diff --git a/unzoner/Dockerfile.template b/unzoner/Dockerfile.template index 73383de..04d0d11 100644 --- a/unzoner/Dockerfile.template +++ b/unzoner/Dockerfile.template @@ -1,5 +1,5 @@ # --- build stage -FROM balenalib/%%BALENA_ARCH%%-ubuntu-python:3.9-build AS build +FROM balenalib/%%BALENA_ARCH%%-ubuntu-python:3.10-build AS build LABEL maintainer=team@belodetek.io @@ -31,10 +31,12 @@ RUN install_packages \ flex \ gawk \ gettext \ + libcap-ng-dev \ libev-dev \ liblz4-dev \ liblzo2-dev \ - libpam-dev \ + libnl-genl-3-dev \ + libpam0g-dev \ libssl-dev \ libtool \ libudns-dev \ @@ -69,7 +71,8 @@ RUN if [ "$BUILD_OPENSSL" = '1' ]; then \ # https://stackoverflow.com/a/39006247/1559300 RUN if [ "$BUILD_OPENVPN" = '1' ]; then \ - set -x; wget -q https://swupdate.openvpn.org/community/releases/openvpn-$BUILD_OPENVPN_VERSION.tar.gz \ + set -x; wget --retry-on-host-error --retry-connrefused --waitretry=2 -q \ + https://swupdate.openvpn.org/community/releases/openvpn-$BUILD_OPENVPN_VERSION.tar.gz \ && tar -xvf openvpn-$BUILD_OPENVPN_VERSION.tar.gz && cd openvpn-$BUILD_OPENVPN_VERSION \ && if [ "$BUILD_OPENSSL" = '1' ]; then CFLAGS='-I/usr/local/ssl/include -Wl,-rpath=/usr/local/ssl/lib -Wl,-rpath=/usr/local/ssl/lib64 -L/usr/local/ssl/lib -L/usr/local/ssl/lib64' ./configure; else ./configure; fi \ && make -j $(nproc) && make check && make install \ @@ -85,15 +88,19 @@ RUN if [ "$BUILD_SNIPROXY" = '1' ]; then \ && make install; fi RUN if [ "$BUILD_BIRD" = '1' ]; then \ - wget -q https://bird.network.cz/download/bird-$BUILD_BIRD_VERSION.tar.gz \ + wget --retry-on-host-error --retry-connrefused --waitretry=2 -q \ + https://bird.network.cz/download/bird-$BUILD_BIRD_VERSION.tar.gz \ && tar -xvf bird-$BUILD_BIRD_VERSION.tar.gz && cd bird-$BUILD_BIRD_VERSION \ && mkdir -p tools/ \ - && wget -qO tools/config.guess 'http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD' \ - && wget -qO tools/config.sub 'http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD' \ + && wget --retry-on-host-error --retry-connrefused --waitretry=2 -qO tools/config.guess \ + 'http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD' \ + && wget --retry-on-host-error --retry-connrefused --waitretry=2 -qO tools/config.sub \ + 'http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub;hb=HEAD' \ && autoreconf && ./configure && make -j $(nproc) && make install; fi RUN if [ "$BUILD_WANPROXY" = '1' ]; then \ - wget -q http://wanproxy.org/releases/wanproxy-$BUILD_WANPROXY_VERSION.tar.gz \ + wget --retry-on-host-error --retry-connrefused --waitretry=2 -q \ + http://wanproxy.org/releases/wanproxy-$BUILD_WANPROXY_VERSION.tar.gz \ && tar zxf wanproxy-$BUILD_WANPROXY_VERSION.tar.gz \ && cd wanproxy-$BUILD_WANPROXY_VERSION/programs/wanproxy \ && make && cp wanproxy /usr/local/sbin; fi @@ -161,15 +168,18 @@ WORKDIR /opt RUN set -a \ && . /run/secrets/env \ && mkdir -p /usr/share/GeoIP/ \ - && wget -q "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country&license_key=$MAXMIND_LICENSE_KEY&suffix=tar.gz" -O - | gunzip -d - > /usr/share/GeoIP/GeoIP.dat \ - && wget -q "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key=$MAXMIND_LICENSE_KEY&suffix=tar.gz" -O - | gunzip -d - > /usr/share/GeoIP/GeoLiteCity.dat \ - && wget -q "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-ASN&license_key=$MAXMIND_LICENSE_KEY&suffix=tar.gz" -O - | gunzip -d - > /usr/share/GeoIP/GeoIPASNum.dat + && wget --retry-on-host-error --retry-connrefused --waitretry=2 -q \ + "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-Country&license_key=$MAXMIND_LICENSE_KEY&suffix=tar.gz" -O - | gunzip -d - > /usr/share/GeoIP/GeoIP.dat \ + && wget --retry-on-host-error --retry-connrefused --waitretry=2 -q \ + "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-City&license_key=$MAXMIND_LICENSE_KEY&suffix=tar.gz" -O - | gunzip -d - > /usr/share/GeoIP/GeoLiteCity.dat \ + && wget --retry-on-host-error --retry-connrefused --waitretry=2 -q \ + "https://download.maxmind.com/app/geoip_download?edition_id=GeoLite2-ASN&license_key=$MAXMIND_LICENSE_KEY&suffix=tar.gz" -O - | gunzip -d - > /usr/share/GeoIP/GeoIPASNum.dat COPY systemd/* ./systemd/ # --- runtime -FROM balenalib/%%BALENA_ARCH%%-ubuntu-python:3.9 +FROM balenalib/%%BALENA_ARCH%%-ubuntu-python:3.10 LABEL maintainer=team@belodetek.io @@ -242,10 +252,12 @@ RUN install_packages \ iw \ jq \ kmod \ + libcap-ng0 \ libev4 \ libevent-2.1 \ liblz4-1 \ liblzo2-2 \ + libnl-genl-3-200 \ libpcre3 \ libtool \ libudns0 \ @@ -278,22 +290,22 @@ RUN install_packages \ RUN (groupadd bird || true) && (useradd -r -g bird bird || true) RUN systemctl set-default multi-user.target \ - && systemctl mask \ - apt-daily-upgrade.timer \ - apt-daily.timer \ - dev-hugepages.mount \ - dev-mqueue.mount \ - display-manager.service \ - getty.target \ - getty@.service \ - graphical.target \ - sys-fs-fuse-connections.mount \ - sys-kernel-config.mount \ - sys-kernel-debug.mount \ - systemd-logind.service \ - systemd-remount-fs.service \ - && systemctl enable /etc/systemd/system/balena.service \ - ssh.service \ + && systemctl mask \ + apt-daily-upgrade.timer \ + apt-daily.timer \ + dev-hugepages.mount \ + dev-mqueue.mount \ + display-manager.service \ + getty.target \ + getty@.service \ + graphical.target \ + sys-fs-fuse-connections.mount \ + sys-kernel-config.mount \ + sys-kernel-debug.mount \ + systemd-logind.service \ + systemd-remount-fs.service \ + && systemctl enable /etc/systemd/system/balena.service \ + ssh.service \ openntpd.service STOPSIGNAL SIGRTMIN+3 diff --git a/unzoner/src/main.py b/unzoner/src/main.py index 1c9d71c..e2351e9 100755 --- a/unzoner/src/main.py +++ b/unzoner/src/main.py @@ -68,33 +68,34 @@ def main(): ) group = p1.groups - 1 + # for information only p2 = re.compile('^.*remote=(.*) country=(.*)$') - # hdparm tests + # (iotest) hdparm tests p3 = re.compile( '^\s+(.*):\s+(\d+\s+.*)\s+in\s+([\d\.]+\s+.*)\s+=\s+(.*)\n$' ) - # dd write + # (iotest) dd write p4 = re.compile( '^(\d+\s+.*)\s+\((.*),.*\)\s+.*,\s+(.*),\s+(.*)$' ) mgmt_ipaddr = None - if TUN_MGMT: mgmt_ipaddr = get_ip_address(MGMT_IFACE) + if TUN_MGMT: mgmt_ipaddr = get_ip_address(MGMT_IFACE) # deprecated feature, remove code if DEBUG: print('os.environ: {}'.format(os.environ)) while True: - if DEVICE_TYPE == 0: + if DEVICE_TYPE == 0: # disabled log('{}: device={}'.format(this, GUID)) sys.exit(0) - for i in range(1, LOOP_CYCLE + 1): + for i in range(1, LOOP_CYCLE + 1): # clunky event loop ########################### # server mode(s) or mixed # ########################### - if DEVICE_TYPE in [1, 3, 4]: + if DEVICE_TYPE in [1, 3, 4]: # 1:server 2:unblocking 3:server-mixed 4:private 5:VPN s_lineout = [None, None] s_msg[0] = None s_msg[1] = None @@ -228,7 +229,7 @@ def main(): ########################### # client mode(s) or mixed # ########################### - if DEVICE_TYPE in [2, 3, 5]: + if DEVICE_TYPE in [2, 3, 5]: # 1:server 2:unblocking 3:server-mixed 4:private 5:VPN # iperf timeout if c_stp and now - c_stimer > (LOOP_TIMER * LOOP_CYCLE * 5): log('iperf-status: pid={} elapsed={}'.format( diff --git a/unzoner/src/vpn.py b/unzoner/src/vpn.py index 8ce9662..fee1c8f 100755 --- a/unzoner/src/vpn.py +++ b/unzoner/src/vpn.py @@ -331,9 +331,9 @@ def connect_node(family=AF): ipaddr )) - ############################## - # (legacy) WANProxy override # - ############################## + ################################## + # (deprecated) WANProxy override # + ################################## if WANPROXY: (c_wpid, s_wpid, s_wport) = start_wanproxy_server( ipaddr=ipaddr, @@ -572,9 +572,7 @@ def get_client_status(): bytesin = 0 bytesout = 0 try: - status = open('{}/client.status'.format( - TEMPDIR - )).read().split('\n') + status = open('{}/client.status'.format(TEMPDIR)).read().split('\n') bytesin = [line.split(',')[1] for line in status if line.split(',')[0] == 'TCP/UDP read bytes'][0] bytesout = [line.split(',')[1] for line in status if line.split(',')[0] == 'TCP/UDP write bytes'][0] except IndexError: