From 871bc0f64523d0bd1aa3489a012c8cf86ba23d3f Mon Sep 17 00:00:00 2001 From: Cameron Thompson <50184035+iamromulan@users.noreply.github.com> Date: Thu, 2 Jan 2025 20:30:04 -0500 Subject: [PATCH] Fix for latest firmware The 12/23/24 RM551 firmware is missing the init.d scripts. Re-add automatically in those conditions. --- missing/dropbear | 282 ++++++++++++++++++++++++++++++++++++++ missing/uhttpd | 230 +++++++++++++++++++++++++++++++ rcPCIe_SDXPINN_toolkit.sh | 20 ++- 3 files changed, 529 insertions(+), 3 deletions(-) create mode 100755 missing/dropbear create mode 100755 missing/uhttpd diff --git a/missing/dropbear b/missing/dropbear new file mode 100755 index 0000000..ea4cad2 --- /dev/null +++ b/missing/dropbear @@ -0,0 +1,282 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2006-2010 OpenWrt.org +# Copyright (C) 2006 Carlos Sobrinho + +START=19 +STOP=50 + +USE_PROCD=1 +PROG=/usr/sbin/dropbear +NAME=dropbear +PIDCOUNT=0 + +extra_command "killclients" "Kill ${NAME} processes except servers and yourself" + +_dropbearkey() +{ + /usr/bin/dropbearkey "$@" 0<&- 1>&- 2>&- +} + +# $1 - host key file name +hk_verify() +{ + [ -f "$1" ] || return 1 + [ -s "$1" ] || return 2 + _dropbearkey -y -f "$1" || return 3 + return 0 +} + +# $1 - hk_verify() return code +hk_errmsg() +{ + case "$1" in + 0) ;; + 1) echo "file does not exist" ;; + 2) echo "file has zero length" ;; + 3) echo "file is not valid host key or not supported" ;; + *) echo "unknown error" ;; + esac +} + +# $1 - config option +# $2 - host key file name +hk_config() +{ + local x m + hk_verify "$2"; x=$? + case "$x" in + 0) procd_append_param command -r "$2" + ;; + *) m=$(hk_errmsg "$x") + logger -t "${NAME}" -p daemon.warn \ + "option '$1', value '$2': $m, skipping" + ;; + esac +} + +# $1 - host key file name +hk_config__keyfile() +{ + hk_config 'keyfile' "$1" +} + +hk_generate_as_needed() +{ + local kdir kgen ktype tdir kcount tfile + kdir='/etc/dropbear' + + kgen='' + for ktype in ed25519 ecdsa rsa; do + hk_verify "${kdir}/dropbear_${ktype}_host_key" && continue + + kgen="${kgen} ${ktype}" + done + + [ -z "${kgen}" ] && return + + tdir=$(mktemp -d); chmod 0700 "${tdir}" + + kcount=0 + for ktype in ${kgen}; do + tfile="${tdir}/dropbear_${ktype}_host_key" + + if ! _dropbearkey -t ${ktype} -f "${tfile}"; then + # unsupported key type + rm -f "${tfile}" + continue + fi + + kcount=$((kcount+1)) + done + + if [ ${kcount} -ne 0 ]; then + mkdir -p "${kdir}"; chmod 0700 "${kdir}"; chown root "${kdir}" + mv -f "${tdir}/"* "${kdir}/" + fi + + rm -rf "${tdir}" +} + +append_ports() +{ + local ipaddrs="$1" + local port="$2" + + [ -z "$ipaddrs" ] && { + procd_append_param command -p "$port" + return + } + + for addr in $ipaddrs; do + procd_append_param command -p "$addr:$port" + done +} + +validate_section_dropbear() +{ + uci_load_validate dropbear dropbear "$1" "$2" \ + 'PasswordAuth:bool:1' \ + 'enable:bool:1' \ + 'Interface:string' \ + 'GatewayPorts:bool:0' \ + 'RootPasswordAuth:bool:1' \ + 'RootLogin:bool:1' \ + 'rsakeyfile:file' \ + 'keyfile:list(file)' \ + 'BannerFile:file' \ + 'Port:port:22' \ + 'SSHKeepAlive:uinteger:300' \ + 'IdleTimeout:uinteger:0' \ + 'MaxAuthTries:uinteger:3' \ + 'RecvWindowSize:uinteger:0' \ + 'mdns:bool:1' +} + +dropbear_instance() +{ + local ipaddrs + + [ "$2" = 0 ] || { + echo "validation failed" + return 1 + } + + [ -n "${Interface}" ] && { + [ -n "${BOOT}" ] && return 0 + + network_get_ipaddrs_all ipaddrs "${Interface}" || { + echo "interface ${Interface} has no physdev or physdev has no suitable ip" + return 1 + } + } + + [ "${enable}" = "0" ] && return 1 + PIDCOUNT="$(( ${PIDCOUNT} + 1))" + local pid_file="/var/run/${NAME}.${PIDCOUNT}.pid" + + procd_open_instance + procd_set_param command "$PROG" -F -P "$pid_file" + [ "${PasswordAuth}" -eq 0 ] && procd_append_param command -s + [ "${GatewayPorts}" -eq 1 ] && procd_append_param command -a + [ "${RootPasswordAuth}" -eq 0 ] && procd_append_param command -g + [ "${RootLogin}" -eq 0 ] && procd_append_param command -w + if [ -n "${rsakeyfile}" ]; then + logger -t ${NAME} -p daemon.warn \ + "option 'rsakeyfile' is considered to be deprecated and" \ + "will be removed in future releases, use 'keyfile' instead" + hk_config 'rsakeyfile' "${rsakeyfile}" + fi + config_list_foreach "$1" "keyfile" hk_config__keyfile + [ -n "${BannerFile}" ] && procd_append_param command -b "${BannerFile}" + append_ports "${ipaddrs}" "${Port}" + [ "${IdleTimeout}" -ne 0 ] && procd_append_param command -I "${IdleTimeout}" + [ "${SSHKeepAlive}" -ne 0 ] && procd_append_param command -K "${SSHKeepAlive}" + [ "${MaxAuthTries}" -ne 0 ] && procd_append_param command -T "${MaxAuthTries}" + [ "${RecvWindowSize}" -gt 0 -a "${RecvWindowSize}" -le 1048576 ] && \ + procd_append_param command -W "${RecvWindowSize}" + [ "${mdns}" -ne 0 ] && procd_add_mdns "ssh" "tcp" "$Port" "daemon=dropbear" + procd_set_param respawn + procd_close_instance +} + +load_interfaces() +{ + config_get interface "$1" Interface + config_get enable "$1" enable 1 + + [ "${enable}" = "1" ] && interfaces=" ${interface} ${interfaces}" +} + +boot() +{ + BOOT=1 + start "$@" +} + +start_service() +{ + hk_generate_as_needed + + . /lib/functions.sh + . /lib/functions/network.sh + + config_load "${NAME}" + config_foreach validate_section_dropbear dropbear dropbear_instance +} + +service_triggers() +{ + local interfaces + + procd_add_config_trigger "config.change" "dropbear" /etc/init.d/dropbear reload + + config_load "${NAME}" + config_foreach load_interfaces dropbear + + [ -n "${interfaces}" ] && { + for n in $interfaces ; do + procd_add_interface_trigger "interface.*" $n /etc/init.d/dropbear reload + done + } + + procd_add_validation validate_section_dropbear +} + +shutdown() { + # close all open connections + killall dropbear +} + +killclients() +{ + local ignore='' + local server + local pid + + # if this script is run from inside a client session, then ignore that session + pid="$$" + while [ "${pid}" -ne 0 ] + do + # get parent process id + pid=$(cut -d ' ' -f 4 "/proc/${pid}/stat") + [ "${pid}" -eq 0 ] && break + + # check if client connection + grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" && { + append ignore "${pid}" + break + } + done + + # get all server pids that should be ignored + for server in $(cat /var/run/${NAME}.*.pid) + do + append ignore "${server}" + done + + # get all running pids and kill client connections + local skip + for pid in $(pidof "${NAME}") + do + # check if correct program, otherwise process next pid + grep -F -q -e "${PROG}" "/proc/${pid}/cmdline" || { + continue + } + + # check if pid should be ignored (servers, ourself) + skip=0 + for server in ${ignore} + do + if [ "${pid}" = "${server}" ] + then + skip=1 + break + fi + done + [ "${skip}" -ne 0 ] && continue + + # kill process + echo "${initscript}: Killing ${pid}..." + kill -KILL ${pid} + done +} diff --git a/missing/uhttpd b/missing/uhttpd new file mode 100755 index 0000000..8dbc23f --- /dev/null +++ b/missing/uhttpd @@ -0,0 +1,230 @@ +#!/bin/sh /etc/rc.common +# Copyright (C) 2010 Jo-Philipp Wich + +START=50 + +USE_PROCD=1 + +UHTTPD_BIN="/usr/sbin/uhttpd" +PX5G_BIN="/usr/sbin/px5g" +OPENSSL_BIN="/usr/bin/openssl" + +append_arg() { + local cfg="$1" + local var="$2" + local opt="$3" + local def="$4" + local val + + config_get val "$cfg" "$var" + [ -n "$val" -o -n "$def" ] && procd_append_param command "$opt" "${val:-$def}" +} + +append_bool() { + local cfg="$1" + local var="$2" + local opt="$3" + local def="$4" + local val + + config_get_bool val "$cfg" "$var" "$def" + [ "$val" = 1 ] && procd_append_param command "$opt" +} + +generate_keys() { + local cfg="$1" + local key="$2" + local crt="$3" + local days bits country state location organization commonname + + config_get days "$cfg" days + config_get bits "$cfg" bits + config_get country "$cfg" country + config_get state "$cfg" state + config_get location "$cfg" location + config_get organization "$cfg" organization + config_get commonname "$cfg" commonname + config_get key_type "$cfg" key_type + config_get ec_curve "$cfg" ec_curve + + # Prefer px5g for certificate generation (existence evaluated last) + local GENKEY_CMD="" + local KEY_OPTS="rsa:${bits:-2048}" + local UNIQUEID=$(dd if=/dev/urandom bs=1 count=4 | hexdump -e '1/1 "%02x"') + [ "$key_type" = "ec" ] && KEY_OPTS="ec -pkeyopt ec_paramgen_curve:${ec_curve:-P-256}" + [ -x "$OPENSSL_BIN" ] && GENKEY_CMD="$OPENSSL_BIN req -x509 -sha256 -outform der -nodes" + [ -x "$PX5G_BIN" ] && GENKEY_CMD="$PX5G_BIN selfsigned -der" + [ -n "$GENKEY_CMD" ] && { + $GENKEY_CMD \ + -days ${days:-730} -newkey ${KEY_OPTS} -keyout "${UHTTPD_KEY}.new" -out "${UHTTPD_CERT}.new" \ + -subj /C="${country:-ZZ}"/ST="${state:-Somewhere}"/L="${location:-Unknown}"/O="${organization:-OpenWrt$UNIQUEID}"/CN="${commonname:-OpenWrt}" + sync + mv "${UHTTPD_KEY}.new" "${UHTTPD_KEY}" + mv "${UHTTPD_CERT}.new" "${UHTTPD_CERT}" + } +} + +create_httpauth() { + local cfg="$1" + local prefix username password + + config_get prefix "$cfg" prefix + config_get username "$cfg" username + config_get password "$cfg" password + + if [ -z "$prefix" ] || [ -z "$username" ] || [ -z "$password" ]; then + return + fi + echo "${prefix}:${username}:${password}" >>$httpdconf + haveauth=1 +} + +append_lua_prefix() { + local v="$1" + local prefix="${v%%=*}" + local handler="${v#*=}" + + if [ "$prefix" != "$handler" ] && [ -n "$prefix" ] && [ -f "$handler" ]; then + procd_append_param command -l "$prefix" -L "$handler" + else + echo "Skipping invalid Lua prefix \"$v\"" >&2 + fi +} + +append_ucode_prefix() { + local v="$1" + local prefix="${v%%=*}" + local handler="${v#*=}" + + if [ "$prefix" != "$handler" ] && [ -n "$prefix" ] && [ -f "$handler" ]; then + procd_append_param command -o "$prefix" -O "$handler" + else + echo "Skipping invalid ucode prefix \"$v\"" >&2 + fi +} + +start_instance() +{ + UHTTPD_CERT="" + UHTTPD_KEY="" + + local cfg="$1" + local realm="$(uci_get system.@system[0].hostname)" + local listen http https interpreter indexes path handler httpdconf haveauth + local enabled + + config_get_bool enabled "$cfg" 'enabled' 1 + [ $enabled -gt 0 ] || return + + procd_open_instance + procd_set_param respawn + procd_set_param stderr 1 + procd_set_param command "$UHTTPD_BIN" -f + + config_get config "$cfg" config + if [ -z "$config" ]; then + mkdir -p /var/etc/uhttpd + httpdconf="/var/etc/uhttpd/httpd.${cfg}.conf" + rm -f ${httpdconf} + config_list_foreach "$cfg" httpauth create_httpauth + if [ "$haveauth" = "1" ]; then + procd_append_param command -c ${httpdconf} + [ -r /etc/httpd.conf ] && cat /etc/httpd.conf >>/var/etc/uhttpd/httpd.${cfg}.conf + fi + fi + + append_arg "$cfg" home "-h" + append_arg "$cfg" realm "-r" "${realm:-OpenWrt}" + append_arg "$cfg" config "-c" + append_arg "$cfg" cgi_prefix "-x" + [ -f /usr/lib/uhttpd_lua.so ] && { + local len + config_get len "$cfg" lua_prefix_LENGTH + + if [ -n "$len" ]; then + config_list_foreach "$cfg" lua_prefix append_lua_prefix + else + config_get prefix "$cfg" lua_prefix + config_get handler "$cfg" lua_handler + append_lua_prefix "$prefix=$handler" + fi + } + [ -f /usr/lib/uhttpd_ubus.so ] && { + append_arg "$cfg" ubus_prefix "-u" + append_arg "$cfg" ubus_socket "-U" + append_bool "$cfg" ubus_cors "-X" 0 + } + [ -f /usr/lib/uhttpd_ucode.so ] && { + config_list_foreach "$cfg" ucode_prefix append_ucode_prefix + } + append_arg "$cfg" script_timeout "-t" + append_arg "$cfg" network_timeout "-T" + append_arg "$cfg" http_keepalive "-k" + append_arg "$cfg" tcp_keepalive "-A" + append_arg "$cfg" error_page "-E" + append_arg "$cfg" max_requests "-n" 3 + append_arg "$cfg" max_connections "-N" + + append_bool "$cfg" no_ubusauth "-a" 0 + append_bool "$cfg" no_symlinks "-S" 0 + append_bool "$cfg" no_dirlists "-D" 0 + append_bool "$cfg" rfc1918_filter "-R" 0 + + config_get alias_list "$cfg" alias + for alias in $alias_list; do + procd_append_param command -y "$alias" + done + + config_get http "$cfg" listen_http + for listen in $http; do + procd_append_param command -p "$listen" + done + + config_get interpreter "$cfg" interpreter + for path in $interpreter; do + procd_append_param command -i "$path" + done + + config_get indexes "$cfg" index_page + for path in $indexes; do + procd_append_param command -I "$path" + done + + config_get https "$cfg" listen_https + config_get UHTTPD_KEY "$cfg" key /etc/uhttpd.key + config_get UHTTPD_CERT "$cfg" cert /etc/uhttpd.crt + + [ -f /lib/libustream-ssl.so ] && [ -n "$https" ] && { + [ -s "$UHTTPD_CERT" -a -s "$UHTTPD_KEY" ] || { + config_foreach generate_keys cert + } + + [ -f "$UHTTPD_CERT" -a -f "$UHTTPD_KEY" ] && { + append_arg "$cfg" cert "-C" + append_arg "$cfg" key "-K" + + for listen in $https; do + procd_append_param command -s "$listen" + done + } + + append_bool "$cfg" redirect_https "-q" 0 + } + + config_get json_script "$cfg" json_script + for file in $json_script; do + [ -s "$file" ] && procd_append_param command -H "$file" + done + + procd_close_instance +} + +service_triggers() +{ + procd_add_reload_trigger "uhttpd" +} + +start_service() { + config_load uhttpd + config_foreach start_instance uhttpd +} diff --git a/rcPCIe_SDXPINN_toolkit.sh b/rcPCIe_SDXPINN_toolkit.sh index 3ca92ba..b92d998 100644 --- a/rcPCIe_SDXPINN_toolkit.sh +++ b/rcPCIe_SDXPINN_toolkit.sh @@ -77,7 +77,8 @@ install_mount_fix() { opkg install sdxpinn-mount-fix_1.1.0_aarch64_cortex-a53.ipk } -basic_55x_setup() { +basic_55x_setup() { + overlay_check || return echo "src/gz iamromulan-SDXPINN-repo https://raw.githubusercontent.com/iamromulan/quectel-rgmii-toolkit/SDXPINN/opkg-feed" >> /etc/opkg/customfeeds.conf cd /tmp curl -O https://raw.githubusercontent.com/$GITUSER/$GITREPO/$GITTREE/opkg-feed/iamromulan-SDXPINN-repo.key @@ -95,7 +96,20 @@ basic_55x_setup() { opkg install luci-app-ttyd opkg install mc-skins - + + # Check and download /etc/init.d/dropbear if missing + [ -f /etc/init.d/dropbear ] || { + curl -o /etc/init.d/dropbear https://raw.githubusercontent.com/$GITUSER/$GITREPO/$GITTREE/missing/dropbear && + chmod +x /etc/init.d/dropbear; + } + + # Check and download /etc/init.d/uhttpd if missing + [ -f /etc/init.d/uhttpd ] || { + curl -o /etc/init.d/uhttpd https://raw.githubusercontent.com/$GITUSER/$GITREPO/$GITTREE/missing/uhttpd && + chmod +x /etc/init.d/uhttpd; + } + + service uhttpd enable service dropbear enable service uhttpd start @@ -376,7 +390,7 @@ while true; do echo -e "\e[92m2) Install sdxpinn-mount-fix/run me after a flash!\e[0m" # Green echo -e "\e[94m3) TTL Setup\e[0m" # Light Blue echo -e "\e[92m4) MTU Setup\e[0m" # Light Green - echo -e "\e[94m5) Install Basic Packages/enable luci/add iamromulan's feed to opkg(\e[0m" # Light Blue + echo -e "\e[94m5) Install Basic Packages/enable luci/add iamromulan's feed to opkg\e[0m" # Light Blue echo -e "\e[94m6) Set root password\e[0m" # Light Blue echo -e "\e[94m7) Tailscale Management\e[0m" # Light Blue echo -e "\e[92m8) Install Speedtest.net CLI app (speedtest command)\e[0m" # Light Green