jandelgado · jandelgado · Feb 9, 2025 · Dec 29, 2024 · Dec 29, 2024 · Dec 29, 2024
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -14,7 +14,7 @@ jobs:
       - name: shellcheck
         run: shellcheck builder.sh
   testnix:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     name: test nix builds
     strategy:
       matrix:
@@ -32,27 +32,26 @@ jobs:
         run: |
           ./.test/run_all.sh example-${{ matrix.example }}.conf output/
   testcontainer:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-24.04
     name: test container builds
     strategy:
       matrix:
         example: ["x86_64", "rpi4", "glinet-gl-ar750", "glinet-gl-mt300n-v2", "nexx-wt3020", "rpi2", "wrt1043nd"]
-        option: ["--docker", "--podman"]
-        sudo: ["", "--sudo"]
+        option: ["--docker --sudo", "--podman", "--podman --sudo"]
     steps:
       - name: Checkout
         uses: actions/checkout@v4
       - name: test build example
         run: |
-          if [ "${{ matrix.option }}" == "--podman" ]; then
+          if [[ "${{ matrix.option }}" =~ "podman" ]]; then
             sudo apt-get -y update
             sudo apt-get -y install podman
           fi
           mkdir -p output
           time ./builder.sh build-docker-image \
-                  example-${{ matrix.example }}.conf ${{ matrix.option }}  ${{ matrix.sudo }} &&\
+                  example-${{ matrix.example }}.conf ${{ matrix.option }}  &&\
           time ./builder.sh build \
-                  example-${{ matrix.example }}.conf ${{ matrix.option }} ${{ matrix.sudo }}
+                  example-${{ matrix.example }}.conf ${{ matrix.option }}
       - name: check artefacts
         run: |
           ./.test/run_all.sh example-${{ matrix.example }}.conf output/
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog for lede-dockerbuilder
 
+## v3.8 [2025-02-09]
+
+* Upgrade to OpenWrt 24.10.0
+
 ## v3.7 [2024-11-10]
 
 * Upgrade to OpenWrt 23.05.5

diff --git a/README.md b/README.md
@@ -5,19 +5,19 @@
 <!-- vim-markdown-toc GFM -->
 
 * [What](#what)
-    * [Note](#note)
+  * [Note](#note)
 * [Why](#why)
 * [How](#how)
-    * [Using docker](#using-docker)
-    * [Using nix-shell](#using-nix-shell)
-    * [Usage](#usage)
-        * [Builder runtime](#builder-runtime)
-    * [Configuration file](#configuration-file)
-    * [File system overlay](#file-system-overlay)
-    * [Example directory structure](#example-directory-structure)
-        * [Debugging](#debugging)
+  * [Using docker](#using-docker)
+  * [Using nix-shell](#using-nix-shell)
+  * [Usage](#usage)
+    * [Builder runtime](#builder-runtime)
+  * [Configuration file](#configuration-file)
+  * [File system overlay](#file-system-overlay)
+  * [Example directory structure](#example-directory-structure)
+    * [Debugging](#debugging)
 * [Examples](#examples)
-    * [Building a x86_64 image and running it in qemu](#building-a-x86_64-image-and-running-it-in-qemu)
+  * [Building a x86_64 image and running it in qemu](#building-a-x86_64-image-and-running-it-in-qemu)
 * [Building an OpenWrt snapshot release](#building-an-openwrt-snapshot-release)
 * [Author](#author)
 * [License](#license)
@@ -31,12 +31,12 @@ for your embedded device or a Raspberry PI) using a self-contained docker
 container or a [nix-shell](https://nixos.wiki/wiki/Development_environment_with_nix-shell) and the [OpenWrt image
 builder](https://openwrt.org/docs/guide-user/additional-software/imagebuilder).
 On the builder host, Docker, podman/buildah (for dockerless operation) or nix-shell is the
-only requirement. Supports latest OpenWrt release (23.05.x).
+only requirement. Supports latest OpenWrt release (24.10.x).
 
 ### Note
 
-The OpenWrt imagebuilder uses pre-compiled packages to build the final image. 
-Go [here](https://github.com/jandelgado/lede-dockercompiler) if you are looking 
+The OpenWrt imagebuilder uses pre-compiled packages to build the final image.
+Go [here](https://github.com/jandelgado/lede-dockercompiler) if you are looking
 for a docker images to compile OpenWrt completely from source.
 
 ## Why
@@ -50,7 +50,7 @@ for a docker images to compile OpenWrt completely from source.
 
 ### Using docker
 
-```
+```text
 $ git clone https://github.com/jandelgado/lede-dockerbuilder.git
 $ cd lede-dockerbuilder
 $ ./builder.sh build-docker-image example-nexx-wt3020.conf
@@ -71,7 +71,7 @@ $ cd lede-dockerbuilder
 $ ./builder.sh build example-nexx-wt3020.conf --nix
 ```
 
-Using `nix-shell` does not require building a container image or starting a 
+Using `nix-shell` does not require building a container image or starting a
 container first, therefore it is usually faster.
 
 ### Usage
@@ -84,7 +84,7 @@ Usage: $1 COMMAND CONFIGFILE [OPTIONS]
     build-docker-image - build the docker image (run once first)
     profiles           - show available profiles for current configuration
     build              - start container and build the LEDE/OpenWRT image
-    shell              - start shell in the build dir 
+    shell              - start shell in the build dir
   CONFIGFILE           - configuraton file to use
 
   OPTIONS:
@@ -192,7 +192,7 @@ LEDE_TARGET=ramips
 LEDE_SUBTARGET=mt7620
 
 # list packages to include in LEDE image. prepend packages to deinstall with "-".
-# 
+#
 # include all packages to build a mobile NAS supporting disk encryption:
 # ksmbd (samba4 is too large now for the WT3020's 8MB), cryptsetup.
 # see https://github.com/namjaejeon/ksmbd-tools for ksmbd info.
@@ -284,8 +284,8 @@ These examples evolved from images I use myself.
 
 To build an example run `./builder.sh build <config-file>`, e.g.
 
-```shell
-$ ./builder.sh build example-rpi2.conf 
+```text
+$ ./builder.sh build example-rpi2.conf
 ```
 
 The resulting image can be found in the `output/` directory. The [OpenWrt
@@ -295,46 +295,45 @@ describes how to flash the new image in detail.
 ### Building a x86_64 image and running it in qemu
 
 The [example-x86_64.conf](example-x86_64.conf) file can be used to build a
-x86_64 based OpenWrt image which can also be run in qemu, e.g. if you need
+x86_64 based OpenWrt image which can also be run in qemu, e.g., if you need
 a virtual router/firewall.
 
 First build the image with `builder.sh build example-x86_64.conf`, then unpack
 the resulting image with e.g. `gunzip
-output/openwrt-23.05.0-x86-64-generic-ext4-combined.img.gz`.  Finally the image
+output/openwrt-24.10.0-x86-64-generic-ext4-combined.img.gz`.  Finally the image
 can be started with qemu (or simply use [run_in_qemu.sh](etc/run_in_qemu.sh))
 
-```shell
+```text
 qemu-system-x86_64 \
     -enable-kvm \
     -nographic \
     -device ide-hd,drive=d0,bus=ide.0 \
-    -netdev user,id=hn0 \
-    -device virtio-net-pci,netdev=hn0,id=wan \
-    -netdev user,id=hn1,hostfwd=tcp::5555-:22001 \
-    -device virtio-net-pci,netdev=hn1,id=lan \
-    -drive id=d0,if=none,file=output/openwrt-19.07.0-x86-64-combined-ext4.img
+    -device virtio-net-pci,netdev=hn0,id=lan \
+    -netdev user,id=hn0,net=192.168.1.0/24,host=192.168.1.2,hostfwd=tcp::1122-192.168.1.1:22,hostfwd=tcp::8443-192.168.1.1:443\
+    -device virtio-net-pci,netdev=hn1,id=wan \
+    -netdev user,id=hn1\
+    -drive id=d0,if=none,file="$IMG"
 ```
 
-The `hostfwd=...` part can be omitted and is used in case you redirect port
-22001 on your WAN adapter to port 22 of the LAN adapter, in case you want to
-access SSH in the VM from your qemu-host. Check the `/etc/config/firewall` file
-for details.
-
 Qemu will assign the IP address `10.0.2.15/24` to the `WAN` interface (`eth1`)
 and OpenWrt the address `192.168.1.1/24` to the `LAN` (`br-lan` bridge with
 `eth0`) interface.
 
-Note: press `CTRL-A X` to exit qemu.
+Port `1122` will be forwarded to the OpenWrt VMs port `22` (ssh), and port
+`8443` will be forwarded to port `443` , allowing to access luci using a
+web browser from the host under `https://localhost:8443`.
+
+Note: inside Qemu, press `CTRL-a` + `x` to exit.
 
 ## Building an OpenWrt snapshot release
 
 To build a [snapshot](https://downloads.openwrt.org/snapshots) release, set
 `LEDE_RELEASE` to `snapshots` and let `LEDE_BUILDER_URL` point to the image
 builder in the snapshot dir, e.g.
 
-```
+```text
 LEDE_RELEASE=snapshots
-LEDE_BUILDER_URL="https://downloads.openwrt.org/$LEDE_RELEASE/targets/$LEDE_TARGET/$LEDE_SUBTARGET/openwrt-imagebuilder-$LEDE_TARGET-$LEDE_SUBTARGET.Linux-x86_64.tar.xz" 
+LEDE_BUILDER_URL="https://downloads.openwrt.org/$LEDE_RELEASE/targets/$LEDE_TARGET/$LEDE_SUBTARGET/openwrt-imagebuilder-$LEDE_TARGET-$LEDE_SUBTARGET.Linux-x86_64.tar.xz"
 ```
 
 See the [this example](example-x86_64-snapshot.conf) which builds an x86_64

diff --git a/builder.sh b/builder.sh
@@ -104,6 +104,7 @@ function run_cmd_in_container {
         -v "$(abspath "$OUTPUT_DIR")":/lede/output \
         "${repositories_volume[@]}" \
         ${DOCKER_OPTS[@]} \
+        ${_DOCKER_OPTS:-} \
         --rm "$(image_tag)" bash -c "$*"
 }
 
@@ -191,10 +192,21 @@ RUNTIME...........: $runtime
 EOT
 }
 
+# tests if given version is at least provided reference version.
+# version_ge_than("23.05.1", "24") -> false
+# version_ge_than("24.0.10", "24") -> true
+function version_ge_than { [ "${1%%.*}" -ge "$2" ]; }
+
 # return default LEDE_BUILDER_URL if not overriden in configuration file
 function builder_url {
+    # using .zst since OpenWrt 24, .xz before
     if [ -z "${LEDE_BUILDER_URL+x}" ]; then
-        echo "https://downloads.openwrt.org/releases/$LEDE_RELEASE/targets/$LEDE_TARGET/$LEDE_SUBTARGET/openwrt-imagebuilder-$LEDE_RELEASE-$LEDE_TARGET-$LEDE_SUBTARGET.Linux-x86_64.tar.xz"
+        if version_ge_than "$LEDE_RELEASE" "24"; then
+            local ext="zst"
+        else
+            local ext="xz"
+        fi
+        echo "https://downloads.openwrt.org/releases/$LEDE_RELEASE/targets/$LEDE_TARGET/$LEDE_SUBTARGET/openwrt-imagebuilder-$LEDE_RELEASE-$LEDE_TARGET-$LEDE_SUBTARGET.Linux-x86_64.tar.$ext"
         return
     fi
     echo "$LEDE_BUILDER_URL"
@@ -301,13 +313,15 @@ function dispatch_command {
              ;;
          *)
             usage "$0"
-            exit 0 
+            # shellcheck disable=2317
+            exit 0
             ;;
     esac
 }
 
 if [ $# -lt 2 ]; then
     usage "$0"
+    # shellcheck disable=2317
     exit 1
 fi
 

diff --git a/docker/Dockerfile b/docker/Dockerfile
@@ -1,14 +1,15 @@
-FROM ubuntu:22.04 as base
-LABEL maintainer "Jan Delgado <[email protected]>"
+FROM ubuntu:24.04 AS base
+LABEL maintainer="Jan Delgado <[email protected]>"
 
+# python3-setuptools kept here to also support OpenWrt 23
 RUN    apt-get update\
     && DEBIAN_FRONTEND=noninteractive apt-get install -y build-essential\
          libncurses5-dev libncursesw5-dev zlib1g-dev gawk git gettext libssl-dev\
-         xsltproc rsync wget unzip python3 python3-distutils file\
+         xsltproc rsync wget unzip python3 python3-setuptools file zstd\
     && rm -rf /var/lib/apt/lists/*
 
 ADD etc/entrypoint.sh /usr/local/bin/
-RUN chmod 755 /usr/local/bin/entrypoint.sh 
+RUN chmod 755 /usr/local/bin/entrypoint.sh
 
 FROM base
 
@@ -17,7 +18,9 @@ FROM base
 ARG BUILDER_URL
 
 RUN    mkdir -p /lede/imagebuilder\
-    && wget -q "$BUILDER_URL" -O /tmp/imagebuilder && tar xvf /tmp/imagebuilder --strip-components=1 -C /lede/imagebuilder \
+    && wget -q "$BUILDER_URL" -O /tmp/imagebuilder && \
+       tar xvf /tmp/imagebuilder\
+               --strip-components=1 -C /lede/imagebuilder \
     && rm -f /tmp/imagebuilder
 
 WORKDIR "/lede/imagebuilder"

diff --git a/etc/run_in_qemu.sh b/etc/run_in_qemu.sh
@@ -6,13 +6,16 @@
 SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
 IMG=${1:-$SCRIPT_DIR/../output/openwrt-22.03.0-x86-64-generic-ext4-combined.img}
 
+# configure 2 NICs:
+#   1. LAN , with port forwardings of 1122 -> 22 (ssh) and 8443 -> 443 (luci)
+#   2. WAN
 exec qemu-system-x86_64 \
     -enable-kvm \
     -nographic \
     -device ide-hd,drive=d0,bus=ide.0 \
-    -netdev user,id=hn0 \
-    -device virtio-net-pci,netdev=hn0,id=wan \
-    -netdev user,id=hn1,hostfwd=tcp::5555-:22001 \
-    -device virtio-net-pci,netdev=hn1,id=lan \
+    -device virtio-net-pci,netdev=hn0,id=lan \
+    -netdev user,id=hn0,net=192.168.1.0/24,host=192.168.1.2,hostfwd=tcp::1122-192.168.1.1:22,hostfwd=tcp::8443-192.168.1.1:443\
+    -device virtio-net-pci,netdev=hn1,id=wan \
+    -netdev user,id=hn1\
     -drive id=d0,if=none,file="$IMG"
 
diff --git a/example-glinet-gl-ar750.conf b/example-glinet-gl-ar750.conf
@@ -1,6 +1,6 @@
 # LEDE profile to use: GL.iNet GL-AR750
 LEDE_PROFILE=glinet_gl-ar750
-LEDE_RELEASE=23.05.5
+LEDE_RELEASE=24.10.0
 LEDE_TARGET=ath79
 LEDE_SUBTARGET=generic
 

diff --git a/example-glinet-gl-mt300n-v2.conf b/example-glinet-gl-mt300n-v2.conf
@@ -1,6 +1,6 @@
 # profile to use: GL.iNet GL-MT300N V2
 LEDE_PROFILE=glinet_gl-mt300n-v2
-LEDE_RELEASE=23.05.5
+LEDE_RELEASE=24.10.0
 LEDE_TARGET=ramips
 LEDE_SUBTARGET=mt76x8
 

diff --git a/example-nexx-wt3020.conf b/example-nexx-wt3020.conf
@@ -1,17 +1,17 @@
 # LEDE profile to use: NEXX WT3020
 LEDE_PROFILE=nexx_wt3020-8m
-LEDE_RELEASE=23.05.5
+LEDE_RELEASE=24.10.0
 LEDE_TARGET=ramips
 LEDE_SUBTARGET=mt7620
 
 # list packages to include in LEDE image. prepend packages to deinstall with "-".
-# 
-# include all packages to build a mobile NAS supporting disk encryption:
-# ksmbd (samba4 is too large now for the WT3020's 8MB), cryptsetup.
-# see https://github.com/namjaejeon/ksmbd-tools for ksmbd info.
-LEDE_PACKAGES="ksmbd-server lsblk block-mount\
-    kmod-usb-storage-uas kmod-scsi-core ntfs-3g\
-    kmod-nls-iso8859-1 cryptsetup kmod-crypto-xts\
+#
+# include all packages to build a mobile "NAS" supporting disk encryption:
+# vsftpd (needs to be configured afterwards), cryptsetup, usb disk drivers.
+# had to drop ksmbd with 24.10.0 since image became to large.
+LEDE_PACKAGES="block-mount vsftpd\
+    kmod-usb-storage-uas kmod-scsi-core lsblk\
+    cryptsetup kmod-crypto-xts\
     kmod-mt76 kmod-usb2 kmod-usb-ohci kmod-usb-core kmod-dm kmod-crypto-ecb\
     kmod-crypto-misc kmod-crypto-cbc kmod-crypto-crc32c kmod-crypto-hash\
     kmod-crypto-user\

diff --git a/example-rpi2.conf b/example-rpi2.conf
@@ -1,13 +1,13 @@
 LEDE_PROFILE=rpi-2
-LEDE_RELEASE=23.05.5
+LEDE_RELEASE=24.10.0
 LEDE_TARGET=bcm27xx
 LEDE_SUBTARGET=bcm2709
 
 # list packages to include in LEDE image. prepend packages to deinstall with "-".
 LEDE_PACKAGES="base-files busybox dropbear mtd uci opkg netifd fstools uclient-fetch \
                logd kmod-usb-hid kmod-sound-core kmod-sound-arm-bcm2835 \
                kmod-fs-vfat kmod-nls-cp437 kmod-nls-iso8859-1 dnsmasq \
-               -ppp -ppp-mod-pppoe luci-ssl-nginx"
+               -ppp -ppp-mod-pppoe luci nginx-mod-luci nginx-ssl acme luci-app-acme"
 
 # optionally override OUTPUT_DIR and ROOTFS_OVERLAY directory location here
 
diff --git a/example-rpi4.conf b/example-rpi4.conf
@@ -1,11 +1,11 @@
 # Demo for Raspberry 4.
 LEDE_PROFILE=rpi-4
-LEDE_RELEASE=23.05.5
+LEDE_RELEASE=24.10.0
 LEDE_TARGET=bcm27xx
 LEDE_SUBTARGET=bcm2711
 
 # list packages to include in LEDE image. prepend packages to deinstall with "-".
 LEDE_PACKAGES="dropbear mtd uci opkg netifd fstools uclient-fetch kmod-usb-hid \
                kmod-sound-core kmod-fs-vfat kmod-nls-cp437 kmod-nls-iso8859-1 \
-               dnsmasq -ppp -ppp-mod-pppoe luci-ssl-nginx luci-app-adblock adblock"
+               dnsmasq -ppp -ppp-mod-pppoe luci nginx-ssl nginx-mod-luci luci-app-adblock adblock acme luci-app-acme"
 
diff --git a/example-wrt1043nd.conf b/example-wrt1043nd.conf
@@ -1,7 +1,7 @@
 # OpenWRT profile to use: tp link WR1043ND
 LEDE_PROFILE=tplink_tl-wr1043nd-v2
 LEDE_TARGET=ath79
-LEDE_RELEASE=23.05.5
+LEDE_RELEASE=24.10.0
 LEDE_SUBTARGET=generic
 
 # list packages to include in the image. prepend packages to deinstall with "-".

diff --git a/example-x86_64-snapshot.conf b/example-x86_64-snapshot.conf
@@ -8,7 +8,7 @@ LEDE_SUBTARGET=64
 
 # list packages to include in LEDE image. prepend packages to deinstall with "-".
 LEDE_PACKAGES="base-files busybox dropbear mtd uci opkg netifd \
-fstools uclient-fetch logd kmod-usb-hid dnsmasq luci-ssl-nginx "
+fstools uclient-fetch logd kmod-usb-hid dnsmasq luci-nginx "
 
 LEDE_BUILDER_URL="https://downloads.openwrt.org/$LEDE_RELEASE/targets/$LEDE_TARGET/$LEDE_SUBTARGET/openwrt-imagebuilder-$LEDE_TARGET-$LEDE_SUBTARGET.Linux-x86_64.tar.xz"