mirror of
https://github.com/LuckfoxTECH/luckfox-pico.git
synced 2026-01-18 03:28:19 +01:00
d2da6f0f4f
* project/cfg/BoardConfig_IPC/overlay : Add Luckfox Pico 86Panel overlay files Signed-off-by: luckfox-eng29 <eng29@luckfox.com> * sysdrv/source/kernel/arch/arm/boot/dts : Add Luckfox Pico 86Panel device tree files Signed-off-by: luckfox-eng29 <eng29@luckfox.com> * project/cfg/BoardConfig_IPC : Add Luckfox Pico 86Panel BoardConfig files Signed-off-by: luckfox-eng29 <eng29@luckfox.com> * project/build.sh : Add the lunch menu item of Luckfox Pico 86Panel Signed-off-by: luckfox-eng29 <eng29@luckfox.com> * sysdrv/source/kernel/arch/arm/configs : Add Goodix driver module configuration for RV1106 Signed-off-by: luckfox-eng29 <eng29@luckfox.com> * sysdrv/tools/board/buildroot/luckfox_pico_w_defconfig : Add rsync command for Luckfox Pico Buildroot system Signed-off-by: luckfox-eng29 <eng29@luckfox.com> * project/cfg/BoardConfig_IPC/overlay/overlay-luckfox-ubuntu-config : Add rysnc command for Luckfox Pico Ubuntu system Signed-off-by: luckfox-eng29 <eng29@luckfox.com> * project/cfg/BoardConfig_IPC/overlay/overlay-luckfox-config/etc/init.d : Add MIC initialization script to improve default recording quality Signed-off-by: luckfox-eng29 <eng29@luckfox.com> * sysdrv/tools/board/buildroot/busybox_patch : Add patches to enable Chinese display support in the terminal and allow the reboot command to accept parameters Signed-off-by: luckfox-eng29 <eng29@luckfox.com> * sysdrv/Makefile : Automatically apply BusyBox patches when building the Buildroot image Signed-off-by: luckfox-eng29 <eng29@luckfox.com> * sysdrv/source/kernel/arch/arm/kernel/setup.c : Make the kernel retrieve the unique CPU serial number Signed-off-by: luckfox-eng29 <eng29@luckfox.com> * project/cfg/BoardConfig_IPC/overlay/overlay-luckfox-config/usr/bin/luckfox-config : Fix errors and add support for eMMC rootfs backup Signed-off-by: luckfox-eng29 <eng29@luckfox.com> * sysdrv/source/kernel/arch/arm/boot/dts : Make Luckfox Pico Ultra and Luckfox Pico Pi default to using i2c4 for CSI cameras Signed-off-by: luckfox-eng29 <eng29@luckfox.com> * project/cfg/BoardConfig_IPC/overlay/overlay-luckfox-ubuntu-ultra/usr/bin/wifi_bt_init.sh : Enable wireless module initialization support for Ubuntu on Luckfox Pico 86Panel and Luckfox Pico Pi Signed-off-by: luckfox-eng29 <eng29@luckfox.com> * project/cfg/BoardConfig_IPC : Add executable permission to the BoardConfig scripts Signed-off-by: luckfox-eng29 <eng29@luckfox.com> * sysdrv/source/uboot : Resolve the issue of fast boot failure on certain eMMC models Signed-off-by: luckfox-eng29 <eng29@luckfox.com> * project/cfg/BoardConfig_IPC/luckfox-rv1106-tb-emmc-post.sh : Resolve the issue of file system initialization failure during eMMC fast boot Signed-off-by: luckfox-eng29 <eng29@luckfox.com> * project/build.sh : Fix the issue of submodule switch failure Signed-off-by: luckfox-eng29 <eng29@luckfox.com> * project/app/rkipc/rkipc/src : Make sure that changes to rkipc.ini can be applied and take effect after modification Signed-off-by: eng29 <eng29@luckfox.com> * project/cfg/BoardConfig_IPC : Discontinue support for Ubuntu Signed-off-by: eng29 <eng29@luckfox.com> * project/build.sh : Discontinue support for Ubuntu Signed-off-by: eng29 <eng29@luckfox.com> * sysdrv/Makefile : Discontinue support for Ubuntu Signed-off-by: eng29 <eng29@luckfox.com> * README.md : Update description README_CN.md : Update description Signed-off-by: eng29 <eng29@luckfox.com> * . : Delete the Ubuntu rootfs submodule Signed-off-by: eng29 <eng29@luckfox.com> * sysdrv/drv_ko/wifi/aic8800dc : Update the aic8800dc driver Signed-off-by: eng29 <eng29@luckfox.com> --------- Signed-off-by: luckfox-eng29 <eng29@luckfox.com> Signed-off-by: eng29 <eng29@luckfox.com>
199 lines
5.0 KiB
Bash
Executable File
199 lines
5.0 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
# This script uses openssl, gnutls, or stunnel to secure an rsync daemon connection.
|
|
|
|
# By default this script takes rsync args and hands them off to the actual
|
|
# rsync command with an --rsh option that makes it open an SSL connection to an
|
|
# rsync daemon. See the rsync-ssl manpage for usage details and env variables.
|
|
|
|
# When the first arg is --HELPER, we are being used by rsync as an --rsh helper
|
|
# script, and the args are (note the trailing dot):
|
|
#
|
|
# rsync-ssl --HELPER HOSTNAME rsync --server --daemon .
|
|
#
|
|
# --HELPER is not a user-facing option, so it is not documented in the manpage.
|
|
|
|
# The first SSL setup was based on: http://dozzie.jarowit.net/trac/wiki/RsyncSSL
|
|
# Note that an stunnel connection requires at least version 4.x of stunnel.
|
|
|
|
function rsync_ssl_run {
|
|
case "$*" in
|
|
*rsync://*) ;;
|
|
*::*) ;;
|
|
*)
|
|
echo "You must use rsync-ssl with a daemon-style hostname." 1>&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
exec rsync --rsh="$0 --HELPER" "${@}"
|
|
}
|
|
|
|
function rsync_ssl_helper {
|
|
if [[ -z "$RSYNC_SSL_TYPE" ]]; then
|
|
found=`path_search openssl stunnel4 stunnel` || exit 1
|
|
if [[ "$found" == */openssl ]]; then
|
|
RSYNC_SSL_TYPE=openssl
|
|
RSYNC_SSL_OPENSSL="$found"
|
|
elif [[ "$found" == */gnutls-cli ]]; then
|
|
RSYNC_SSL_TYPE=gnutls
|
|
RSYNC_SSL_GNUTLS="$found"
|
|
else
|
|
RSYNC_SSL_TYPE=stunnel
|
|
RSYNC_SSL_STUNNEL="$found"
|
|
fi
|
|
fi
|
|
|
|
case "$RSYNC_SSL_TYPE" in
|
|
openssl)
|
|
if [[ -z "$RSYNC_SSL_OPENSSL" ]]; then
|
|
RSYNC_SSL_OPENSSL=`path_search openssl` || exit 1
|
|
fi
|
|
optsep=' '
|
|
;;
|
|
gnutls)
|
|
if [[ -z "$RSYNC_SSL_GNUTLS" ]]; then
|
|
RSYNC_SSL_GNUTLS=`path_search gnutls-cli` || exit 1
|
|
fi
|
|
optsep=' '
|
|
;;
|
|
stunnel)
|
|
if [[ -z "$RSYNC_SSL_STUNNEL" ]]; then
|
|
RSYNC_SSL_STUNNEL=`path_search stunnel4 stunnel` || exit 1
|
|
fi
|
|
optsep=' = '
|
|
;;
|
|
*)
|
|
echo "The RSYNC_SSL_TYPE specifies an unknown type: $RSYNC_SSL_TYPE" 1>&2
|
|
exit 1
|
|
;;
|
|
esac
|
|
|
|
if [[ -z "$RSYNC_SSL_CERT" ]]; then
|
|
certopt=""
|
|
gnutls_cert_opt=""
|
|
else
|
|
certopt="-cert$optsep$RSYNC_SSL_CERT"
|
|
gnutls_cert_opt="--x509certfile=$RSYNC_SSL_CERT"
|
|
fi
|
|
|
|
if [[ -z "$RSYNC_SSL_KEY" ]]; then
|
|
keyopt=""
|
|
gnutls_key_opt=""
|
|
else
|
|
keyopt="-key$optsep$RSYNC_SSL_KEY"
|
|
gnutls_key_opt="--x509keyfile=$RSYNC_SSL_KEY"
|
|
fi
|
|
|
|
if [[ -z ${RSYNC_SSL_CA_CERT+x} ]]; then
|
|
# RSYNC_SSL_CA_CERT unset - default CA set AND verify:
|
|
# openssl:
|
|
caopt="-verify_return_error -verify 4"
|
|
# gnutls:
|
|
gnutls_opts=""
|
|
# stunnel:
|
|
# Since there is no way of using the default CA certificate collection,
|
|
# we cannot do any verification. Thus, stunnel should really only be
|
|
# used if nothing else is available.
|
|
cafile=""
|
|
verify=""
|
|
elif [[ "$RSYNC_SSL_CA_CERT" == "" ]]; then
|
|
# RSYNC_SSL_CA_CERT set but empty -do NO verifications:
|
|
# openssl:
|
|
caopt="-verify 1"
|
|
# gnutls:
|
|
gnutls_opts="--insecure"
|
|
# stunnel:
|
|
cafile=""
|
|
verify="verifyChain = no"
|
|
else
|
|
# RSYNC_SSL_CA_CERT set - use CA AND verify:
|
|
# openssl:
|
|
caopt="-CAfile $RSYNC_SSL_CA_CERT -verify_return_error -verify 4"
|
|
# gnutls:
|
|
gnutls_opts="--x509cafile=$RSYNC_SSL_CA_CERT"
|
|
# stunnel:
|
|
cafile="CAfile = $RSYNC_SSL_CA_CERT"
|
|
verify="verifyChain = yes"
|
|
fi
|
|
|
|
port="${RSYNC_PORT:-0}"
|
|
if [[ "$port" == 0 ]]; then
|
|
port="${RSYNC_SSL_PORT:-874}"
|
|
fi
|
|
|
|
# If the user specified USER@HOSTNAME::module, then rsync passes us
|
|
# the -l USER option too, so we must be prepared to ignore it.
|
|
if [[ "$1" == "-l" ]]; then
|
|
shift 2
|
|
fi
|
|
|
|
hostname="$1"
|
|
shift
|
|
|
|
if [[ -z "$hostname" || "$1" != rsync || "$2" != --server || "$3" != --daemon ]]; then
|
|
echo "Usage: rsync-ssl --HELPER HOSTNAME rsync --server --daemon ." 1>&2
|
|
exit 1
|
|
fi
|
|
|
|
if [[ $RSYNC_SSL_TYPE == openssl ]]; then
|
|
exec $RSYNC_SSL_OPENSSL s_client $caopt $certopt $keyopt -quiet -verify_quiet -servername $hostname -verify_hostname $hostname -connect $hostname:$port
|
|
elif [[ $RSYNC_SSL_TYPE == gnutls ]]; then
|
|
exec $RSYNC_SSL_GNUTLS --logfile=/dev/null $gnutls_cert_opt $gnutls_key_opt $gnutls_opts $hostname:$port
|
|
else
|
|
# devzero@web.de came up with this no-tmpfile calling syntax:
|
|
exec $RSYNC_SSL_STUNNEL -fd 10 11<&0 <<EOF 10<&0 0<&11 11<&-
|
|
foreground = yes
|
|
debug = crit
|
|
connect = $hostname:$port
|
|
client = yes
|
|
TIMEOUTclose = 0
|
|
$verify
|
|
$certopt
|
|
$cafile
|
|
EOF
|
|
fi
|
|
}
|
|
|
|
function path_search {
|
|
IFS_SAVE="$IFS"
|
|
IFS=:
|
|
for prog in "${@}"; do
|
|
for dir in $PATH; do
|
|
[[ -z "$dir" ]] && dir=.
|
|
if [[ -f "$dir/$prog" && -x "$dir/$prog" ]]; then
|
|
echo "$dir/$prog"
|
|
IFS="$IFS_SAVE"
|
|
return 0
|
|
fi
|
|
done
|
|
done
|
|
|
|
IFS="$IFS_SAVE"
|
|
echo "Failed to find on your path: $*" 1>&2
|
|
echo "See the rsync-ssl manpage for configuration assistance." 1>&2
|
|
return 1
|
|
}
|
|
|
|
if [[ "$#" == 0 ]]; then
|
|
echo "Usage: rsync-ssl [--type=SSL_TYPE] RSYNC_ARG [...]" 1>&2
|
|
echo "The SSL_TYPE can be openssl or stunnel"
|
|
exit 1
|
|
fi
|
|
|
|
if [[ "$1" = --help || "$1" = -h ]]; then
|
|
exec rsync --help
|
|
fi
|
|
|
|
if [[ "$1" == --HELPER ]]; then
|
|
shift
|
|
rsync_ssl_helper "${@}"
|
|
fi
|
|
|
|
if [[ "$1" == --type=* ]]; then
|
|
export RSYNC_SSL_TYPE="${1/--type=/}"
|
|
shift
|
|
fi
|
|
|
|
rsync_ssl_run "${@}"
|