corrections de différents bugs de fonctionnement et configuration
This commit is contained in:
@@ -7,9 +7,15 @@ SDK_VENDOR = "-benserv"
|
|||||||
SDK_VERSION = "${DISTRO_VERSION}"
|
SDK_VERSION = "${DISTRO_VERSION}"
|
||||||
MAINTENER = "vincent.benoit@benserv.fr"
|
MAINTENER = "vincent.benoit@benserv.fr"
|
||||||
|
|
||||||
# rpi specific
|
# Image Rootfs type and size
|
||||||
IMAGE_FSTYPES = "tar.bz2 ext4 ext4.xz rpi-sdimg"
|
IMAGE_FSTYPES = "tar.bz2 ext4 ext4.xz rpi-sdimg"
|
||||||
SDIMG_ROOTFS_TYPE = "ext4.xz"
|
SDIMG_ROOTFS_TYPE = "ext4.xz"
|
||||||
|
# define a multiplier that the build system apllies to
|
||||||
|
# the initial image size (4Go freespace)
|
||||||
|
#IMAGE_OVERHEAD_FACTOR = "2"
|
||||||
|
IMAGE_ROOTFS_EXTRA_SPACE = "4194304"
|
||||||
|
|
||||||
|
# rpi specific
|
||||||
DISABLE_OVERSCAN = "1"
|
DISABLE_OVERSCAN = "1"
|
||||||
BOOT_DELAY = "0"
|
BOOT_DELAY = "0"
|
||||||
BOOT_DELAY_MS = "0"
|
BOOT_DELAY_MS = "0"
|
||||||
|
|||||||
@@ -28,5 +28,5 @@ FILES:${PN} = " \
|
|||||||
do_install() {
|
do_install() {
|
||||||
install -d ${D}/var/www/app-configurateur
|
install -d ${D}/var/www/app-configurateur
|
||||||
cp -a ${WORKDIR}/git/prod/app-configurateur/* ${D}/var/www/app-configurateur
|
cp -a ${WORKDIR}/git/prod/app-configurateur/* ${D}/var/www/app-configurateur
|
||||||
chown -R root:root ${D}/var/www/app-configurateur
|
chown -R daemon:daemon ${D}/var/www/app-configurateur
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -0,0 +1,11 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Change owner and group of /dev/ttyAMA0 for KineIntercom
|
||||||
|
ConditionPathExists=/dev/ttyAMA0
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
User=root
|
||||||
|
Group=root
|
||||||
|
ExecStart=/bin/sh -c '/bin/chmod g+rw /dev/ttyAMA0'
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
@@ -0,0 +1,11 @@
|
|||||||
|
[Unit]
|
||||||
|
Description=Hostapd IEEE 802.11 AP, IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
|
||||||
|
After=network.target
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=forking
|
||||||
|
PIDFile=/run/hostapd.pid
|
||||||
|
ExecStart=/usr/sbin/hostapd /etc/hostapd.conf -P /run/hostapd.pid -B
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=multi-user.target
|
||||||
@@ -2,12 +2,14 @@
|
|||||||
# Release under the MIT license (see COPYING.MIT for the terms)
|
# Release under the MIT license (see COPYING.MIT for the terms)
|
||||||
FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
|
FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
|
||||||
|
|
||||||
SRC_URI += "file://hostapd.conf"
|
SRC_URI += " \
|
||||||
|
file://hostapd.conf \
|
||||||
|
"
|
||||||
|
|
||||||
inherit systemd
|
inherit systemd
|
||||||
SYSTEMD_AUTO_ENABLE = "enable"
|
SYSTEMD_AUTO_ENABLE:${PN} = "enable"
|
||||||
SYSTEMD_SERVICE:${PN} = "hostapd.service"
|
|
||||||
|
|
||||||
do_install:append() {
|
do_install:append() {
|
||||||
|
install -d ${D}${sysconfdir}/
|
||||||
install -m 0644 ${WORKDIR}/hostapd.conf ${D}${sysconfdir}/
|
install -m 0644 ${WORKDIR}/hostapd.conf ${D}${sysconfdir}/
|
||||||
}
|
}
|
||||||
|
|||||||
+1
-1
@@ -9,4 +9,4 @@ inherit pypi python_setuptools_build_meta
|
|||||||
|
|
||||||
PYPI_PACKAGE = "tzdata"
|
PYPI_PACKAGE = "tzdata"
|
||||||
|
|
||||||
SRC_URI[sha256sum] = "fe5f866eddd8b96e9fcba978f8e503c909b19ea7efda11e52e39494bad3a7bfa"
|
SRC_URI[sha256sum] = "ada9133fbd561e6ec3d1674d3fba50251636e918aa97bd59d63735bef5a513bb"
|
||||||
@@ -0,0 +1,39 @@
|
|||||||
|
SUMMARY = "The Swiss Army knife of Python web development"
|
||||||
|
DESCRIPTION = "\
|
||||||
|
Werkzeug started as simple collection of various utilities for WSGI \
|
||||||
|
applications and has become one of the most advanced WSGI utility modules. \
|
||||||
|
It includes a powerful debugger, full featured request and response objects, \
|
||||||
|
HTTP utilities to handle entity tags, cache control headers, HTTP dates, \
|
||||||
|
cookie handling, file uploads, a powerful URL routing system and a bunch \
|
||||||
|
of community contributed addon modules."
|
||||||
|
HOMEPAGE = "http://werkzeug.pocoo.org/"
|
||||||
|
LICENSE = "BSD-3-Clause"
|
||||||
|
LIC_FILES_CHKSUM = "file://LICENSE.rst;md5=5dc88300786f1c214c1e9827a5229462"
|
||||||
|
|
||||||
|
PYPI_PACKAGE = "Werkzeug"
|
||||||
|
|
||||||
|
SRC_URI[sha256sum] = "7ea2d48322cc7c0f8b3a215ed73eabd7b5d75d0b50e31ab006286ccff9e00b8f"
|
||||||
|
|
||||||
|
inherit pypi setuptools3
|
||||||
|
|
||||||
|
CLEANBROKEN = "1"
|
||||||
|
|
||||||
|
RDEPENDS:${PN} += " \
|
||||||
|
${PYTHON_PN}-datetime \
|
||||||
|
${PYTHON_PN}-difflib \
|
||||||
|
${PYTHON_PN}-email \
|
||||||
|
${PYTHON_PN}-html \
|
||||||
|
${PYTHON_PN}-io \
|
||||||
|
${PYTHON_PN}-json \
|
||||||
|
${PYTHON_PN}-logging \
|
||||||
|
${PYTHON_PN}-netclient \
|
||||||
|
${PYTHON_PN}-netserver \
|
||||||
|
${PYTHON_PN}-numbers \
|
||||||
|
${PYTHON_PN}-pkgutil \
|
||||||
|
${PYTHON_PN}-pprint \
|
||||||
|
${PYTHON_PN}-simplejson \
|
||||||
|
${PYTHON_PN}-threading \
|
||||||
|
${PYTHON_PN}-unixadmin \
|
||||||
|
${PYTHON_PN}-misc \
|
||||||
|
${PYTHON_PN}-profile \
|
||||||
|
"
|
||||||
@@ -0,0 +1,46 @@
|
|||||||
|
*filter
|
||||||
|
########### Regles iptables ###########
|
||||||
|
# Flush des regles
|
||||||
|
-F INPUT
|
||||||
|
-F FORWARD
|
||||||
|
-F OUTPUT
|
||||||
|
|
||||||
|
# Policies par defaut
|
||||||
|
-P INPUT DROP
|
||||||
|
-P FORWARD DROP
|
||||||
|
-P OUTPUT DROP
|
||||||
|
|
||||||
|
# On accepte le loopback
|
||||||
|
-A INPUT -i lo -j ACCEPT
|
||||||
|
-A OUTPUT -o lo -j ACCEPT
|
||||||
|
|
||||||
|
# On accepte le ping entrant et sortant
|
||||||
|
-A INPUT -p icmp --icmp-type echo-request -j ACCEPT
|
||||||
|
-A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
|
||||||
|
-A OUTPUT -p icmp --icmp-type echo-request -j ACCEPT
|
||||||
|
-A INPUT -p icmp --icmp-type echo-reply -j ACCEPT
|
||||||
|
|
||||||
|
### http
|
||||||
|
-A INPUT -i wlan0 -p tcp --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
|
||||||
|
-A OUTPUT -o wlan0 -p tcp --sport 80 -m state --state ESTABLISHED -j ACCEPT
|
||||||
|
|
||||||
|
### ssh
|
||||||
|
-A INPUT -i eth0 -p tcp -m tcp --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
|
||||||
|
-A OUTPUT -o eth0 -p tcp -m tcp --sport 22 -m state --state ESTABLISHED -j ACCEPT
|
||||||
|
|
||||||
|
### bootp client (hostapd)
|
||||||
|
-A INPUT -i wlan0 -p udp --sport 68 -j ACCEPT
|
||||||
|
-A OUTPUT -o wlan0 -p udp --dport 68 -j ACCEPT
|
||||||
|
|
||||||
|
# Log des trames droppees
|
||||||
|
-N LOGGING
|
||||||
|
-A INPUT -i eth0 -j LOGGING
|
||||||
|
-A OUTPUT -o eth0 -j LOGGING
|
||||||
|
-A INPUT -i wlan0 -j LOGGING
|
||||||
|
-A OUTPUT -o wlan0 -j LOGGING
|
||||||
|
-A LOGGING -m limit --limit 20/min -j LOG --log-prefix "DROP:" --log-level 4
|
||||||
|
-A LOGGING -j DROP
|
||||||
|
|
||||||
|
COMMIT
|
||||||
|
|
||||||
|
# vim: filetype=sh
|
||||||
@@ -0,0 +1,12 @@
|
|||||||
|
# Copyright (C) 2022 Vincent BENOIT <vincent.benoit@benserv.fr>
|
||||||
|
# Release under the MIT license (see COPYING.MIT for the terms)
|
||||||
|
FILESEXTRAPATHS:prepend := "${THISDIR}/files:"
|
||||||
|
|
||||||
|
SRC_URI += "file://iptables.rules"
|
||||||
|
|
||||||
|
FILES:{PN} += "${sysconfdir}/iptables/iptables.rules"
|
||||||
|
|
||||||
|
do_install:append() {
|
||||||
|
install -d ${D}${sysconfdir}/iptables/
|
||||||
|
install -m 0644 ${WORKDIR}/iptables.rules ${D}${sysconfdir}/iptables/
|
||||||
|
}
|
||||||
@@ -65,3 +65,4 @@ net/ipv4/ip_forward=1
|
|||||||
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
# See https://www.kernel.org/doc/Documentation/sysctl/fs.txt
|
||||||
#fs.protected_hardlinks = 1
|
#fs.protected_hardlinks = 1
|
||||||
#fs.protected_symlinks = 1
|
#fs.protected_symlinks = 1
|
||||||
|
kernel.printk="2 4 1 7"
|
||||||
|
|||||||
@@ -108,16 +108,6 @@ ServerAdmin vincent.benoit@benserv.fr
|
|||||||
#
|
#
|
||||||
ServerName localhost:80
|
ServerName localhost:80
|
||||||
|
|
||||||
#
|
|
||||||
# Deny access to the entirety of your server's filesystem. You must
|
|
||||||
# explicitly permit access to web content directories in other
|
|
||||||
# <Directory> blocks below.
|
|
||||||
#
|
|
||||||
<Directory />
|
|
||||||
AllowOverride none
|
|
||||||
Require all denied
|
|
||||||
</Directory>
|
|
||||||
|
|
||||||
#
|
#
|
||||||
# Note that from this point forward you must specifically allow
|
# Note that from this point forward you must specifically allow
|
||||||
# particular features to be enabled - so if something's not working as
|
# particular features to be enabled - so if something's not working as
|
||||||
@@ -270,7 +260,7 @@ LogLevel info
|
|||||||
#Include /etc/apache2/extra/httpd-info.conf
|
#Include /etc/apache2/extra/httpd-info.conf
|
||||||
|
|
||||||
# Virtual hosts
|
# Virtual hosts
|
||||||
Include /etc/apache2/extra/httpd-vhosts.conf
|
#Include /etc/apache2/extra/httpd-vhosts.conf
|
||||||
|
|
||||||
# Local access to the Apache HTTP Server Manual
|
# Local access to the Apache HTTP Server Manual
|
||||||
#Include /etc/apache2/extra/httpd-manual.conf
|
#Include /etc/apache2/extra/httpd-manual.conf
|
||||||
@@ -293,10 +283,10 @@ Include /etc/apache2/extra/proxy-html.conf
|
|||||||
# starting without SSL on platforms with no /dev/random equivalent
|
# starting without SSL on platforms with no /dev/random equivalent
|
||||||
# but a statically compiled-in mod_ssl.
|
# but a statically compiled-in mod_ssl.
|
||||||
#
|
#
|
||||||
<IfModule ssl_module>
|
#<IfModule ssl_module>
|
||||||
SSLRandomSeed startup builtin
|
#SSLRandomSeed startup builtin
|
||||||
SSLRandomSeed connect builtin
|
#SSLRandomSeed connect builtin
|
||||||
</IfModule>
|
#</IfModule>
|
||||||
|
|
||||||
|
|
||||||
#IncludeOptional /etc/apache2/conf.d/*.conf
|
#IncludeOptional /etc/apache2/conf.d/*.conf
|
||||||
|
|||||||
Reference in New Issue
Block a user