Compare commits

...

5 Commits

Author SHA1 Message Date
bol-van
765770d2c7 installer: support APK on openwrt 2024-11-17 15:45:28 +03:00
bol-van
ba58892011 compile doc: zlib-dev not reqd notice 2024-11-17 12:27:14 +03:00
bol-van
63f40dd8a4
Merge pull request #800 from spvkgn/actions-android
github: build for Android
2024-11-17 11:38:58 +03:00
spvkgn
30443ed31d github: build for Android 2024-11-17 11:00:06 +05:00
spvkgn
a8432a3caa github: minor changes 2024-11-17 11:00:06 +05:00
4 changed files with 203 additions and 46 deletions

View File

@ -87,15 +87,14 @@ jobs:
export LDFLAGS="-Os" export LDFLAGS="-Os"
# netfilter libs # netfilter libs
git clone --depth 1 -b libmnl-1.0.5 git://git.netfilter.org/libmnl wget -qO- https://www.netfilter.org/pub/libnfnetlink/libnfnetlink-1.0.2.tar.bz2 | tar -xj
git clone --depth 1 -b libnfnetlink-1.0.2 git://git.netfilter.org/libnfnetlink wget -qO- https://www.netfilter.org/pub/libmnl/libmnl-1.0.5.tar.bz2 | tar -xj
git clone --depth 1 -b libnetfilter_queue-1.0.5 git://git.netfilter.org/libnetfilter_queue wget -qO- https://www.netfilter.org/pub/libnetfilter_queue/libnetfilter_queue-1.0.5.tar.bz2 | tar -xj
for i in libmnl libnfnetlink libnetfilter_queue ; do for i in libmnl libnfnetlink libnetfilter_queue ; do
( (
cd $i cd $i-*
./autogen.sh && \ ./configure --prefix= --host=$TARGET --enable-static --disable-shared --disable-dependency-tracking
./configure --prefix= --host=$TARGET --enable-static --disable-shared && \
make install -j$(nproc) DESTDIR=$DEPS_DIR make install -j$(nproc) DESTDIR=$DEPS_DIR
) )
sed -i "s|^prefix=.*|prefix=$DEPS_DIR|g" $DEPS_DIR/lib/pkgconfig/$i.pc sed -i "s|^prefix=.*|prefix=$DEPS_DIR|g" $DEPS_DIR/lib/pkgconfig/$i.pc
@ -106,7 +105,7 @@ jobs:
xargs -I{} wget -qO- https://github.com/madler/zlib/archive/refs/tags/{}.tar.gz | tar -xz xargs -I{} wget -qO- https://github.com/madler/zlib/archive/refs/tags/{}.tar.gz | tar -xz
( (
cd zlib-* cd zlib-*
./configure --prefix= --static && \ ./configure --prefix= --static
make install -j$(nproc) DESTDIR=$DEPS_DIR make install -j$(nproc) DESTDIR=$DEPS_DIR
) )
@ -282,9 +281,77 @@ jobs:
path: zapret-*.zip path: zapret-*.zip
if-no-files-found: error if-no-files-found: error
build-android:
name: Android ${{ matrix.abi }}
runs-on: ubuntu-latest
strategy:
matrix:
include:
- abi: armeabi-v7a
target: armv7a-linux-androideabi
- abi: arm64-v8a
target: aarch64-linux-android
- abi: x86
target: i686-linux-android
- abi: x86_64
target: x86_64-linux-android
steps:
- name: Checkout
uses: actions/checkout@v4
with:
path: zapret
- name: Build
env:
ABI: ${{ matrix.abi }}
TARGET: ${{ matrix.target }}
run: |
DEPS_DIR=$GITHUB_WORKSPACE/deps
export TOOLCHAIN=$ANDROID_NDK_HOME/toolchains/llvm/prebuilt/linux-x86_64
export API=21
export CC="$TOOLCHAIN/bin/clang --target=$TARGET$API"
export AR=$TOOLCHAIN/bin/llvm-ar
export AS=$CC
export LD=$TOOLCHAIN/bin/ld
export RANLIB=$TOOLCHAIN/bin/llvm-ranlib
export STRIP=$TOOLCHAIN/bin/llvm-strip
export PKG_CONFIG_PATH=$DEPS_DIR/lib/pkgconfig
# optimize for size
export CFLAGS="-Os -flto=auto"
export LDFLAGS="-Os"
# netfilter libs
wget -qO- https://www.netfilter.org/pub/libnfnetlink/libnfnetlink-1.0.2.tar.bz2 | tar -xj
wget -qO- https://www.netfilter.org/pub/libmnl/libmnl-1.0.5.tar.bz2 | tar -xj
wget -qO- https://www.netfilter.org/pub/libnetfilter_queue/libnetfilter_queue-1.0.5.tar.bz2 | tar -xj
patch -p1 -d libnetfilter_queue-* -i ../zapret/.github/workflows/libnetfilter_queue-android.patch
for i in libmnl libnfnetlink libnetfilter_queue ; do
(
cd $i-*
CFLAGS="$CFLAGS -Wno-implicit-function-declaration" \
./configure --prefix= --host=$TARGET --enable-static --disable-shared --disable-dependency-tracking
make install -j$(nproc) DESTDIR=$DEPS_DIR
)
sed -i "s|^prefix=.*|prefix=$DEPS_DIR|g" $DEPS_DIR/lib/pkgconfig/$i.pc
done
# zapret
CFLAGS="$CFLAGS -I$DEPS_DIR/include" LDFLAGS="$LDFLAGS -L$DEPS_DIR/lib" \
make -C zapret android -j$(nproc)
zip zapret-android-$ABI.zip -j zapret/binaries/my/*
- name: Upload artifacts
uses: actions/upload-artifact@v4
with:
name: zapret-android-${{ matrix.abi }}
path: zapret-*.zip
if-no-files-found: error
release: release:
if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v') if: github.event_name == 'push' && startsWith(github.ref, 'refs/tags/v')
needs: [ build-linux, build-windows, build-macos, build-freebsd ] needs: [ build-linux, build-windows, build-macos, build-freebsd, build-android ]
permissions: permissions:
contents: write contents: write
runs-on: ubuntu-latest runs-on: ubuntu-latest
@ -343,6 +410,10 @@ jobs:
if [ -d $dir ]; then if [ -d $dir ]; then
echo "Processing $dir" echo "Processing $dir"
case $dir in case $dir in
*-android-arm64-v8a ) run_dir android-aarch64 ;;
*-android-armeabi-v7a ) run_dir android-arm ;;
*-android-x86 ) run_dir android-x86 ;;
*-android-x86_64 ) run_dir android-x86_64 ;;
*-freebsd-x86_64 ) run_dir freebsd-x64 ;; *-freebsd-x86_64 ) run_dir freebsd-x64 ;;
*-linux-arm ) run_dir arm ;; *-linux-arm ) run_dir arm ;;
*-linux-arm64 ) run_dir aarch64 ;; *-linux-arm64 ) run_dir aarch64 ;;

View File

@ -0,0 +1,41 @@
--- a/src/extra/pktbuff.c
+++ b/src/extra/pktbuff.c
@@ -14,7 +14,7 @@
#include <string.h> /* for memcpy */
#include <stdbool.h>
-#include <netinet/if_ether.h>
+#include <linux/if_ether.h>
#include <netinet/ip.h>
#include <netinet/tcp.h>
--- a/src/nlmsg.c
+++ b/src/nlmsg.c
@@ -21,7 +21,7 @@
#include <linux/netfilter/nfnetlink_queue.h>
-#include <libnetfilter_queue/libnetfilter_queue.h>
+// #include <libnetfilter_queue/libnetfilter_queue.h>
#include "internal.h"
--- a/src/extra/tcp.c
+++ b/src/extra/tcp.c
@@ -139,12 +139,16 @@ void nfq_tcp_compute_checksum_ipv6(struc
* (union is compatible to any of its members)
* This means this part of the code is -fstrict-aliasing safe now.
*/
+#ifndef __ANDROID__
union tcp_word_hdr {
struct tcphdr hdr;
uint32_t words[5];
};
+#endif
+#ifndef tcp_flag_word
#define tcp_flag_word(tp) ( ((union tcp_word_hdr *)(tp))->words[3])
+#endif
/**
* nfq_pkt_snprintf_tcp_hdr - print tcp header into one buffer in a humnan

View File

@ -190,6 +190,7 @@ check_system()
get_fwtype get_fwtype
OPENWRT_FW3= OPENWRT_FW3=
OPENWRT_FW4=
local info local info
UNAME=$(uname) UNAME=$(uname)
@ -201,21 +202,29 @@ check_system()
# some distros include systemctl without systemd # some distros include systemctl without systemd
if [ -d "$SYSTEMD_DIR" ] && [ -x "$SYSTEMCTL" ] && [ "$INIT" = "systemd" ]; then if [ -d "$SYSTEMD_DIR" ] && [ -x "$SYSTEMCTL" ] && [ "$INIT" = "systemd" ]; then
SYSTEM=systemd SYSTEM=systemd
elif [ -f "/etc/openwrt_release" ] && exists opkg && exists uci && [ "$INIT" = "procd" ] ; then elif [ -f "/etc/openwrt_release" ] && exists opkg || exists apk && exists uci && [ "$INIT" = "procd" ] ; then
{
SYSTEM=openwrt SYSTEM=openwrt
OPENWRT_PACKAGER=opkg
OPENWRT_PACKAGER_INSTALL="opkg install"
OPENWRT_PACKAGER_UPDATE="opkg update"
exists apk && {
OPENWRT_PACKAGER=apk
OPENWRT_PACKAGER_INSTALL="apk add"
OPENWRT_PACKAGER_UPDATE=
}
info="package manager $OPENWRT_PACKAGER\n"
if openwrt_fw3 ; then if openwrt_fw3 ; then
OPENWRT_FW3=1 OPENWRT_FW3=1
info="openwrt firewall uses fw3" info="${info}firewall fw3"
if is_ipt_flow_offload_avail; then if is_ipt_flow_offload_avail; then
info="$info. hardware flow offloading requires iptables." info="$info. hardware flow offloading requires iptables."
else else
info="$info. flow offloading unavailable." info="$info. flow offloading unavailable."
fi fi
elif openwrt_fw4; then elif openwrt_fw4; then
info="openwrt firewall uses fw4. flow offloading requires nftables." OPENWRT_FW4=1
info="${info}firewall fw4. flow offloading requires nftables."
fi fi
}
elif openrc_test; then elif openrc_test; then
SYSTEM=openrc SYSTEM=openrc
else else
@ -236,7 +245,7 @@ check_system()
exitp 5 exitp 5
fi fi
echo system is based on $SYSTEM echo system is based on $SYSTEM
[ -n "$info" ] && echo $info [ -n "$info" ] && printf "${info}\n"
} }
get_free_space_mb() get_free_space_mb()
@ -420,14 +429,21 @@ check_kmod()
} }
check_package_exists_openwrt() check_package_exists_openwrt()
{ {
[ -n "$(opkg list $1)" ] [ -n "$($OPENWRT_PACKAGER list $1)" ]
} }
check_package_openwrt() check_package_openwrt()
{ {
case $OPENWRT_PACKAGER in
opkg)
[ -n "$(opkg list-installed $1)" ] && return 0 [ -n "$(opkg list-installed $1)" ] && return 0
local what="$(opkg whatprovides $1 | tail -n +2 | head -n 1)" local what="$(opkg whatprovides $1 | tail -n +2 | head -n 1)"
[ -n "$what" ] || return 1 [ -n "$what" ] || return 1
[ -n "$(opkg list-installed $what)" ] [ -n "$(opkg list-installed $what)" ]
;;
apk)
apk info -e $1
;;
esac
} }
check_packages_openwrt() check_packages_openwrt()
{ {
@ -516,9 +532,8 @@ restart_openwrt_firewall()
local FW=fw4 local FW=fw4
[ -n "$OPENWRT_FW3" ] && FW=fw3 [ -n "$OPENWRT_FW3" ] && FW=fw3
$FW -q restart || { exists $FW && $FW -q restart || {
echo could not restart firewall $FW echo could not restart firewall $FW
exitp 30
} }
} }
remove_openwrt_firewall() remove_openwrt_firewall()
@ -684,7 +699,23 @@ check_prerequisites_linux()
removable_pkgs_openwrt() removable_pkgs_openwrt()
{ {
PKGS="iptables-mod-extra iptables-mod-nfqueue iptables-mod-filter iptables-mod-ipopt iptables-mod-conntrack-extra ip6tables-mod-nat ip6tables-extra kmod-nft-queue gzip coreutils-sort coreutils-sleep curl" local pkg PKGS2
[ -n "$OPENWRT_FW4" ] && PKGS2="$PKGS2 iptables-zz-legacy iptables ip6tables-zz-legacy ip6tables"
[ -n "$OPENWRT_FW3" ] && PKGS2="$PKGS2 nftables-json nftables-nojson nftables"
PKGS=
for pkg in $PKGS2; do
check_package_exists_openwrt $pkg && PKGS="${PKGS:+$PKGS }$pkg"
done
PKGS="ipset iptables-mod-extra iptables-mod-nfqueue iptables-mod-filter iptables-mod-ipopt iptables-mod-conntrack-extra ip6tables-mod-nat ip6tables-extra kmod-nft-queue gzip coreutils-sort coreutils-sleep curl $PKGS"
}
openwrt_fix_broken_apk_uninstall_scripts()
{
# at least in early snapshots with apk removing gnu gzip, sort, ... does not restore links to busybox
# system may become unusable
exists sort || { echo fixing missing sort; ln -fs /bin/busybox /usr/bin/sort; }
exists gzip || { echo fixing missing gzip; ln -fs /bin/busybox /bin/gzip; }
exists sleep || { echo fixing missing sleep; ln -fs /bin/busybox /bin/sleep; }
} }
remove_extra_pkgs_openwrt() remove_extra_pkgs_openwrt()
@ -693,19 +724,32 @@ remove_extra_pkgs_openwrt()
echo \* remove dependencies echo \* remove dependencies
removable_pkgs_openwrt removable_pkgs_openwrt
echo these packages may have been installed by install_easy.sh : $PKGS echo these packages may have been installed by install_easy.sh : $PKGS
ask_yes_no N "do you want to remove them" && opkg remove --autoremove $PKGS ask_yes_no N "do you want to remove them" && {
case $OPENWRT_PACKAGER in
opkg)
opkg remove --autoremove $PKGS
;;
apk)
apk del $PKGS
openwrt_fix_broken_apk_uninstall_scripts
;;
esac
}
} }
check_prerequisites_openwrt() check_prerequisites_openwrt()
{ {
echo \* checking prerequisites echo \* checking prerequisites
local PKGS="curl" UPD=0 local PKGS="curl" UPD=0 local pkg_iptables
case "$FWTYPE" in case "$FWTYPE" in
iptables) iptables)
PKGS="$PKGS ipset iptables iptables-mod-extra iptables-mod-nfqueue iptables-mod-filter iptables-mod-ipopt iptables-mod-conntrack-extra" pkg_iptables=iptables
[ "$DISABLE_IPV6" != "1" ] && PKGS="$PKGS ip6tables ip6tables-mod-nat ip6tables-extra" check_package_exists_openwrt iptables-zz-legacy && pkg_iptables=iptables-zz-legacy
PKGS="$PKGS ipset $pkg_iptables iptables-mod-extra iptables-mod-nfqueue iptables-mod-filter iptables-mod-ipopt iptables-mod-conntrack-extra"
check_package_exists_openwrt ip6tables-zz-legacy && pkg_iptables=ip6tables-zz-legacy
[ "$DISABLE_IPV6" = 1 ] || PKGS="$PKGS $pkg_iptables ip6tables-mod-nat ip6tables-extra"
;; ;;
nftables) nftables)
PKGS="$PKGS nftables kmod-nft-nat kmod-nft-offload kmod-nft-queue" PKGS="$PKGS nftables kmod-nft-nat kmod-nft-offload kmod-nft-queue"
@ -717,9 +761,9 @@ check_prerequisites_openwrt()
else else
echo \* installing prerequisites echo \* installing prerequisites
opkg update $OPENWRT_PACKAGER_UPDATE
UPD=1 UPD=1
opkg install $PKGS || { $OPENWRT_PACKAGER_INSTALL $PKGS || {
echo could not install prerequisites echo could not install prerequisites
exitp 6 exitp 6
} }
@ -732,10 +776,10 @@ check_prerequisites_openwrt()
echo installer can install GNU gzip but it requires about 100 Kb space echo installer can install GNU gzip but it requires about 100 Kb space
if ask_yes_no N "do you want to install GNU gzip"; then if ask_yes_no N "do you want to install GNU gzip"; then
[ "$UPD" = "0" ] && { [ "$UPD" = "0" ] && {
opkg update $OPENWRT_PACKAGER_UPDATE
UPD=1 UPD=1
} }
opkg install --force-overwrite gzip $OPENWRT_PACKAGER_INSTALL --force-overwrite gzip
fi fi
} }
is_linked_to_busybox sort && { is_linked_to_busybox sort && {
@ -745,10 +789,10 @@ check_prerequisites_openwrt()
echo installer can install GNU sort but it requires about 100 Kb space echo installer can install GNU sort but it requires about 100 Kb space
if ask_yes_no N "do you want to install GNU sort"; then if ask_yes_no N "do you want to install GNU sort"; then
[ "$UPD" = "0" ] && { [ "$UPD" = "0" ] && {
opkg update $OPENWRT_PACKAGER_UPDATE
UPD=1 UPD=1
} }
opkg install --force-overwrite coreutils-sort $OPENWRT_PACKAGER_INSTALL --force-overwrite coreutils-sort
fi fi
} }
[ "$FSLEEP" = 0 ] && is_linked_to_busybox sleep && { [ "$FSLEEP" = 0 ] && is_linked_to_busybox sleep && {
@ -757,10 +801,10 @@ check_prerequisites_openwrt()
echo if you want to speed up blockcheck install coreutils-sleep. it requires about 40 Kb space echo if you want to speed up blockcheck install coreutils-sleep. it requires about 40 Kb space
if ask_yes_no N "do you want to install COREUTILS sleep"; then if ask_yes_no N "do you want to install COREUTILS sleep"; then
[ "$UPD" = "0" ] && { [ "$UPD" = "0" ] && {
opkg update $OPENWRT_PACKAGER_UPDATE
UPD=1 UPD=1
} }
opkg install --force-overwrite coreutils-sleep $OPENWRT_PACKAGER_INSTALL --force-overwrite coreutils-sleep
fsleep_setup fsleep_setup
fi fi
} }

View File

@ -33,3 +33,4 @@ make package/{tpws,nfqws,mdig,ip2net}/compile
ls -l bin/packages/*/base ls -l bin/packages/*/base
# take your ipk or apk from there # take your ipk or apk from there
# zlib-dev is not required