summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPatrick Murphy <Patrick.Murphy@multitech.com>2020-04-30 13:04:00 -0500
committerJohn Klug <john.klug@multitech.com>2020-06-18 20:22:08 -0500
commit5724d72ffb2d6f4e44b65a92d5b69bcdf8551118 (patch)
treeff5b1f6243f931eccda3f378887681c086c0021e
parenta3020c1257ad6bd653b5c619f1552b5e22fe7e0c (diff)
downloadmeta-mlinux-5724d72ffb2d6f4e44b65a92d5b69bcdf8551118.tar.gz
meta-mlinux-5724d72ffb2d6f4e44b65a92d5b69bcdf8551118.tar.bz2
meta-mlinux-5724d72ffb2d6f4e44b65a92d5b69bcdf8551118.zip
moved 5.2.1 changes to master
-rw-r--r--recipes-core/file-magic-db-images/file-magic-db-images_0.1.bb27
-rw-r--r--recipes-core/file-magic-db-images/files/COPYING29
-rw-r--r--recipes-core/file-magic-db-images/files/Magdir/images78
-rw-r--r--recipes-core/file-magic-db-images/files/Magdir/jpeg119
-rw-r--r--recipes-core/file-magic-db-images/files/Magdir/msdos29
-rw-r--r--recipes-core/file-magic-db-images/files/Magdir/sgml8
-rw-r--r--recipes-core/images/mlinux-commissioning-image.bb7
-rw-r--r--recipes-core/images/mlinux-factory-test-image.bb8
-rw-r--r--recipes-core/images/mlinux-mtcap-commissioning-image.bb7
-rw-r--r--recipes-core/images/mlinux-mtcap-test-image.bb87
-rw-r--r--recipes-core/lighttpd/files/0001-lighttpd-pcre-use-pkg-config.patch41
-rw-r--r--recipes-core/lighttpd/files/0002_extended_tls_conf.patch110
-rw-r--r--recipes-core/lighttpd/files/0004_fastcgi_env_with_unixsocket.patch57
-rw-r--r--recipes-core/lighttpd/files/lighttpd.conf209
-rw-r--r--recipes-core/lighttpd/files/lighttpd.init310
-rw-r--r--recipes-core/lighttpd/files/lighttpd_custom_images_setup57
-rw-r--r--recipes-core/lighttpd/files/lighttpd_nrs.conf66
-rw-r--r--recipes-core/lighttpd/lighttpd_1.4.48.bb100
-rw-r--r--recipes-core/multitech/commissioning_1.0.1.bb (renamed from recipes-core/multitech/commissioning_1.0.0.bb)17
19 files changed, 1362 insertions, 4 deletions
diff --git a/recipes-core/file-magic-db-images/file-magic-db-images_0.1.bb b/recipes-core/file-magic-db-images/file-magic-db-images_0.1.bb
new file mode 100644
index 0000000..43d3052
--- /dev/null
+++ b/recipes-core/file-magic-db-images/file-magic-db-images_0.1.bb
@@ -0,0 +1,27 @@
+DESCRIPTION = "Stripped MIME detection database for file(1) with definition of images"
+HOMEPAGE = "http://www.darwinsys.com/file/"
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://COPYING;beginline=2;md5=6a7382872edb68d33e1a9398b6e03188"
+DEPENDS = "file-native"
+FILES_${PN} = "${datadir}/misc/magic-images.mgc"
+
+PV = "0.1"
+PR = "r5"
+
+SRC_URI = "file://COPYING \
+ file://Magdir/images \
+ file://Magdir/jpeg \
+ file://Magdir/msdos \
+ file://Magdir/sgml"
+
+S = "${WORKDIR}"
+
+do_compile() {
+ ${STAGING_BINDIR_NATIVE}/file-native/file -v
+ ${STAGING_BINDIR_NATIVE}/file-native/file -C -m ${S}/Magdir
+}
+
+do_install() {
+ install -d ${D}/${datadir}/misc/
+ install -m 0644 ${WORKDIR}/Magdir.mgc ${D}/${datadir}/misc/magic-images.mgc
+}
diff --git a/recipes-core/file-magic-db-images/files/COPYING b/recipes-core/file-magic-db-images/files/COPYING
new file mode 100644
index 0000000..68148e2
--- /dev/null
+++ b/recipes-core/file-magic-db-images/files/COPYING
@@ -0,0 +1,29 @@
+$File: LEGAL.NOTICE,v 1.15 2006/05/03 18:48:33 christos Exp $
+Copyright (c) Ian F. Darwin 1986, 1987, 1989, 1990, 1991, 1992, 1994, 1995.
+Software written by Ian F. Darwin and others;
+maintained 1994- Christos Zoulas.
+
+This software is not subject to any export provision of the United States
+Department of Commerce, and may be exported to any country or planet.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+1. Redistributions of source code must retain the above copyright
+ notice immediately at the beginning of the file, without modification,
+ this list of conditions, and the following disclaimer.
+2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in the
+ documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR
+ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+SUCH DAMAGE.
diff --git a/recipes-core/file-magic-db-images/files/Magdir/images b/recipes-core/file-magic-db-images/files/Magdir/images
new file mode 100644
index 0000000..493027f
--- /dev/null
+++ b/recipes-core/file-magic-db-images/files/Magdir/images
@@ -0,0 +1,78 @@
+# PNG [Portable Network Graphics, or "PNG's Not GIF"] images
+# (Greg Roelofs, newt@uchicago.edu)
+# (Albert Cahalan, acahalan@cs.uml.edu)
+#
+# 137 P N G \r \n ^Z \n [4-byte length] H E A D [HEAD data] [HEAD crc] ...
+#
+0 string \x89PNG\x0d\x0a\x1a\x0a PNG image data
+!:mime image/png
+>16 belong x \b, %d x
+>20 belong x %d,
+>24 byte x %d-bit
+>25 byte 0 grayscale,
+>25 byte 2 \b/color RGB,
+>25 byte 3 colormap,
+>25 byte 4 gray+alpha,
+>25 byte 6 \b/color RGBA,
+#>26 byte 0 deflate/32K,
+>28 byte 0 non-interlaced
+>28 byte 1 interlaced
+
+# GIF
+0 string GIF8 GIF image data
+!:mime image/gif
+!:apple 8BIMGIFf
+>4 string 7a \b, version 8%s,
+>4 string 9a \b, version 8%s,
+>6 leshort >0 %d x
+>8 leshort >0 %d
+#>10 byte &0x80 color mapped,
+#>10 byte&0x07 =0x00 2 colors
+#>10 byte&0x07 =0x01 4 colors
+#>10 byte&0x07 =0x02 8 colors
+#>10 byte&0x07 =0x03 16 colors
+#>10 byte&0x07 =0x04 32 colors
+#>10 byte&0x07 =0x05 64 colors
+#>10 byte&0x07 =0x06 128 colors
+#>10 byte&0x07 =0x07 256 colors
+
+# PC bitmaps (OS/2, Windows BMP files) (Greg Roelofs, newt@uchicago.edu)
+# http://en.wikipedia.org/wiki/BMP_file_format#DIB_header_.\
+# 28bitmap_information_header.29
+0 string BM
+>14 leshort 12 PC bitmap, OS/2 1.x format
+!:mime image/x-ms-bmp
+>>18 leshort x \b, %d x
+>>20 leshort x %d
+>14 leshort 64 PC bitmap, OS/2 2.x format
+!:mime image/x-ms-bmp
+>>18 leshort x \b, %d x
+>>20 leshort x %d
+>14 leshort 40 PC bitmap, Windows 3.x format
+!:mime image/x-ms-bmp
+>>18 lelong x \b, %d x
+>>22 lelong x %d x
+>>28 leshort x %d
+>14 leshort 124 PC bitmap, Windows 98/2000 and newer format
+!:mime image/x-ms-bmp
+>>18 lelong x \b, %d x
+>>22 lelong x %d x
+>>28 leshort x %d
+>14 leshort 108 PC bitmap, Windows 95/NT4 and newer format
+!:mime image/x-ms-bmp
+>>18 lelong x \b, %d x
+>>22 lelong x %d x
+>>28 leshort x %d
+>14 leshort 128 PC bitmap, Windows NT/2000 format
+!:mime image/x-ms-bmp
+>>18 lelong x \b, %d x
+>>22 lelong x %d x
+>>28 leshort x %d
+# Too simple - MPi
+#0 string IC PC icon data
+#0 string PI PC pointer image data
+#0 string CI PC color icon data
+#0 string CP PC color pointer image data
+# Conflicts with other entries [BABYL]
+#0 string BA PC bitmap array data
+
diff --git a/recipes-core/file-magic-db-images/files/Magdir/jpeg b/recipes-core/file-magic-db-images/files/Magdir/jpeg
new file mode 100644
index 0000000..e6a4ffa
--- /dev/null
+++ b/recipes-core/file-magic-db-images/files/Magdir/jpeg
@@ -0,0 +1,119 @@
+
+#------------------------------------------------------------------------------
+# $File: jpeg,v 1.28 2015/04/09 20:01:40 christos Exp $
+# JPEG images
+# SunOS 5.5.1 had
+#
+# 0 string \377\330\377\340 JPEG file
+# 0 string \377\330\377\356 JPG file
+#
+# both of which turn into "JPEG image data" here.
+#
+0 beshort 0xffd8 JPEG image data
+!:mime image/jpeg
+!:apple 8BIMJPEG
+!:strength *3
+!:ext jpeg/jpg/jpe/jfif
+>6 string JFIF \b, JFIF standard
+# The following added by Erik Rossen <rossen@freesurf.ch> 1999-09-06
+# in a vain attempt to add image size reporting for JFIF. Note that these
+# tests are not fool-proof since some perfectly valid JPEGs are currently
+# impossible to specify in magic(4) format.
+# First, a little JFIF version info:
+>>11 byte x \b %d.
+>>12 byte x \b%02d
+# Next, the resolution or aspect ratio of the image:
+>>13 byte 0 \b, aspect ratio
+>>13 byte 1 \b, resolution (DPI)
+>>13 byte 2 \b, resolution (DPCM)
+>>14 beshort x \b, density %dx
+>>16 beshort x \b%d
+>>4 beshort x \b, segment length %d
+# Next, show thumbnail info, if it exists:
+>>18 byte !0 \b, thumbnail %dx
+>>>19 byte x \b%d
+>6 string Exif \b, Exif standard: [
+>>12 indirect/r x
+>>12 string x \b]
+
+# Jump to the first segment
+>(4.S+4) use jpeg_segment
+
+# This uses recursion...
+0 name jpeg_segment
+>0 beshort 0xFFFE
+# Recursion handled by FFE0
+#>>(2.S+2) use jpeg_segment
+>>2 pstring/HJ x \b, comment: "%s"
+
+>0 beshort 0xFFC0
+>>(2.S+2) use jpeg_segment
+>>4 byte x \b, baseline, precision %d
+>>7 beshort x \b, %dx
+>>5 beshort x \b%d
+>>9 byte x \b, frames %d
+
+>0 beshort 0xFFC1
+>>(2.S+2) use jpeg_segment
+>>4 byte x \b, extended sequential, precision %d
+>>7 beshort x \b, %dx
+>>5 beshort x \b%d
+>>9 byte x \b, frames %d
+
+>0 beshort 0xFFC2
+>>(2.S+2) use jpeg_segment
+>>4 byte x \b, progressive, precision %d
+>>7 beshort x \b, %dx
+>>5 beshort x \b%d
+>>9 byte x \b, frames %d
+
+# Define Huffman Tables
+>0 beshort 0xFFC4
+>>(2.S+2) use jpeg_segment
+
+>0 beshort 0xFFE1
+# Recursion handled by FFE0
+#>>(2.S+2) use jpeg_segment
+>>4 string Exif \b, Exif Standard: [
+>>>10 indirect/r x
+>>>10 string x \b]
+
+# Application specific markers
+>0 beshort&0xFFE0 =0xFFE0
+>>(2.S+2) use jpeg_segment
+
+# DB: Define Quantization tables
+# DD: Define Restart interval [XXX: wrong here, it is 4 bytes]
+# D8: Start of image
+# D9: End of image
+# Dn: Restart
+>0 beshort&0xFFD0 =0xFFD0
+>>0 beshort&0xFFE0 !0xFFE0
+>>>(2.S+2) use jpeg_segment
+
+#>0 beshort x unknown 0x%x
+#>>(2.S+2) use jpeg_segment
+
+# HSI is Handmade Software's proprietary JPEG encoding scheme
+0 string hsi1 JPEG image data, HSI proprietary
+
+# From: David Santinoli <david@santinoli.com>
+0 string \x00\x00\x00\x0C\x6A\x50\x20\x20\x0D\x0A\x87\x0A JPEG 2000
+# From: Johan van der Knijff <johan.vanderknijff@kb.nl>
+# Added sub-entries for JP2, JPX, JPM and MJ2 formats; added mimetypes
+# https://github.com/bitsgalore/jp2kMagic
+#
+# Now read value of 'Brand' field, which yields a few possibilities:
+>20 string \x6a\x70\x32\x20 Part 1 (JP2)
+!:mime image/jp2
+>20 string \x6a\x70\x78\x20 Part 2 (JPX)
+!:mime image/jpx
+>20 string \x6a\x70\x6d\x20 Part 6 (JPM)
+!:mime image/jpm
+>20 string \x6d\x6a\x70\x32 Part 3 (MJ2)
+!:mime video/mj2
+
+# Type: JPEG 2000 codesream
+# From: Mathieu Malaterre <mathieu.malaterre@gmail.com>
+0 belong 0xff4fff51 JPEG 2000 codestream
+45 beshort 0xff52
diff --git a/recipes-core/file-magic-db-images/files/Magdir/msdos b/recipes-core/file-magic-db-images/files/Magdir/msdos
new file mode 100644
index 0000000..7b1330e
--- /dev/null
+++ b/recipes-core/file-magic-db-images/files/Magdir/msdos
@@ -0,0 +1,29 @@
+
+#------------------------------------------------------------------------------
+# $File: msdos,v 1.105 2016/03/03 18:58:14 christos Exp $
+# msdos: file(1) magic for MS-DOS files
+#
+
+# Windows icons
+# Update: Joerg Jenderek
+# URL: https://en.wikipedia.org/wiki/CUR_(file_format)
+# Note: similiar to Windows CURsor. container for BMP (only DIB part) or PNG
+0 belong 0x00000100
+>9 byte 0
+>>0 byte x
+>>0 use cur-ico-dir
+>9 ubyte 0xff
+>>0 byte x
+>>0 use cur-ico-dir
+# displays number of icons and information for icon or cursor
+0 name cur-ico-dir
+# skip some Lotus 1-2-3 worksheets, CYCLE.PIC and keep Windows cursors with
+# 1st data offset = dir header size + n * dir entry size = 6 + n * 10h = ?6h
+>18 ulelong &0x00000006
+# skip remaining worksheets, because valid only for DIB image (40) or PNG image (\x89PNG)
+>>(18.l) ulelong x MS Windows
+>>>0 ubelong 0x00000100 icon resource
+#!:mime image/vnd.microsoft.icon
+!:mime image/x-icon
+!:ext ico
+
diff --git a/recipes-core/file-magic-db-images/files/Magdir/sgml b/recipes-core/file-magic-db-images/files/Magdir/sgml
new file mode 100644
index 0000000..79abe8c
--- /dev/null
+++ b/recipes-core/file-magic-db-images/files/Magdir/sgml
@@ -0,0 +1,8 @@
+#------------------------------------------------------------------------------ # $File: sgml,v 1.32 2015/07/11 15:08:53 christos Exp $
+# Type: SVG Vectorial Graphics
+# From: Noel Torres <tecnico@ejerciciosresueltos.com>
+0 string \<?xml\ version="
+>15 string >\0
+>>19 search/4096 \<svg SVG Scalable Vector Graphics image
+!:mime image/svg+xml
+
diff --git a/recipes-core/images/mlinux-commissioning-image.bb b/recipes-core/images/mlinux-commissioning-image.bb
new file mode 100644
index 0000000..5ba16a6
--- /dev/null
+++ b/recipes-core/images/mlinux-commissioning-image.bb
@@ -0,0 +1,7 @@
+require mlinux-rs9113-factory-image.bb
+DESCRIPTION = "mLinux factory image with commissioning support"
+
+# Extra stuff to install
+IMAGE_INSTALL_append = " dnsmasq bluez5-noinst-tools python-dbus commissioning commissioning-php-fpm rs9113-rm"
+IMAGE_INSTALL_remove = "useradd"
+ROOTFS_POSTPROCESS_COMMAND_remove = "mlinux_set_root_password;"
diff --git a/recipes-core/images/mlinux-factory-test-image.bb b/recipes-core/images/mlinux-factory-test-image.bb
new file mode 100644
index 0000000..82ed75d
--- /dev/null
+++ b/recipes-core/images/mlinux-factory-test-image.bb
@@ -0,0 +1,8 @@
+DESCRIPTION = "mLinux factory test image"
+LICENSE = "MIT"
+
+require mlinux-factory-image.bb
+
+IMAGE_INSTALL_append = " i2c-tools spitools "
+#Open console for testing
+CONSOLE = "sysvinit-inittab-start-open"
diff --git a/recipes-core/images/mlinux-mtcap-commissioning-image.bb b/recipes-core/images/mlinux-mtcap-commissioning-image.bb
new file mode 100644
index 0000000..9e933b1
--- /dev/null
+++ b/recipes-core/images/mlinux-mtcap-commissioning-image.bb
@@ -0,0 +1,7 @@
+require mlinux-mtcap-image.bb
+DESCRIPTION = "mtcap image with commissioning support"
+
+#install
+IMAGE_INSTALL_append = " commissioning commissioning-php-fpm"
+IMAGE_INSTALL_remove = "useradd"
+ROOTFS_POSTPROCESS_COMMAND_remove = "mlinux_set_root_password;"
diff --git a/recipes-core/images/mlinux-mtcap-test-image.bb b/recipes-core/images/mlinux-mtcap-test-image.bb
new file mode 100644
index 0000000..58e2448
--- /dev/null
+++ b/recipes-core/images/mlinux-mtcap-test-image.bb
@@ -0,0 +1,87 @@
+DESCRIPTION = "mLinux Conduit Access Point image"
+
+require mlinux-minimal-image.bb
+require mtcap-modules.inc
+
+# For now we don't put this in MTR or AEP
+# Password restrictions library from Redhat
+IMAGE_INSTALL += "libpwquality"
+
+
+# Test image features
+IMAGE_INSTALL += "i2c-tools \
+ spitools \
+ "
+
+FILESYSTEM_FEATURES = "dosfstools \
+ cifs-utils \
+ lsof \
+ "
+
+NETWORKING_FEATURES += "bridge-utils \
+ inetutils-ftp \
+ openssl \
+ rsync \
+ iperf \
+ mii-diag \
+ tcpdump \
+ netcat \
+ wget \
+ strongswan \
+ busybox-ifplugd \
+ "
+
+# No accessory cards for MTAC
+MULTITECH_MTAC = ""
+
+TIME_FEATURES = "tzdata tzdata-africa tzdata-americas tzdata-antarctica tzdata-arctic \
+ tzdata-asia tzdata-atlantic tzdata-australia tzdata-europe tzdata-pacific \
+ tzdata-misc \
+ cronie \
+ ntpdate \
+ "
+
+WIFI_FEATURES = "libnl \
+ wpa-supplicant \
+ wireless-tools \
+ iw \
+ hostap-daemon hostap-utils \
+ wilc1000 \
+ "
+
+MULTITECH_FEATURES += " \
+ u-boot-linux-utils \
+ mlinux-scripts \
+ reset-handler \
+ radio-cmd radio-query \
+ cell-radio-carrierswitch \
+ jsparser \
+ protobuf \
+ annex-client \
+ "
+
+IMAGE_INSTALL += "lora-gateway-utils \
+ lora-query \
+ lora-packet-forwarder \
+ lora-network-server \
+ logrotate \
+ mosquitto mosquitto-clients \
+ "
+
+MISC_FEATURES = "minicom lrzsz nano lxfp"
+
+# Extra stuff to install
+# Someday add wifi features
+# ${WIFI_FEATURES}
+#
+IMAGE_INSTALL += " \
+ ${FILESYSTEM_FEATURES} \
+ ${TIME_FEATURES} \
+ ${MISC_FEATURES} \
+ "
+
+# Open console for testing
+CONSOLE = "sysvinit-inittab-start-open"
+
+# Multi-Tech SMS Utility (see http://git.multitech.net)
+IMAGE_INSTALL += "sms-utils"
diff --git a/recipes-core/lighttpd/files/0001-lighttpd-pcre-use-pkg-config.patch b/recipes-core/lighttpd/files/0001-lighttpd-pcre-use-pkg-config.patch
new file mode 100644
index 0000000..48be920
--- /dev/null
+++ b/recipes-core/lighttpd/files/0001-lighttpd-pcre-use-pkg-config.patch
@@ -0,0 +1,41 @@
+From 22afc5d9aaa215c3c87ba21c77d47da44ab3b113 Mon Sep 17 00:00:00 2001
+From: Alexander Kanavin <alex.kanavin@gmail.com>
+Date: Fri, 26 Aug 2016 18:20:32 +0300
+Subject: [PATCH] Use pkg-config for pcre dependency instead of -config script.
+
+RP 2014/5/22
+Upstream-Status: Pending
+Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com>
+---
+ configure.ac | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/configure.ac b/configure.ac
+index 5383cec..c29a902 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -651,10 +651,18 @@ AC_ARG_WITH([pcre],
+ )
+ AC_MSG_RESULT([$WITH_PCRE])
+
+-if test "$WITH_PCRE" != no; then
+- if test "$WITH_PCRE" != yes; then
+- PCRE_LIB="-L$WITH_PCRE/lib -lpcre"
+- CPPFLAGS="$CPPFLAGS -I$WITH_PCRE/include"
++if test "$WITH_PCRE" != "no"; then
++ PKG_CHECK_MODULES(PCREPKG, [libpcre], [
++ PCRE_LIB=${PCREPKG_LIBS}
++ CPPFLAGS="$CPPFLAGS ${PCREPKG_CFLAGS}"
++ ], [
++ AC_MSG_ERROR([pcre pkgconfig not found, install the pcre-devel package or build with --without-pcre])
++ ])
++
++ if test x"$PCRE_LIB" != x; then
++ AC_DEFINE([HAVE_LIBPCRE], [1], [libpcre])
++ AC_DEFINE([HAVE_PCRE_H], [1], [pcre.h])
++ AC_SUBST(PCRE_LIB)
+ else
+ AC_PATH_PROG([PCRECONFIG], [pcre-config])
+ if test -n "$PCRECONFIG"; then
+--
+2.15.0
diff --git a/recipes-core/lighttpd/files/0002_extended_tls_conf.patch b/recipes-core/lighttpd/files/0002_extended_tls_conf.patch
new file mode 100644
index 0000000..1a216dd
--- /dev/null
+++ b/recipes-core/lighttpd/files/0002_extended_tls_conf.patch
@@ -0,0 +1,110 @@
+diff --git a/src/base.h b/src/base.h
+index 134fc41..f2d849e 100644
+--- a/src/base.h
++++ b/src/base.h
+@@ -289,6 +289,9 @@ typedef struct {
+ unsigned short ssl_empty_fragments; /* whether to not set SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS */
+ unsigned short ssl_use_sslv2;
+ unsigned short ssl_use_sslv3;
++ unsigned short ssl_use_tlsv1;
++ unsigned short ssl_use_tlsv1_1;
++ unsigned short ssl_use_tlsv1_2;
+ unsigned short ssl_verifyclient;
+ unsigned short ssl_verifyclient_enforce;
+ unsigned short ssl_verifyclient_depth;
+diff --git a/src/configfile.c b/src/configfile.c
+index bba6925..bbedd77 100644
+--- a/src/configfile.c
++++ b/src/configfile.c
+@@ -146,6 +146,10 @@ static int config_insert(server *srv) {
+ { "server.max-request-field-size", NULL, T_CONFIG_INT, T_CONFIG_SCOPE_SERVER }, /* 78 */
+ { "ssl.read-ahead", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_CONNECTION }, /* 79 */
+
++ { "ssl.use-tlsv1", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 80 */
++ { "ssl.use-tlsv1_1", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 81 */
++ { "ssl.use-tlsv1_2", NULL, T_CONFIG_BOOLEAN, T_CONFIG_SCOPE_SERVER }, /* 82 */
++
+ { NULL, NULL, T_CONFIG_UNSET, T_CONFIG_SCOPE_UNSET }
+ };
+
+@@ -226,6 +230,9 @@ static int config_insert(server *srv) {
+ s->ssl_empty_fragments = 0;
+ s->ssl_use_sslv2 = 0;
+ s->ssl_use_sslv3 = 0;
++ s->ssl_use_tlsv1 = 0;
++ s->ssl_use_tlsv1_1 = 0;
++ s->ssl_use_tlsv1_2 = 1;
+ s->use_ipv6 = (i == 0) ? 0 : srv->config_storage[0]->use_ipv6;
+ s->set_v6only = (i == 0) ? 1 : srv->config_storage[0]->set_v6only;
+ s->defer_accept = (i == 0) ? 0 : srv->config_storage[0]->defer_accept;
+@@ -318,6 +325,9 @@ static int config_insert(server *srv) {
+ cv[76].destination = &(s->stream_request_body);
+ cv[77].destination = &(s->stream_response_body);
+ cv[79].destination = &(s->ssl_read_ahead);
++ cv[80].destination = &(s->ssl_use_tlsv1);
++ cv[81].destination = &(s->ssl_use_tlsv1_1);
++ cv[82].destination = &(s->ssl_use_tlsv1_2);
+
+ srv->config_storage[i] = s;
+
+@@ -536,6 +546,9 @@ int config_setup_connection(server *srv, connection *con) {
+ PATCH(ssl_empty_fragments);
+ PATCH(ssl_use_sslv2);
+ PATCH(ssl_use_sslv3);
++ PATCH(ssl_use_tlsv1);
++ PATCH(ssl_use_tlsv1_1);
++ PATCH(ssl_use_tlsv1_2);
+ PATCH(etag_use_inode);
+ PATCH(etag_use_mtime);
+ PATCH(etag_use_size);
+@@ -615,6 +628,12 @@ int config_patch_connection(server *srv, connection *con) {
+ PATCH(ssl_use_sslv2);
+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-sslv3"))) {
+ PATCH(ssl_use_sslv3);
++ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-tlsv1"))) {
++ PATCH(ssl_use_tlsv1);
++ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-tlsv1_1"))) {
++ PATCH(ssl_use_tlsv1_1);
++ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.use-tlsv1_2"))) {
++ PATCH(ssl_use_tlsv1_2);
+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.cipher-list"))) {
+ PATCH(ssl_cipher_list);
+ } else if (buffer_is_equal_string(du->key, CONST_STR_LEN("ssl.engine"))) {
+diff --git a/src/network.c b/src/network.c
+index 4295fe9..a3f9ec3 100644
+--- a/src/network.c
++++ b/src/network.c
+@@ -859,6 +859,33 @@ int network_init(server *srv) {
+ }
+ }
+
++ if (!s->ssl_use_tlsv1) {
++ /* disable TLSv1 */
++ if (!(SSL_OP_NO_TLSv1 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_TLSv1))) {
++ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
++ ERR_error_string(ERR_get_error(), NULL));
++ return -1;
++ }
++ }
++
++ if (!s->ssl_use_tlsv1_1) {
++ /* disable TLSv1.1 */
++ if (!(SSL_OP_NO_TLSv1_1 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_TLSv1_1))) {
++ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
++ ERR_error_string(ERR_get_error(), NULL));
++ return -1;
++ }
++ }
++
++ if (!s->ssl_use_tlsv1_2) {
++ /* disable TLSv1.2 */
++ if (!(SSL_OP_NO_TLSv1_2 & SSL_CTX_set_options(s->ssl_ctx, SSL_OP_NO_TLSv1_2))) {
++ log_error_write(srv, __FILE__, __LINE__, "ss", "SSL:",
++ ERR_error_string(ERR_get_error(), NULL));
++ return -1;
++ }
++ }
++
+ if (!buffer_string_is_empty(s->ssl_cipher_list)) {
+ /* Disable support for low encryption ciphers */
+ if (SSL_CTX_set_cipher_list(s->ssl_ctx, s->ssl_cipher_list->ptr) != 1) {
diff --git a/recipes-core/lighttpd/files/0004_fastcgi_env_with_unixsocket.patch b/recipes-core/lighttpd/files/0004_fastcgi_env_with_unixsocket.patch
new file mode 100644
index 0000000..c265066
--- /dev/null
+++ b/recipes-core/lighttpd/files/0004_fastcgi_env_with_unixsocket.patch
@@ -0,0 +1,57 @@
+From bdfb7f9c6ab29d2de3576f8bd845fa871bb44ead Mon Sep 17 00:00:00 2001
+From: Serhii Voloshynov <serhii.voloshynov@globallogic.com>
+Date: Tue, 6 Nov 2018 13:50:04 +0200
+Subject: [PATCH] patch
+
+---
+ src/http-header-glue.c | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/src/http-header-glue.c b/src/http-header-glue.c
+index 1916ca6..d4f42ad 100644
+--- a/src/http-header-glue.c
++++ b/src/http-header-glue.c
+@@ -1457,6 +1457,8 @@ int http_cgi_headers (server *srv, connection *con, http_cgi_opts *opts, http_cg
+ rc |= cb(vdata, CONST_STR_LEN("HTTPS"), CONST_STR_LEN("on"));
+ }
+
++ if (srv_sock->addr.plain.sa_family != AF_UNIX) {
++
+ addr = &srv_sock->addr;
+ li_utostrn(buf, sizeof(buf), sock_addr_get_port(addr));
+ rc |= cb(vdata, CONST_STR_LEN("SERVER_PORT"), buf, strlen(buf));
+@@ -1482,6 +1484,7 @@ int http_cgi_headers (server *srv, connection *con, http_cgi_opts *opts, http_cg
+ }
+ force_assert(s);
+ rc |= cb(vdata, CONST_STR_LEN("SERVER_ADDR"), s, strlen(s));
++ }
+
+ if (!buffer_string_is_empty(con->server_name)) {
+ size_t len = buffer_string_length(con->server_name);
+@@ -1497,15 +1500,23 @@ int http_cgi_headers (server *srv, connection *con, http_cgi_opts *opts, http_cg
+ rc |= cb(vdata, CONST_STR_LEN("SERVER_NAME"),
+ con->server_name->ptr, len);
+ } else {
++ if (srv_sock->addr.plain.sa_family != AF_UNIX) {
+ /* set to be same as SERVER_ADDR (above) */
+ rc |= cb(vdata, CONST_STR_LEN("SERVER_NAME"), s, strlen(s));
+ }
++ }
++ if (srv_sock->addr.plain.sa_family == AF_UNIX) {
++ rc |= cb(vdata, CONST_STR_LEN("SERVER_IPC"), CONST_STR_LEN("yes"));
++ }
++
++ if (srv_sock->addr.plain.sa_family != AF_UNIX) {
+
+ rc |= cb(vdata, CONST_STR_LEN("REMOTE_ADDR"),
+ CONST_BUF_LEN(con->dst_addr_buf));
+
+ li_utostrn(buf, sizeof(buf), sock_addr_get_port(&con->dst_addr));
+ rc |= cb(vdata, CONST_STR_LEN("REMOTE_PORT"), buf, strlen(buf));
++ }
+
+ for (n = 0; n < con->request.headers->used; n++) {
+ data_string *ds = (data_string *)con->request.headers->data[n];
+--
+2.7.4
+
diff --git a/recipes-core/lighttpd/files/lighttpd.conf b/recipes-core/lighttpd/files/lighttpd.conf
new file mode 100644
index 0000000..a3e02da
--- /dev/null
+++ b/recipes-core/lighttpd/files/lighttpd.conf
@@ -0,0 +1,209 @@
+# lighttpd configuration file for the rcell
+# include config file (/var/run/config/lighttpd_port.conf) generated at start up
+#
+# $Id: lighttpd.conf,v 1.7 2004/11/03 22:26:05 weigon Exp $
+
+#IMPORT PORT SETTINGS
+include "/var/run/config/lighttpd_port.conf"
+
+## local access from startup scripts and apps
+$SERVER["socket"] == "/var/run/api/http.sock" { }
+
+## modules
+server.modules = (
+ "mod_rewrite",
+ "mod_redirect",
+ "mod_proxy",
+ "mod_alias",
+ "mod_access",
+ "mod_fastcgi",
+ "mod_accesslog",
+ "mod_openssl",
+ "mod_setenv")
+
+
+## static document-root
+server.document-root = "/var/www/"
+setenv.add-response-header = ( "Access-Control-Allow-Origin" => "*",
+ "Content-Security-Policy" => "default-src 'self'; script-src 'unsafe-inline' 'unsafe-eval' 'self'; style-src 'unsafe-inline' https://fonts.googleapis.com 'self'; font-src https://fonts.gstatic.com 'self'; connect-src 'self'; img-src 'self' data:",
+ "X-Frame-Options" =>"SAMEORIGIN",
+ "X-XSS-Protection" => "1; mode=block",
+ "X-Content-Type-Options" => "nosniff",
+ "Referrer-Policy" => "strict-origin-when-cross-origin",
+ "Feature-Policy" => "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; payment 'none'; usb 'none'",
+ "Strict-Transport-Security" => "max-age=31536000",
+ "Cache-Control" => "no-cache"
+)
+server.socket-perms = "0760"
+
+## where to send error-messages to
+#server.errorlog = "/var/log/lighttpd.error.log"
+server.errorlog-use-syslog = "enable"
+
+# disable stat cache
+server.stat-cache-engine = "disable"
+
+## where to send access log
+#accesslog.filename = "/var/log/lighttpd.access.log"
+accesslog.use-syslog = "enable"
+
+## enable debugging
+#debug.log-request-header = "enable"
+#debug.log-response-header = "enable"
+#debug.log-request-handling = "enable"
+#debug.log-file-not-found = "enable"
+#debug.log-condition-handling = "enable"
+
+## where to upload files
+server.upload-dirs = ( "/var/volatile/tmp" )
+
+# files to check for if .../ is requested
+index-file.names = ( "index.php", "index.html",
+ "index.htm", "default.htm" )
+
+# mimetype mapping
+mimetype.assign = (
+ ".pdf" => "application/pdf",
+ ".sig" => "application/pgp-signature",
+ ".spl" => "application/futuresplash",
+ ".class" => "application/octet-stream",
+ ".ps" => "application/postscript",
+ ".torrent" => "application/x-bittorrent",
+ ".dvi" => "application/x-dvi",
+ ".pac" => "application/x-ns-proxy-autoconfig",
+ ".swf" => "application/x-shockwave-flash",
+ ".tar.gz" => "application/x-tgz",
+ ".tgz" => "application/x-tgz",
+ ".tar" => "application/x-tar",
+ ".xhtml" => "application/xhtml+xml",
+ ".xht" => "application/xhtml+xml",
+ ".zip" => "application/zip",
+ ".mp3" => "audio/mpeg",
+ ".m3u" => "audio/x-mpegurl",
+ ".wma" => "audio/x-ms-wma",
+ ".wax" => "audio/x-ms-wax",
+ ".ogg" => "application/ogg",
+ ".wav" => "audio/x-wav",
+ ".gif" => "image/gif",
+ ".jpg" => "image/jpeg",
+ ".jpeg" => "image/jpeg",
+ ".png" => "image/png",
+ ".svg" => "image/svg+xml",
+ ".ico" => "image/x-icon",
+ ".xbm" => "image/x-xbitmap",
+ ".xpm" => "image/x-xpixmap",
+ ".xwd" => "image/x-xwindowdump",
+ ".css" => "text/css",
+ ".html" => "text/html",
+ ".htm" => "text/html",
+ ".asc" => "text/plain",
+ ".c" => "text/plain",
+ ".cpp" => "text/plain",
+ ".log" => "text/plain",
+ ".conf" => "text/plain",
+ ".text" => "text/plain",
+ ".txt" => "text/plain",
+ ".dtd" => "text/xml",
+ ".xml" => "text/xml",
+ ".mpeg" => "video/mpeg",
+ ".mpg" => "video/mpeg",
+ ".mov" => "video/quicktime",
+ ".qt" => "video/quicktime",
+ ".avi" => "video/x-msvideo",
+ ".asf" => "video/x-ms-asf",
+ ".asx" => "video/x-ms-asf",
+ ".wmv" => "video/x-ms-wmv",
+ ".bz2" => "application/x-bzip",
+ ".tbz" => "application/x-bzip-compressed-tar",
+ ".tar.bz2" => "application/x-bzip-compressed-tar",
+ ".mib" => "application/text",
+ ".js" => "application/javascript"
+ )
+
+## deny access the file-extensions
+url.access-deny = ( "~", ".inc" )
+
+# send a different Server: header
+server.tag = ""
+
+#server.error-handler-404 = "/index.html"
+
+#Range request are requests of one or more sub-ranges of a file.
+#Range requests are very helpful for resuming interrupted downloads and fetching small portions of huge files.
+#Note: Adobe Acrobat Reader can crash when it tries to open a PDF file if range requests are enabled.
+$HTTP["url"] =~ "\.pdf$" {
+ server.range-requests = "disable"
+}
+
+##
+# which extensions should not be handle via static-file transfer
+#
+# .php, .pl, .fcgi are most often handled by mod_fastcgi or mod_cgi
+static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
+
+## to help the rc.scripts
+server.pid-file = "/var/run/lighttpd.pid"
+
+# Restrict server process to non priveleged user
+server.username = "www"
+server.groupname = "www"
+
+# server limit POST size in kilobytes (60MB for firmware update)
+server.max-request-size = 113246
+
+# server limits
+server.max-keep-alive-requests = 16
+server.max-keep-alive-idle = 15
+server.max-read-idle = 60
+server.max-write-idle = 360
+
+##
+## Format: <errorfile-prefix><status-code>.html
+## -> ..../status-404.html for 'File not found'
+server.errorfile-prefix = "/var/www/errors/status-"
+
+## virtual directory listings
+#dir-listing.activate = "enable"
+
+#IMPORTED CONFIGS WILL HANDLE SETTING HTTP/HTTPS
+
+#### fastcgi module
+fastcgi.server = ( "/" =>
+ ( "authorizer" =>
+ (
+ "mode" => "authorizer",
+ "check-local" => "disable",
+ "socket" => "/var/run/api/rcell_api.sock",
+ "docroot" => "/var/www"
+ )
+ )
+)
+
+
+$HTTP["url"] =~ "/static/js" {
+ setenv.add-response-header = ( "Content-Encoding" => "gzip")
+ mimetype.assign = ("" => "text/javascript" )
+ } else $HTTP["url"] =~ "/help/template/scripts" {
+ setenv.add-response-header = ( "Content-Encoding" => "gzip")
+ mimetype.assign = ("" => "text/javascript" )
+ } else $HTTP["url"] =~ "/help/whxdata/" {
+ setenv.add-response-header = ( "Content-Encoding" => "gzip")
+ mimetype.assign = ("" => "text/javascript" )
+ } else $HTTP["url"] =~ "/help/template/Azure_Blue_MTS_1/layout.css" {
+ setenv.add-response-header = ( "Content-Encoding" => "gzip")
+ mimetype.assign = ("" => "text/css" )
+ } else $HTTP["url"] =~ "^/api" {
+ fastcgi.server = ( "/api" =>
+ ( "api" =>
+ (
+ "mode" => "responder",
+ "check-local" => "disable",
+ "socket" => "/var/run/api/rcell_api.sock"
+ )
+ )
+ )
+}
+
+#INCLUDE DIPSERVICE SETTINGS
+include "/var/run/config/lighttpd_dipservice.conf"
+include "/var/run/config/lighttpd_custom_images.conf"
diff --git a/recipes-core/lighttpd/files/lighttpd.init b/recipes-core/lighttpd/files/lighttpd.init
new file mode 100644
index 0000000..39860d3
--- /dev/null
+++ b/recipes-core/lighttpd/files/lighttpd.init
@@ -0,0 +1,310 @@
+#!/bin/sh
+
+enable -f libjsonget.so jsonget
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+DAEMON=/usr/sbin/lighttpd
+NAME=lighttpd
+ANGEL=/sbin/lighttpd-angel
+DESC="Lighttpd Web Server"
+# Web UI
+OPTS="-D -f /etc/lighttpd.conf"
+# Node-RED stub
+OPTS_NRS="-f /etc/lighttpd_nrs.conf"
+
+CAPA_NODE_RED=$(jsonget "$(< /var/run/config/device_info.json)" /capabilities/nodeRed)
+
+CONF_DIR=/var/config
+RUN_CONF_DIR=/var/run/config
+
+true2enable() {
+ if [[ "$1" == "true" ]]; then
+ echo "enable"
+ else
+ echo "disable"
+ fi
+}
+
+#Generates additional lighttpd configuration files
+#1) Enables HTTPS
+#2) Allows port configurations for HTTP and HTTPS
+#3) Enables dipservice
+#4) Allows port configurations for dipservice
+generate_config() {
+ FILE="$RUN_CONF_DIR/lighttpd_port.conf"
+ FILE_DIP="$RUN_CONF_DIR/lighttpd_dipservice.conf"
+
+ #Pull Webserver Ports
+ RMA=$(jsonget "$(< "/var/config/db.json")" /remoteAccess)
+ HTTP_ENABLED=$(jsonget "$RMA" /http/enabled)
+ HTTP_PORT=$(jsonget "$RMA" /http/port)
+ HTTPS_REDIRECT=$(jsonget "$RMA" /http/redirectToHttps)
+ HTTPS_ENABLED=$(jsonget "$RMA" /https/enabled)
+ HTTPS_PORT=$(jsonget "$RMA" /https/port)
+
+ # Advanced secure protocol settings
+ ADVANCED_SEC_VALID="false"
+ ADVANCED_SEC=$(jsonget "$(< "/var/config/db.json")" /secureProtocols/2)
+
+ if [[ "0" == "$?" ]]; then
+ ADVANCED_SEC_NAME=$(jsonget "$ADVANCED_SEC" /name)
+ if [[ "$ADVANCED_SEC_NAME" == "lighttpd" ]]; then
+ ADVANCED_SEC_VALID="true"
+ HTTPS_SSL3=$(true2enable "false") # $(true2enable $(jsonget "$ADVANCED_SEC" /protocol/ssl3))
+ HTTPS_TLS1=$(true2enable "false") # $(true2enable $(jsonget "$ADVANCED_SEC" /protocol/tls1))
+ HTTPS_TLS1_1=$(true2enable $(jsonget "$ADVANCED_SEC" /protocol/tls1_1))
+ HTTPS_TLS1_2=$(true2enable $(jsonget "$ADVANCED_SEC" /protocol/tls1_2))
+ HTTPS_CIPHER=$(jsonget "$ADVANCED_SEC" /cipherSuite)
+ if [[ -z $HTTPS_CIPHER && -f /etc/ssl/allowed_ciphersuites ]]; then
+ HTTPS_CIPHER=$( cat /etc/ssl/allowed_ciphersuites | tr "\n" ":" )
+ fi
+ CLIENT_VERIFY=$(jsonget "$ADVANCED_SEC" /client/verify )
+ fi
+ fi
+
+ if [[ "$ADVANCED_SEC_VALID" != "true" ]]; then
+ echo "API init. Using default SSL security settings"
+ # In case of invalid Advanced Security section - start with default parameters
+ HTTPS_SSL3=$(true2enable "false")
+ HTTPS_TLS1=$(true2enable "false")
+ HTTPS_TLS1_1=$(true2enable "false")
+ HTTPS_TLS1_2=$(true2enable "true")
+ HTTPS_CIPHER=""
+ CLIENT_VERIFY="false"
+ fi
+
+ #("Protocol" => "-ALL, TLSv1.2")
+ HTTPS_SSL_CONF='("Protocol" => "-ALL'
+
+ if [[ "$HTTPS_TLS1" == "enable" ]]; then
+ HTTPS_SSL_CONF+=', TLSv1'
+ fi
+ if [[ "$HTTPS_TLS1_1" == "enable" ]]; then
+ HTTPS_SSL_CONF+=', TLSv1.1'
+ fi
+ if [[ "$HTTPS_TLS1_2" == "enable" ]]; then
+ HTTPS_SSL_CONF+=', TLSv1.2'
+ fi
+ HTTPS_SSL_CONF+='")'
+
+ #Generate Lighttpd dipservice config
+ DIP=$(jsonget "$(< "$CONF_DIR/db.json")" /customDiagnostic || echo '{ "enabled": false, "port":8080 }')
+ DIP_ENABLED=$(jsonget "$DIP" /enabled)
+ DIP_PORT=$(jsonget "$DIP" /port)
+
+ echo "Generating $FILE_DIP"
+ > "$FILE_DIP"
+
+ #Generate Lighttpd Port Config
+ echo "Generating $FILE"
+ > "$FILE"
+
+ if [[ "$DIP_ENABLED" == "true" ]]; then
+ cat >> $FILE_DIP <<END
+\$SERVER["socket"] == "0.0.0.0:$DIP_PORT" {
+ fastcgi.server = (
+ "/" => (
+ (
+ "host" => "127.0.0.1",
+ "port" => 9009,
+ "check-local" => "disable",
+ "bin-path" => "/sbin/dipservice -d /var/config/dipdata",
+ "max-procs" => 1,
+ "docroot" => "/var/config/dipdata"
+ )
+ )
+ )
+}
+END
+ fi
+
+ cat >> $FILE <<END
+#AUTO-GENERATED LIGHTTPD HTTP/HTTPS CONFIGURATIONS
+#DO NOT CHANGE THIS FILE -> CHANGE $0
+END
+
+#Explicitly set the default listening port to HTTP port.
+cat >> $FILE <<END
+
+# listen to ipv4
+server.bind = "0.0.0.0"
+server.port = "$HTTP_PORT"
+END
+
+ if [ "$HTTPS_ENABLED" = "true" ]; then
+ # Enable HTTPS for ipv4/ipv6
+ # See (https://redmine.lighttpd.net/projects/lighttpd/wiki/IPv6-Config#Recommended-IPv6-setup)
+
+ HTTPS_SSL_ENGINE_CONFIG="ssl.engine = \"enable\"
+ ssl.use-sslv3 = \"$HTTPS_SSL3\"
+ ssl.openssl.ssl-conf-cmd = $HTTPS_SSL_CONF
+ ssl.pemfile = \"$CONF_DIR/server.pem\""
+
+ if [ "$CLIENT_VERIFY" = "true" ]; then
+ HTTPS_SSL_ENGINE_CONFIG+="ssl.ca-file = \"/etc/ssl/certs/ca-certificates.crt\"
+ ssl.verifyclient.activate = \"enable\"
+ ssl.verifyclient.enforce = \"enable\""
+ fi
+
+ if [ -n "$HTTPS_CIPHER" ]; then
+ HTTPS_SSL_ENGINE_CONFIG+="
+ ssl.cipher-list = \"$HTTPS_CIPHER\""
+ fi
+
+ cat >> $FILE <<END
+
+# ipv4 socket
+\$SERVER["socket"] == "0.0.0.0:$HTTPS_PORT" {
+ $HTTPS_SSL_ENGINE_CONFIG
+}
+
+# ipv6 socket
+\$SERVER["socket"] == "[::]:$HTTPS_PORT" {
+ $HTTPS_SSL_ENGINE_CONFIG
+}
+
+END
+
+ fi
+
+
+ # Ensure that loopback can always access port 80
+ if [ "$HTTP_PORT" != 80 ]; then
+ echo "\$SERVER[\"socket\"] == \"127.0.0.1:80\" { }" >> $FILE
+ fi
+
+ # Enable redirect from HTTP to HTTPS if enabled
+ if [ "$HTTPS_REDIRECT" == "true" ]; then
+ HTTPS_REDIRECT_CONFIG="\$SERVER[\"socket\"] == \":$HTTP_PORT\" {
+ \$HTTP[\"host\"] =~ \"^([^:^/]*)(:\d*)?(.*)\" {
+ url.redirect = ( \"^/(.*)\" => \"https://%1:$HTTPS_PORT/\$1\" )
+ }
+ } else "
+ fi
+
+ HTTPX_REWRITE_URL='url.rewrite-once = ( "^/(?!static|api|tmp|help)(.+)/?$" => "/index.html" )'
+
+ #BREAKDOWN
+ # LINE 1: CHECK: REMOTE IP IS NOT 127.0.0.1 (LOOPBACK)
+ # LINE 2: CHECK: DEST PORT IS THE HTTP PORT LIGHTTPD IS LISTENING ON
+ # LINE 3: CHECK: HOST ADDRESS (ex: 192.168.2.1:81/whatever) MATCHES THE REGEX [DOMAIN][PORT (optional)][URI]
+ # THE REGEX FROM LINE 3 CAN BE ACCESSED IN LINE 4 WITH '%#' (ex: %1 == DOMAIN, %2 == PORT, %3 == URI)
+ # LINE 4: FUNCTION: REGEX THE URI ([MATCH ALL]) AND BUILD THE REDIRECT URL
+ # THE REGEX FROM LINE 4 CAN BE ACCESSED IN THE REDIRECT CONSTRUCTION WITH '$#' (ex: $1 == THE ENTIRE URI)
+
+ cat >> $FILE <<END
+\$HTTP["remoteip"] != "127.0.0.1" {
+ $HTTPS_REDIRECT_CONFIG \$HTTP["host"] =~ "^([^:^/]*)(:\d*)?(.*)" {
+ \$SERVER["socket"] == "[::]:$HTTPS_PORT" {
+ $HTTPX_REWRITE_URL
+ }
+ \$SERVER["socket"] == ":$HTTPS_PORT" {
+ $HTTPX_REWRITE_URL
+ }
+ \$SERVER["socket"] == ":$HTTP_PORT" {
+ $HTTPX_REWRITE_URL
+ }
+ }
+}
+END
+}
+
+populate_www_images() {
+ local CONFIGIMAGES="/var/config/images"
+ local OEMIMAGES="/var/oem/images"
+ local WWWIMAGES="/var/volatile/www/images"
+ local WWWIMAGES_RO="/var/www/images_ro"
+
+ # Populate images only once per boot
+ if [ ! -d $WWWIMAGES ]; then
+
+ # Copy from oem partition to config partition
+ if [ ! -d $CONFIGIMAGES ]; then
+ if [ -d $OEMIMAGES ]; then
+ echo "Copying oem images"
+ mkdir -p $CONFIGIMAGES
+ cp -rf $OEMIMAGES/* $CONFIGIMAGES
+ fi
+ fi
+
+ # Copy from root partition to RAM
+ mkdir -p $WWWIMAGES
+ cp -rf $WWWIMAGES_RO/* $WWWIMAGES
+
+ # Overwrite with /var/config/images
+ if [ -d $CONFIGIMAGES ]; then
+ cp -rf $CONFIGIMAGES/* $WWWIMAGES
+ fi
+ fi
+}
+
+wait_ready() {
+ # wait api
+ local retry=0
+ local MAX=30
+ sleep 1
+ while [ $retry -lt $MAX ]; do
+ if [ "200" == "$(curl -s --unix-socket /var/run/api/http.sock -I -o /dev/null -w "%{http_code}" http://localhost/api/system)" ]; then
+ return
+ fi
+ retry=$(( $retry + 1 ))
+ echo "Waiting for API ($retry/$MAX)..."
+ sleep 1
+ done
+ echo "Failed waiting API!"
+}
+
+start() {
+ mkdir -p /var/volatile/www/tmp
+ lighttpd_custom_images_setup # detect mime types for UI Customization images and generate Lighttpd config fragment
+
+ generate_config
+
+ start-stop-daemon --start --background --exec $ANGEL -- $DAEMON $OPTS
+
+ if [ "$CAPA_NODE_RED" = "true" ]; then
+ start-stop-daemon --start -x "$DAEMON" -p /var/run/lighttpd_nrs.pid -- $OPTS_NRS
+ fi
+
+ wait_ready
+}
+
+stop() {
+ start-stop-daemon --stop --exec $ANGEL
+
+ if [ "$CAPA_NODE_RED" = "true" ]; then
+ start-stop-daemon --stop -x "$DAEMON" -p /var/run/lighttpd_nrs.pid
+ rm -f /var/run/lighttpd_nrs.pid
+ fi
+
+ rm -f /var/run/config/lighttpd_*
+}
+
+populate_www_images
+
+case "$1" in
+ start)
+ echo -n "Starting $DESC: "
+ start
+ echo "$NAME."
+ ;;
+ stop)
+ echo -n "Stopping $DESC: "
+ stop
+ echo "$NAME."
+ ;;
+ restart|force-reload)
+ echo -n "Restarting $DESC: "
+ stop
+ sleep 1
+ start
+ echo "$NAME."
+ ;;
+ *)
+ N=/etc/init.d/$NAME
+ echo "Usage: $N {start|stop|restart|force-reload}" >&2
+ exit 1
+ ;;
+esac
+
+exit 0
diff --git a/recipes-core/lighttpd/files/lighttpd_custom_images_setup b/recipes-core/lighttpd/files/lighttpd_custom_images_setup
new file mode 100644
index 0000000..ecd5f46
--- /dev/null
+++ b/recipes-core/lighttpd/files/lighttpd_custom_images_setup
@@ -0,0 +1,57 @@
+#!/bin/bash
+# Detects mime types for UI Customization images and generates according Lighttpd config fragment
+
+CONFIG_PATH="/var/run/config/lighttpd_custom_images.conf"
+IMAGE_PATH="/var/www/static/images/"
+MAGIC_DB_PATH="/usr/share/misc/magic-images.mgc"
+shopt -s nullglob
+
+echoerr() {
+ echo "$@" 1>&2
+}
+
+generate_mime_assign() {
+ local IMAGE="$1"
+ local OUTPUT=$(file -ib "$IMAGE" --magic-file "$MAGIC_DB_PATH")
+ local CONTENT_TYPE
+
+ if [ "$?" -ne "0" ] || [[ "$OUTPUT" == "" ]] || [[ "$OUTPUT" == *"cannot open"* ]]; then
+ echoerr "Failed to run file(1): ${?}; ${OUTPUT}"
+ return 1
+ fi
+
+ CONTENT_TYPE="$OUTPUT"
+ cat <<END
+\$HTTP["url"] =~ "/static/images/$IMAGE" {
+ mimetype.assign = ("" => "$CONTENT_TYPE")
+ }
+END
+}
+
+process_files() {
+ local INDENT=" "
+ local ELSE_STRING=""
+ local FRAGMENT
+
+ for IMAGE in custom_*; do
+ INDENT=" "
+
+ FRAGMENT=$(generate_mime_assign $IMAGE)
+ if [ "$?" -eq "0" ]; then
+ echo "${INDENT}${ELSE_STRING}${FRAGMENT}" >> "$CONFIG_PATH"
+ ELSE_STRING="else "
+ fi
+ done
+}
+
+echo "Generating $CONFIG_PATH"
+
+# truncate and write head
+cat > "$CONFIG_PATH" <<END
+\$HTTP["url"] =~ "/static/images/custom_" {
+END
+
+cd "$IMAGE_PATH" && process_files
+
+# write tail (closing brace)
+echo "}" >> "$CONFIG_PATH"
diff --git a/recipes-core/lighttpd/files/lighttpd_nrs.conf b/recipes-core/lighttpd/files/lighttpd_nrs.conf
new file mode 100644
index 0000000..8c23747
--- /dev/null
+++ b/recipes-core/lighttpd/files/lighttpd_nrs.conf
@@ -0,0 +1,66 @@
+server.modules = ( "mod_expire" )
+server.bind = "127.0.0.1"
+server.port = 1882
+server.document-root = "/var/www/node-red/node-red-stub"
+server.max-keep-alive-requests = 0
+expire.url = ( "/" => "access 0 days" )
+server.errorlog-use-syslog = "enable"
+server.upload-dirs = ( "/var/volatile/tmp" )
+index-file.names = ( "index.html" )
+server.pid-file = "/var/run/lighttpd_nrs.pid"
+server.errorfile-prefix = "/var/www/node-red/node-red-errors/status-"
+mimetype.assign = (
+ ".pdf" => "application/pdf",
+ ".sig" => "application/pgp-signature",
+ ".spl" => "application/futuresplash",
+ ".class" => "application/octet-stream",
+ ".ps" => "application/postscript",
+ ".torrent" => "application/x-bittorrent",
+ ".dvi" => "application/x-dvi",
+ ".gz" => "application/x-gzip",
+ ".pac" => "application/x-ns-proxy-autoconfig",
+ ".swf" => "application/x-shockwave-flash",
+ ".tar.gz" => "application/x-tgz",
+ ".tgz" => "application/x-tgz",
+ ".tar" => "application/x-tar",
+ ".xhtml" => "application/xhtml+xml",
+ ".xht" => "application/xhtml+xml",
+ ".zip" => "application/zip",
+ ".mp3" => "audio/mpeg",
+ ".m3u" => "audio/x-mpegurl",
+ ".wma" => "audio/x-ms-wma",
+ ".wax" => "audio/x-ms-wax",
+ ".ogg" => "application/ogg",
+ ".wav" => "audio/x-wav",
+ ".gif" => "image/gif",
+ ".jpg" => "image/jpeg",
+ ".jpeg" => "image/jpeg",
+ ".png" => "image/png",
+ ".xbm" => "image/x-xbitmap",
+ ".xpm" => "image/x-xpixmap",
+ ".xwd" => "image/x-xwindowdump",
+ ".css" => "text/css",
+ ".html" => "text/html",
+ ".htm" => "text/html",
+ ".js" => "text/javascript",
+ ".asc" => "text/plain",
+ ".c" => "text/plain",
+ ".cpp" => "text/plain",
+ ".log" => "text/plain",
+ ".conf" => "text/plain",
+ ".text" => "text/plain",
+ ".txt" => "text/plain",
+ ".dtd" => "text/xml",
+ ".xml" => "text/xml",
+ ".mpeg" => "video/mpeg",
+ ".mpg" => "video/mpeg",
+ ".mov" => "video/quicktime",
+ ".qt" => "video/quicktime",
+ ".avi" => "video/x-msvideo",
+ ".asf" => "video/x-ms-asf",
+ ".asx" => "video/x-ms-asf",
+ ".wmv" => "video/x-ms-wmv",
+ ".bz2" => "application/x-bzip",
+ ".tbz" => "application/x-bzip-compressed-tar",
+ ".tar.bz2" => "application/x-bzip-compressed-tar"
+)
diff --git a/recipes-core/lighttpd/lighttpd_1.4.48.bb b/recipes-core/lighttpd/lighttpd_1.4.48.bb
new file mode 100644
index 0000000..0b9897a
--- /dev/null
+++ b/recipes-core/lighttpd/lighttpd_1.4.48.bb
@@ -0,0 +1,100 @@
+SUMMARY = "Lightweight high-performance web server"
+HOMEPAGE = "http://www.lighttpd.net/"
+BUGTRACKER = "http://redmine.lighttpd.net/projects/lighttpd/issues"
+
+LICENSE = "BSD"
+LIC_FILES_CHKSUM = "file://COPYING;md5=e4dac5c6ab169aa212feb5028853a579"
+
+PR .= ".mts21"
+
+SECTION = "net"
+DEPENDS = "zlib libpcre openssl"
+RDEPENDS_${PN} += " \
+ lighttpd-module-access \
+ lighttpd-module-accesslog \
+ lighttpd-module-fastcgi \
+ lighttpd-module-rewrite \
+ lighttpd-module-redirect \
+ lighttpd-module-alias \
+ lighttpd-module-setenv \
+ lighttpd-module-expire \
+ lighttpd-module-openssl \
+"
+RDEPENDS_${PN} += " openssl"
+# for lighttpd_custom_images_setup script
+RDEPENDS_${PN} += "bash file file-magic-db-images"
+
+
+SRC_URI = "http://download.lighttpd.net/lighttpd/releases-1.4.x/lighttpd-${PV}.tar.gz \
+ file://lighttpd.conf \
+ file://lighttpd_nrs.conf \
+ file://lighttpd.init \
+ file://lighttpd_custom_images_setup \
+ file://0001-lighttpd-pcre-use-pkg-config.patch;apply=true \
+ file://0004_fastcgi_env_with_unixsocket.patch;apply=true \
+"
+
+
+SRC_URI[md5sum] = "fe9ea4dccacd9738be03245c364bc055"
+SRC_URI[sha256sum] = "fc36f82877284eb506356aa80f483f133a9e17ec7cb79acd7e5b7733768538ef"
+
+EXTRA_OECONF = " \
+ --without-bzip2 \
+ --without-ldap \
+ --without-lua \
+ --without-memcached \
+ --with-pcre \
+ --without-webdav-props \
+ --without-webdav-locks \
+ --with-openssl \
+ --with-openssl-libs=${STAGING_LIBDIR} \
+ --with-zlib \
+ --disable-static \
+"
+
+inherit useradd autotools pkgconfig update-rc.d gettext systemd
+
+INITSCRIPT_NAME = "lighttpd"
+INITSCRIPT_PARAMS = "defaults 60 40"
+
+USERADD_PACKAGES = "${PN}"
+GROUPADD_PARAM_${PN} = "--system --gid 667 www"
+USERADD_PARAM_${PN} = "--system --gid 667 --uid 667 --groups 667 --no-create-home --home-dir /var/www --shell /bin/false --no-user-group www"
+
+do_install_append() {
+ install -d ${D}${sysconfdir}/init.d ${D}${sysconfdir}/lighttpd.d ${D}/www/pages/dav
+ install -d 0644 ${D}${sysconfdir}/ssl
+ install -m 0755 --group www -d ${D}${localstatedir}/www
+ install -m 0755 ${WORKDIR}/lighttpd.init ${D}${sysconfdir}/init.d/lighttpd
+ install -m 0644 --group www ${WORKDIR}/lighttpd.conf ${D}${sysconfdir}
+ install -m 0644 --group www ${WORKDIR}/lighttpd_nrs.conf ${D}${sysconfdir}
+
+ #For FHS compliance, create symbolic links to /var/log and /var/tmp for logs and temporary data
+ ln -sf ${localstatedir}/log ${D}/www/logs
+ ln -sf ${localstatedir}/tmp ${D}/www/var
+ ln -snf ../volatile/www/tmp ${D}${localstatedir}/www/tmp
+
+ install -d ${D}/${base_sbindir}
+ install -m 755 ${WORKDIR}/lighttpd_custom_images_setup ${D}/${base_sbindir}/lighttpd_custom_images_setup
+}
+
+do_install_append_mtr() {
+ sed -i 's/^server.max-request-size.*/server.max-request-size = 60000/g' ${D}${sysconfdir}/lighttpd.conf
+}
+
+do_install_append_mtrv1() {
+ sed -i 's/^server.max-request-size.*/server.max-request-size = 60000/g' ${D}${sysconfdir}/lighttpd.conf
+}
+
+FILES_${PN} += "${sysconfdir} /www"
+
+CONFFILES_${PN} = "${sysconfdir}/lighttpd.conf \
+ ${sysconfdir}/lighttpd_nrs.conf \
+ "
+
+PACKAGES_DYNAMIC += "^lighttpd-module-.*"
+
+python populate_packages_prepend () {
+ lighttpd_libdir = d.expand('${libdir}')
+ do_split_packages(d, lighttpd_libdir, '^mod_(.*)\.so$', 'lighttpd-module-%s', 'Lighttpd module for %s', extra_depends='')
+}
diff --git a/recipes-core/multitech/commissioning_1.0.0.bb b/recipes-core/multitech/commissioning_1.0.1.bb
index 22369dc..cbe82d6 100644
--- a/recipes-core/multitech/commissioning_1.0.0.bb
+++ b/recipes-core/multitech/commissioning_1.0.1.bb
@@ -3,13 +3,15 @@ inherit update-rc.d
LICENSE = "MIT"
LIC_FILES_CHKSUM = "file://LICENSE;md5=593c81e8a2bd8b4c4e310d8792372b13"
-PACKAGE_ARCH = "all"
+PACKAGE_ARCH = "${MACHINE_ARCH}"
-RDEPENDS_${PN} += "lighttpd lighttpd-module-fastcgi lighttpd-module-redirect bash"
+DEPENDS = "fcgi jsoncpp shadow"
+RDEPENDS_${PN} += "jsoncpp lighttpd lighttpd-module-fastcgi lighttpd-module-openssl lighttpd-module-redirect bash"
RDEPENDS_${PN}-php-fpm += "php-fpm ${PN}"
PACKAGES =+ "${PN}-php-fpm"
+
INITSCRIPT_PACKAGES = "${PN} ${PN}-php-fpm"
-INITSCRIPT_NAME_${PN} = "commission"
+INITSCRIPT_NAME_${PN} = "commission "
INITSCRIPT_PARAMS_${PN} = "start 9 2 3 4 5 ."
INITSCRIPT_NAME_${PN}-php-fpm = "commission-php-fpm"
INITSCRIPT_PARAMS_${PN}-php-fpm = "start 9 2 3 4 5 ."
@@ -20,14 +22,21 @@ SRCREV = "${PV}"
FILES_${PN}-php-fpm = "/etc/init.d/commission-php-fpm"
FILES_${PN} += "/www/"
-SRC_URI = "git://git@${MTS_INTERNAL_GIT}/mirrors/commissioning.git;protocol=ssh"
+SRC_URI = "git://git@gitlab.multitech.net/mirrors/commissioning.git;tag=1.0.1;protocol=ssh"
S = "${WORKDIR}/git"
+do_compile() {
+ oe_runmake all
+}
do_install() {
+
cp -a ${S}/${sysconfdir}/ ${D}/
cp -a ${S}/www/ ${D}/
cp -a ${S}/${prefix} ${D}/
chmod 755 ${D}/etc/init.d/*
chmod 755 ${D}/${libexecdir}/commission/*
chown -R root:root ${D}/
+
+ oe_runmake install DESTDIR=${D}
+ chmod 755 ${D}/usr/bin/commissioning.fcgi
}