Switch to 2022 firmware, and ISRG X1 root.

Makefile

@@ -3,15 +3,15 @@
 # Build Options
 #
 
-OPENWRT_RELEASE ?= 18.06.4
-OPENWRT_TARGET ?= ar71xx
+OPENWRT_RELEASE ?= 22.03.0
+OPENWRT_TARGET ?= ath79
 OPENWRT_FLASH_LAYOUT ?= generic
-OPENWRT_PROFILE ?=gl-ar150
+OPENWRT_PROFILE ?= glinet_gl-ar150
 
 SOWN_PACKAGES := sown-core
 PACKAGES := -wpad-mini -dnsmasq -firewall
 
-ifneq (,$(filter gl-ar150,$(OPENWRT_PROFILE)))
+ifneq (,$(filter glinet_gl-ar150,$(OPENWRT_PROFILE)))
   SOWN_PACKAGES += sown-leds-ar150
 endif
 
@@ -26,7 +26,7 @@ OPENWRT_DOWNLOAD_URL := https://downloads.openwrt.org/releases
 OPENWRT_FOLDER_URL = $(OPENWRT_DOWNLOAD_URL)/$(OPENWRT_RELEASE)/targets/$(OPENWRT_TARGET)/$(OPENWRT_FLASH_LAYOUT)
 
 imagebuilder_URL := $(OPENWRT_FOLDER_URL)/openwrt-imagebuilder-$(OPENWRT_RELEASE)-$(OPENWRT_TARGET)-$(OPENWRT_FLASH_LAYOUT).Linux-x86_64.tar.xz
-sdk_URL := $(OPENWRT_FOLDER_URL)/openwrt-sdk-$(OPENWRT_RELEASE)-$(OPENWRT_TARGET)-$(OPENWRT_FLASH_LAYOUT)_gcc-7.3.0_musl.Linux-x86_64.tar.xz
+sdk_URL := $(OPENWRT_FOLDER_URL)/openwrt-sdk-$(OPENWRT_RELEASE)-$(OPENWRT_TARGET)-$(OPENWRT_FLASH_LAYOUT)_gcc-11.2.0_musl.Linux-x86_64.tar.xz
 
 # Directories
 ROOT_DIR = $(shell dirname $(realpath $(lastword $(MAKEFILE_LIST))))
@@ -57,8 +57,8 @@ install-%:
 	$(SOURCES_DIR)/sdk/scripts/feeds install $* 
 
 config_packages: update_feeds $(addprefix install-, $(SOWN_PACKAGES)) 
-	echo "CONFIG_SIGNED_PACKAGES=n" > $(SOURCES_DIR)/sdk/.config
 	make -C $(SOURCES_DIR)/sdk defconfig
+	echo "CONFIG_SIGNED_PACKAGES=n" >> $(SOURCES_DIR)/sdk/.config
 
 compile-%: update_feeds install-%
 	make -C $(SOURCES_DIR)/sdk package/$*/compile
@@ -72,14 +72,17 @@ $(SOURCES_DIR)/imagebuilder/files: $(ROOT_DIR)/files $(SOURCES_DIR)/imagebuilder
 $(SOURCES_DIR)/imagebuilder/repositories.conf: packages
 	echo "src sown file:/$(SOURCES_DIR)/sdk/bin/packages/mips_24kc/sown/" >> $@ 
 
-firmware: $(SOURCES_DIR)/imagebuilder $(SOURCES_DIR)/imagebuilder/files $(SOURCES_DIR)/imagebuilder/repositories.conf
+imagebuilder-packages:
+	cp $(SOURCES_DIR)/sdk/bin/packages/mips_24kc/sown/*.ipk $(SOURCES_DIR)/imagebuilder/packages/
+
+firmware: $(SOURCES_DIR)/imagebuilder $(SOURCES_DIR)/imagebuilder/files imagebuilder-packages packages
 	make -C $(SOURCES_DIR)/imagebuilder image PROFILE=$(OPENWRT_PROFILE) PACKAGES="$(PACKAGES)" FILES=files/
 
 .PHONY: all clean firmware packages update_feeds install-% compile-% 
 
 .DEFAULT_GOAL := all
 
-all: firmware
+all: packages firmware
 
 clean:
 	git clean -fdX

packages/sown-core/files/etc/sown/configure_scripts/available/credentials

@@ -54,7 +54,7 @@ else
         mac="$MAC"
     fi
 
-	TMPFILE=`download_url ${firstrun_url} "mac=${mac}&nonce=${nonce}" "--cacert /etc/ssl/certs/DST_ROOT_CA_X3.pem"`
+	TMPFILE=`download_url ${firstrun_url} "mac=${mac}&nonce=${nonce}" "--cacert /etc/ssl/certs/ISRG_Root_X1.pem"`
 	res=$?
 	if [ $res -eq 0 ]; then
 		# Success, we got something, find out what we got

packages/sown-core/files/etc/ssl/certs/ISRG_Root_X1.pem

@@ -0,0 +1,31 @@
+-----BEGIN CERTIFICATE-----
+MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
+WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
+ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
+MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
+h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
+0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
+A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
+T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
+B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
+B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
+KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
+OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
+jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
+qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
+rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
+HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
+hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
+ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
+3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
+NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
+ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
+TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
+jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
+oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
+4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
+mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
+emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
+-----END CERTIFICATE-----

packages/sown-core/files/usr/sbin/complete_setup

@@ -55,7 +55,7 @@ if test $i -lt 30; then
 
     rm "$lock_file"
 
-	TMPFILE=`download_url ${firstrun_url} "mac=${mac}&nonce=${nonce}&complete=1" "--cacert /etc/ssl/certs/DST_ROOT_CA_X3.pem"`
+	TMPFILE=`download_url ${firstrun_url} "mac=${mac}&nonce=${nonce}&complete=1" "--cacert /etc/ssl/certs/ISRG_Root_X1.pem"`
 else
 	# Failed, try again later
 	uci set crontabs.setup.enabled='true'