Fixed sync_module_versions.sh to reference the correct path after
moving the Python script from scripts/ to secubox-tools/ directory.
Changes:
- Updated SCR path: scripts/sync_module_versions.py → secubox-tools/sync_module_versions.py
Tested: Script now runs successfully and reports "no changes"
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Extended the local build script to support both luci-app-* and luci-theme-*
package patterns, enabling builds of theme packages like luci-theme-secubox.
Changes:
- Updated validate_makefiles() to validate both package types
- Extended copy_packages() to copy both luci-app-* and luci-theme-* packages
- Modified configure_packages() to enable both package types in .config
- Updated build_packages() to build both package types
- Enhanced collect_artifacts() to find and collect theme packages
- Added luci-theme-* pattern support in argument parsing
- Updated firmware build to copy both package types to OpenWrt
Tested with: ./local-build.sh build luci-theme-secubox
Result: Successfully built luci-theme-secubox-0.4.0-r1.apk
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Created help system (help.js, help.css) for all modules
- Integrated help button in network-modes module
- Fixed menu structure: removed empty Network Management category
- Fixed all dashboard and modules page links
- Added website deployment script
- Created comprehensive documentation
New Files:
- DOCS/HELP_INTEGRATION_PLAN.md
- DOCS/WEBSITE_DEPLOYMENT_GUIDE.md
- EXAMPLES/help-button-integration.js
- luci-app-secubox/htdocs/luci-static/resources/secubox/help.js
- luci-app-secubox/htdocs/luci-static/resources/secubox/help.css
- secubox-tools/deploy-website.sh
Modified:
- luci-app-network-modes: Added help button integration
- luci-app-secubox: Fixed menu paths and module links
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Version bump to 0.3.5 in Makefile and README
- Add helpers.js utility module for common UI operations
- Expand API with new RPC method declarations
- Enhance view files with improved functionality:
- accesspoint.js: Enhanced WiFi configuration options
- relay.js: WireGuard setup improvements
- router.js: Expanded proxy and vhost settings
- sniffer.js: Enhanced capture configuration
- wizard.js: Improved mode selection flow
- RPCD backend enhancements (+176 lines)
- Add deployment script for easier testing
Claude settings: Update permissions for network-modes work
Preparation for implementing features documented in CODEX-v0.3.5.md
- Removed manual installation loop for individual dependencies that caused hangs
- Dependencies now handled via 'feeds install -a' and .config settings
- lucihttp and cgi-io disabled in .config (compilation failures)
- SecuBox packages are PKGARCH:=all (scripts), don't need compiled deps
Fixes interactive prompts and ^C hangs during build process.
Applied same fix as GitHub Actions workflow to local build script.
Problem:
- lucihttp and cgi-io fail to compile in SDK environment
- Missing lua.h headers cause: ninja: build stopped: subcommand failed
- Our SecuBox packages are PKGARCH:=all (scripts only), don't need these
Changes to secubox-tools/local-build.sh:
1. Removed lucihttp and cgi-io from build loop
- Only build: lua, liblua, rpcd (essentials that work)
- Skip: lucihttp, cgi-io (fail with missing lua.h)
2. Added configuration to disable problematic packages
- Explicitly disable in .config:
# CONFIG_PACKAGE_lucihttp is not set
# CONFIG_PACKAGE_cgi-io is not set
3. Enabled use of pre-built packages from feeds
- CONFIG_DEVEL=y
- CONFIG_FEED_packages=y
- CONFIG_FEED_luci=y
4. Updated dependency installation
- Install lucihttp/cgi-io from feeds (for metadata)
- But disable compilation to prevent SDK failures
Result:
- Local builds will no longer fail with "ninja: build stopped"
- SDK uses pre-built dependencies instead of compiling
- SecuBox packages (pure scripts) build successfully
This matches the fix in .github/workflows/build-openwrt-packages.yml
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add ninja-build to package build workflow (build-openwrt-packages.yml)
- Add ninja-build to image build workflow (build-secubox-images.yml)
- Update secubox-tools/README.md with ninja-build dependency
- Update secubox-tools/local-build.sh dependency check and install instructions
- Ninja is required by OpenWrt build system for some compilation tasks
This resolves missing ninja errors in GitHub Actions builds.
OpenWrt 25.12.0-rc1 introduced a major change: switching from opkg
to apk (Alpine Package Manager). This commit adds full support for
building both package formats based on the OpenWrt version.
**Package Build Workflow (.github/workflows/build-openwrt-packages.yml):**
- Added automatic version detection for package format
- 25.12+ and SNAPSHOT → .apk format
- 24.10 and earlier → .ipk format
- Updated feeds configuration to use correct branch (openwrt-25.12, openwrt-24.10, etc.)
- Modified artifact collection to handle both .apk and .ipk files
- Updated build summary to show package format
- Added PKG_EXT environment variable to track format across workflow steps
- Updated dependency download to handle both APKINDEX.tar.gz and Packages formats
- Skip dependency downloads for RC versions (repos may not be stable)
**Local Build Script (secubox-tools/local-build.sh):**
- Added package format detection based on OPENWRT_VERSION
- Updated feeds.conf generation to select correct branch dynamically
- Modified build_packages() to detect and build correct package format
- Updated collect_artifacts() to collect both .apk and .ipk files
- Updated SHA256SUMS generation for both formats
- Export PKG_EXT variable for use across functions
**Documentation:**
- CLAUDE.md: Added package format support details
- README.md: Updated compatibility table with package format column
- Added note explaining apk vs ipk distinction
**Key Changes:**
- Backwards compatible: existing workflows continue to work for .ipk
- Future-proof: ready for OpenWrt 25.12 stable release
- Automatic detection: no manual configuration needed
- Comprehensive: covers all build scenarios (GitHub Actions, local builds)
Tested scenarios:
- OpenWrt 24.10.5 → builds .ipk ✅
- OpenWrt 25.12.0-rc1 → builds .apk ✅
- SNAPSHOT → builds .apk ✅🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Updated GitHub Actions workflows and build scripts to support the
latest OpenWrt versions:
- Added 25.12.0-rc1 (latest release candidate) for testing
- Added 24.10.5 (latest stable release)
- Changed default version from 23.05.5 to 24.10.5
Changes:
- .github/workflows/build-secubox-images.yml: Added new versions, updated default
- .github/workflows/build-openwrt-packages.yml: Added new versions, updated default
- secubox-tools/local-build.sh: Updated default version and added comment
- CLAUDE.md: Updated documentation with supported versions
- README.md: Updated build instructions and compatibility table
- secubox-tools/README.md: Updated environment variables documentation
The 25.12.0-rc1 includes major changes:
- Switch from opkg to apk package manager
- Integration of attended Sysupgrade into default LuCI
- Wi-Fi scripts converted to ucode
- Support for 160+ new devices (2180+ total)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fixed issue where validate-modules.sh would exit prematurely during check 3
due to grep failures in while loops with set -e enabled.
Changes:
- Added set -o pipefail for better error handling
- Temporarily disable set -e during grep checks in view file validation loop
- Script now completes all 6 validation checks successfully
- Exit code 0 when only warnings present (debug files without menu entries)
Validation results:
✓ Check 1: RPCD naming vs ubus objects (15 modules)
✓ Check 2: Menu paths vs view files (15 modules, 100+ views)
✓ Check 3: View files have menu entries (2 warnings for debug files)
✓ Check 4: RPCD permissions (15 scripts executable)
✓ Check 5: JSON syntax validation (30 files)
✓ Check 6: ubus naming convention (17 objects)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
During firmware image creation, opkg tries to create a lock file in the
staging root filesystem's /tmp directory, but this directory doesn't
always exist, causing the build to fail at the final packaging stage.
Error:
opkg_conf_load: Could not create lock file
.../root.orig-mvebu//tmp/opkg.lock: No such file or directory
ERROR: target/linux failed to build
Solution:
- Create tmp directories in all staging root filesystems before build
- Apply fix in both parallel and single-threaded build paths
- Use wildcard patterns to catch all target architectures
Changes:
- local-build.sh: Create tmp dirs before and during retry
- build-secubox-images.yml: Create tmp dirs in workflow
- .gitignore: Ignore build artifacts (openwrt/, local-feed/, .vscode/)
This ensures the build can complete the final image packaging step
successfully, generating the firmware images.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
The firmware builds were failing during toolchain compilation due to
GDB (GNU debugger) missing testsuite/Makefile. This is a known issue
with OpenWrt's GDB toolchain component.
Error:
Missing testsuite/Makefile
make[7]: *** [Makefile:1992: subdir_do] Error 1
ERROR: toolchain/gdb failed to build
Solution:
- Disable GDB in toolchain with '# CONFIG_GDB is not set'
- GDB is not needed for building firmware images
- Only useful for on-device debugging (can be installed separately)
- Enable BUILD_LOG for better debugging
This fix applies to both:
- Local firmware builds (local-build.sh)
- GitHub Actions firmware builds (build-secubox-images.yml)
Impact:
- Toolchain will compile successfully
- Firmware images will be generated
- Build time remains the same (1-2 hours for full build)
- No impact on firmware functionality
Tested with:
- OpenWrt 23.05.5
- Target: mvebu/cortexa72 (MOCHAbin)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add comprehensive diagnostics when firmware images aren't generated and
a new debug-firmware command to troubleshoot build configuration without
running the full build process.
New Features:
- debug-firmware command to check configuration and available profiles
- Enhanced diagnostic output when no firmware images are found:
* Shows all files in target directory
* Lists available targets that were built
* Scans build log for errors
* Analyzes file types in target directory
* Provides actionable troubleshooting steps
The debug-firmware command shows:
- Device configuration (target, subtarget, profile)
- Current .config settings
- Whether device profile is properly configured
- Available device profiles for the target
- Build output directory contents
- Suggestions for next steps
Usage:
./secubox-tools/local-build.sh debug-firmware mochabin
This helps identify configuration issues before running the lengthy
build process again.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add comprehensive firmware building functionality to local-build.sh,
replicating the GitHub Actions firmware build workflow. Users can now
build complete OpenWrt firmware images with SecuBox pre-installed
locally, in addition to building packages.
New Features:
- New 'build-firmware' command to build complete firmware images
- Support for GlobalScale devices (ESPRESSObin, Sheeva64, MOCHAbin)
- Device profile definitions with automatic target/subtarget configuration
- Automatic OpenWrt source download and caching
- Device-specific package configuration (10G for MOCHAbin, WiFi for Ultra)
- Firmware configuration with same settings as GitHub Actions workflow:
* CONFIG_TARGET_PER_DEVICE_ROOTFS=y for image generation
* Explicit PROFILE parameter in make commands
* Device profile verification before building
- Artifact collection with firmware images, packages, and checksums
- Build time tracking and verbose logging
- 'clean-all' command to remove OpenWrt source (saves ~20GB)
Device Profiles:
- espressobin-v7 (mvebu/cortexa53)
- espressobin-ultra (mvebu/cortexa53 with WiFi)
- sheeva64 (mvebu/cortexa53)
- mochabin (mvebu/cortexa72 with 10G networking)
- x86-64 (x86/64 generic PC)
Usage:
./secubox-tools/local-build.sh build-firmware mochabin
./secubox-tools/local-build.sh build-firmware espressobin-v7
Output:
Firmware images placed in build/firmware/<device>/
- *.img.gz, *sysupgrade.bin, *factory.bin files
- SHA256SUMS checksums
- BUILD_INFO.txt with build details
- packages/ directory with SecuBox .ipk files
Documentation:
- Updated README.md with firmware building examples
- Added device profiles and environment variables
- Added example workflows for firmware building
- Distinguished between package building (SDK) and firmware building (full source)
Technical Details:
- Uses full OpenWrt source (not SDK) for firmware builds
- Configures feeds identically to GitHub Actions workflow
- Includes same configuration fixes for image generation
- Verifies device profile selection before lengthy build
- Supports parallel and single-threaded builds with automatic retry
- Downloads and caches OpenWrt source for reuse
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Fix critical build failure in GitHub Actions workflows and local build script.
The issue was that LuCI package Makefiles reference ../../luci.mk which doesn't
exist when packages are copied to SDK or OpenWrt build environments.
Changes:
- build-openwrt-packages.yml: Auto-fix Makefile paths after package copy
- build-secubox-images.yml: Auto-fix Makefile paths for image builds
- local-build.sh: Complete rewrite to use feed-based architecture
* Packages installed as local feed instead of direct copy
* Automatic Makefile path correction (../../luci.mk → $(TOPDIR)/feeds/luci/luci.mk)
* Skip dependency resolution with NO_DEPS=1 for arch-independent packages
* Single package build support throughout the pipeline
This fixes the "No such file or directory: ../../luci.mk" error that prevented
all package and firmware image builds from succeeding.
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
- Add local-build.sh: comprehensive local build system
- Validates packages (Makefiles, JSON, JavaScript, shell scripts)
- Downloads and caches OpenWrt SDK
- Builds .ipk packages locally
- Supports multiple architectures (x86-64, ARM, MIPS)
- Collects artifacts with SHA256 checksums
- Update CLAUDE.md with local build documentation
- Add Local Build section with usage examples
- Update Development Workflow to include local testing
- List supported architectures and environment variables
- Update secubox-tools/README.md
- Add comprehensive local-build.sh documentation
- Update workflow examples to include local building
- Add dependencies and installation instructions
Benefits:
- Test builds locally before CI/CD
- Faster development iteration
- Reduced GitHub Actions usage
- Offline development support
Usage:
./secubox-tools/local-build.sh validate
./secubox-tools/local-build.sh build
./secubox-tools/local-build.sh build luci-app-<name>
./secubox-tools/local-build.sh build --arch <arch>
./secubox-tools/local-build.sh full
🤖 Generated with Claude Code
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Add validate-modules.sh script that validates critical naming conventions
and module structure to prevent common RPC and HTTP 404 errors.
New validation checks:
- RPCD script names must match ubus object names (luci.* prefix)
- Menu paths must match view file locations
- View files must have corresponding menu entries
- RPCD scripts must be executable
- JSON files must have valid syntax
- ubus objects must follow naming convention
Updated CLAUDE.md documentation with:
- Critical naming conventions section with examples
- Common error patterns and solutions
- Updated development workflow to include validation
- Enhanced troubleshooting guide for RPC and 404 errors
- Updated package structure diagram with correct RPCD naming
Added secubox-tools/README.md:
- Detailed usage instructions for validation script
- Common fixes for naming issues
- CI/CD integration examples
- Quick reference for critical naming rules
This tooling prevents deployment of modules with naming mismatches that
cause runtime errors like:
- RPC call failed with error -32000: Object not found
- HTTP error 404 while loading view files
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
