCD_SCRIPT"
echo " 3. Check logs: logread | grep rpcd"
fi
echo ""
echo "Done!"

129
install-rpcd-fix.sh
View File

@ -1,129 +0,0 @@
#!/bin/sh
# install-rpcd-fix.sh
# Quick installation script for SecuBox RPCD fixes
#
# Upload this script along with rpcd/ and acl/ folders to the router
# then run: sh install-rpcd-fix.sh
echo "╔══════════════════════════════════════════════════════════════╗"
echo "║ SecuBox RPCD Fix Installer ║"
echo "╚══════════════════════════════════════════════════════════════╝"
echo ""
SCRIPT_DIR="$(dirname "$(readlink -f "$0")")"
# Check if running as root
if [ "$(id -u)" != "0" ]; then
echo "Error: This script must be run as root"
exit 1
fi
# ============================================
# Install RPCD scripts
# ============================================
echo "→ Installing RPCD scripts..."
if [ -d "$SCRIPT_DIR/rpcd" ]; then
for script in "$SCRIPT_DIR/rpcd"/*; do
[ -f "$script" ] || continue
NAME=$(basename "$script")
DEST="/usr/libexec/rpcd/$NAME"
cp "$script" "$DEST"
chmod +x "$DEST"
echo " ✓ Installed: $DEST"
done
else
echo " ⚠ No rpcd/ directory found"
fi
# ============================================
# Install ACL files
# ============================================
echo ""
echo "→ Installing ACL files..."
mkdir -p /usr/share/rpcd/acl.d
if [ -d "$SCRIPT_DIR/acl" ]; then
for acl in "$SCRIPT_DIR/acl"/*.json; do
[ -f "$acl" ] || continue
NAME=$(basename "$acl")
DEST="/usr/share/rpcd/acl.d/$NAME"
cp "$acl" "$DEST"
echo " ✓ Installed: $DEST"
done
else
echo " ⚠ No acl/ directory found"
fi
# ============================================
# Create missing UCI configs
# ============================================
echo ""
echo "→ Creating UCI configs..."
# vhost_manager
if [ ! -f /etc/config/vhost_manager ]; then
cat > /etc/config/vhost_manager << 'EOF'
config global 'global'
option enabled '1'
option nginx_dir '/etc/nginx/conf.d'
option acme_dir '/etc/acme'
EOF
echo " ✓ Created: /etc/config/vhost_manager"
fi
# ============================================
# Restart services
# ============================================
echo ""
echo "→ Restarting services..."
# Restart rpcd
/etc/init.d/rpcd restart
echo " ✓ rpcd restarted"
# Clear LuCI cache
rm -rf /tmp/luci-*
echo " ✓ LuCI cache cleared"
# Wait for rpcd to initialize
sleep 2
# ============================================
# Verify installation
# ============================================
echo ""
echo "╔══════════════════════════════════════════════════════════════╗"
echo "║ Verification ║"
echo "╚══════════════════════════════════════════════════════════════╝"
echo ""
# List installed modules
echo "Checking ubus registration:"
MODULES="vhost-manager secubox bandwidth-manager auth-guardian media-flow"
for module in $MODULES; do
UBUS_NAME="luci.$module"
if ubus list "$UBUS_NAME" > /dev/null 2>&1; then
echo "$UBUS_NAME"
else
echo "$UBUS_NAME (not registered)"
fi
done
echo ""
echo "Testing vhost-manager status:"
ubus call luci.vhost-manager status 2>/dev/null || echo " ✗ Failed"
echo ""
echo "Installation complete!"
echo ""
echo "If modules are still not working, check:"
echo " logread | grep rpcd"
echo " logread | grep ubus"

2
luci-app-secubox

@ -1 +1 @@
Subproject commit 9ec07852ca63d717db4f8610700b41fb97bc359b
Subproject commit dddfeac6f37efed185c300cad5593e4b1c65eb0e

1543
secubox-analyzer.sh
View File

File diff suppressed because it is too large Load Diff

421
secubox-debug.sh
View File

@ -1,421 +0,0 @@
#!/bin/sh
# secubox-debug.sh
# Debug and analysis script for SecuBox LuCI modules RPC/ubus issues
#
# Usage: ./secubox-debug.sh [module-name]
# Example: ./secubox-debug.sh vhost-manager
# ./secubox-debug.sh all
set -e
# Colors
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
CYAN='\033[0;36m'
NC='\033[0m' # No Color
# SecuBox modules list
MODULES="
secubox
crowdsec-dashboard
netdata-dashboard
netifyd-dashboard
wireguard-dashboard
network-modes
client-guardian
system-hub
bandwidth-manager
auth-guardian
media-flow
vhost-manager
cdn-cache
traffic-shaper
"
echo ""
echo "${CYAN}╔══════════════════════════════════════════════════════════════╗${NC}"
echo "${CYAN}║ SecuBox RPC/UBUS Debug & Analysis Tool ║${NC}"
echo "${CYAN}╚══════════════════════════════════════════════════════════════╝${NC}"
echo ""
# ============================================
# System Information
# ============================================
print_section() {
echo ""
echo "${BLUE}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
echo "${BLUE} $1${NC}"
echo "${BLUE}━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━${NC}"
}
print_ok() {
echo " ${GREEN}${NC} $1"
}
print_warn() {
echo " ${YELLOW}${NC} $1"
}
print_error() {
echo " ${RED}${NC} $1"
}
print_info() {
echo " ${CYAN}${NC} $1"
}
# ============================================
# Check prerequisites
# ============================================
print_section "System Prerequisites"
# Check if running on OpenWrt
if [ -f /etc/openwrt_release ]; then
print_ok "Running on OpenWrt"
. /etc/openwrt_release
print_info "Version: $DISTRIB_DESCRIPTION"
else
print_warn "Not running on OpenWrt - some checks may fail"
fi
# Check rpcd
if pgrep -x rpcd > /dev/null 2>&1; then
print_ok "rpcd is running (PID: $(pgrep -x rpcd))"
else
print_error "rpcd is NOT running!"
echo " Try: /etc/init.d/rpcd restart"
fi
# Check uhttpd
if pgrep -x uhttpd > /dev/null 2>&1; then
print_ok "uhttpd is running"
else
print_warn "uhttpd not running (nginx mode?)"
fi
# Check ubus socket
if [ -S /var/run/ubus/ubus.sock ]; then
print_ok "ubus socket exists"
else
print_error "ubus socket missing!"
fi
# ============================================
# List all ubus objects
# ============================================
print_section "Available UBUS Objects"
echo ""
echo " All registered ubus objects:"
echo " ${CYAN}─────────────────────────────${NC}"
ubus list 2>/dev/null | while read obj; do
# Highlight luci objects
case "$obj" in
luci.*)
echo " ${GREEN}$obj${NC}"
;;
*)
echo " $obj"
;;
esac
done
# Count luci objects
LUCI_COUNT=$(ubus list 2>/dev/null | grep -c "^luci\." || echo "0")
echo ""
print_info "Total LuCI objects registered: $LUCI_COUNT"
# ============================================
# Check SecuBox modules
# ============================================
print_section "SecuBox Modules Status"
echo ""
printf " ${CYAN}%-25s %-10s %-10s %-10s %-10s${NC}\n" "MODULE" "UBUS" "RPCD" "ACL" "MENU"
echo " ─────────────────────────────────────────────────────────────────"
check_module() {
local module="$1"
local ubus_name="luci.$module"
local rpcd_script="/usr/libexec/rpcd/$module"
local acl_file="/usr/share/rpcd/acl.d/luci-app-${module}.json"
local menu_file="/usr/share/luci/menu.d/luci-app-${module}.json"
# Alternative paths
local rpcd_script_alt="/usr/libexec/rpcd/luci.$module"
local acl_file_alt="/usr/share/rpcd/acl.d/luci-${module}.json"
local menu_file_alt="/usr/share/luci/menu.d/luci-${module}.json"
# Check ubus
local ubus_status="${RED}${NC}"
if ubus list "$ubus_name" > /dev/null 2>&1; then
ubus_status="${GREEN}${NC}"
fi
# Check rpcd script
local rpcd_status="${RED}${NC}"
if [ -x "$rpcd_script" ] || [ -x "$rpcd_script_alt" ]; then
rpcd_status="${GREEN}${NC}"
elif [ -f "$rpcd_script" ] || [ -f "$rpcd_script_alt" ]; then
rpcd_status="${YELLOW}!${NC}" # exists but not executable
fi
# Check ACL
local acl_status="${RED}${NC}"
if [ -f "$acl_file" ] || [ -f "$acl_file_alt" ]; then
acl_status="${GREEN}${NC}"
fi
# Check menu
local menu_status="${RED}${NC}"
if [ -f "$menu_file" ] || [ -f "$menu_file_alt" ]; then
menu_status="${GREEN}${NC}"
fi
printf " %-25s %-18s %-18s %-18s %-18s\n" \
"$module" "$ubus_status" "$rpcd_status" "$acl_status" "$menu_status"
}
for module in $MODULES; do
check_module "$module"
done
echo ""
echo " ${CYAN}Legend:${NC} ${GREEN}${NC}=OK ${YELLOW}!${NC}=Issue ${RED}${NC}=Missing"
# ============================================
# Detailed module analysis
# ============================================
TARGET_MODULE="$1"
if [ -n "$TARGET_MODULE" ] && [ "$TARGET_MODULE" != "all" ]; then
print_section "Detailed Analysis: $TARGET_MODULE"
MODULE="$TARGET_MODULE"
UBUS_NAME="luci.$MODULE"
echo ""
echo " ${CYAN}UBUS Object: $UBUS_NAME${NC}"
echo " ─────────────────────────────────────"
# Check if ubus object exists
if ubus list "$UBUS_NAME" > /dev/null 2>&1; then
print_ok "Object registered in ubus"
echo ""
echo " Available methods:"
ubus -v list "$UBUS_NAME" 2>/dev/null | sed 's/^/ /'
echo ""
echo " Testing 'status' method:"
if ubus call "$UBUS_NAME" status 2>/dev/null; then
print_ok "status method works"
else
print_error "status method failed"
fi
else
print_error "Object NOT registered in ubus"
echo ""
echo " ${YELLOW}Troubleshooting steps:${NC}"
echo ""
# Check RPCD script
RPCD_PATHS="
/usr/libexec/rpcd/$MODULE
/usr/libexec/rpcd/luci.$MODULE
/usr/libexec/rpcd/luci-$MODULE
"
echo " 1. Checking RPCD script locations:"
FOUND_RPCD=""
for path in $RPCD_PATHS; do
if [ -f "$path" ]; then
FOUND_RPCD="$path"
if [ -x "$path" ]; then
print_ok "Found executable: $path"
else
print_error "Found but NOT executable: $path"
echo " ${YELLOW}Fix: chmod +x $path${NC}"
fi
fi
done
if [ -z "$FOUND_RPCD" ]; then
print_error "No RPCD script found!"
echo " Expected at: /usr/libexec/rpcd/$MODULE"
fi
# Check ACL file
echo ""
echo " 2. Checking ACL configuration:"
ACL_PATHS="
/usr/share/rpcd/acl.d/luci-app-${MODULE}.json
/usr/share/rpcd/acl.d/luci-${MODULE}.json
/usr/share/rpcd/acl.d/${MODULE}.json
"
FOUND_ACL=""
for path in $ACL_PATHS; do
if [ -f "$path" ]; then
FOUND_ACL="$path"
print_ok "Found ACL: $path"
# Validate JSON
if command -v jsonfilter > /dev/null 2>&1; then
if jsonfilter -i "$path" -e '@' > /dev/null 2>&1; then
print_ok "JSON syntax valid"
else
print_error "Invalid JSON syntax!"
fi
fi
# Check for correct ubus permission
if grep -q "\"$UBUS_NAME\"" "$path" 2>/dev/null; then
print_ok "ACL contains $UBUS_NAME permission"
else
print_warn "ACL might be missing $UBUS_NAME permission"
fi
fi
done
if [ -z "$FOUND_ACL" ]; then
print_error "No ACL file found!"
fi
# Test RPCD script directly
if [ -n "$FOUND_RPCD" ] && [ -x "$FOUND_RPCD" ]; then
echo ""
echo " 3. Testing RPCD script directly:"
# Test list method
echo '{"method":"list"}' | "$FOUND_RPCD" 2>&1 | head -20
fi
fi
# Check menu entry
echo ""
echo " ${CYAN}Menu Configuration${NC}"
echo " ─────────────────────────────────────"
MENU_PATHS="
/usr/share/luci/menu.d/luci-app-${MODULE}.json
/usr/share/luci/menu.d/luci-${MODULE}.json
"
for path in $MENU_PATHS; do
if [ -f "$path" ]; then
print_ok "Found menu: $path"
echo ""
cat "$path" | sed 's/^/ /'
fi
done
fi
# ============================================
# Common fixes
# ============================================
print_section "Common Fixes"
echo ""
echo " ${YELLOW}If a module is not working:${NC}"
echo ""
echo " 1. ${CYAN}Restart rpcd:${NC}"
echo " /etc/init.d/rpcd restart"
echo ""
echo " 2. ${CYAN}Check script permissions:${NC}"
echo " chmod +x /usr/libexec/rpcd/<module-name>"
echo ""
echo " 3. ${CYAN}Validate JSON files:${NC}"
echo " jsonfilter -i /usr/share/rpcd/acl.d/luci-app-<module>.json -e '@'"
echo ""
echo " 4. ${CYAN}Check rpcd logs:${NC}"
echo " logread | grep rpcd"
echo ""
echo " 5. ${CYAN}Test ubus manually:${NC}"
echo " ubus call luci.<module> status"
echo ""
echo " 6. ${CYAN}Reload LuCI:${NC}"
echo " rm -rf /tmp/luci-*"
echo " /etc/init.d/uhttpd restart"
echo ""
# ============================================
# Generate fix script
# ============================================
if [ -n "$TARGET_MODULE" ] && [ "$TARGET_MODULE" != "all" ]; then
print_section "Auto-Fix Script for $TARGET_MODULE"
FIX_SCRIPT="/tmp/fix-${TARGET_MODULE}.sh"
cat > "$FIX_SCRIPT" << FIXEOF
#!/bin/sh
# Auto-generated fix script for $TARGET_MODULE
echo "Fixing $TARGET_MODULE..."
# Fix permissions
if [ -f /usr/libexec/rpcd/$TARGET_MODULE ]; then
chmod +x /usr/libexec/rpcd/$TARGET_MODULE
echo "✓ Fixed permissions for RPCD script"
fi
if [ -f /usr/libexec/rpcd/luci.$TARGET_MODULE ]; then
chmod +x /usr/libexec/rpcd/luci.$TARGET_MODULE
echo "✓ Fixed permissions for RPCD script (alt)"
fi
# Restart rpcd
/etc/init.d/rpcd restart
echo "✓ Restarted rpcd"
# Clear LuCI cache
rm -rf /tmp/luci-*
echo "✓ Cleared LuCI cache"
# Test
sleep 2
if ubus list luci.$TARGET_MODULE > /dev/null 2>&1; then
echo "✓ Module $TARGET_MODULE is now registered!"
ubus -v list luci.$TARGET_MODULE
else
echo "✗ Module still not working. Check logs:"
echo " logread | grep -i rpcd"
echo " logread | grep -i $TARGET_MODULE"
fi
FIXEOF
chmod +x "$FIX_SCRIPT"
echo ""
echo " Generated fix script: ${GREEN}$FIX_SCRIPT${NC}"
echo ""
echo " Run it with: ${CYAN}sh $FIX_SCRIPT${NC}"
echo ""
fi
# ============================================
# Summary
# ============================================
print_section "Quick Commands"
echo ""
echo " ${CYAN}Debug specific module:${NC}"
echo " ./secubox-debug.sh vhost-manager"
echo ""
echo " ${CYAN}List all ubus objects:${NC}"
echo " ubus list | grep luci"
echo ""
echo " ${CYAN}Test RPC call:${NC}"
echo " ubus call luci.vhost-manager status"
echo ""
echo " ${CYAN}View RPCD logs:${NC}"
echo " logread | grep -E '(rpcd|ubus)'"
echo ""
echo " ${CYAN}Full restart:${NC}"
echo " /etc/init.d/rpcd restart && rm -rf /tmp/luci-* && /etc/init.d/uhttpd restart"
echo ""
echo "${CYAN}╔══════════════════════════════════════════════════════════════╗${NC}"
echo "${CYAN}║ Debug Complete ║${NC}"
echo "${CYAN}╚══════════════════════════════════════════════════════════════╝${NC}"
echo ""

BIN
secubox-makefile-fixes.zip
View File

Binary file not shown.

1109
secubox-repair.sh
View File

File diff suppressed because it is too large Load Diff

327
test-validate.yml
View File

@ -1,327 +0,0 @@
name: Test & Validate Packages
on:
push:
branches: [main, master, develop]
pull_request:
branches: [main, master]
jobs:
# ============================================
# Lint and validate package structure
# ============================================
lint:
runs-on: ubuntu-latest
name: Lint & Validate
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install validators
run: |
sudo apt-get update
sudo apt-get install -y shellcheck jq
- name: Validate Makefile structure
run: |
echo "📋 Validating Makefile structure..."
ERRORS=0
for makefile in */Makefile; do
if [[ -f "$makefile" ]]; then
PKG=$(dirname "$makefile")
echo " 🔍 Checking $PKG..."
# Required fields
REQUIRED_FIELDS=(
"PKG_NAME"
"PKG_VERSION"
"PKG_RELEASE"
"PKG_LICENSE"
"LUCI_TITLE"
)
for field in "${REQUIRED_FIELDS[@]}"; do
if ! grep -q "^${field}:=" "$makefile"; then
echo " ❌ Missing: $field"
ERRORS=$((ERRORS + 1))
fi
done
# Check for include statements
if ! grep -q "include.*luci.mk\|include.*package.mk" "$makefile"; then
echo " ❌ Missing include statement (luci.mk or package.mk)"
ERRORS=$((ERRORS + 1))
fi
fi
done
if [[ $ERRORS -gt 0 ]]; then
echo "❌ Found $ERRORS errors"
exit 1
fi
echo "✅ All Makefiles valid"
- name: Validate JSON files
run: |
echo "📋 Validating JSON files..."
ERRORS=0
# Find all JSON files
while IFS= read -r jsonfile; do
echo " 🔍 Checking $jsonfile..."
if ! jq empty "$jsonfile" 2>/dev/null; then
echo " ❌ Invalid JSON"
ERRORS=$((ERRORS + 1))
fi
done < <(find . -name "*.json" -type f)
if [[ $ERRORS -gt 0 ]]; then
echo "❌ Found $ERRORS JSON errors"
exit 1
fi
echo "✅ All JSON files valid"
- name: Validate JavaScript syntax
run: |
echo "📋 Validating JavaScript files..."
# Install node for syntax check
curl -fsSL https://deb.nodesource.com/setup_20.x | sudo -E bash -
sudo apt-get install -y nodejs
ERRORS=0
while IFS= read -r jsfile; do
echo " 🔍 Checking $jsfile..."
if ! node --check "$jsfile" 2>/dev/null; then
echo " ❌ Syntax error"
ERRORS=$((ERRORS + 1))
fi
done < <(find . -name "*.js" -type f)
if [[ $ERRORS -gt 0 ]]; then
echo "❌ Found $ERRORS JavaScript errors"
exit 1
fi
echo "✅ All JavaScript files valid"
- name: Validate shell scripts
run: |
echo "📋 Validating shell scripts..."
ERRORS=0
# Check RPCD scripts
while IFS= read -r script; do
echo " 🔍 Checking $script..."
if ! shellcheck -s sh "$script"; then
ERRORS=$((ERRORS + 1))
fi
done < <(find . -path "*/rpcd/*" -type f -executable)
# Check init scripts
while IFS= read -r script; do
echo " 🔍 Checking $script..."
if ! shellcheck -s sh "$script"; then
ERRORS=$((ERRORS + 1))
fi
done < <(find . -path "*/init.d/*" -type f)
if [[ $ERRORS -gt 0 ]]; then
echo "⚠️ Found $ERRORS shellcheck warnings (non-blocking)"
fi
echo "✅ Shell script validation complete"
- name: Check file permissions
run: |
echo "📋 Checking file permissions..."
ERRORS=0
# RPCD scripts should be executable
while IFS= read -r script; do
if [[ ! -x "$script" ]]; then
echo " ❌ Not executable: $script"
ERRORS=$((ERRORS + 1))
fi
done < <(find . -path "*/usr/libexec/rpcd/*" -type f 2>/dev/null)
# Init scripts should be executable
while IFS= read -r script; do
if [[ ! -x "$script" ]]; then
echo " ❌ Not executable: $script"
ERRORS=$((ERRORS + 1))
fi
done < <(find . -path "*/etc/init.d/*" -type f 2>/dev/null)
if [[ $ERRORS -gt 0 ]]; then
echo "❌ Found $ERRORS permission errors"
exit 1
fi
echo "✅ File permissions correct"
- name: Validate package structure
run: |
echo "📋 Validating package structure..."
for pkg in luci-app-*/; do
if [[ -d "$pkg" ]]; then
echo " 📦 Checking $pkg..."
# Required directories/files
REQUIRED=(
"Makefile"
)
# Optional but recommended
RECOMMENDED=(
"htdocs/luci-static/resources"
"root/usr/share/luci/menu.d"
"root/usr/share/rpcd/acl.d"
)
for req in "${REQUIRED[@]}"; do
if [[ ! -e "${pkg}${req}" ]]; then
echo " ❌ Missing required: $req"
exit 1
fi
done
for rec in "${RECOMMENDED[@]}"; do
if [[ ! -e "${pkg}${rec}" ]]; then
echo " ⚠️ Missing recommended: $rec"
fi
done
fi
done
echo "✅ Package structure valid"
# ============================================
# Quick build test on x86_64
# ============================================
test-build:
runs-on: ubuntu-latest
name: Test Build (x86_64)
needs: lint
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y \
build-essential clang flex bison g++ gawk \
gcc-multilib g++-multilib gettext git libncurses5-dev \
libssl-dev python3-setuptools python3-dev rsync unzip zlib1g-dev wget
- name: Cache OpenWrt SDK
uses: actions/cache@v4
id: cache-sdk
with:
path: ~/sdk
key: openwrt-sdk-23.05.5-x86-64-test
- name: Download OpenWrt SDK
if: steps.cache-sdk.outputs.cache-hit != 'true'
run: |
SDK_URL="https://downloads.openwrt.org/releases/23.05.5/targets/x86/64"
SDK_FILE=$(curl -sL "$SDK_URL/" | grep -oP 'openwrt-sdk[^"]+\.tar\.xz' | head -1)
wget -q "${SDK_URL}/${SDK_FILE}" -O /tmp/sdk.tar.xz
mkdir -p ~/sdk
tar -xf /tmp/sdk.tar.xz -C ~/sdk --strip-components=1
- name: Prepare SDK
run: |
cd ~/sdk
./scripts/feeds update -a
./scripts/feeds install -a
make defconfig
- name: Copy packages
run: |
mkdir -p ~/sdk/package/secubox
for pkg in luci-app-*/; do
if [[ -d "$pkg" ]]; then
cp -r "$pkg" ~/sdk/package/secubox/
fi
done
- name: Build test
run: |
cd ~/sdk
# Enable packages
for pkg in ~/sdk/package/secubox/*/; do
PKG_NAME=$(basename "$pkg")
echo "CONFIG_PACKAGE_${PKG_NAME}=m" >> .config
done
make defconfig
# Build with timeout
timeout 30m make package/secubox/compile V=s -j$(nproc) || {
echo "⚠️ Build timeout or error"
exit 1
}
- name: Verify output
run: |
echo "📋 Built packages:"
find ~/sdk/bin -name "*.ipk" -exec ls -la {} \;
PKG_COUNT=$(find ~/sdk/bin -name "*.ipk" | wc -l)
echo "📦 Total packages built: $PKG_COUNT"
if [[ $PKG_COUNT -eq 0 ]]; then
echo "❌ No packages were built!"
exit 1
fi
# ============================================
# Generate documentation
# ============================================
docs:
runs-on: ubuntu-latest
name: Generate Docs
needs: lint
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Generate package list
run: |
echo "# SecuBox Packages" > PACKAGES.md
echo "" >> PACKAGES.md
echo "| Package | Version | Description |" >> PACKAGES.md
echo "|---------|---------|-------------|" >> PACKAGES.md
for makefile in luci-app-*/Makefile; do
if [[ -f "$makefile" ]]; then
PKG_NAME=$(grep "^PKG_NAME:=" "$makefile" | cut -d'=' -f2)
PKG_VERSION=$(grep "^PKG_VERSION:=" "$makefile" | cut -d'=' -f2)
PKG_TITLE=$(grep "^LUCI_TITLE:=" "$makefile" | cut -d'=' -f2-)
echo "| $PKG_NAME | $PKG_VERSION | $PKG_TITLE |" >> PACKAGES.md
fi
done
echo "" >> PACKAGES.md
echo "Generated: $(date -u +%Y-%m-%dT%H:%M:%SZ)" >> PACKAGES.md
cat PACKAGES.md
- name: Upload docs
uses: actions/upload-artifact@v4
with:
name: documentation
path: PACKAGES.md