From 0fd7b11ec898bd83f40513dda037fd68dc163e65 Mon Sep 17 00:00:00 2001 From: actions-user Date: Wed, 5 Feb 2025 00:30:31 +0800 Subject: [PATCH] update 2025-02-05 00:30:31 --- zerotier/Config.in | 14 ++ zerotier/Makefile | 82 +++++++++++ zerotier/files/etc/config/zerotier | 20 +++ zerotier/files/etc/init.d/zerotier | 130 ++++++++++++++++++ ...1-fix-miniupnpc-natpmp-include-paths.patch | 32 +++++ .../patches/0002-remove-PIE-options.patch | 41 ++++++ ...x-compilation-for-arm_cortex-a7-neon.patch | 23 ++++ .../patches/0004-add-missing-libatomic.patch | 21 +++ .../patches/0005-remove-noexecstack.patch | 21 +++ 9 files changed, 384 insertions(+) create mode 100644 zerotier/Config.in create mode 100644 zerotier/Makefile create mode 100644 zerotier/files/etc/config/zerotier create mode 100755 zerotier/files/etc/init.d/zerotier create mode 100644 zerotier/patches/0001-fix-miniupnpc-natpmp-include-paths.patch create mode 100644 zerotier/patches/0002-remove-PIE-options.patch create mode 100644 zerotier/patches/0003-fix-compilation-for-arm_cortex-a7-neon.patch create mode 100644 zerotier/patches/0004-add-missing-libatomic.patch create mode 100644 zerotier/patches/0005-remove-noexecstack.patch diff --git a/zerotier/Config.in b/zerotier/Config.in new file mode 100644 index 00000000..e08ec757 --- /dev/null +++ b/zerotier/Config.in @@ -0,0 +1,14 @@ +menu "Configuration" + depends on PACKAGE_zerotier + +config ZEROTIER_ENABLE_DEBUG + bool "Build in debug mode" + depends on PACKAGE_zerotier + default n + +config ZEROTIER_ENABLE_SELFTEST + bool "Build a self test program" + depends on PACKAGE_zerotier + default n + +endmenu diff --git a/zerotier/Makefile b/zerotier/Makefile new file mode 100644 index 00000000..c64cfd14 --- /dev/null +++ b/zerotier/Makefile @@ -0,0 +1,82 @@ +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +include $(TOPDIR)/rules.mk + +PKG_NAME:=zerotier +PKG_VERSION:=1.14.2 +PKG_RELEASE:=1 + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://codeload.github.com/zerotier/ZeroTierOne/tar.gz/$(PKG_VERSION)? +PKG_HASH:=c2f64339fccf5148a7af089b896678d655fbfccac52ddce7714314a59d7bddbb +PKG_BUILD_DIR:=$(BUILD_DIR)/ZeroTierOne-$(PKG_VERSION) + +PKG_MAINTAINER:=Moritz Warning +PKG_LICENSE:=BSL 1.1 +PKG_LICENSE_FILES:=LICENSE.txt + +PKG_ASLR_PIE:=0 +PKG_BUILD_PARALLEL:=1 +PKG_BUILD_FLAGS:=gc-sections + +include $(INCLUDE_DIR)/package.mk + +define Package/zerotier + SECTION:=net + CATEGORY:=Network + DEPENDS:=+libpthread +libstdcpp +kmod-tun +ip +libminiupnpc +libnatpmp +libatomic + TITLE:=Create flat virtual Ethernet networks of almost unlimited size + URL:=https://www.zerotier.com + SUBMENU:=VPN +endef + +define Package/zerotier/description + ZeroTier creates a global provider-independent virtual private cloud network. +endef + +define Package/zerotier/config + source "$(SOURCE)/Config.in" +endef + +ifeq ($(CONFIG_ZEROTIER_ENABLE_DEBUG),y) +MAKE_FLAGS += ZT_DEBUG=1 +endif + +MAKE_FLAGS += \ + ZT_EMBEDDED=1 \ + ZT_SSO_SUPPORTED=0 \ + DEFS="" \ + OSTYPE="Linux" \ + +define Build/Compile + $(call Build/Compile/Default,one) +ifeq ($(CONFIG_ZEROTIER_ENABLE_SELFTEST),y) + $(call Build/Compile/Default,selftest) +endif +endef + +# Make binary smaller +TARGET_CFLAGS += -Wl,-z,noexecstack +TARGET_LDFLAGS += -Wl,--as-needed -Wl,-z,noexecstack + +define Package/zerotier/conffiles +/etc/config/zerotier +endef + +define Package/zerotier/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/zerotier-one $(1)/usr/bin/ + $(LN) zerotier-one $(1)/usr/bin/zerotier-cli + $(LN) zerotier-one $(1)/usr/bin/zerotier-idtool + +ifeq ($(CONFIG_ZEROTIER_ENABLE_SELFTEST),y) + $(INSTALL_BIN) $(PKG_BUILD_DIR)/zerotier-selftest $(1)/usr/bin/ +endif + + $(CP) ./files/* $(1)/ +endef + +$(eval $(call BuildPackage,zerotier)) diff --git a/zerotier/files/etc/config/zerotier b/zerotier/files/etc/config/zerotier new file mode 100644 index 00000000..34b1ad34 --- /dev/null +++ b/zerotier/files/etc/config/zerotier @@ -0,0 +1,20 @@ + +config zerotier sample_config + option enabled 0 + + # persistent configuration folder (for ZT controller mode) + #option config_path '/etc/zerotier' + # copy to RAM to prevent writing to flash (for ZT controller mode) + #option copy_config_path '1' + + #option port '9993' + + # path to the local.conf + #option local_conf '/etc/zerotier.conf' + + # Generate secret on first start + option secret '' + + # Join a public network called Earth + list join '8056c2e21c000001' + #list join '' diff --git a/zerotier/files/etc/init.d/zerotier b/zerotier/files/etc/init.d/zerotier new file mode 100755 index 00000000..aebdc7de --- /dev/null +++ b/zerotier/files/etc/init.d/zerotier @@ -0,0 +1,130 @@ +#!/bin/sh /etc/rc.common + +START=90 + +USE_PROCD=1 + +PROG=/usr/bin/zerotier-one +CONFIG_PATH=/var/lib/zerotier-one + +section_enabled() { + config_get_bool enabled "$1" 'enabled' 0 + [ $enabled -ne 0 ] +} + +start_instance() { + local cfg="$1" + local port secret config_path local_conf copy_config_path path + local args="" + + if ! section_enabled "$cfg"; then + echo "disabled in /etc/config/zerotier" + return 1 + fi + + config_get config_path $cfg 'config_path' + config_get port $cfg 'port' + config_get secret $cfg 'secret' + config_get local_conf $cfg 'local_conf' + config_get_bool copy_config_path $cfg 'copy_config_path' 0 + + path=${CONFIG_PATH}_$cfg + + # Remove existing link or folder + rm -rf $path + + # Create link or copy files from CONFIG_PATH to config_path + if [ -n "$config_path" -a "$config_path" != "$path" ]; then + # Create the config path to init and persist + if [ ! -d "$config_path" ]; then + echo "ZeroTier config_path does not exist: $config_path, create..." + mkdir -p $config_path + fi + + # ensure that the target exists + mkdir -p $(dirname $path) + + if [ "$copy_config_path" = "1" ]; then + cp -r $config_path $path + else + ln -s $config_path $path + fi + fi + + mkdir -p $path/networks.d + + # link latest default config path to latest config path + rm -f $CONFIG_PATH + ln -s $path $CONFIG_PATH + + if [ -n "$port" ]; then + args="$args -p${port}" + fi + + if [ -z "$secret" -a ! -f $path/identity.secret ]; then + echo "Generate secret - please wait..." + local sf="/tmp/zt.$cfg.secret" + + zerotier-idtool generate "$sf" > /dev/null + [ $? -ne 0 ] && return 1 + + secret="$(cat $sf)" + rm "$sf" + + uci set zerotier.$cfg.secret="$secret" + uci commit zerotier + fi + + if [ -n "$secret" ]; then + echo "$secret" > $path/identity.secret + # make sure there is not previous identity.public + rm -f $path/identity.public + fi + + if [ -f "$local_conf" ]; then + ln -s "$local_conf" $path/local.conf + fi + + add_join() { + # an (empty) config file will cause ZT to join a network + touch $path/networks.d/$1.conf + } + + config_list_foreach $cfg 'join' add_join + + procd_open_instance + procd_set_param command $PROG $args $path + procd_set_param stderr 1 + procd_set_param respawn + procd_close_instance +} + +start_service() { + config_load 'zerotier' + config_foreach start_instance 'zerotier' +} + +stop_instance() { + local cfg="$1" + + # Remove existing networks + rm -f ${CONFIG_PATH}_${cfg}/networks.d/*.conf + + # Remove existing link or folder + rm -rf ${CONFIG_PATH}_${cfg} +} + +stop_service() { + config_load 'zerotier' + config_foreach stop_instance 'zerotier' + rm -f ${CONFIG_PATH} +} + +reload_service() { + stop + start +} + +service_triggers() { + procd_add_reload_trigger 'zerotier' +} diff --git a/zerotier/patches/0001-fix-miniupnpc-natpmp-include-paths.patch b/zerotier/patches/0001-fix-miniupnpc-natpmp-include-paths.patch new file mode 100644 index 00000000..a4a129ae --- /dev/null +++ b/zerotier/patches/0001-fix-miniupnpc-natpmp-include-paths.patch @@ -0,0 +1,32 @@ +From f53004bd22365900a1dbb120dae62ce8b614d31d Mon Sep 17 00:00:00 2001 +From: Moritz Warning +Date: Mon, 6 May 2024 22:31:57 +0200 +Subject: [PATCH 1/5] fix miniupnpc/natpmp include paths + +Signed-off-by: Moritz Warning +--- + make-linux.mk | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/make-linux.mk ++++ b/make-linux.mk +@@ -26,8 +26,8 @@ TIMESTAMP=$(shell date +"%Y%m%d%H%M") + # otherwise build into binary as done on Mac and Windows. + ONE_OBJS+=osdep/PortMapper.o + override DEFS+=-DZT_USE_MINIUPNPC +-MINIUPNPC_IS_NEW_ENOUGH=$(shell grep -sqr '.*define.*MINIUPNPC_VERSION.*"2..*"' /usr/include/miniupnpc/miniupnpc.h && echo 1) +-#MINIUPNPC_IS_NEW_ENOUGH=$(shell grep -sqr '.*define.*MINIUPNPC_VERSION.*"2.."' /usr/include/miniupnpc/miniupnpc.h && echo 1) ++MINIUPNPC_IS_NEW_ENOUGH=$(shell grep -sqr '.*define.*MINIUPNPC_VERSION.*"2..*"' $(STAGING_DIR)/usr/include/miniupnpc/miniupnpc.h && echo 1) ++#MINIUPNPC_IS_NEW_ENOUGH=$(shell grep -sqr '.*define.*MINIUPNPC_VERSION.*"2.."' $(STAGING_DIR)/usr/include/miniupnpc/miniupnpc.h && echo 1) + ifeq ($(MINIUPNPC_IS_NEW_ENOUGH),1) + override DEFS+=-DZT_USE_SYSTEM_MINIUPNPC + LDLIBS+=-lminiupnpc +@@ -35,7 +35,7 @@ else + override DEFS+=-DMINIUPNP_STATICLIB -DMINIUPNPC_SET_SOCKET_TIMEOUT -DMINIUPNPC_GET_SRC_ADDR -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_XOPEN_SOURCE=600 -DOS_STRING="\"Linux\"" -DMINIUPNPC_VERSION_STRING="\"2.0\"" -DUPNP_VERSION_STRING="\"UPnP/1.1\"" -DENABLE_STRNATPMPERR + ONE_OBJS+=ext/miniupnpc/connecthostport.o ext/miniupnpc/igd_desc_parse.o ext/miniupnpc/minisoap.o ext/miniupnpc/minissdpc.o ext/miniupnpc/miniupnpc.o ext/miniupnpc/miniwget.o ext/miniupnpc/minixml.o ext/miniupnpc/portlistingparse.o ext/miniupnpc/receivedata.o ext/miniupnpc/upnpcommands.o ext/miniupnpc/upnpdev.o ext/miniupnpc/upnperrors.o ext/miniupnpc/upnpreplyparse.o + endif +-ifeq ($(wildcard /usr/include/natpmp.h),) ++ifeq ($(wildcard $(STAGING_DIR)/usr/include/natpmp.h),) + ONE_OBJS+=ext/libnatpmp/natpmp.o ext/libnatpmp/getgateway.o + else + LDLIBS+=-lnatpmp diff --git a/zerotier/patches/0002-remove-PIE-options.patch b/zerotier/patches/0002-remove-PIE-options.patch new file mode 100644 index 00000000..dd240ace --- /dev/null +++ b/zerotier/patches/0002-remove-PIE-options.patch @@ -0,0 +1,41 @@ +From c10b5ed4c6c44e36178b0a5a82da9e8eaa957008 Mon Sep 17 00:00:00 2001 +From: Moritz Warning +Date: Mon, 6 May 2024 22:34:15 +0200 +Subject: [PATCH 2/5] remove PIE options + +Signed-off-by: Moritz Warning +--- + make-linux.mk | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +--- a/make-linux.mk ++++ b/make-linux.mk +@@ -71,7 +71,7 @@ else + override CFLAGS+=-Wall -Wno-deprecated -pthread $(INCLUDES) -DNDEBUG $(DEFS) + CXXFLAGS?=-O3 -fstack-protector + override CXXFLAGS+=-Wall -Wno-deprecated -std=c++17 -pthread $(INCLUDES) -DNDEBUG $(DEFS) +- LDFLAGS?=-pie -Wl,-z,relro,-z,now ++ LDFLAGS?=-Wl,-z,relro,-z,now + ZT_CARGO_FLAGS=--release + endif + +@@ -333,7 +333,7 @@ ifeq ($(ZT_CONTROLLER),1) + endif + + # ARM32 hell -- use conservative CFLAGS +-ifeq ($(ZT_ARCHITECTURE),3) ++ifeq (0,3) + ifeq ($(shell if [ -e /usr/bin/dpkg ]; then dpkg --print-architecture; fi),armel) + override CFLAGS+=-march=armv5t -mfloat-abi=soft -msoft-float -mno-unaligned-access -marm + override CXXFLAGS+=-march=armv5t -mfloat-abi=soft -msoft-float -mno-unaligned-access -marm +@@ -360,8 +360,8 @@ ifeq ($(ZT_USE_ARM32_NEON_ASM_CRYPTO),1) + endif + + # Position Independence +-override CFLAGS+=-fPIC -fPIE +-override CXXFLAGS+=-fPIC -fPIE ++#override CFLAGS+=-fPIC -fPIE ++#override CXXFLAGS+=-fPIC -fPIE + + # Non-executable stack + override LDFLAGS+=-Wl,-z,noexecstack diff --git a/zerotier/patches/0003-fix-compilation-for-arm_cortex-a7-neon.patch b/zerotier/patches/0003-fix-compilation-for-arm_cortex-a7-neon.patch new file mode 100644 index 00000000..34b33619 --- /dev/null +++ b/zerotier/patches/0003-fix-compilation-for-arm_cortex-a7-neon.patch @@ -0,0 +1,23 @@ +From fee674d5a5c7cc847d7e1925ddf41eea89d915c4 Mon Sep 17 00:00:00 2001 +From: Moritz Warning +Date: Mon, 4 Jul 2022 00:10:52 +0200 +Subject: [PATCH 3/5] fix compilation for arm_cortex-a7+neon + +Fixes "error: 'vrbitq_u8' was not declared in this scope" + +Signed-off-by: Rosen Penev +--- + node/Constants.hpp | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/node/Constants.hpp ++++ b/node/Constants.hpp +@@ -123,7 +123,7 @@ + #include + #endif + +-#if (defined(__ARM_NEON) || defined(__ARM_NEON__) || defined(ZT_ARCH_ARM_HAS_NEON)) ++#if (defined(__aarch64__) || defined(ZT_ARCH_ARM_HAS_NEON)) + #if (defined(__APPLE__) && !defined(__LP64__)) || (defined(__ANDROID__) && defined(__arm__)) + #ifdef ZT_ARCH_ARM_HAS_NEON + #undef ZT_ARCH_ARM_HAS_NEON diff --git a/zerotier/patches/0004-add-missing-libatomic.patch b/zerotier/patches/0004-add-missing-libatomic.patch new file mode 100644 index 00000000..5b7cb80c --- /dev/null +++ b/zerotier/patches/0004-add-missing-libatomic.patch @@ -0,0 +1,21 @@ +From f8b4c4a045a9711c316a5c48b238c24cc0948da1 Mon Sep 17 00:00:00 2001 +From: Moritz Warning +Date: Mon, 6 May 2024 22:35:41 +0200 +Subject: [PATCH 4/5] add missing libatomic + +Signed-off-by: Moritz Warning +--- + make-linux.mk | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/make-linux.mk ++++ b/make-linux.mk +@@ -11,7 +11,7 @@ endif + + INCLUDES?=-Irustybits/target -isystem ext -Iext/prometheus-cpp-lite-1.0/core/include -Iext-prometheus-cpp-lite-1.0/3rdparty/http-client-lite/include -Iext/prometheus-cpp-lite-1.0/simpleapi/include + DEFS?= +-LDLIBS?= ++LDLIBS?=-latomic + DESTDIR?= + EXTRA_DEPS?= + diff --git a/zerotier/patches/0005-remove-noexecstack.patch b/zerotier/patches/0005-remove-noexecstack.patch new file mode 100644 index 00000000..769c70e1 --- /dev/null +++ b/zerotier/patches/0005-remove-noexecstack.patch @@ -0,0 +1,21 @@ +From 2a5a279ac0192bc444cd1c3059169f576817d8b9 Mon Sep 17 00:00:00 2001 +From: Moritz Warning +Date: Mon, 28 Aug 2023 09:48:28 +0200 +Subject: [PATCH 5/5] remove noexecstack + +The compilers for arm_cortex-a9 do not recognize this argument. +--- + make-linux.mk | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +--- a/make-linux.mk ++++ b/make-linux.mk +@@ -364,7 +364,7 @@ endif + #override CXXFLAGS+=-fPIC -fPIE + + # Non-executable stack +-override LDFLAGS+=-Wl,-z,noexecstack ++# override LDFLAGS+=-Wl,-z,noexecstack + + .PHONY: all + all: one