ucentral: development update

* fix poco build on MIPS
* add certificate generation for the gateway package
I make vlan filtering work on mt7621
* add ucentral-gateway profile
* add ubnt_edgerouter-x profiles

Signed-off-by: John Crispin <john@phrozen.org>

feeds/ucentral/poco/patches/300-fp-support-environments-without-hardware-floating-po.patch

@@ -0,0 +1,122 @@
+From: =?utf-8?q?Andr=C3=A9_Draszik?= <git@andred.net>
+Date: Wed, 22 Mar 2017 11:07:16 +0000
+Subject: fp: support environments without hardware floating point
+
+| cd <build>/Foundation && \
+|    mipsel-poky-linux-musl-g++   -DFoundation_EXPORTS -DHAVE_PTHREAD_SETAFFINITY_NP -DHAVE_THREE_PARAM_SCHED_SETAFFINITY \
+|         -DPCRE_STATIC -DPOCO_HAVE_FD_EPOLL -DPOCO_NO_AUTOMATIC_LIBS -DPOCO_OS_FAMILY_UNIX -DPOCO_UNBUNDLED \
+|         -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE -D_REENTRANT -D_THREAD_SAFE -D_XOPEN_SOURCE=500 \
+|         -I<sysroot>/usr/include -I<poco>/Foundation/include -I<poco>/Foundation/src  \
+|         -mel -mabi=32 -msoft-float -march=mips32r2 -mno-mips16  -minterlink-compressed -mtune=24kec -mdsp  \
+|         --sysroot=<sysroot> -O2 -pipe -g -feliminate-unused-debug-types \
+|         -fstack-protector-strong -pie -fpie -D_FORTIFY_SOURCE=2 -Wformat -Wformat-security -Werror=format-security \
+|         -fvisibility-inlines-hidden  -mel -mabi=32 -msoft-float -march=mips32r2 -mno-mips16  -minterlink-compressed \
+|         -mtune=24kec -mdsp  --sysroot=<sysroot> -O2 -g -DNDEBUG -fPIC   \
+|         -o CMakeFiles/Foundation.dir/src/ArchiveStrategy.cpp.o \
+|         -c <poco>/Foundation/src/ArchiveStrategy.cpp
+| In file included from <poco>/Foundation/include/Poco/FPEnvironment.h:33:0,
+|                  from <poco>/Foundation/include/Poco/NumericString.h:25,
+|                  from <poco>/Foundation/include/Poco/NumberFormatter.h:24,
+|                  from <poco>/Foundation/include/Poco/ArchiveStrategy.h:27,
+|                  from <poco>/Foundation/src/ArchiveStrategy.cpp:17:
+| <poco>/Foundation/include/Poco/FPEnvironment_C99.h:36:30: error: 'FE_DOWNWARD' was not declared in this scope
+|    FP_ROUND_DOWNWARD_IMPL   = FE_DOWNWARD,
+|                               ^~~~~~~~~~~
+| <poco>/Foundation/include/Poco/FPEnvironment_C99.h:37:30: error: 'FE_UPWARD' was not declared in this scope
+|    FP_ROUND_UPWARD_IMPL     = FE_UPWARD,
+|                               ^~~~~~~~~
+| <poco>/Foundation/include/Poco/FPEnvironment_C99.h:39:30: error: 'FE_TOWARDZERO' was not declared in this scope
+|    FP_ROUND_TOWARDZERO_IMPL = FE_TOWARDZERO
+|                               ^~~~~~~~~~~~~
+| <poco>/Foundation/include/Poco/FPEnvironment_C99.h:43:28: error: 'FE_DIVBYZERO' was not declared in this scope
+|    FP_DIVIDE_BY_ZERO_IMPL = FE_DIVBYZERO,
+|                             ^~~~~~~~~~~~
+| <poco>/Foundation/include/Poco/FPEnvironment_C99.h:44:28: error: 'FE_INEXACT' was not declared in this scope
+|    FP_INEXACT_IMPL        = FE_INEXACT,
+|                             ^~~~~~~~~~
+| <poco>/Foundation/include/Poco/FPEnvironment_C99.h:45:28: error: 'FE_OVERFLOW' was not declared in this scope
+|    FP_OVERFLOW_IMPL       = FE_OVERFLOW,
+|                             ^~~~~~~~~~~
+| <poco>/Foundation/include/Poco/FPEnvironment_C99.h:46:28: error: 'FE_UNDERFLOW' was not declared in this scope
+|    FP_UNDERFLOW_IMPL      = FE_UNDERFLOW,
+|                             ^~~~~~~~~~~~
+| <poco>/Foundation/include/Poco/FPEnvironment_C99.h:47:28: error: 'FE_INVALID' was not declared in this scope
+|    FP_INVALID_IMPL        = FE_INVALID
+|                             ^~~~~~~~~~
+
+The reason is that some (notably FPU-less) architectures,
+including mips*-nf, don't define/implement some of the
+floating point constants, even though fenv.h is
+available.
+
+The key point is:
+  A fully standards conforming fenv.h does not have to
+  define any FE_* macros, and if it does define them,
+  then it defines macros only for the FP exceptions it
+  actually supports.
+
+See similar issue in boost:
+  https://svn.boost.org/trac/boost/ticket/11756
+---
+ Foundation/include/Poco/FPEnvironment_C99.h | 36 +++++++++++++++++++++++++++++
+ 1 file changed, 36 insertions(+)
+
+diff --git a/Foundation/include/Poco/FPEnvironment_C99.h b/Foundation/include/Poco/FPEnvironment_C99.h
+index 0b192f5..402e6af 100644
+--- a/Foundation/include/Poco/FPEnvironment_C99.h
++++ b/Foundation/include/Poco/FPEnvironment_C99.h
+@@ -31,18 +31,54 @@ class FPEnvironmentImpl
+ protected:
+ 	enum RoundingModeImpl
+ 	{
++#if defined(FE_DOWNWARD)
+ 		FP_ROUND_DOWNWARD_IMPL   = FE_DOWNWARD,
++#else
++		FP_ROUND_DOWNWARD_IMPL   = 0,
++#endif
++#if defined(FE_UPWARD)
+ 		FP_ROUND_UPWARD_IMPL     = FE_UPWARD,
++#else
++		FP_ROUND_UPWARD_IMPL     = 0,
++#endif
++#if defined(FE_TONEAREST)
+ 		FP_ROUND_TONEAREST_IMPL  = FE_TONEAREST,
++#else
++		FP_ROUND_TONEAREST_IMPL  = 0,
++#endif
++#if defined(FE_TOWARDZERO)
+ 		FP_ROUND_TOWARDZERO_IMPL = FE_TOWARDZERO
++#else
++		FP_ROUND_TOWARDZERO_IMPL = 0
++#endif
+ 	};
+ 	enum FlagImpl
+ 	{
++#if defined(FE_DIVBYZERO)
+ 		FP_DIVIDE_BY_ZERO_IMPL = FE_DIVBYZERO,
++#else
++		FP_DIVIDE_BY_ZERO_IMPL = 0,
++#endif
++#if defined(FE_INEXACT)
+ 		FP_INEXACT_IMPL        = FE_INEXACT,
++#else
++		FP_INEXACT_IMPL        = 0,
++#endif
++#if defined(FE_OVERFLOW)
+ 		FP_OVERFLOW_IMPL       = FE_OVERFLOW,
++#else
++		FP_OVERFLOW_IMPL       = 0,
++#endif
++#if defined(FE_UNDERFLOW)
+ 		FP_UNDERFLOW_IMPL      = FE_UNDERFLOW,
++#else
++		FP_UNDERFLOW_IMPL      = 0,
++#endif
++#if defined(FE_INVALID)
+ 		FP_INVALID_IMPL        = FE_INVALID
++#else
++		FP_INVALID_IMPL        = 0
++#endif
+ 	};
+ 	FPEnvironmentImpl();
+ 	FPEnvironmentImpl(const FPEnvironmentImpl& env);

feeds/ucentral/ucentral-defaults/files/etc/uci-defaults/99-ucentral-uhttpd

@@ -0,0 +1,8 @@
+#!/bin/sh
+uci set uhttpd.main.listen_http=''
+uci set uhttpd.main.listen_https=''
+uci set rtty.@rtty[-1].id=$(cat /sys/class/net/eth0/address | tr -d :)
+uci set rtty.@rtty[-1].description="$(cat /tmp/sysinfo/model)"
+uci set rtty.@rtty[-1].ssl=1
+uci set rtty.@rtty[-1].port='5912'
+uci commit rtty

feeds/ucentral/ucentralgw/Makefile

@@ -6,7 +6,7 @@ PKG_RELEASE:=1
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL=git@github.com:Telecominfraproject/wlan-cloud-ucentralgw.git
 PKG_SOURCE_DATE:=2021-03-28
-PKG_SOURCE_VERSION:=4fe4a865b7ddf43991efec5fd3f21c34f89b7146
+PKG_SOURCE_VERSION:=a42e9608df8a465f9899cc23c5261a263a00b154
 CMAKE_INSTALL:=1
 
 PKG_LICENSE:=BSD-3-Clause
@@ -25,6 +25,11 @@ define Package/ucentralgw
   TITLE:= uCentral Gateway
 endef
 
+define Package/mdadm/conffiles
+/etc/ucentral/
+endef
+
+TARGET_CFLAGS += -I$(STAGING_DIR)/usr/include
 CMAKE_OPTIONS += \
 	-DSMALL_BUILD=1
 

feeds/ucentral/ucentralgw/files/etc/uci-defaults/99-ucentral-certs

@@ -0,0 +1,6 @@
+#!/bin.sh
+
+[ -f /etc/ucentral/server-key.pem ] && exit 0
+/usr/libexec/ucentral/create_certificates.sh
+
+exit 0

feeds/ucentral/ucentralgw/files/etc/uci-defaults/99-ucentral-hostname

@@ -0,0 +1,4 @@
+#!/bin.sh
+
+hname=$(cat /sys/class/net/eth0/address | tr -d : | awk '{print tolower($0)}')
+uci set system.@system[-1].hostname=$hname

feeds/ucentral/ucentralgw/patches/100-bash.patch

@@ -0,0 +1,55 @@
+Index: ucentralgw-2021-03-28-a42e9608/cert_scripts/clean.sh
+===================================================================
+--- ucentralgw-2021-03-28-a42e9608.orig/cert_scripts/clean.sh
++++ ucentralgw-2021-03-28-a42e9608/cert_scripts/clean.sh
+@@ -1,3 +1,3 @@
+-#!/bin/bash
++#!/bin/sh
+ 
+ rm *.pem *.csr
+Index: ucentralgw-2021-03-28-a42e9608/cert_scripts/create_certificates.sh
+===================================================================
+--- ucentralgw-2021-03-28-a42e9608.orig/cert_scripts/create_certificates.sh
++++ ucentralgw-2021-03-28-a42e9608/cert_scripts/create_certificates.sh
+@@ -1,15 +1,15 @@
+-#!/bin/bash
++#!/bin/sh
+ 
+-hn=$(hostname)
++hn=$(cat /proc/sys/kernel/hostname)
+ howmany=10
+-cert_life=365
+-subject="/C=CA/ST=British Columbia/L=Vancouver/O=Arilia Wireless/OU=Engineering/CN=$hn/emailAddress=support@example.com"
++cert_life=1825
++subject="/C=uC/ST=uCentral/L=uCentral/O=uCentral/OU=Nerdinging/CN=$hn/emailAddress=support@example.com"
+ 
+-openssl genrsa -out server-key.pem 2048
+-openssl req -new -key server-key.pem -subj "$subject" -out server.csr
+-openssl x509 -req -days $cert_life -in server.csr -signkey server-key.pem -out server-cert.pem
++openssl genrsa -out /etc/ucentral/server-key.pem 2048
++openssl req -new -key /etc/ucentral/server-key.pem -subj "$subject" -out /etc/ucentral/server.csr
++openssl x509 -req -days $cert_life -in /etc/ucentral/server.csr -signkey /etc/ucentral/server-key.pem -out /etc/ucentral/server-cert.pem
+ 
+-for i in `eval echo {1..$howmany}`
++for i in `seq 1 $howmany`
+ do
+-  openssl x509 -signkey server-key.pem -in server.csr -req -days $cert_life -out dev-$i-cert.pem
++  openssl x509 -signkey /etc/ucentral/server-key.pem -in /etc/ucentral/server.csr -req -days $cert_life -out /etc/ucentral/dev-$i-cert.pem
+ done
+Index: ucentralgw-2021-03-28-a42e9608/cert_scripts/more_devices.sh
+===================================================================
+--- ucentralgw-2021-03-28-a42e9608.orig/cert_scripts/more_devices.sh
++++ ucentralgw-2021-03-28-a42e9608/cert_scripts/more_devices.sh
+@@ -1,4 +1,4 @@
+-#!/usr/bin/env bash
++#!/bin/sh
+ 
+ start=11
+ finish=50
+@@ -7,4 +7,4 @@ cert_life=365
+ for i in `eval echo {$start..$finish}`
+ do
+   openssl x509 -signkey server-key.pem -in server.csr -req -days $cert_life -out dev-$i-cert.pem
+-done
+\ No newline at end of file
++done

patches/0024-target-enable-vlan-filtering-on-various-targets.patch

@@ -1,13 +1,14 @@
-From 4cbb46d6f0fbf451439f9bcb96ffdcd32529c20d Mon Sep 17 00:00:00 2001
+From 8a2ba4f83554a29c954246b6586a8168560d3541 Mon Sep 17 00:00:00 2001
 From: John Crispin <john@phrozen.org>
 Date: Mon, 29 Mar 2021 16:05:14 +0200
-Subject: [PATCH 33/37] target: enable vlan-filtering on various targets
+Subject: [PATCH 01/11] target: enable vlan-filtering on various targets
 
 Signed-off-by: John Crispin <john@phrozen.org>
 ---
  target/linux/ipq40xx/base-files/etc/board.d/02_network         | 1 +
  target/linux/mediatek/mt7622/base-files/etc/board.d/02_network | 1 +
- 2 files changed, 2 insertions(+)
+ target/linux/ramips/mt7621/base-files/etc/board.d/02_network   | 1 +
+ 3 files changed, 3 insertions(+)
 
 diff --git a/target/linux/ipq40xx/base-files/etc/board.d/02_network b/target/linux/ipq40xx/base-files/etc/board.d/02_network
 index fe21dc8035..8b7364ff33 100755
@@ -22,7 +23,7 @@ index fe21dc8035..8b7364ff33 100755
  ipq40xx_setup_macs $board
  board_config_flush
 diff --git a/target/linux/mediatek/mt7622/base-files/etc/board.d/02_network b/target/linux/mediatek/mt7622/base-files/etc/board.d/02_network
-index f1daa2fae1..fa48c4008c 100644
+index f1daa2fae1..fa48c4008c 100755
 --- a/target/linux/mediatek/mt7622/base-files/etc/board.d/02_network
 +++ b/target/linux/mediatek/mt7622/base-files/etc/board.d/02_network
 @@ -30,6 +30,7 @@ mediatek_setup_interfaces()
@@ -33,6 +34,18 @@ index f1daa2fae1..fa48c4008c 100644
  mediatek_setup_interfaces $board
  board_config_flush
  
+diff --git a/target/linux/ramips/mt7621/base-files/etc/board.d/02_network b/target/linux/ramips/mt7621/base-files/etc/board.d/02_network
+index 89e679be7c..d68abebd4f 100755
+--- a/target/linux/ramips/mt7621/base-files/etc/board.d/02_network
++++ b/target/linux/ramips/mt7621/base-files/etc/board.d/02_network
+@@ -148,6 +148,7 @@ ramips_setup_macs()
+ 
+ board_config_update
+ board=$(board_name)
++ucidef_set_bridge_device bridge
+ ramips_setup_interfaces $board
+ ramips_setup_macs $board
+ board_config_flush
 -- 
 2.25.1
 

patches/0034-feeds.conf.default-drop-luci.patch

@@ -0,0 +1,25 @@
+From 1a20d4d44bf4601fef37aaf0e9f12d1bee89a022 Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Tue, 4 May 2021 16:48:48 +0200
+Subject: [PATCH] feeds.conf.default: drop luci
+
+we require luci-trunk for the gateway images.
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ feeds.conf.default | 1 -
+ 1 file changed, 1 deletion(-)
+
+diff --git a/feeds.conf.default b/feeds.conf.default
+index 98bf97232d..3d24cb7c27 100644
+--- a/feeds.conf.default
++++ b/feeds.conf.default
+@@ -1,5 +1,4 @@
+ src-git packages https://git.openwrt.org/feed/packages.git;openwrt-21.02
+-src-git luci https://git.openwrt.org/project/luci.git;openwrt-21.02
+ src-git routing https://git.openwrt.org/feed/routing.git;openwrt-21.02
+ src-git telephony https://git.openwrt.org/feed/telephony.git;openwrt-21.02
+ #src-link custom /usr/src/openwrt/custom-feed
+-- 
+2.25.1
+

profiles/raspberry_pi.yml

@@ -3,9 +3,5 @@ profile: rpi-2
 target: bcm27xx
 subtarget: bcm2709
 description: Build image for the Raspberry Pi
-feeds:
-  - name: ucentral
-    path: ../../feeds/ucentral
-packages:
-  - ucentralgw
-  - freeradius
+include:
+  - ucentral-gateway

profiles/ubnt_edgerouter-x-sfp.yml

@@ -0,0 +1,7 @@
+---
+profile: ubnt_edgerouter-x-sfp
+target: ramips
+subtarget: mt7621
+description: Build image for the Ubiquity ER-X-SFP
+include:
+  - ucentral-gateway

profiles/ubnt_edgerouter-x.yml

@@ -0,0 +1,7 @@
+---
+profile: ubnt_edgerouter-x
+target: ramips
+subtarget: mt7621
+description: Build image for the Ubiquity ER-X
+include:
+  - ucentral-gateway

profiles/ucentral-gateway.yml

@@ -0,0 +1,33 @@
+---
+description: Add the ucentral gateway dependencies
+feeds:
+  - name: ucentral
+    path: ../../feeds/ucentral
+  - name: luci_trunk
+    uri: https://git.openwrt.org/project/luci.git
+packages:
+  - cgi-io
+  - liblucihttp
+  - lua
+  - luci-base
+  - luci-mod-dashboard
+  - luci-mod-network
+  - luci-mod-system
+  - luci-theme-bootstrap
+  - freeradius3-utils
+  - freeradius3-mod-eap-pwd
+  - freeradius3-mod-eap-tls
+  - openssl-util
+  - rpcd
+  - rpcd-mod-file
+  - rpcd-mod-iwinfo
+  - rpcd-mod-luci
+  - rpcd-mod-rrdns
+  - ucentralgw
+  - uhttpd
+  - uhttpd-mod-ubus
+diffconfig: |
+  CONFIG_IMAGEOPT=y
+  CONFIG_PREINITOPT=y
+  CONFIG_TARGET_PREINIT_SUPPRESS_STDERR=y
+  CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE=y

profiles/webui.yml

@@ -1,5 +1,9 @@
 ---
 description: Add the webui dependencies
+feeds:
+  - name: luci
+    uri: https://git.openwrt.org/project/luci.git
+    tag: openwrt-21.02
 packages:
   - cgi-io
   - liblucihttp