Compare commits
68 Commits
v2023.03.2
...
v2023.06.2
| Author | SHA1 | Date | |
|---|---|---|---|
| c7465dba27 | |||
| 4a4232e358 | |||
| 250bf06367 | |||
| 3ca90a54a9 | |||
| 58d1ffc9a2 | |||
| a7f3f2faea | |||
| 6d0e693fc4 | |||
| 68a1de079e | |||
| 7f1472f21b | |||
| 291ad94b15 | |||
| 4b181ec9e1 | |||
| 81360c3fda | |||
| 2cf46ed9a5 | |||
| df763ef49a | |||
| 9e153e38cb | |||
| 9214c097b3 | |||
| 2339bc3aa6 | |||
| 908a36896e | |||
| 23452a06ff | |||
| 83f97abcbd | |||
| d0f6e63007 | |||
| 087f8a27a8 | |||
| 42c157a1e5 | |||
| 7b722293b7 | |||
| d37c10afae | |||
| 40d6d2df03 | |||
| f70763aed7 | |||
| 475a807302 | |||
| 4e075cbd8e | |||
| ed52367837 | |||
| a6c32c5315 | |||
| a35c5563db | |||
| 751f5398e1 | |||
| 9b2c2e5cdc | |||
| 2aa581e3c0 | |||
| fc7be554a3 | |||
| f6df7651da | |||
| 87b15c940f | |||
| 30d48ce4aa | |||
| 2f06b5fdcf | |||
| c3070d2922 | |||
| 38a0d35c7b | |||
| 9a48ff1a65 | |||
| e1ed8f9bd1 | |||
| cec076241a | |||
| adb3877206 | |||
| dd3bb6748c | |||
| d58fe78b43 | |||
| 30e31359ec | |||
| 2839b21113 | |||
| b096b36e5c | |||
| d945203a70 | |||
| aff32b8627 | |||
| f9c6997cdc | |||
| 4e1772995d | |||
| f58c7cc6a7 | |||
| 95046def13 | |||
| dc26c10bb3 | |||
| 7fbc1930df | |||
| d65ba3f252 | |||
| b56e563aa0 | |||
| 2c701ffc16 | |||
| aa22f3c55b | |||
| f6c3de68b2 | |||
| 1470bea902 | |||
| aa314a939f | |||
| 844c5d0e17 | |||
| 656081568e |
102
Jenkinsfile
vendored
Normal file
102
Jenkinsfile
vendored
Normal file
@ -0,0 +1,102 @@
|
||||
pipeline {
|
||||
agent {
|
||||
dockerfile {
|
||||
filename 'Dockerfile'
|
||||
dir 'misc/jenkins'
|
||||
}
|
||||
}
|
||||
|
||||
parameters {
|
||||
persistentText(name: 'emissaryRelease', defaultValue: 'latest', description: 'Numéro de release Emissary', successfulOnly: false)
|
||||
}
|
||||
|
||||
stages {
|
||||
stage('Cancel older jobs') {
|
||||
steps {
|
||||
script {
|
||||
def buildNumber = env.BUILD_NUMBER as int
|
||||
if (buildNumber > 1) milestone(buildNumber - 1)
|
||||
milestone(buildNumber)
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
stage('Update emissary release') {
|
||||
when {
|
||||
expression {
|
||||
return params.emissaryRelease != 'latest'
|
||||
}
|
||||
}
|
||||
steps {
|
||||
script {
|
||||
currentEmissaryRelease = readFile('emissary_release.txt').trim()
|
||||
|
||||
if (currentEmissaryRelease == params.emissaryRelease) {
|
||||
currentBuild.result = 'SUCCESS'
|
||||
return
|
||||
}
|
||||
|
||||
withCredentials([
|
||||
usernamePassword([
|
||||
credentialsId: 'forge-jenkins',
|
||||
usernameVariable: 'GIT_USERNAME',
|
||||
passwordVariable: 'GIT_PASSWORD'
|
||||
])
|
||||
]) {
|
||||
sh """
|
||||
git config user.email "jenkins@cadoles.com"
|
||||
git config user.name "Jenkins"
|
||||
git config credential.https://forge.cadoles.com.username "\$GIT_USERNAME"
|
||||
git config credential.https://forge.cadoles.com.helper '!f() { test "\$1" = get && echo "password=\$GIT_PASSWORD"; }; f'
|
||||
|
||||
echo '${params.emissaryRelease}' > emissary_release.txt
|
||||
git add emissary_release.txt
|
||||
git commit -m "feat: use emissary ${params.emissaryRelease}"
|
||||
git pull --rebase
|
||||
git push origin \$(git rev-parse HEAD):${env.GIT_BRANCH}
|
||||
"""
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
stage('Build and release') {
|
||||
steps {
|
||||
script {
|
||||
withCredentials([
|
||||
usernamePassword([
|
||||
credentialsId: 'forge-jenkins',
|
||||
usernameVariable: 'GITEA_DOWNLOAD_USERNAME',
|
||||
passwordVariable: 'GITEA_DOWNLOAD_PASSWORD'
|
||||
])
|
||||
]) {
|
||||
sh '''
|
||||
make download-emissary-release
|
||||
make all
|
||||
'''
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
stage('Release') {
|
||||
steps {
|
||||
withCredentials([
|
||||
usernamePassword([
|
||||
credentialsId: 'forge-jenkins',
|
||||
usernameVariable: 'GITEA_RELEASE_USERNAME',
|
||||
passwordVariable: 'GITEA_RELEASE_PASSWORD'
|
||||
])
|
||||
]) {
|
||||
sh 'make gitea-release'
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
post {
|
||||
always {
|
||||
cleanWs()
|
||||
}
|
||||
}
|
||||
}
|
||||
13
Makefile
13
Makefile
@ -22,7 +22,7 @@ IMAGEBUILDER_CUSTOM_FILES_DIR_PATH := $(IMAGEBUILDER_DIR_PATH)/files
|
||||
|
||||
BIN_DIR := "$(shell readlink -f bin)/$(OPENWRT_VERSION)/$(OPENWRT_TARGET)/$(OPENWRT_PROFILE)$(BIN_DIR_NAME_SUFFIX)"
|
||||
|
||||
GITEA_DOWNLOAD_RELEASE_NAME ?= latest
|
||||
EMISSARY_RELEASE ?= $(shell cat emissary_release.txt)
|
||||
EMISSARY_ARCH ?= armv6
|
||||
|
||||
EMISSARY_RECONCILIATION_INTERVAL ?=
|
||||
@ -109,8 +109,8 @@ gitea-release: tools/gitea-release/bin/gitea-release.sh
|
||||
GITEA_RELEASE_NAME="$(FULL_VERSION)" \
|
||||
GITEA_RELEASE_COMMITISH_TARGET="$(GIT_VERSION)" \
|
||||
GITEA_RELEASE_IS_DRAFT="false" \
|
||||
GITEA_RELEASE_BODY="" \
|
||||
GITEA_RELEASE_ATTACHMENTS="$(shell find .gitea-release/* -type f)" \
|
||||
GITEA_RELEASE_BODY="With Emissary $(EMISSARY_RELEASE)" \
|
||||
GITEA_RELEASE_ATTACHMENTS="$$(find .gitea-release/* -type f)" \
|
||||
tools/gitea-release/bin/gitea-release.sh
|
||||
|
||||
.PHONY: download-emissary-release
|
||||
@ -119,7 +119,8 @@ download-emissary-release: tools/gitea-download/bin/gitea-download.sh
|
||||
GITEA_DOWNLOAD_PROJECT="emissary" \
|
||||
GITEA_DOWNLOAD_ORG="arcad" \
|
||||
GITEA_DOWNLOAD_BASE_URL="https://forge.cadoles.com" \
|
||||
GITEA_DOWNLOAD_RELEASE_NAME="$(GITEA_DOWNLOAD_RELEASE_NAME)" \
|
||||
GITEA_DOWNLOAD_RELEASE_NAME="$(EMISSARY_RELEASE)" \
|
||||
GITEA_DOWNLOAD_ATTACHMENTS_FILTER="\.tar\.gz$$" \
|
||||
tools/gitea-download/bin/gitea-download.sh
|
||||
|
||||
tools/gitea-release/bin/gitea-release.sh:
|
||||
@ -142,5 +143,5 @@ UPX_VERSION := 4.0.2
|
||||
tools/upx/bin/upx:
|
||||
mkdir -p tools/upx/bin
|
||||
curl -L --output tools/upx/upx-$(UPX_VERSION)-amd64_linux.tar.xz https://github.com/upx/upx/releases/download/v$(UPX_VERSION)/upx-$(UPX_VERSION)-amd64_linux.tar.xz
|
||||
cd tools/upx && tar -xJf upx-$(UPX_VERSION)-amd64_linux.tar.xz
|
||||
ln -s $(shell readlink -f tools/upx/upx-$(UPX_VERSION)-amd64_linux/upx) tools/upx/bin/upx
|
||||
cd tools/upx && tar -xJf upx-$(UPX_VERSION)-amd64_linux.tar.xz && wait $$!
|
||||
$(SHELL) -c 'ln -s $$(readlink -f tools/upx/upx-$(UPX_VERSION)-amd64_linux/upx) tools/upx/bin/upx'
|
||||
1
emissary_release.txt
Normal file
1
emissary_release.txt
Normal file
@ -0,0 +1 @@
|
||||
v2023.6.23-4a58847
|
||||
@ -12,6 +12,10 @@ install-emissary-files: tools/yq/bin/yq tools/upx/bin/upx
|
||||
mkdir -p files/lib/upgrade/keep.d
|
||||
cp -r misc/emissary/keep.d/* files/lib/upgrade/keep.d/
|
||||
|
||||
# Copy profile.d files
|
||||
mkdir -p files/etc/profile.d
|
||||
cp -r misc/emissary/profile.d/* files/etc/profile.d/
|
||||
|
||||
mkdir -p gitea-dl/emissary-agent_linux_$(EMISSARY_ARCH)
|
||||
cd gitea-dl && tar -xzf emissary-agent_*_linux_$(EMISSARY_ARCH).tar.gz -C emissary-agent_linux_$(EMISSARY_ARCH)
|
||||
|
||||
@ -22,9 +26,11 @@ install-emissary-files: tools/yq/bin/yq tools/upx/bin/upx
|
||||
# Patch agent config
|
||||
tools/yq/bin/yq -i '.agent.serverUrl = "$${EMISSARY_SERVER_URL}"' files/etc/emissary/agent.yml
|
||||
tools/yq/bin/yq -i '.agent.reconciliationInterval = "$${EMISSARY_RECONCILIATION_INTERVAL}"' files/etc/emissary/agent.yml
|
||||
tools/yq/bin/yq -i '.agent.privateKeyPath = "/etc/emissary/agent-key.json"' files/etc/emissary/agent.yml
|
||||
tools/yq/bin/yq -i '.agent.controllers.persistence.stateFile = "/etc/emissary/agent-state.json"' files/etc/emissary/agent.yml
|
||||
tools/yq/bin/yq -i '.agent.privateKeyPath = "/data/emissary/agent-key.json"' files/etc/emissary/agent.yml
|
||||
tools/yq/bin/yq -i '.agent.controllers.persistence.stateFile = "/data/emissary/agent-state.json"' files/etc/emissary/agent.yml
|
||||
tools/yq/bin/yq -i '.agent.controllers.sysupgrade.firmwareVersionCommand = ["sh", "-c", "source /etc/emissary_firmware && echo \"$$FIRMWARE_VERSION\""]' files/etc/emissary/agent.yml
|
||||
tools/yq/bin/yq -i '.agent.controllers.app.dataDir = "/data/emissary/apps/data"' files/etc/emissary/agent.yml
|
||||
tools/yq/bin/yq -i '.agent.controllers.app.downloadDir = "/data/emissary/apps/bundles"' files/etc/emissary/agent.yml
|
||||
|
||||
# Copy emissary binary
|
||||
mkdir -p files/usr/local/bin
|
||||
@ -32,10 +38,10 @@ install-emissary-files: tools/yq/bin/yq tools/upx/bin/upx
|
||||
chmod +x files/usr/local/bin/emissary
|
||||
|
||||
# Set defaults
|
||||
mkdir -p files/etc/emissary
|
||||
rm -rf files/etc/emissary/default.conf
|
||||
echo "EMISSARY_RECONCILIATION_INTERVAL='$(EMISSARY_RECONCILIATION_INTERVAL)'" > files/etc/emissary/default.conf
|
||||
echo "EMISSARY_SERVER_URL='$(EMISSARY_SERVER_URL)'" >> files/etc/emissary/default.conf
|
||||
mkdir -p files/data/emissary
|
||||
rm -rf files/data/emissary/default.conf
|
||||
echo "EMISSARY_RECONCILIATION_INTERVAL='$(EMISSARY_RECONCILIATION_INTERVAL)'" > files/data/emissary/default.conf
|
||||
echo "EMISSARY_SERVER_URL='$(EMISSARY_SERVER_URL)'" >> files/data/emissary/default.conf
|
||||
|
||||
# Compress emissary binary
|
||||
tools/upx/bin/upx -9 files/usr/local/bin/emissary
|
||||
7
install/raspberrypi.mk
Normal file
7
install/raspberrypi.mk
Normal file
@ -0,0 +1,7 @@
|
||||
install-rpi-network-config:
|
||||
mkdir -p files/etc/config
|
||||
cp misc/rpi/uci/network files/etc/config/network
|
||||
|
||||
install-rpi-uci-defaults:
|
||||
mkdir -p files/etc/uci-defaults
|
||||
cp misc/rpi/uci-defaults/* files/etc/uci-defaults/
|
||||
3
install/turris-omnia.mk
Normal file
3
install/turris-omnia.mk
Normal file
@ -0,0 +1,3 @@
|
||||
install-turris-omnia-uci-defaults:
|
||||
mkdir -p files/etc/uci-defaults
|
||||
cp misc/turris/omnia/uci-defaults/* files/etc/uci-defaults/
|
||||
@ -1,3 +1,3 @@
|
||||
/etc/machine-id
|
||||
/etc/emissary/agent-key.json
|
||||
/etc/emissary/agent-state.json
|
||||
/data/emissary/agent-key.json
|
||||
/data/emissary/apps/data
|
||||
|
||||
3
misc/emissary/profile.d/99-emissary.sh
Normal file
3
misc/emissary/profile.d/99-emissary.sh
Normal file
@ -0,0 +1,3 @@
|
||||
#!/bin/sh
|
||||
|
||||
export PATH="${PATH}:/usr/local/bin"
|
||||
@ -3,7 +3,7 @@
|
||||
set -e
|
||||
|
||||
main() {
|
||||
local default_config="/etc/emissary/default.conf"
|
||||
local default_config="/data/emissary/default.conf"
|
||||
|
||||
if [ ! -f "${default_config}" ]; then
|
||||
exit 0
|
||||
|
||||
14
misc/jenkins/Dockerfile
Normal file
14
misc/jenkins/Dockerfile
Normal file
@ -0,0 +1,14 @@
|
||||
FROM reg.cadoles.com/proxy_cache/library/ubuntu:22.04
|
||||
|
||||
ARG HTTP_PROXY=
|
||||
ARG HTTPS_PROXY=
|
||||
ARG http_proxy=
|
||||
ARG https_proxy=
|
||||
|
||||
# Install dev environment dependencies
|
||||
RUN export DEBIAN_FRONTEND=noninteractive &&\
|
||||
apt-get update -y &&\
|
||||
apt-get install -y --no-install-recommends curl ca-certificates build-essential wget unzip tar git jq gawk python3 rsync file
|
||||
|
||||
# Add LetsEncrypt certificates
|
||||
RUN curl -k https://forge.cadoles.com/Cadoles/Jenkins/raw/branch/master/resources/com/cadoles/common/add-letsencrypt-ca.sh | bash
|
||||
37
misc/rpi/uci-defaults/99-x86-uci-custom.sh
Normal file
37
misc/rpi/uci-defaults/99-x86-uci-custom.sh
Normal file
@ -0,0 +1,37 @@
|
||||
#/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
main() {
|
||||
# Update default firewall ruleset
|
||||
uci add firewall rule
|
||||
uci set firewall.@rule[-1].name='Allow SSH on WAN'
|
||||
uci set firewall.@rule[-1].src='wan'
|
||||
uci set firewall.@rule[-1].proto='tcp'
|
||||
uci set firewall.@rule[-1].dest_port='22'
|
||||
uci set firewall.@rule[-1].target='ACCEPT'
|
||||
|
||||
uci add firewall rule
|
||||
uci set firewall.@rule[-1].name='Allow HTTP on WAN'
|
||||
uci set firewall.@rule[-1].src='wan'
|
||||
uci set firewall.@rule[-1].proto='tcp'
|
||||
uci set firewall.@rule[-1].dest_port='80'
|
||||
uci set firewall.@rule[-1].target='ACCEPT'
|
||||
|
||||
uci add firewall rule
|
||||
uci set firewall.@rule[-1].name='Allow HTTPS on WAN'
|
||||
uci set firewall.@rule[-1].src='wan'
|
||||
uci set firewall.@rule[-1].proto='tcp'
|
||||
uci set firewall.@rule[-1].dest_port='443'
|
||||
uci set firewall.@rule[-1].target='ACCEPT'
|
||||
|
||||
uci commit firewall
|
||||
|
||||
# Disable DNS-rebind protection
|
||||
uci set dhcp.@dnsmasq[0].rebind_protection='0'
|
||||
uci commit dhcp
|
||||
|
||||
reload_config
|
||||
}
|
||||
|
||||
main
|
||||
9
misc/rpi/uci/network
Normal file
9
misc/rpi/uci/network
Normal file
@ -0,0 +1,9 @@
|
||||
config interface 'loopback'
|
||||
option ifname 'lo'
|
||||
option proto 'static'
|
||||
option ipaddr '127.0.0.1'
|
||||
option netmask '255.0.0.0'
|
||||
|
||||
config interface 'wan'
|
||||
option ifname 'eth0'
|
||||
option proto 'dhcp'
|
||||
@ -6,7 +6,8 @@ ssh-copy-id root@${OPENWRT_DEVICE}
|
||||
|
||||
TARGET_ARCH=$(ssh root@${OPENWRT_DEVICE} source /etc/os-release \&\& echo \${OPENWRT_BOARD:-\$LEDE_BOARD})
|
||||
|
||||
FIRMWARE_FILE=bin/${OPENWRT_VERSION}/${TARGET_ARCH}/${OPENWRT_PROFILE}/openwrt-*-sysupgrade.img*
|
||||
FIRMWARE_FILENAME=${FIRMWARE_FILENAME:-openwrt-*-sysupgrade.img*}
|
||||
FIRMWARE_FILE=bin/${OPENWRT_VERSION}/${TARGET_ARCH}/${OPENWRT_PROFILE}/${FIRMWARE_FILENAME}
|
||||
FIRMWARE_FILE=${CUSTOM_FIRMWARE_FILE:-$FIRMWARE_FILE}
|
||||
|
||||
ssh root@${OPENWRT_DEVICE} \
|
||||
|
||||
37
misc/turris/omnia/uci-defaults/98-turris-omnia-uci-custom.sh
Normal file
37
misc/turris/omnia/uci-defaults/98-turris-omnia-uci-custom.sh
Normal file
@ -0,0 +1,37 @@
|
||||
#/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
main() {
|
||||
# Update default firewall ruleset
|
||||
uci add firewall rule
|
||||
uci set firewall.@rule[-1].name='Allow SSH on WAN'
|
||||
uci set firewall.@rule[-1].src='wan'
|
||||
uci set firewall.@rule[-1].proto='tcp'
|
||||
uci set firewall.@rule[-1].dest_port='22'
|
||||
uci set firewall.@rule[-1].target='ACCEPT'
|
||||
|
||||
uci add firewall rule
|
||||
uci set firewall.@rule[-1].name='Allow HTTP on WAN'
|
||||
uci set firewall.@rule[-1].src='wan'
|
||||
uci set firewall.@rule[-1].proto='tcp'
|
||||
uci set firewall.@rule[-1].dest_port='80'
|
||||
uci set firewall.@rule[-1].target='ACCEPT'
|
||||
|
||||
uci add firewall rule
|
||||
uci set firewall.@rule[-1].name='Allow HTTPS on WAN'
|
||||
uci set firewall.@rule[-1].src='wan'
|
||||
uci set firewall.@rule[-1].proto='tcp'
|
||||
uci set firewall.@rule[-1].dest_port='443'
|
||||
uci set firewall.@rule[-1].target='ACCEPT'
|
||||
|
||||
uci commit firewall
|
||||
|
||||
# Disable DNS-rebind protection
|
||||
uci set dhcp.@dnsmasq[0].rebind_protection='0'
|
||||
uci commit dhcp
|
||||
|
||||
reload_config
|
||||
}
|
||||
|
||||
main
|
||||
21
misc/turris/omnia/uci-defaults/99-resize-disk.sh
Normal file
21
misc/turris/omnia/uci-defaults/99-resize-disk.sh
Normal file
@ -0,0 +1,21 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -eo pipefail
|
||||
|
||||
block info
|
||||
|
||||
DISK=/dev/mmcblk0
|
||||
PARTITION="${DISK}p2"
|
||||
|
||||
parted -s -a opt "$DISK" "resizepart 2 100%"
|
||||
|
||||
FS_SIZE="$(unsquashfs -s "$PARTITION" | grep -o 'Filesystem size [0-9]* bytes' | grep -o '[0-9][0-9]*')"
|
||||
FS_OFFSET="$(expr '(' "$FS_SIZE" + 65535 ')' / 65536 '*' 65536)"
|
||||
LOOP_DEVICE="$(losetup -f --show -o "$FS_OFFSET" "$PARTITION")"
|
||||
|
||||
e2fsck -y -f "$LOOP_DEVICE"
|
||||
resize2fs "$LOOP_DEVICE"
|
||||
|
||||
rm -f /etc/uci-defaults/99-resize-disk.sh
|
||||
|
||||
reboot
|
||||
@ -2,7 +2,7 @@ all: rpi-4 rpi-3
|
||||
|
||||
rpi-4:
|
||||
$(MAKE) \
|
||||
ADDITIONAL_INSTALL="" \
|
||||
ADDITIONAL_INSTALL="install-rpi-network-config install-rpi-uci-defaults" \
|
||||
OPENWRT_TARGET="bcm27xx/bcm2711" \
|
||||
EMISSARY_ARCH="arm64" \
|
||||
OPENWRT_PROFILE="rpi-4" \
|
||||
@ -10,7 +10,7 @@ rpi-4:
|
||||
|
||||
rpi-3:
|
||||
$(MAKE) \
|
||||
ADDITIONAL_INSTALL="" \
|
||||
ADDITIONAL_INSTALL="install-rpi-network-config install-rpi-uci-defaults" \
|
||||
OPENWRT_TARGET="bcm27xx/bcm2710" \
|
||||
EMISSARY_ARCH="arm64" \
|
||||
OPENWRT_PROFILE="rpi-3" \
|
||||
@ -4,8 +4,9 @@ turris: omnia
|
||||
|
||||
omnia:
|
||||
$(MAKE) \
|
||||
ADDITIONAL_INSTALL="" \
|
||||
ADDITIONAL_INSTALL="install-turris-omnia-uci-defaults" \
|
||||
ADDITIONAL_OPENWRT_PACKAGES="losetup squashfs-tools-unsquashfs resize2fs e2fsprogs parted block-mount" \
|
||||
OPENWRT_TARGET="mvebu/cortexa9" \
|
||||
EMISSARY_ARCH="armv6" \
|
||||
EMISSARY_ARCH="armv7" \
|
||||
OPENWRT_PROFILE="cznic_turris-omnia" \
|
||||
build
|
||||
Reference in New Issue
Block a user