the original node_exporter exposes a node_os_info metric with a set of
data about the system [1] which is then used by several dashboards.
openwrt.lua already exposes OS info, but using the node_openwrt_info
metric requires changes to existing dashboards, and would require more
complex lookups when there are non-OpenWrt hosts in the overview too.
as we've already called ubus and fetched the data, we can expose it in
two formats easily.
[1] https://github.com/prometheus/node_exporter/blob/d6d0e710bb7daf07a2743fde060f0d5f32c565f3/collector/os_release.go#L190-L192
Signed-off-by: Evgeni Golov <evgeni@golov.de>
Handle cases where 'mac' is missing (nil), a single string,
or an array (table).
Additionally, add support for the 'duid' field.
Signed-off-by: Etienne Champetier <champetier.etienne@gmail.com>
Add a collector for the various fileystem metrics which matches the
node-exporter behaviour. This collector supports the following metrics:
* node_filesystem_size_bytes
* node_filesystem_free_bytes
* node_filesystem_avail_bytes
* node_filesystem_files
* node_filesystem_files_free
* node_filesystem_readonly
Signed-off-by: Will May <will.j.may@gmail.com>
Add a Prometheus collector for ModemManager that exports cellular modem
signal metrics via mmcli. Supports multiple modems (labeled by D-Bus
object path), exports overall signal quality and detailed per-technology
signal parameters (LTE, NR5G, UMTS, GSM, CDMA, ...).
Requires signal refresh to be enabled on the modem:
mmcli -m <id> --signal-setup=<interval_seconds>
Tested on: ath79/generic, GL.inet GL-X300B, OpenWrt 23.05.5
Co-authored-by: Claude <noreply@anthropic.com>
Signed-off-by: Jean-Laurent Girod <jeanlaurent.girod@icloud.com>
apk's ADB binary package format rejects both the backslash-escape and
the percent-encoding variants of the previous CPE id:
cpe:/a:erlang:erlang\/otp ERROR: info field 'tags' has invalid value
cpe:/a:erlang:erlang%2Fotp ERROR: info field 'tags' has invalid value
apk's tag value parser only accepts a restricted alphabet for ADB
package format and neither '\' nor '%' make the cut. The result is
that the package never produces an .apk.
Drop the '/otp' suffix entirely and use cpe:/a:erlang:erlang, which
matches the higher-level Erlang CPE entry. cve scanners that walked
the more specific erlang\/otp entry will fall back to this one.
This effectively reverts the product portion of bfdf01496 ("lang/erlang:
fix PKG_CPE_ID"), which was correct against the NIST 2.3 string but
incompatible with apk's tag parser.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Two unrelated issues both fixed here so the package + its samples
sub-package land in CI green:
1. PKG_CPE_ID escaping.
apk's ADB binary package format rejects both the backslash-escape
and the percent-encoding variants of the previous CPE id:
cpe:/a:apache:xerces-c\+\+ ERROR: info field 'tags' has invalid value
cpe:/a:apache:xerces-c%2B%2B ERROR: info field 'tags' has invalid value
apk's tag value parser only accepts a restricted alphabet for ADB
package format and neither '\' nor '%' make the cut. With xerces-c
unable to build, downstream consumers (notably sumo) also fail at
cmake configure time with "Failed to find XercesC".
Drop the '++' suffix entirely and use cpe:/a:apache:xerces-c, which
matches the higher-level Apache Xerces-C CPE entry. cve scanners
that walked the more specific xerces-c++ entry will fall back to
this one.
2. Generic version-check override for libxerces-c-samples.
The samples sub-package ships upstream demo programs
(CreateDOMDocument, DOMCount, DOMPrint, SAX2Count, ...) which do
not accept --version / -v / -V and therefore fail the framework's
"executable prints PKG_VERSION" probe, making the package overall
report "Generic tests failed". Add a minimal test-version.sh that
exits 0 so the version-probe is skipped and the remaining generic
checks (executable, no hardcoded paths, stripped, linked libs)
still run for every binary.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
lmdb-test ships /usr/bin/mtest, a stress test that unconditionally
opens ./testdb in the current directory and aborts (SIGABRT) when
that directory is missing. In the CI runtime container that's
always the case, so the framework's --version probe ends up with
"Aborted" output, no PKG_VERSION match, and the package gets
reported as "Generic tests failed - No executables in the package
provided version 0.9.35".
Add libs/lmdb/test-version.sh that handles each sub-package by name:
lmdb (library) and lmdb-test (no usable version probe) pass the
override, lmdb-utils runs 'mdb_dump -V' and matches against
PKG_VERSION, and unknown sub-packages fail loudly to force this
script to be updated. The other generic checks (no hardcoded paths,
stripped, linked libs) still run for every binary.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Bump from 2.0.1 to the latest 2.0 LTS release. This pulls in
upstream commit 53cb738795 ("dnsdist: make code boost-1.91
compatible", Otto Moerbeek, 2026-04-29), which fixes the build
break against Boost 1.91 currently shipped by OpenWrt:
dnsdist-lua.cc:3086:101: error: converting to
'boost::optional<unordered_map<...>>' from initializer list
would use explicit constructor 'constexpr boost::optional<T>::
optional(U&&) [...]'
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Some FortiGate VPN gateways require a specific authentication realm
when multiple domains or user groups are configured on the same server.
This commit updates the netifd protocol script to parse the 'realm'
option from the UCI configuration and correctly append it to the
openfortivpn command line arguments.
Signed-off-by: Xing-Kai Wang <my@xkwang.org>
The same firmware image may be deployed on either bare metal device or
virtualized platforms (e.g., Proxmox VE).
On bare metal device, `qemu-ga` may still be started even though no
virtio-serial channel is available, resulting in repeated attempts to
access /dev/virtio-ports/org.qemu.guest_agent.0.
This causes continuous service respawning by procd and unnecessary log
spam.
This commit adds a pre-check for /dev/virtio-ports to avoid starting
`qemu-ga` when virtio-serial support is not present.
Signed-off-by: Andy Chiang <AndyChiang_git@outlook.com>
vzlogger is a tool to read and log measurements of a wide variety of smart
meters and sensors to the volkszaehler.org middleware.
Signed-off-by: Andy Voigt <a.voigt@mailbox.org>
libSML implements the Smart Message Language protocol used by German smart
meters (FNN specification). It is used by projects like volkszaehler for
reading smart meter data.
Signed-off-by: Andy Voigt <a.voigt@mailbox.org>
Add DDNS update support for blazingfast.io Anycast DNS via their
REST API. Authentication is performed via JWT token obtained from
the login endpoint. Zone records are fetched to verify the record
type before update, ensuring IPv4 services only target A records
and IPv6 services only target AAAA records.
Service, zone and record IDs are passed via param_opt as
space-separated key=value pairs:
service_id=X zone_id=Y record_id=Z
curl --config file approach is used throughout to avoid eval and
shell injection from user-controlled values. Supports both IPv4
and IPv6. For dual-stack, create two separate DDNS service sections
with their respective record IDs.
Tested on GL.iNet MT5000 (Brume 3) running OpenWrt with
ddns-scripts 2.8.2.
Signed-off-by: Fotios Kitsantas <fkitsantas@icloud.com>
Maintainer: Alexandru Ardelean <ardeleanalex@gmail.com>
ping @feckert
First of all big thanks to all involved devs, porting this to proto is not a minor task and besides some small quirks it is working well.
(Not all that happy with the use of a default route instead of /1 routes, because you loose internet if the tunnel goes down but that is just me nitpicking)
However I had problems with default routing as the host routes to the server endpoint were missing.
I tracked it down to code in the `openvpn-hotplug` script and made some changes and in my testing it appears to work now.
As a bonus I also added code for a future implementation of the `nohostroute` option.
Problem:
The host routes were created by just using route setup this however does not work.
Solution:
using `proto_add_host_dependency` seems the better solution.
Furthermore the correct guard for IPv6 seems to be `net_gateway_ipv6` instead of `route_ipv6_gateway` however even the correct guard is only working if ipv6 source routing is disabled on wan6, so perhaps we should consider removing the guard entirely.
For now I left it in place with a warning.
I have tested it on X86 running master build from 5 days ago, both for IPv4 and IPv6
Please have a look and consider implementing.
Thanks
Signed-off-by: Erik Conijn <egc112@msn.com>
Large version jump from 4.8.1 to 4.19.4 (latest upstream LTS).
Build changes:
- Refresh patches/004-fix-su-controoling-term.patch: su.c moved the
ioctl() call from line 1122 to 1169 and changed (char *) 0 to
(char *) NULL; update patch context and re-canonicalise through
quilt (blank context line spacing).
- New CONFIGURE_ARGS:
* --disable-logind: 4.19.4 added an optional libsystemd-based
logind integration which OpenWrt doesn't ship.
* --without-libbsd: shadow's configure now hard-fails on missing
readpassphrase() unless libbsd is found; the in-tree
lib/readpassphrase.c fallback is enabled by --without-libbsd.
* --without-sssd: avoid dragging in an sssd build dep.
* --disable-subordinate-ids: 4.19.4 builds libsubid (subuid/subgid
runtime API) unconditionally when subids are enabled, and its
libtool -export-symbols-regex generates a version script that
binutils 2.40+ rejects against libxcrypt's versioned
crypt_checksalt@@XCRYPT_4.3 symbol. Disabling subordinate-ids
skips libsubid entirely; OpenWrt doesn't ship libsubid.
- Drop newgidmap, newuidmap, lastlog and groups from SHADOW_APPLETS:
newgidmap/newuidmap are only built when subordinate-ids are
enabled, lastlog defaults to disabled in 4.19.4, and the groups
binary was removed from shadow upstream (use coreutils).
Test coverage:
- Replace the per-applet --version check in test.sh with per-applet
functional tests:
pwck -> 'pwck -r' read-only consistency check; accept
non-zero exit since the CI container's /etc/passwd
trips minor warnings.
grpck -> 'grpck -r' read-only consistency check.
chage -> 'chage -l root' lists password aging info.
useradd -> 'useradd -D' dumps defaults without modifying state.
passwd -> 'passwd -S root' prints the password status line.
faillog -> create empty /var/log/faillog then 'faillog -a'
must emit a header line.
login/su -> PAM-interactive; presence covered by generic tests.
Other applets -> verify binary presence (CI's generic tests
already check stripped, no build paths, linked-libs).
- Add test-version.sh as a generic-version-check override: shadow
tools don't honour --version (only --help), so the framework's
probe finds no PKG_VERSION match in any binary and would otherwise
fail Generic tests for every sub-package.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Update from 0.26.5 to 1.0.4 (major version jump 0.x -> 1.x).
Changes:
- Add +libcurl to DEPENDS: libupnpp 1.0.4 introduced a new mandatory
dependency on libcurl (used for HTTP/SOAP communications)
- Build system remains meson (already in use)
- No patches needed
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Replace the four stub udev_hwdb_*() functions with a working
implementation that looks up vendor and product names from
/usr/share/hwdata/usb.ids, so callers using the standard libudev
hwdb API benefit without needing package-specific patches.
The patch is a clean backport of upstream commit 2bebebc9e0444
("udev: implement hwdb USB ID lookup from usb.ids (#80)") merged
to illiliti/libudev-zero master on 2026-05-19, post-1.0.3. Drop
when the package is bumped to the next libudev-zero release.
Upstream now defaults USB_IDS_PATH to ${SHAREDIR}/hwdata/usb.ids
with SHAREDIR=${PREFIX}/share, so the explicit
USB_IDS_PATH=/usr/share/hwdata/usb.ids in MAKE_FLAGS is no longer
needed and is dropped.
Fixes: https://github.com/openwrt/packages/issues/29386
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Update from 017 to 019. Version 019 dropped autoconf in favour of meson,
so switch to include/meson.mk and drop PKG_FIXUP:=autoreconf and the
autoconf CONFIGURE_ARGS.
The binary lsusb no longer reads usb.ids directly; it now queries the
udev hardware database. lsusb.py still searches /usr/share/hwdata/usb.ids
for device name resolution.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
On some build systems, the miniperl binary is created without execute
permission (errno 126 when running it as /bin/sh). This breaks building
the mro extension and cascades to all dependent packages.
Fix by ensuring chmod +x on miniperl after the main build step.
This matches how many other build systems handle this same issue.
Signed-off-by: Alexandru Ardelean <alex@shruggie.ro>
Wei-Ting Yang