L'appliance de cybersécurité 100% open source qui embarque wizard, profils et App Store sur OpenWrt 24.10.
https://secubox.maegia.tv/
CyberMind-FR
77dbd3d499
Implement comprehensive multi-source catalog system with automatic fallback,
advanced version tracking, and rich update management interfaces.
## Phase 1: Backend Infrastructure (COMPLETE)
### UCI Configuration
- **New**: `/etc/config/secubox-appstore`
- 4 source types: GitHub (remote), local web (remote), USB (local), embedded (fallback)
- Priority-based fallback (1=highest, 999=embedded last resort)
- Settings: auto_sync, force_source, check_updates_on_boot, notify_updates
- Update checking with configurable intervals
### Catalog Sync Script
- **New**: `/usr/sbin/secubox-catalog-sync` (364 lines)
- Automatic multi-source fallback by priority
- Download tools: uclient-fetch, wget, curl (auto-detect)
- HTTP caching: ETag support, 304 Not Modified handling
- JSON validation before use
- Metadata tracking with jq
- Logging to syslog
- Source types: remote (HTTPS/HTTP), local (filesystem), embedded (ROM)
### CLI Enhancement
- **Modified**: `/usr/sbin/secubox-appstore`
- New commands: `sync [source]`, `check-updates [--json]`, `changelog <app> [version]`
- `get_active_catalog()`: Reads from cache or embedded
- `sync_catalog()`: Wrapper for secubox-catalog-sync
- `check_updates()`: Version comparison with opkg
- `get_changelog()`: Extracts from catalog JSON
### Metadata Structure
- **New**: `/usr/share/secubox/catalog-metadata.json.example`
- Active source tracking
- Source status (online/offline/error)
- ETag cache for HTTP sources
- Installed apps version tracking
- Update statistics
### Makefile Updates
- **Modified**: `secubox-core/Makefile`
- PKG_RELEASE: 5 → 6
- Added conffiles: `/etc/config/secubox-appstore`
- Install secubox-catalog-sync binary
- Install catalog-metadata.json.example
- Added dependency: +jq
- postinst: Create cache directories (/var/cache/secubox/catalogs, /var/lib/secubox)
## Phase 2: RPCD Backend (COMPLETE)
### New RPC Methods
- **Modified**: `/usr/libexec/rpcd/luci.secubox`
- `get_catalog_sources()`: List configured sources from UCI, status from metadata
- `set_catalog_source(source)`: Configure force_source in UCI
- `sync_catalog([source])`: Trigger catalog sync (auto-fallback or specific)
- `check_updates()`: Compare installed vs catalog versions
- `get_app_versions(app_id)`: Detailed version info (pkg, app, installed, catalog)
- `get_changelog(app_id, from, to)`: Extract changelog from catalog
- `get_widget_data(app_id)`: Widget metrics (Phase 5 prep)
All methods integrate with:
- UCI config parsing (`config_load`, `config_foreach`)
- Metadata file reading (`/var/lib/secubox/catalog-metadata.json`)
- Catalog reading (`/var/cache/secubox/catalogs/*.json` or embedded)
- opkg version checking
## Phase 3: Frontend LuCI Views (COMPLETE)
### API Module Enhancement
- **Modified**: `secubox-admin/api.js`
- New RPC declarations: 7 new methods
- Exports: `getCatalogSources`, `setCatalogSource`, `syncCatalog`,
`checkUpdates`, `getAppVersions`, `getChangelog`, `getWidgetData`
### Catalog Sources Management
- **New**: `view/secubox-admin/catalog-sources.js` (370 lines)
- Live source status display (online/offline/error)
- Priority-based ordering
- Active source indicator
- Per-source actions: Sync, Test, Set Active, Enable/Disable
- Summary stats: Total sources, active source, updates available
- Auto-refresh every 30 seconds
- Timestamp formatting (relative: "5 minutes ago", "2 days ago")
### Updates Manager
- **New**: `view/secubox-admin/updates.js` (380 lines)
- Available updates list with version comparison
- Changelog preview in update cards
- Version arrows: "0.3.0-1 → 0.4.0-2"
- Per-app actions: Update Now, View Full Changelog, Skip Version
- Batch update: "Update All" button
- Check for Updates: Sync + check flow
- Auto-refresh every 60 seconds
- No updates state: Checkmark with message
### Apps Manager Enhancement
- **Modified**: `view/secubox-admin/apps.js`
- Load update info on page load
- Update available badges (warning style)
- Version display with tooltip (installed → available)
- Visual indicators: `.has-update`, `.version-outdated` classes
- New filter: "Updates Available" / "Installed" / "Not Installed"
- Changelog button on all apps (installed or not)
- Update button for apps with available updates
- `updateApp()`: Shows changelog before update
- `viewChangelog()`: Modal with version history
- `filterByStatus()`: Filter by update/install status
### Menu Integration
- **Modified**: `menu.d/luci-app-secubox-admin.json`
- New entries:
- "Updates" (order: 25) → `/admin/secubox/admin/updates`
- "Catalog Sources" (order: 27) → `/admin/secubox/admin/catalog-sources`
- Placed between Apps Manager and App Settings
## Data Flow Architecture
```
User Action (Web UI)
↓
LuCI View (catalog-sources.js, updates.js, apps.js)
↓
API Module (api.js RPC calls)
↓
RPCD Backend (luci.secubox)
↓
CLI Scripts (secubox-appstore, secubox-catalog-sync)
↓
Data Layer
├── UCI Config (/etc/config/secubox-appstore)
├── Cache (/var/cache/secubox/catalogs/*.json)
├── Metadata (/var/lib/secubox/catalog-metadata.json)
└── Embedded (/usr/share/secubox/catalog.json)
```
## Fallback Logic
1. User triggers sync (or auto-sync)
2. secubox-catalog-sync reads UCI config
3. Sorts sources by priority (1 = GitHub, 2 = Local Web, 3 = USB, 999 = Embedded)
4. Attempts each source in order:
- GitHub HTTPS → timeout/fail → Next
- Local Web → unreachable → Next
- USB → not mounted → Next
- Embedded → Always succeeds (ROM)
5. First successful source becomes active
6. Metadata updated with status, ETag, timestamp
7. Cache written to `/var/cache/secubox/catalogs/<source>.json`
## Version Tracking
- **PKG_VERSION**: OpenWrt package version (e.g., "0.4.0")
- **PKG_RELEASE**: Build release number (e.g., "2")
- **pkg_version**: Full package string "0.4.0-2" (in catalog)
- **app_version**: Underlying app version (e.g., "0.4.0")
- **installed_version**: From `opkg list-installed`
- **catalog_version**: From active catalog JSON
- **Comparison**: Uses `opkg compare-versions` for semantic versioning
## Storage Layout
```
/etc/config/secubox-appstore # UCI configuration
/var/cache/secubox/catalogs/ # Downloaded catalogs (755/644)
├── github.json
├── local_web.json
└── usb.json
/var/lib/secubox/ # Runtime metadata (700/600)
└── catalog-metadata.json
/usr/share/secubox/catalog.json # Embedded fallback (ROM)
```
## Key Features
✅ **Multi-source support**: GitHub + Web + USB + Embedded
✅ **Automatic fallback**: Priority-based with retry logic
✅ **HTTP optimization**: ETag caching, 304 Not Modified
✅ **Version management**: PKG + App versions, changelog tracking
✅ **Update notifications**: Badges, filters, dedicated updates page
✅ **Offline capable**: USB and embedded sources work without internet
✅ **Live status**: Auto-refresh, real-time source health
✅ **User control**: Manual sync, force specific source, enable/disable sources
## Files Modified (8)
- package/secubox/secubox-core/Makefile
- package/secubox/secubox-core/root/usr/libexec/rpcd/luci.secubox
- package/secubox/secubox-core/root/usr/sbin/secubox-appstore
- package/secubox/luci-app-secubox-admin/htdocs/luci-static/resources/secubox-admin/api.js
- package/secubox/luci-app-secubox-admin/htdocs/luci-static/resources/view/secubox-admin/apps.js
- package/secubox/luci-app-secubox-admin/root/usr/share/luci/menu.d/luci-app-secubox-admin.json
## Files Created (4)
- package/secubox/secubox-core/root/etc/config/secubox-appstore
- package/secubox/secubox-core/root/usr/sbin/secubox-catalog-sync
- package/secubox/secubox-core/root/usr/share/secubox/catalog-metadata.json.example
- package/secubox/luci-app-secubox-admin/htdocs/luci-static/resources/view/secubox-admin/catalog-sources.js
- package/secubox/luci-app-secubox-admin/htdocs/luci-static/resources/view/secubox-admin/updates.js
## Next Steps (Phase 4-5)
- Phase 4: Enrich catalog.json with changelog sections
- Phase 5: Widget system (renderer + templates for security/network/monitoring)
- Phase 6: Auto-sync service with cron
- Phase 7: Optimizations (signature validation, compression, CDN)
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
|
||
|---|---|---|
| .claude | ||
| .codex | ||
| .github | ||
| .secubox-reports | ||
| .vscode | ||
| acl | ||
| docs | ||
| DOCS | ||
| EXAMPLES | ||
| luci-app-secubox | ||
| luci-theme-secubox | ||
| package/secubox | ||
| scripts | ||
| secubox-tools | ||
| templates | ||
| .gitignore | ||
| deploy-modules-with-theme.sh | ||
| deploy-theme.sh | ||
| mkdocs.yml | ||
| plugins | ||
| profiles | ||
| README.md | ||
| rpc_reload.sh | ||
| test-direct.js | ||
| test-modules-simple.js | ||
| TODO-ANALYSE.md | ||
| WIKI-SETUP-GUIDE.md | ||
SecuBox - Security Suite for OpenWrt
Version: 1.0.0
Last Updated: 2025-12-28
Status: Active
📚 Documentation pour Développeurs
NOUVEAU (2025-12-26): Guides complets de développement disponibles!
| Guide | Description | Public |
|---|---|---|
| DEVELOPMENT-GUIDELINES.md | ⭐ Guide complet: Design System, RPCD/ubus, ACL, JavaScript, CSS, Debugging (100+ pages) | Développeurs, IA assistants |
| QUICK-START.md | ⚡ Aide-mémoire rapide: Règles critiques, commandes, templates de code | Développeurs expérimentés |
| CLAUDE.md | 🏗️ Architecture & Build: SDK OpenWrt, structure fichiers, CI/CD | Claude Code, automation |
| deploy-module-template.sh | 🚀 Script de déploiement standardisé avec backup automatique | DevOps |
⚠️ Règles Critiques:
- RPCD naming: fichier = objet ubus (
luci.system-hub) - Menu paths: path menu = fichier vue (
system-hub/overview.js) - Permissions: RPCD=755, CSS/JS=644
- TOUJOURS valider:
./secubox-tools/validate-modules.sh
Design System (v0.3.0): Inspiré de demo Cybermind
- Palette dark:
#0a0a0f(fond),#6366f1→#8b5cf6(gradients) - Fonts: Inter (texte), JetBrains Mono (valeurs)
- CSS classes:
.sh-*(System Hub),.sb-*(SecuBox)
🎯 Overview
SecuBox is a comprehensive security and network management suite for OpenWrt, providing a unified ecosystem of specialized dashboards and tools. All modules are compiled automatically for multiple OpenWrt architectures via GitHub Actions.
📦 SecuBox Modules
🎛️ Core Control
luci-app-secubox - SecuBox Central Hub
Unified security dashboard providing central management for all SecuBox components.
Features:
- Centralized dashboard for all modules
- Integrated monitoring and management
- Unified navigation interface
luci-app-system-hub - System Control Center
Central control and remote assistance dashboard for OpenWrt.
Features:
- 🧩 Component management (start/stop/restart all services)
- 💚 Health monitoring with score (0-100) and recommendations
- 🖥️ Remote assistance via RustDesk integration
- 🔍 Diagnostic collection with anonymization
- 📋 Unified logs from all components
- 📅 Scheduled tasks (health reports, backups)
🔒 Security & Monitoring
luci-app-crowdsec-dashboard - Collaborative Security
Modern dashboard for CrowdSec intrusion prevention on OpenWrt.
Features:
- 🛡️ Real-time ban monitoring and alerts
- 📊 Decision management (view, search, ban/unban IPs)
- 📈 Metrics dashboard (engine stats, parsers, scenarios)
- 🌍 Geographic threat visualization
- ⚡ Auto-refresh with dark cybersecurity theme
luci-app-netdata-dashboard - Real-time Monitoring
System monitoring dashboard with live metrics visualization.
Features:
- 📊 CPU, memory, disk, network monitoring
- 🌡️ Temperature sensor readings
- ⚙️ Process monitor with resource usage
- 🎨 Animated gauges and sparklines
- 🔄 2-second auto-refresh
🌐 Network Intelligence
luci-app-netifyd-dashboard - Deep Packet Inspection
Network intelligence dashboard with DPI for OpenWrt.
Features:
- 🔍 Application detection (Netflix, YouTube, Zoom, etc.)
- 📡 Protocol identification (HTTP, HTTPS, DNS, QUIC)
- 🔄 Live network flow tracking
- 💻 Automatic device discovery
- 📊 Traffic categorization (Web, Streaming, Gaming, VoIP)
luci-app-network-modes - Network Configuration
Configure different network operation modes with one click.
Features:
- 🔍 Sniffer Bridge Mode: Transparent inline bridge for traffic analysis with Netifyd DPI
- 👁️ Sniffer Passive Mode: Out-of-band monitoring via SPAN/TAP for zero-impact forensics
- 📶 Access Point: WiFi AP with 802.11r/k/v roaming and band steering
- 🔄 Relay/Extender: Network relay with WireGuard VPN and MTU optimization
- 🌐 Router Mode: Full router with proxy, HTTPS frontend, and virtual hosts
- 🎛️ One-click mode switching with automatic backup
- 📊 Real-time interface and service status monitoring
🔐 VPN & Access Control
luci-app-wireguard-dashboard - VPN Management
Modern WireGuard VPN monitoring dashboard.
Features:
- 🔐 Tunnel status monitoring
- 👥 Peer management (active/idle/inactive)
- 📊 Per-peer traffic statistics
- ⚙️ Configuration visualization
- 🔒 Secure (private keys never exposed)
luci-app-client-guardian - Network Access Control
NAC system with captive portal, quarantine, and parental controls.
Features:
- 🔍 Real-time client detection and monitoring
- 🏠 Zone management (LAN, IoT, Guest, Quarantine)
- ⏳ Default quarantine policy for new clients
- 🚪 Modern captive portal with authentication
- 👨👩👧👦 Parental controls (time limits, content filtering)
- 🔔 SMS/Email alerts for security events
luci-app-auth-guardian - Authentication System
Comprehensive authentication and session management.
Features:
- 🎨 Customizable captive portal
- 🔑 OAuth integration (Google, GitHub, Facebook, Twitter)
- 🎟️ Voucher system with time/bandwidth limits
- 🍪 Secure session management
- ⏭️ MAC/IP/Domain bypass rules
📊 Bandwidth & Traffic
luci-app-bandwidth-manager - QoS & Quotas
Advanced bandwidth management with automatic media detection.
Features:
- 🎯 8 configurable QoS priority classes
- 📊 Daily and monthly bandwidth quotas
- 🎬 Automatic media detection (VoIP, Gaming, Streaming)
- ⏰ Time-based scheduling (peak/off-peak)
- 👥 Per-client statistics and controls
luci-app-media-flow - Media Traffic Detection
Advanced streaming and media traffic monitoring.
Features:
- 🎬 Real-time streaming service detection
- 📡 Protocol identification (RTSP, HLS, DASH, RTP)
- 📞 VoIP/Video call monitoring
- 📊 Per-service bandwidth tracking
- 📈 Quality of experience metrics
Supported Services:
- Netflix, YouTube, Twitch, Disney+
- Spotify, Apple Music, Tidal
- Zoom, Teams, Google Meet, WebEx
🚀 Performance & Services
luci-app-cdn-cache - Bandwidth Optimization
Local CDN cache proxy for bandwidth savings.
Features:
- 💾 Smart caching of frequently accessed content
- 📊 Real-time hit ratio and bandwidth savings stats
- 📋 Configurable policies by domain/extension
- 🔧 Automatic purge and preload capabilities
- 📈 Statistical graphs and trends
Cache Policies:
- Windows Update, Linux Repos
- Static content (JS, CSS, images)
- Configurable TTL per content type
luci-app-mqtt-bridge - IoT MQTT Hub
USB-aware MQTT bridge for sensors and automation gear.
Features:
- 🔌 Detects USB serial adapters and exposes pairing wizard
- 📡 Publishes payloads to the built-in MQTT broker with topic templates
- 🧊 Retains last payloads and surfaces metrics/clients in SecuBox theme
- 🔐 Broker credential + retention management from the UI
- 📁 Saves configuration snapshots for rollback
luci-app-vhost-manager - Virtual Hosts
Virtual host and local SaaS gateway management.
Features:
- 🏠 Internal virtual hosts with custom domains
- ↪️ External service redirection
- 🔒 SSL/TLS with Let's Encrypt or self-signed
- ⚙️ Automatic nginx reverse proxy configuration
Supported Services:
- Nextcloud, GitLab, Jellyfin
- Home Assistant and more
🏗️ Supported Architectures
SecuBox packages are automatically compiled for all major OpenWrt architectures:
ARM 64-bit (AArch64)
| Target | Devices |
|---|---|
aarch64-cortex-a53 |
ESPRESSObin, Sheeva64, BananaPi R64 |
aarch64-cortex-a72 |
MOCHAbin, Raspberry Pi 4, NanoPi R4S |
aarch64-generic |
Rock64, Pine64, QEMU ARM64 |
mediatek-filogic |
GL.iNet MT3000, BananaPi R3 |
rockchip-armv8 |
NanoPi R4S/R5S, FriendlyARM |
bcm27xx-bcm2711 |
Raspberry Pi 4, Compute Module 4 |
ARM 32-bit
| Target | Devices |
|---|---|
arm-cortex-a7-neon |
Orange Pi, BananaPi, Allwinner |
arm-cortex-a9-neon |
Linksys WRT, Turris Omnia |
qualcomm-ipq40xx |
Google WiFi, Zyxel NBG6617 |
qualcomm-ipq806x |
Netgear R7800, R7500 |
MIPS
| Target | Devices |
|---|---|
mips-24kc |
TP-Link Archer, Ubiquiti |
mipsel-24kc |
Xiaomi, GL.iNet, Netgear |
mipsel-74kc |
Broadcom BCM47xx |
x86
| Target | Devices |
|---|---|
x86-64 |
PC, VMs, Docker, Proxmox |
x86-generic |
Legacy PC, old Atom |
📁 Repository Structure
secubox/
├── .github/
│ └── workflows/
│ ├── build-openwrt-packages.yml # Multi-arch build CI
│ ├── build-secubox-images.yml # Custom image builder
│ └── test-validate.yml # Tests & validation
├── luci-app-secubox/ # Central hub
├── luci-app-system-hub/ # System control center
├── luci-app-crowdsec-dashboard/ # CrowdSec security
├── luci-app-netdata-dashboard/ # System monitoring
├── luci-app-netifyd-dashboard/ # DPI & traffic analysis
├── luci-app-wireguard-dashboard/ # WireGuard VPN
├── luci-app-network-modes/ # Network configuration
├── luci-app-client-guardian/ # NAC & captive portal
├── luci-app-auth-guardian/ # Authentication
├── luci-app-bandwidth-manager/ # QoS & quotas
├── luci-app-media-flow/ # Media detection
├── luci-app-cdn-cache/ # CDN proxy cache
├── luci-app-vhost-manager/ # Virtual hosts
├── makefiles/ # Reference makefiles
├── secubox-tools/ # Repair & debug tools
└── templates/ # Package templates
Package Structure (Standard LuCI App)
luci-app-*/
├── Makefile # OpenWrt package definition
├── README.md # Module documentation
├── htdocs/luci-static/resources/
│ ├── view/*/ # JavaScript UI views
│ └── */
│ ├── api.js # RPC API client
│ └── dashboard.css # Module styles
└── root/
├── etc/config/ # UCI configuration
└── usr/
├── libexec/rpcd/ # RPCD backend (shell/exec)
└── share/
├── luci/menu.d/ # Menu JSON
└── rpcd/acl.d/ # ACL permissions JSON
🚀 Installation
Option 1: From Pre-built Packages
Download the latest packages from GitHub Releases:
# Install individual modules
opkg update
opkg install luci-app-secubox_*.ipk
# Or install specific modules
opkg install luci-app-system-hub_*.ipk
opkg install luci-app-crowdsec-dashboard_*.ipk
opkg install luci-app-client-guardian_*.ipk
Option 2: Build from Source
# Clone into OpenWrt SDK package directory
cd ~/openwrt-sdk/package/
git clone https://github.com/gkerma/secubox.git
# Build all packages
cd ~/openwrt-sdk/
make package/secubox/luci-app-secubox/compile V=s
make package/secubox/luci-app-system-hub/compile V=s
# ... etc for other modules
Option 3: Add to OpenWrt Feed
Add to feeds.conf.default:
src-git secubox https://github.com/gkerma/secubox.git
Then:
./scripts/feeds update secubox
./scripts/feeds install -a -p secubox
make menuconfig # Select modules under LuCI > Applications
make V=s
🔧 Development
Create a New Module
# Copy template
cp -r templates/luci-app-template luci-app-newmodule
# Edit Makefile
cd luci-app-newmodule
vi Makefile # Update PKG_NAME, PKG_VERSION, LUCI_TITLE, LUCI_DEPENDS
# Create required files
mkdir -p htdocs/luci-static/resources/{view/newmodule,newmodule}
mkdir -p root/usr/{libexec/rpcd,share/{luci/menu.d,rpcd/acl.d}}
# Implement your module...
Test Locally
# Build package
make package/luci-app-newmodule/compile V=s
# Package will be in bin/packages/<arch>/base/
scp bin/packages/*/base/luci-app-newmodule_*.ipk root@router:/tmp/
# Install on router
ssh root@router
opkg install /tmp/luci-app-newmodule_*.ipk
/etc/init.d/rpcd restart
Run Tests
# Lint and validate
shellcheck luci-app-*/root/usr/libexec/rpcd/*
jsonlint luci-app-*/root/usr/share/luci/menu.d/*.json
jsonlint luci-app-*/root/usr/share/rpcd/acl.d/*.json
# Or use GitHub Actions workflow
git push # Triggers test-validate.yml
🤖 CI/CD
Automated Builds
Packages are compiled automatically when:
- Push to main/master: Test compilation
- Pull Request: Validation and testing
- Tag
v*: Release creation with all architectures
Manual Build
- Go to Actions → Build OpenWrt Packages
- Click Run workflow
- Select build options:
- Package name: Choose a specific package or leave empty for all packages
- OpenWrt version: 25.12.0-rc1, 24.10.5, 23.05.5, or SNAPSHOT
- Architectures:
allor comma-separated list
Build All Packages
Leave "Package name" empty and select architectures:
# Architecture examples
all # All supported architectures
x86-64 # x86_64 only
aarch64-cortex-a53,aarch64-cortex-a72 # ARM64 devices
mips-24kc,mipsel-24kc # MIPS routers
Build Single Package
Select a specific package from the dropdown to build only that module:
luci-app-secubox- Central Hubluci-app-system-hub- System Control Centerluci-app-crowdsec-dashboard- CrowdSec Securityluci-app-netdata-dashboard- System Monitoringluci-app-netifyd-dashboard- DPI & Traffic Analysisluci-app-wireguard-dashboard- WireGuard VPNluci-app-network-modes- Network Configurationluci-app-client-guardian- NAC & Captive Portalluci-app-auth-guardian- Authentication Systemluci-app-bandwidth-manager- QoS & Quotasluci-app-media-flow- Media Detectionluci-app-cdn-cache- CDN Proxy Cacheluci-app-vhost-manager- Virtual Hosts
Use case: Quickly test a single module after making changes, without waiting for all packages to build.
Download Artifacts
- Go to Actions → Select workflow run
- Click on the run
- Download Artifacts at bottom of page
Artifacts are organized by architecture:
packages-x86-64/
├── luci-app-secubox_1.0.0-1_all.ipk
├── luci-app-system-hub_1.0.0-1_all.ipk
├── luci-app-crowdsec-dashboard_1.0.0-1_all.ipk
├── ...
└── SHA256SUMS
📊 OpenWrt Compatibility
| Version | Status | Package Format | Notes |
|---|---|---|---|
| 25.12.0-rc1 | 🧪 Testing | .apk |
Latest RC, new apk package manager |
| 24.10.x | ✅ Supported | .ipk |
Recommended (latest stable) |
| 23.05.x | ✅ Supported | .ipk |
Previous stable |
| 22.03.x | ✅ Supported | .ipk |
LTS |
| 21.02.x | ⚠️ Partial | .ipk |
End of support |
| SNAPSHOT | ✅ Supported | .apk |
Unstable, bleeding edge |
Note: OpenWrt 25.12+ uses the new Alpine Package Manager (apk) instead of opkg. Our build workflows automatically detect the version and build the appropriate package format.
🧰 SecuBox Tools
secubox-repair.sh
Automated repair tool for all SecuBox modules.
Features:
- Auto-detect and fix Makefile issues
- Generate missing RPCD files
- Validate package structure
- Batch repair all modules
./secubox-tools/secubox-repair.sh
secubox-debug.sh
Debug and diagnostic tool for development.
Features:
- Validate package structure
- Check dependencies
- Test RPCD backends
- Generate diagnostic reports
./secubox-tools/secubox-debug.sh luci-app-module-name
🏷️ Creating Releases
# Create versioned tag
git tag -a v1.2.0 -m "Release 1.2.0: Add new features"
git push origin v1.2.0
The release will be created automatically with:
- Individual
.tar.gzarchives per architecture - Global archive with all architectures
- SHA256 checksums
- Auto-generated release notes
🔗 Links
- Documentation: CyberMind SecuBox
- Website: CyberMind.fr
- OpenWrt SDK: Documentation
- LuCI Development: Wiki
- Issue Tracker: GitHub Issues
📄 License
Apache-2.0 © 2025 CyberMind.fr
Individual modules may have additional licensing terms - see each module's README.
🤝 Contributing
Contributions are welcome! Please:
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
👤 Author
Gandalf - CyberMind.fr
Made with ❤️ in France 🇫🇷