What's new

Entware [SOLUTION] Cross-Compile PixelServ-TLS 2.4 Entware Package via Debian Live DVD

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

garycnew

Senior Member
NOTE: After finally being convinced by the Entware & OpenWRT Developers that neither Build Environment was meant to be Compiled Natively on a Router (Neutered C Libraries), I decided to pursue this Cross-Compile PixelServ-TLS 2.4 Entware Package via Debian Live DVD solution; which, is presumably a bit slower, but ultimately successful. It wasn't too terrible after finding the right cross-compiling platform and combining a few different build references.

Requirements/Assumptions:

Cross-Compiling Host Machine:
1. Plenty of Physical Memory (RAM)
2. Debian Live (Testing) DVD
3. Flash Drive >= 32GB (Preferably USB 3.0/3.1)

PixelServ-TLS 2.4 Installation Machine:
1. An Asuswrt-Merlin Compatible Router (i.e., Asus RT-AC66U)
2. Asuswrt-Merlin Compatible Firmware (i.e., 384.19)
3. Formated JFFS Partition and Enabled JFFS Custom Scripts and Configs
4. Entware installed on USB 3.0 Interface Device via Asuswrt-Merlin Terminal Menu (AMTM) with Swap File created

NOTE: Not sure if it matters... At the time of this writing, Debian Bullseye (Testing) Live DVD contained the same package versions as the current Entware repository, opposed to the Debian Buster (Stable) Live DVD, so we opted to use the Debian Bullseye (Testing) Live DVD.

### Download & Burn Debian Live (Testing) DVD ###
Code:
$ curl -L -O -C - http://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/weekly-live-builds/amd64/iso-hybrid/debian-live-testing-amd64-gnome+nonfree.iso

### Boot Debian Live (Testing) DVD on the Cross-Compiling Host Machine ###
Our Cross-Compiling Host Machine required the [F12] key to be pressed during boot to enter into the Boot Menu and select the Debian Live (Testing) DVD. Make sure you setup and have Internet access on the Cross-Compiling Host Machine.

### Open Terminal ###

### Mount Flash Drive (Repeat after each DVD Boot) ###
Code:
$ mount /dev/sdb1 /media/user/SanDiskSDCZ
$ cd /media/user/SanDiskSDCZ/

### Download & Install Build System (Repeat after each DVD Boot) ###
Code:
$ sudo apt-get update
$ sudo apt-get install git-core build-essential libssl-dev libncurses5-dev unzip gawk zlib1g-dev
$ sudo apt-get install python2 wget

### Clone, Setup, & Make Entware Build Env ###
Code:
$ git clone https://github.com/Entware/Entware.git
$ cd Entware

# Update OpenWRT Feeds
$ ./scripts/feeds update -a

# Symlink Packages (Repeat after each DVD Boot)
$ make package/symlinks

# Copy the config specific to your Architecture and Kernel versions
$ cp configs/armv7-2.6.config .config

$ make tools/install && make toolchain/install && make target/compile
or
#$ make -j1 V=sc tools/install
#$ make -j1 V=sc toolchain/install
#$ make -j1 V=sc target/compile

### Download, Prepare, & Compile Test Package from OpenWRT Feed ###
Code:
#$ ./scripts/feeds install screen
or
$ make -j1 V=sc package/screen/download
$ make -j1 V=sc package/screen/check
$ find package/ -iname "*screen*"
package/feeds/packages/screen

$ make -j1 V=sc package/screen/prepare
$ make -j1 V=sc package/screen/compile
#$ make -j1 V=sc package/screen/install
#$ make package/index

$ find bin/ -iname "*screen*"
bin/targets/armv7-2.6/generic-glibc/packages/screen_4.8.0-2_armv7-2.6.ipk

### Download & Prepare OpenWRT Feed Package modified for Entware (When Available) ###
Code:
#$ ./scripts/feeds install pixelserv-tls
or
$ make -j1 V=sc package/pixelserv-tls/download
$ make -j1 V=sc package/pixelserv-tls/check
$ find package/ -iname "*pixelserv-tls*"
package/feeds/rtndev/pixelserv-tls

NOTE: As of this writing, PixelServ-TLS 2.3.1 was still being published as the master branch, so I had to modify the Makefile to use the 2.4 Version & Source information. Once Version 2.4 is published as the master branch, you should be able to revert back to the standard/unmodified OpenWRT Makefile.

### Edit the Makefile to use the 2.4 Version & Source information ###
Code:
$ diff package/feeds/packages/pixelserv-tls/Makefile.orig package/feeds/packages/pixelserv-tls/Makefile
11,12c11,12
< PKG_VERSION:=2.3.1
< PKG_REV:=200ff65f10b7696dcf546f6f9ed72ab8d49993b2
---
> PKG_VERSION:=2.4
> PKG_REV:=7e0513beb9226e8189a8bf96e201fd0efa7afbac
15c15
< PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.bz2
---
> PKG_SOURCE:=$(PKG_VERSION).tar.gz
17c17
< PKG_SOURCE_URL:=https://github.com/kvic-z/pixelserv-tls.git
---
> PKG_SOURCE_URL:=https://github.com/kvic-z/pixelserv-tls/archive/refs/tags/
20c20
< PKG_MIRROR_HASH:=5dd9e2c0f1409f129d832bb26d98636362937a847dc4a53af4f21599a2f7b94d
---
> PKG_MIRROR_HASH:=e06892afa377c9719168a335ab5a8c214061c88d7a775efa4b82a833d0762e62

### Select pixelserv-tls for [M]odular inclusion under the SECTION => CATEGORY => SUBMENU of menuconfig ###
Code:
$ make menuconfig
define Package/pixelserv-tls
    SECTION:=net
    CATEGORY:=Network
    SUBMENU:=Web Servers/Proxies
    DEPENDS:=+libopenssl +libpthread
    TITLE:=one pixel webserver
    URL:=$(PKG_SOURCE_URL)
    MAINTAINER:=Entware team, https://entware.net
endef

### Compile OpenWRT Feed Package modified for Entware ###
Code:
$ make -j1 V=sc package/pixelserv-tls/prepare
$ make -j1 V=sc package/pixelserv-tls/compile
#$ make -j1 V=sc package/pixelserv-tls/install
#$ make package/index

$ find bin/ -iname "*pixelserv-tls*"
bin/targets/armv7-2.6/generic-glibc/packages/pixelserv-tls_2.4-1_armv7-2.6.ipk

### SFTP & SSH pixelserv-tls Package to PixelServ-TLS 2.4 Installation Machine(s) ###
Code:
$ cd bin/targets/armv7-2.6/generic-glibc/packages/
$ sftp admin@192.168.0.1
sftp> cd /tmp/mnt/SanDiskSDHC/pixelserv-tls/
sftp> put pixelserv-tls_2.4-1_armv7-2.6.ipk

$ ssh admin@192.168.0.1
# cd /tmp/mnt/SanDiskSDHC/
# opkg install ./pixelserv-tls/*

# opkg list-installed|grep -i pixelserv
pixelserv-tls - 2.4-1

# opkg files pixelserv-tls
Package pixelserv-tls (2.4-1) is installed on root and has the following files:
/opt/bin/pixelserv-tls
/opt/etc/init.d/S80pixelserv-tls

# opkg info pixelserv-tls
Package: pixelserv-tls
Version: 2.4-1
Depends: libc, libssp, librt, libpthread, libopenssl, libpthread
Status: install user installed
Architecture: armv7-2.6
Installed-Time: 1625803409

# /opt/bin/pixelserv-tls -h
pixelserv-tls 2.4 (compiled: Apr 26 2021 12:20:33 flags: tls1_3)

Congratulations! You've Cross-Compiled a PixelServ-TLS 2.4 Entware Package via Debian Live (Testing) DVD! The Possibilities are Endless with Good-Times Ahead!

References:
Code:
http://bin.entware.net/armv7sf-k2.6/
http://cdimage.debian.org/cdimage/unofficial/non-free/cd-including-firmware/weekly-live-builds/amd64/iso-hybrid/
https://packages.debian.org/search?keywords=search
https://oldwiki.archive.openwrt.org/about/toolchain
https://oldwiki.archive.openwrt.org/doc/howto/buildroot.exigence
https://oldwiki.archive.openwrt.org/doc/howto/build.a.package
https://github.com/Entware/Entware/wiki/How-to-add-a-new-package
https://github.com/Entware/Entware-ng/wiki/Using-gcc-%28native-compilation%29
https://github.com/kvic-z/pixelserv-tls
https://github.com/kvic-z/pixelserv-tls/releases/tag/2.4

### Full Edited pixelserv-tls Makefile ###
Code:
$ cat Makefile
#
# Copyright (C) 2011-2021 Entware
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#

include $(TOPDIR)/rules.mk

PKG_NAME:=pixelserv-tls
PKG_VERSION:=2.4
PKG_REV:=7e0513beb9226e8189a8bf96e201fd0efa7afbac
PKG_RELEASE:=1

PKG_SOURCE:=$(PKG_VERSION).tar.gz
PKG_SOURCE_SUBDIR:=$(PKG_NAME)-$(PKG_VERSION)
PKG_SOURCE_URL:=https://github.com/kvic-z/pixelserv-tls/archive/refs/tags/
PKG_SOURCE_PROTO:=git
PKG_SOURCE_VERSION:=$(PKG_REV)
PKG_MIRROR_HASH:=e06892afa377c9719168a335ab5a8c214061c88d7a775efa4b82a833d0762e62

include $(INCLUDE_DIR)/package.mk

define Package/pixelserv-tls
    SECTION:=net
    CATEGORY:=Network
    SUBMENU:=Web Servers/Proxies
    DEPENDS:=+libopenssl +libpthread
    TITLE:=one pixel webserver
    URL:=$(PKG_SOURCE_URL)
    MAINTAINER:=Entware team, https://entware.net
endef

define Package/pixelserv-tls/description
pixelserv-tls is a tiny bespoke webserver for adblock
with HTTP/1.1 and HTTPS support
endef

define Build/Compile
    $(TARGET_CC) \
        $(TARGET_CPPFLAGS) -DDROP_ROOT -DIF_MODE -DUSE_PTHREAD \
        $(TARGET_LDFLAGS) -lssl -lcrypto -lpthread \
        $(PKG_BUILD_DIR)/util.c \
        $(PKG_BUILD_DIR)/socket_handler.c \
        $(PKG_BUILD_DIR)/pixelserv.c \
        $(PKG_BUILD_DIR)/certs.c \
        $(PKG_BUILD_DIR)/logger.c \
        -o $(PKG_BUILD_DIR)/pixelserv-tls
endef

define Package/pixelserv-tls/postinst
#!/bin/sh
cat << EOF
Place ca.crt and ca.key to /opt/var/cache/pixelserv before starting HTTPS mode.
Start options can be adjusted via /opt/etc/init.d/S80pixelserv-tls.

See 'pixelserv-tls -h' for details
EOF
endef

define Package/pixelserv-tls/install
    $(INSTALL_DIR) $(1)/opt/bin
    $(INSTALL_BIN) $(PKG_BUILD_DIR)/pixelserv-tls $(1)/opt/bin
    $(INSTALL_DIR) $(1)/opt/etc/init.d
    $(INSTALL_BIN) ./files/S80pixelserv-tls $(1)/opt/etc/init.d
    $(INSTALL_DIR) $(1)/opt/var/cache/pixelserv
endef

$(eval $(call BuildPackage,pixelserv-tls))
 

Attachments

  • pixelserv-tls_2.4-1_armv7-2.6.txt
    25.3 KB · Views: 153
Last edited:
Why exactly would we be doing this? The only change from 2.3.1 is OpenSSL 3.0, which is expressly not for production as yet. And as noted elsewhere, at best this will affect only a small percentage of websites. And I take it this needs to be static linked, so it will have a much much larger memory footprint?
 
Why exactly would we be doing this? The only change from 2.3.1 is OpenSSL 3.0, which is expressly not for production as yet. And as noted elsewhere, at best this will affect only a small percentage of websites. And I take it this needs to be static linked, so it will have a much much larger memory footprint?
I'm certain there is a specific use case in mind that most of us here won't fit - check the other posts from the OP
 
Why exactly would we be doing this? The only change from 2.3.1 is OpenSSL 3.0, which is expressly not for production as yet. And as noted elsewhere, at best this will affect only a small percentage of websites. And I take it this needs to be static linked, so it will have a much much larger memory footprint?
Exactly, tough this feature needs some testing I guess. Since there are no binaries provided for our routers as is usually the case, we are not asked to provide feedback to the developer.
 
Exactly, tough this feature needs some testing I guess. Since there are no binaries provided for our routers as is usually the case, we are not asked to provide feedback to the developer.
I concur. I believe it is useful to know how to compile for those that are willing to step into that realm. It allows the developer to have quick access to early feedback for possible solutions. Think of self compiling as sort of a beta/alpha. if @kvic is listening, then he can see the issues and potentially provide quick solutions before entwares actual next repo update.
 
Today I updated Entware through amtm and am now running pixelserv-tls 2.4 (compiled: Aug 22 2021 06:41:01 flags: tfo tls1_3)
 
How big is the package?

Went hunting to see if Yip had posted more about this, but it looks like his site has been taken down and handed over to something else.

For the moment I've updated everything but pixelserv-tls:
Code:
opkg flag hold pixelserv-tls

EDIT: I decided to get on the bandwagon and let pixelserv-tls get updated:
Code:
opkg flag user pixelserv-tls
 
Last edited:
Went hunting to see if Yip had posted more about this, but it looks like his site has been taken down and handed over to something else.
What? Hmm.
That's ironic in a visually sad way: Intentional or not, his domain forwards to some domain that my setup of Diversion blocks and - consequently - shows the pixelserv-tls favicon in my browser.
Sad and ironic at the same time.
 
What? Hmm.
That's ironic in a visually sad way: Intentional or not, his domain forwards to some domain that my setup of Diversion blocks and - consequently - shows the pixelserv-tls favicon in my browser.
Sad and ironic at the same time.
It is nice to see diversion and pixelserv-tls still work in unison. I hope we hear more about your wonderful future endeavors with diversion. Diversion is the work of a true Master.
 
Just updating to this now.

pixelserv.png
 
Meets approval by the Entware Master (@ryzhov_al). Nice to see you back in the Asuswrt-Merlin forum.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top