From d89c077bd8905bdd079d69b11bedc1eb440067b9 Mon Sep 17 00:00:00 2001 From: Waldemar Brodkorb Date: Sun, 29 Nov 2009 12:46:11 +0100 Subject: add etables, finetune squid package, more busybox finetuning --- package/Config.in | 1 + package/Makefile | 1 + package/base-files/extra/etc/profile | 6 +++--- package/base-files/extra/sbin/update | 11 +++++------ package/busybox/config/Config.in | 4 ++-- package/busybox/config/archival/Config.in | 10 +++++----- package/busybox/config/init/Config.in | 6 +++--- package/busybox/config/networking/Config.in | 2 +- package/ebtables/Config.in | 6 ++++++ package/ebtables/Makefile | 28 ++++++++++++++++++++++++++++ package/squid/Config.in | 1 + package/squid/Makefile | 12 ++++++------ package/squid/files/squid.conf | 27 +++++++++++++++++++++++++++ target/alix1c/Makefile | 2 +- target/alix2d/Makefile | 2 +- 15 files changed, 91 insertions(+), 28 deletions(-) create mode 100644 package/ebtables/Config.in create mode 100644 package/ebtables/Makefile create mode 100644 package/squid/files/squid.conf diff --git a/package/Config.in b/package/Config.in index e879e8288..ce11f2ba4 100644 --- a/package/Config.in +++ b/package/Config.in @@ -236,6 +236,7 @@ menu "Firewall / Routing / Bridging" source "package/arpd/Config.in" source "package/bridge-utils/Config.in" source "package/cutter/Config.in" +source "package/ebtables/Config.in" source "package/ether-wake/Config.in" source "package/iproute2/Config.in" source "package/ipset/Config.in" diff --git a/package/Makefile b/package/Makefile index 89fe35b34..4a2fc81b8 100644 --- a/package/Makefile +++ b/package/Makefile @@ -83,6 +83,7 @@ package-$(ADK_PACKAGE_DSNIFF) += dsniff package-$(ADK_PACKAGE_E2FSPROGS) += e2fsprogs package-$(ADK_PACKAGE_LIBUUID) += e2fsprogs package-$(ADK_PACKAGE_LIBBLKID) += e2fsprogs +package-$(ADK_PACKAGE_EBTABLES) += ebtables package-$(ADK_PACKAGE_ELINKS) += elinks package-$(ADK_PACKAGE_ESOUND) += esound package-$(ADK_PACKAGE_ETHER_WAKE) += ether-wake diff --git a/package/base-files/extra/etc/profile b/package/base-files/extra/etc/profile index 798548a46..1b8f4a6a6 100644 --- a/package/base-files/extra/etc/profile +++ b/package/base-files/extra/etc/profile @@ -1,12 +1,12 @@ export PATH=/bin:/sbin:/usr/bin:/usr/sbin +export TERM=vt220 if [[ $(id -u) = 0 ]]; then export PS1='# ' else export PS1='$ ' + export HOME=/tmp fi -export HOME=/tmp cat /etc/banner 2>&- -[ -x /usr/bin/less ] || alias less=more -[ -x /usr/bin/vim ] || alias vim=vi +[ -x /usr/bin/vim ] && alias vi=vim || alias vim=vi [ -x /usr/bin/arp ] || arp() { cat /proc/net/arp; } [ -x /usr/bin/ldd ] || ldd() { LD_TRACE_LOADED_OBJECTS=1 "$@"; } diff --git a/package/base-files/extra/sbin/update b/package/base-files/extra/sbin/update index a812bb23d..83807ccf5 100755 --- a/package/base-files/extra/sbin/update +++ b/package/base-files/extra/sbin/update @@ -7,9 +7,8 @@ if [ $who -ne 0 ]; then fi cd / - +umount -f /etc mount -o remount,rw / -umount /etc check_exit() { if [ $? -ne 0 ];then @@ -19,17 +18,17 @@ check_exit() { } extract_from_file() { - tar -xzvf $1 + cat $1 | gunzip -c | tar -xvf - check_exit } extract_from_ssh() { - ssh $1 "cat $2" | tar -xzvf - + ssh $1 "cat $2" | gunzip -c | tar -xvf - check_exit } extract_from_http() { - wget -O - $1 | tar -xzvf - + wget -O - $1 | gunzip -c | tar -xvf - check_exit } @@ -60,7 +59,7 @@ case $1 in esac sync -mount --bind /etc /tmp/.cfgfs/root +mount -o bind /etc /tmp/.cfgfs/root echo "Check with cfgfs status if you need to merge and save any changes in /etc." echo "You should reboot now." diff --git a/package/busybox/config/Config.in b/package/busybox/config/Config.in index 6da769cc0..427a45b4a 100644 --- a/package/busybox/config/Config.in +++ b/package/busybox/config/Config.in @@ -65,7 +65,7 @@ config BUSYBOX_SHOW_USAGE config BUSYBOX_FEATURE_VERBOSE_USAGE bool "Show verbose applet usage messages" - default n + default y select BUSYBOX_SHOW_USAGE help All BusyBox applets will show more verbose help messages when @@ -155,7 +155,7 @@ config BUSYBOX_FEATURE_CLEAN_UP config BUSYBOX_FEATURE_PIDFILE bool "Support writing pidfiles" - default n + default y help This option makes some applets (e.g. crond, syslogd, inetd) write a pidfile in /var/run. Some applications rely on them. diff --git a/package/busybox/config/archival/Config.in b/package/busybox/config/archival/Config.in index 0140b7631..124f5887c 100644 --- a/package/busybox/config/archival/Config.in +++ b/package/busybox/config/archival/Config.in @@ -7,19 +7,19 @@ menu "Archival Utilities" config BUSYBOX_FEATURE_SEAMLESS_LZMA bool "Make tar, rpm, modprobe etc understand .lzma data" - default n + default y help Make tar, rpm, modprobe etc understand .lzma data. config BUSYBOX_FEATURE_SEAMLESS_BZ2 bool "Make tar, rpm, modprobe etc understand .bz2 data" - default n + default y help Make tar, rpm, modprobe etc understand .bz2 data. config BUSYBOX_FEATURE_SEAMLESS_GZ bool "Make tar, rpm, modprobe etc understand .gz data" - default n + default y help Make tar, rpm, modprobe etc understand .gz data. @@ -163,7 +163,7 @@ config BUSYBOX_GUNZIP config BUSYBOX_GZIP bool "gzip" - default n + default y help gzip is used to compress files. It's probably the most widely used UNIX compression program. @@ -276,7 +276,7 @@ config BUSYBOX_FEATURE_TAR_LONG_OPTIONS config BUSYBOX_FEATURE_TAR_UNAME_GNAME bool "Enable use of user and group names" - default n + default p depends on BUSYBOX_TAR help Enables use of user and group names in tar. This affects contents diff --git a/package/busybox/config/init/Config.in b/package/busybox/config/init/Config.in index bb2d0aa32..9ca5b2885 100644 --- a/package/busybox/config/init/Config.in +++ b/package/busybox/config/init/Config.in @@ -21,7 +21,7 @@ config BUSYBOX_FEATURE_USE_INITTAB config BUSYBOX_FEATURE_KILL_REMOVED bool "Support killing processes that have been removed from inittab" - default y + default n depends on BUSYBOX_FEATURE_USE_INITTAB help When respawn entries are removed from inittab and a SIGHUP is @@ -41,7 +41,7 @@ config BUSYBOX_FEATURE_KILL_DELAY config BUSYBOX_FEATURE_INIT_SCTTY bool "Run commands with leading dash with controlling tty" - default n + default y depends on BUSYBOX_INIT help If this option is enabled, init will try to give a controlling @@ -56,7 +56,7 @@ config BUSYBOX_FEATURE_INIT_SCTTY config BUSYBOX_FEATURE_INIT_SYSLOG bool "Enable init to write to syslog" - default n + default y depends on BUSYBOX_INIT config BUSYBOX_FEATURE_EXTRA_QUIET diff --git a/package/busybox/config/networking/Config.in b/package/busybox/config/networking/Config.in index 797c21aea..0db95b6d4 100644 --- a/package/busybox/config/networking/Config.in +++ b/package/busybox/config/networking/Config.in @@ -60,7 +60,7 @@ config BUSYBOX_ARPING config BUSYBOX_BRCTL bool "brctl" - depends on !ADK_PACKAGE_BRCTL + depends on !ADK_PACKAGE_BRIDGE_UTILS default n help Manage ethernet bridges. diff --git a/package/ebtables/Config.in b/package/ebtables/Config.in new file mode 100644 index 000000000..7e78aeedd --- /dev/null +++ b/package/ebtables/Config.in @@ -0,0 +1,6 @@ +config ADK_PACKAGE_EBTABLES + prompt "ebtables.......................... Ethernet bridging firewall tool" + tristate + default n + help + http://ebtables.sourceforge.net/ diff --git a/package/ebtables/Makefile b/package/ebtables/Makefile new file mode 100644 index 000000000..8499b12e9 --- /dev/null +++ b/package/ebtables/Makefile @@ -0,0 +1,28 @@ +# This file is part of the OpenADK project. OpenADK is copyrighted +# material, please see the LICENCE file in the top-level directory. + +include ${TOPDIR}/rules.mk + +PKG_NAME:= iptables +PKG_VERSION:= 2.0.9 +PKG_RELEASE:= 1 +PKG_MD5SUM:= 44f13990132c20299c1994cd6f425140 +PKG_DESCR:= ethernet bridging firewall tool +PKG_SECTION:= net +PKG_URL:= http://ebtables.sourceforge.net +PKG_SITES:= ${MASTER_SITE_SOURCEFORGE:=ebtables/} + +DISTFILES:= ${PKG_NAME}-v${PKG_VERSION}-1.tar.gz + +include ${TOPDIR}/mk/package.mk + +$(eval $(call PKG_template,EBTABLES,${PKG_NAME},${PKG_VERSION}-${PKG_RELEASE},${PKG_DEPENDS},${PKG_DESCR},${PKG_SECTION})) + +CONFIGURE_STYLE:= gnu +BUILD_STYLE:= auto +INSTALL_STYLE:= auto + +post-install: + ${INSTALL_DIR} ${IDIR_EBTABLES}/usr/sbin + +include ${TOPDIR}/mk/pkg-bottom.mk diff --git a/package/squid/Config.in b/package/squid/Config.in index c0cc8f818..c597986d8 100644 --- a/package/squid/Config.in +++ b/package/squid/Config.in @@ -4,6 +4,7 @@ config ADK_PACKAGE_SQUID tristate default n select ADK_PACKAGE_LIBOPENSSL + select ADK_PACKAGE_LIBPTHREAD help Squid is a high-performance proxy caching server for web clients, supporting FTP, gopher, and HTTP data objects. Unlike traditional diff --git a/package/squid/Makefile b/package/squid/Makefile index 80f97c032..9395c65c8 100644 --- a/package/squid/Makefile +++ b/package/squid/Makefile @@ -5,7 +5,7 @@ include ${TOPDIR}/rules.mk PKG_NAME:= squid PKG_VERSION:= 3.0.STABLE20 -PKG_RELEASE:= 1 +PKG_RELEASE:= 2 PKG_MD5SUM:= b69577cfc5cfb6808ec426e3a933220d PKG_DESCR:= squid web and cache proxy PKG_SECTION:= net @@ -113,12 +113,9 @@ CONFIGURE_ARGS+= --datadir=/usr/share/squid \ --enable-x-accelerator-vary \ --with-pthreads \ --with-dl \ - --enable-icmp \ --enable-kill-parent-hack \ --enable-arp-acl \ --enable-ssl \ - --disable-htcp \ - --disable-esi \ --enable-err-languages=English \ --enable-default-err-language=English \ --enable-linux-netfilter \ @@ -128,6 +125,9 @@ CONFIGURE_ARGS+= --datadir=/usr/share/squid \ --enable-cache-digests \ --enable-referer-log \ --enable-delay-pools \ + --disable-snmp \ + --disable-esi \ + --disable-htcp \ --disable-wccp \ --disable-wccpv2 \ --enable-useragent-log \ @@ -149,8 +149,8 @@ endif post-install: ${INSTALL_MODS_y} ${INSTALL_MODS_m} ${INSTALL_DIR} ${IDIR_SQUID}/etc/squid - ${INSTALL_DATA} ${WRKINST}/etc/squid/mime.conf \ - ${WRKINST}/etc/squid/squid.conf ${IDIR_SQUID}/etc/squid/ + ${INSTALL_DATA} ${WRKINST}/etc/squid/mime.conf ${IDIR_SQUID}/etc/squid/ + ${INSTALL_DATA} ./files/squid.conf ${IDIR_SQUID}/etc/squid/ ${INSTALL_DIR} ${IDIR_SQUID}/usr/share/squid ${CP} ${WRKINST}/usr/share/squid/* ${IDIR_SQUID}/usr/share/squid/ ${INSTALL_DIR} ${IDIR_SQUID}/usr/sbin ${IDIR_SQUID}/usr/lib/squid diff --git a/package/squid/files/squid.conf b/package/squid/files/squid.conf new file mode 100644 index 000000000..86ffa60c7 --- /dev/null +++ b/package/squid/files/squid.conf @@ -0,0 +1,27 @@ +visible_hostname linux +http_port 3128 +# acl +acl manager proto cache_object +acl localhost src 127.0.0.1/32 +acl to_localhost dst 127.0.0.0/8 0.0.0.0/32 +acl localnet src 10.0.0.0/8 # RFC1918 possible internal network +acl localnet src 172.16.0.0/12 # RFC1918 possible internal network +acl localnet src 192.168.0.0/16 # RFC1918 possible internal network +acl SSL_ports port 443 +acl Safe_ports port 80 # http +acl Safe_ports port 21 # ftp +acl Safe_ports port 443 # https +acl Safe_ports port 70 # gopher +acl Safe_ports port 210 # wais +acl Safe_ports port 1025-65535 # unregistered ports +acl Safe_ports port 280 # http-mgmt +acl Safe_ports port 488 # gss-http +acl Safe_ports port 591 # filemaker +acl Safe_ports port 777 # multiling http +acl CONNECT method CONNECT +http_access allow manager localhost +http_access deny manager +http_access deny !Safe_ports +http_access deny CONNECT !SSL_ports +http_access allow localnet +http_access deny all diff --git a/target/alix1c/Makefile b/target/alix1c/Makefile index 93a7c6642..4278c90f9 100644 --- a/target/alix1c/Makefile +++ b/target/alix1c/Makefile @@ -13,7 +13,7 @@ kernel-install: ifeq ($(FS),ext2-cf) imageinstall: $(BIN_DIR)/$(ROOTFSTARBALL) @echo - @echo "The RootFS tarball is: $(BIN_DIR)/$(ROOTFSTARBALL)," + @echo "The RootFS tarball is: $(BIN_DIR)/$(ROOTFSTARBALL)" @echo "To install everything to CompactFlash use scripts/install.sh" @echo 'Login as user root with password linux123 via ssh or console' endif diff --git a/target/alix2d/Makefile b/target/alix2d/Makefile index 93a7c6642..4278c90f9 100644 --- a/target/alix2d/Makefile +++ b/target/alix2d/Makefile @@ -13,7 +13,7 @@ kernel-install: ifeq ($(FS),ext2-cf) imageinstall: $(BIN_DIR)/$(ROOTFSTARBALL) @echo - @echo "The RootFS tarball is: $(BIN_DIR)/$(ROOTFSTARBALL)," + @echo "The RootFS tarball is: $(BIN_DIR)/$(ROOTFSTARBALL)" @echo "To install everything to CompactFlash use scripts/install.sh" @echo 'Login as user root with password linux123 via ssh or console' endif -- cgit v1.2.3