try to clean up some labeling inconsistencies
iwinfo loose ends
ucode loose ends
Makefile: adjust mintesttgt (adds blockmount/blockd)
nftables: reads inherited netifd pipe
ucode: reads inherited netifd pipes
mountroot: fowner
sandbox: writes inherited dropbear pipes
unbound related to /tmp/etc/ssl
unbound loose ends
adds a sslconftmpfile for /tmp/etc/ssl
README: maintain a wish list in the README
iwinfo: netifd forgot write
gptfdisk loose ends
iwinfo: netifd wpad reads/writes inherited netifd fifo files
netifd (mac80211.sh) executes iwinfo
luci: executes wireguard
luci-cgi: audits xtables execute access
rcuhttpd: lists ssl certfile dirs
iwinfo, wifi,nftables usage of ttyd pty if available
urandomseed: seedrng needs cap_sys_admin
iwinfo iwinfo, nftables and some chronyd rules related to ntp nts server
nftables, wifi and adds iwinfo skel
nftables, rpcd, ucode
nftables, ucode and seedrng ucode, fw3/nftables, luci
adds ucode skel and some fw3/nftables related
urandomseed: some seedrng rules
fw3 adds some support for fw4
urandomseed: /etc/seedrng is for seed.credit
hotplugcal: runs ucode which is interpreter like
adds a nftables skeleton and makes xtables optional
agent: allow all agents to write inherited dropbear pipes
urandomseed: this seems to be replaced by seedrng
kmodloader: label /etc/modules.conf kmodloader.conffile
Revert "shelexecfile: remove auditallow rule"
Makefile: sort the modules to process by secilc
Moves back to git.defensec.nl
unbound odhcpd (ip) reads net proc
tcp dump
shelexecfile: remove auditallow rule
rrd.cil: fixes indent
Target rddtool from cgi-io instead of runnit it without transition
rrd.cil related
rrd, rpcd, cgiio clean ups related to luci-app-statistics
Rules for rrd files and luci-statistics
unboundcontrol ordering
Several missing permissions
blockmount, dnsmasq, hotplugcall, rpcd, unbound
adds mctp_socket (linux 5.15)
ip: forgot tc-tiny type transition to go along with the fc spec
ip: adds a fc spec for tc-tiny (called by sqm)
adds ttyACM fc spec and various assorted loose ends
.gitattributes: do not export the github workflows
workflow use selinux 3.3
project moved back to https://git.defensec.nl/selinux-policy.git
Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
(cherry picked from commit
|
||
|---|---|---|
| config | ||
| include | ||
| LICENSES | ||
| package | ||
| scripts | ||
| target | ||
| toolchain | ||
| tools | ||
| .gitattributes | ||
| .gitignore | ||
| BSDmakefile | ||
| Config.in | ||
| CONTRIBUTED.md | ||
| COPYING | ||
| feeds.conf.default | ||
| Makefile | ||
| README.md | ||
| rules.mk | ||
Project ImmortalWrt
ImmortalWrt is a fork of OpenWrt, with more packages ported, more devices supported, better performance, and special optimizations for mainland China users.
Compared the official one, we allow to use hacks or non-upstreamable patches / modifications to achieve our purpose. Source from anywhere.
Default login address: http://192.168.1.1 or http://immortalwrt.lan, username: root, password: password.
Development
To build your own firmware you need a GNU/Linux, BSD or MacOSX system (case sensitive filesystem required). Cygwin is unsupported because of the lack of a case sensitive file system.
Requirements
To build with this project, Ubuntu 18.04 LTS is preferred. And you need use the CPU based on AMD64 architecture, with at least 4GB RAM and 25 GB available disk space. Make sure the Internet is accessible.
The following tools are needed to compile ImmortalWrt, the package names vary between distributions.
-
Here is an example for Ubuntu users:
-
Method 1:
Setup dependencies via APT
sudo apt update -y sudo apt full-upgrade -y sudo apt install -y ack antlr3 asciidoc autoconf automake autopoint binutils bison build-essential \ bzip2 ccache cmake cpio curl device-tree-compiler ecj fastjar flex gawk gettext gcc-multilib g++-multilib \ git gperf haveged help2man intltool lib32gcc1 libc6-dev-i386 libelf-dev libglib2.0-dev libgmp3-dev libltdl-dev \ libmpc-dev libmpfr-dev libncurses5-dev libncursesw5 libncursesw5-dev libreadline-dev libssl-dev libtool lrzsz \ mkisofs msmtp nano ninja-build p7zip p7zip-full patch pkgconf python2.7 python3 python3-pip python3-ply \ python-docutils qemu-utils re2c rsync scons squashfs-tools subversion swig texinfo uglifyjs upx-ucl unzip \ vim wget xmlto xxd zlib1g-dev -
Method 2:
curl -s https://build-scripts.immortalwrt.eu.org/init_build_environment.sh | sudo bash
-
-
You can also download and use prebuilt container directly:
See #Quickstart - Build image via OPDE
Note:
- For the for love of god please do not use ROOT user to build your image.
- Using CPUs based on other architectures should be fine to compile ImmortalWrt, but more hacks are needed - No warranty at all.
- You must not have spaces in PATH or in the work folders on the drive.
- If you're using Windows Subsystem for Linux (or WSL), removing Windows folders from PATH is required, please see Build system setup WSL documentation.
- Using macOS as the host build OS is not recommended. No warranty at all. You can get tips from Build system setup macOS documentation.
- As you're building ImmortalWrt, patching or disabling UPX tools is also required.
- For more details, please see Build system setup documentation.
Quickstart
-
Method 1:
- Run
git clone -b <branch> --single-branch https://github.com/immortalwrt/immortalwrtto clone the source code. - Run
cd immortalwrtto enter source directory. - Run
./scripts/feeds update -ato obtain all the latest package definitions defined in feeds.conf / feeds.conf.default - Run
./scripts/feeds install -ato install symlinks for all obtained packages into package/feeds/ - Run
make menuconfigto select your preferred configuration for the toolchain, target system & firmware packages. - Run
maketo build your firmware. This will download all sources, build the cross-compile toolchain and then cross-compile the GNU/Linux kernel & all chosen applications for your target system.
- Run
-
Method 2:
Build image via OPDE
-
Pull the prebuilt container:
docker pull immortalwrt/opde:base # docker run --rm -it immortalwrt/opde:base -
For Linux User:
git clone -b <branch> --single-branch https://github.com/immortalwrt/immortalwrt && cd immortalwrt docker run --rm -it \ -v $PWD:/openwrt \ immortalwrt/opde:base zsh ./scripts/feeds update -a && ./scripts/feeds install -a -
For Windows User:
- Create a volume 'immortalwrt' and clone ImmortalWrt source into volume.
docker run --rm -it -v immortalwrt:/openwrt immortalwrt/opde:base git clone -b <branch> --single-branch https://github.com/immortalwrt/immortalwrt .- Enter docker container and update feeds.
docker run --rm -it -v immortalwrt:/openwrt immortalwrt/opde:base ./scripts/feeds update -a && ./scripts/feeds install -a- Tips: ImmortalWrt source code can not be cloned into NTFS filesystem (symbol link problem during compilation), but docker volume is fine.
-
Proxy Support:
docker run --rm -it \ -e all_proxy=http://example.com:1081 \ -e http_proxy=http://example.com:1081 \ -e https_proxy=http://example.com:1081 \ -e ALL_PROXY=http://example.com:1081 \ -e HTTP_PROXY=http://example.com:1081 \ -e HTTPS_PROXY=http://example.com:1081 \ -v $PWD:/openwrt \ immortalwrt/opde:base zshRecommand
httprathersocks5protocolIP can not be
localhostor127.0.0.1 -
For Windows User, binary is still in volume. It can be copied to outside via followed command:
docker run --rm -v <D:\path\to\dir>:/dst -v openwrt:/openwrt -w /dst immortalwrt:base cp /openwrt/bin /dstMake sure
D:\path\to\dirhas been appended in File Sharing.
-
Related Repositories
The main repository uses multiple sub-repositories to manage packages of different categories. All packages are installed via the ImmortalWrt package manager called opkg. If you're looking to develop the web interface or port packages to ImmortalWrt, please find the fitting repository below.
- LuCI Web Interface: Modern and modular interface to control the device via a web browser.
- ImmortalWrt Packages: Community repository of ported packages.
- OpenWrt Routing: Packages specifically focused on (mesh) routing.
- CONTRIBUTED.md: the 3rd-party packages we introduced.
Support Information
For a list of supported devices see the OpenWrt Hardware Database
Documentation
Support Community
- Support Chat: group @ctcgfw_openwrt_discuss on Telegram.
- Support Chat: group #immortalwrt on Matrix.
License
ImmortalWrt is licensed under GPL-3.0-only.