update 2023-04-14 23:35:24

alist/Makefile

@@ -7,13 +7,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=alist
-PKG_VERSION:=3.15.1
-PKG_WEB_VERSION:=3.15.1
+PKG_VERSION:=3.16.0
+PKG_WEB_VERSION:=3.16.0
 PKG_RELEASE:=1
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=https://codeload.github.com/alist-org/alist/tar.gz/v$(PKG_VERSION)?
-PKG_HASH:=563accf652d7b7d422e0a99027db14d52daee451dad32729e00f9b4074aaa4d1
+PKG_HASH:=5f946c95a769f2ba85a53612082f33d742110426cbcbc954d5b8395a071b3135
 
 PKG_LICENSE:=GPL-3.0
 PKG_LICENSE_FILE:=LICENSE
@@ -23,7 +23,7 @@ define Download/$(PKG_NAME)-web
   FILE:=$(PKG_NAME)-web-$(PKG_WEB_VERSION).tar.gz
   URL_FILE:=dist.tar.gz
   URL:=https://github.com/alist-org/alist-web/releases/download/$(PKG_WEB_VERSION)/
-  HASH:=b7a111edd85a11b14393e38558b637edfa5b3c69a95b15cbbd8749ce26320f9f
+  HASH:=0a08e205887dcaf17f5e57af5a2024021e35e3d29878259d372d980bbea3eedd
 endef
 
 PKG_BUILD_DEPENDS:=golang/host

homeproxy/Makefile

@@ -5,13 +5,13 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=luci-app-homeproxy
-PKG_VERSION:=dev-230402
+PKG_VERSION:=dev-230414
 
 LUCI_TITLE:=The modern ImmortalWrt proxy platform for ARM64/AMD64
 LUCI_PKGARCH:=all
 LUCI_DEPENDS:= \
 	+sing-box \
-	+curl \
+	+chinadns-ng \
 	+firewall4 \
 	+kmod-nft-tproxy
 

homeproxy/README

@@ -1,5 +1,4 @@
 TODO:
-- Check bugs in ACL, config generator etc.
 - Subscription page slow response with a large number of nodes
 - Refactor nft rules
 - Support Clash selector, urltest etc.

homeproxy/htdocs/luci-static/resources/homeproxy.js

@@ -169,6 +169,13 @@ return baseclass.extend({
 		return L.resolveDefault(callGetSingBoxFeatures(), {});
 	},
 
+	generateUUIDv4: function() {
+		/* Thanks to https://stackoverflow.com/a/2117523 */
+		return ([1e7]+-1e3+-4e3+-8e3+-1e11).replace(/[018]/g, c =>
+			(c ^ crypto.getRandomValues(new Uint8Array(1))[0] & 15 >> c / 4).toString(16)
+		);
+	},
+
 	loadDefaultLabel: function(uciconfig, ucisection) {
 		var label = uci.get(uciconfig, ucisection, 'label');
 		if (label)

homeproxy/htdocs/luci-static/resources/view/homeproxy/client.js

@@ -167,7 +167,7 @@ return view.extend({
 		o.rmempty = false;
 		o.depends({'routing_mode': 'custom', '!reverse': true});
 		o.validate = function(section_id, value) {
-			if (section_id && !['local', 'wan'].includes(value)) {
+			if (section_id && !['wan'].includes(value)) {
 				let ipv6_support = this.map.lookupOption('ipv6_support', section_id)[0].formvalue(section_id);
 
 				if (!value)
@@ -179,6 +179,29 @@ return view.extend({
 			return true;
 		}
 
+		if (features.hp_has_chinadns_ng) {
+			o = s.taboption('routing', form.Value, 'china_dns_server', _('China DNS server'),
+				_('You can only have one server set.'));
+			o.value('', _('Disable'));
+			o.value('wan', _('Use DNS server from WAN'));
+			o.value('wan_114', _('Use DNS server from WAN + 114DNS'));
+			o.value('223.5.5.5', _('Aliyun Public DNS (223.5.5.5)'));
+			o.value('210.2.4.8', _('CNNIC Public DNS (210.2.4.8)'));
+			o.value('119.29.29.29', _('Tencent Public DNS (119.29.29.29)'));
+			o.value('114.114.114.114', _('Xinfeng Public DNS (114.114.114.114)'));
+			o.depends('routing_mode', 'bypass_mainland_china');
+			o.validate = function(section_id, value) {
+				if (section_id && value && !['wan', 'wan_114'].includes(value)) {
+					let ipv6_support = this.map.lookupOption('ipv6_support', section_id)[0].formvalue(section_id);
+
+					if (!stubValidator.apply((ipv6_support === '1') ? 'ipaddr' : 'ip4addr', value))
+						return _('Expecting: %s').format(_('valid IP address'));
+				}
+
+				return true;
+			}
+		}
+
 		o = s.taboption('routing', form.ListValue, 'routing_mode', _('Routing mode'));
 		o.value('gfwlist', _('GFWList'));
 		o.value('bypass_mainland_china', _('Bypass mainland China'));

homeproxy/root/etc/config/homeproxy

@@ -5,6 +5,7 @@ config homeproxy 'infra'
 	option redirect_port '5331'
 	option tproxy_port '5332'
 	option dns_port '5333'
+	option china_dns_port '5334'
 	option tun_name 'singtun0'
 
 	option table_mark '100'

homeproxy/root/etc/homeproxy/scripts/firewall_post.ut

@@ -39,11 +39,12 @@ const uci = cursor();
 uci.load(cfgname);
 
 const routing_mode = uci.get(cfgname, 'config', 'routing_mode') || 'bypass_mainland_china';
-let outbound_node, outbound_udp_node, bypass_cn_traffic;
+let outbound_node, outbound_udp_node, china_dns_server, bypass_cn_traffic;
 
 if (routing_mode !== 'custom') {
 	outbound_node = uci.get(cfgname, 'config', 'main_node') || 'nil';
 	outbound_udp_node = uci.get(cfgname, 'config', 'main_udp_node') || 'nil';
+	china_dns_server = uci.get(cfgname, 'config', 'china_dns_server');
 } else {
 	outbound_node = uci.get(cfgname, 'routing', 'default_outbound') || 'nil';
 	bypass_cn_traffic = uci.get(cfgname, 'routing', 'bypass_cn_traffic') || '0';
@@ -163,7 +164,7 @@ set homeproxy_mainland_addr_v4 {
 		{% endfor %}
 	}
 }
-{% if (ipv6_support === '1'): %}
+{% if ((ipv6_support === '1') || china_dns_server): %}
 set homeproxy_mainland_addr_v6 {
 	type ipv6_addr
 	flags interval

homeproxy/root/etc/homeproxy/scripts/homeproxy.uc

@@ -60,27 +60,27 @@ export function calcStringMD5(str) {
 	return trim(output.stdout);
 };
 
-export function cURL(url) {
+export function getTime(epoch) {
+	const local_time = localtime(epoch);
+	return replace(replace(sprintf(
+		'%d-%2d-%2d@%2d:%2d:%2d',
+		local_time.year,
+		local_time.mon,
+		local_time.mday,
+		local_time.hour,
+		local_time.min,
+		local_time.sec
+	), ' ', '0'), '@', ' ');
+
+};
+
+export function wGET(url) {
 	if (!url || type(url) !== 'string')
 		return null;
 
-	const output = executeCommand(`/usr/bin/curl -fsL --connect-timeout '10' --retry '3' ${shellQuote(url)}`) || {};
+	const output = executeCommand(`/usr/bin/wget -qO- --timeout=10 ${shellQuote(url)}`) || {};
 	return trim(output.stdout);
 };
-
-export function getTime(epoch) {
-	const local_time = localtime(epoch);
-	return sprintf(
-		'%s-%s-%s %s:%s:%s',
-		local_time.year,
-		(local_time.mon >= 10) ? local_time.mon : ('0' + local_time.mon),
-		(local_time.mday >= 10) ? local_time.mday : ('0' + local_time.mday),
-		(local_time.hour >= 10) ? local_time.hour : ('0' + local_time.hour),
-		(local_time.min >= 10) ? local_time.min : ('0' + local_time.min),
-		(local_time.sec >= 10) ? local_time.sec : ('0' + local_time.sec)
-	);
-
-};
 /* Utilities end */
 
 /* String helper start */

homeproxy/root/etc/homeproxy/scripts/update_resources.sh

@@ -40,11 +40,11 @@ to_upper() {
 check_geodata_update() {
 	local geotype="$1"
 	local georepo="$2"
-	local curl="curl --connect-timeout 5 -fsSL"
+	local wget="wget --timeout=10 -q"
 
 	set_lock "set" "$geotype"
 
-	local geodata_ver="$($curl "https://api.github.com/repos/$georepo/releases/latest" | jsonfilter -e "@.tag_name")"
+	local geodata_ver="$($wget -O- "https://api.github.com/repos/$georepo/releases/latest" | jsonfilter -e "@.tag_name")"
 	if [ -z "$geodata_ver" ]; then
 		log "[$(to_upper "$geotype")] Failed to get the latest version, please retry later."
 
@@ -64,8 +64,8 @@ check_geodata_update() {
 	fi
 
 	local geodata_hash
-	$curl "https://github.com/$georepo/releases/download/$geodata_ver/$geotype.db" -o "$RUN_DIR/$geotype.db"
-	geodata_hash="$($curl "https://github.com/$georepo/releases/download/$geodata_ver/$geotype.db.sha256sum" | awk '{print $1}')"
+	$wget "https://github.com/$georepo/releases/download/$geodata_ver/$geotype.db" -O "$RUN_DIR/$geotype.db"
+	geodata_hash="$($wget -O- "https://github.com/$georepo/releases/download/$geodata_ver/$geotype.db.sha256sum" | awk '{print $1}')"
 	if ! echo -e "$geodata_hash $RUN_DIR/$geotype.db" | sha256sum -s -c -; then
 		rm -f "$RUN_DIR/$geotype.db"
 		log "[$(to_upper "$geotype")] Update failed."
@@ -87,11 +87,11 @@ check_list_update() {
 	local listrepo="$2"
 	local listref="$3"
 	local listname="$4"
-	local curl="curl --connect-timeout 5 -fsSL"
+	local wget="wget --timeout=10 -q"
 
 	set_lock "set" "$listtype"
 
-	local list_info="$($curl "https://api.github.com/repos/$listrepo/commits?sha=$listref&path=$listname")"
+	local list_info="$($wget -O- "https://api.github.com/repos/$listrepo/commits?sha=$listref&path=$listname")"
 	local list_sha="$(echo -e "$list_info" | jsonfilter -e "@[0].sha")"
 	local list_ver="$(echo -e "$list_info" | jsonfilter -e "@[0].commit.message" | grep -Eo "[0-9-]+" | tr -d '-')"
 	if [ -z "$list_sha" ] || [ -z "$list_ver" ]; then
@@ -112,7 +112,7 @@ check_list_update() {
 		log "[$(to_upper "$listtype")] Local version: $local_list_ver, latest version: $list_ver."
 	fi
 
-	$curl "https://fastly.jsdelivr.net/gh/$listrepo@$list_sha/$listname" -o "$RUN_DIR/$listname"
+	$wget "https://fastly.jsdelivr.net/gh/$listrepo@$list_sha/$listname" -O "$RUN_DIR/$listname"
 	if [ ! -s "$RUN_DIR/$listname" ]; then
 		rm -f "$RUN_DIR/$listname"
 		log "[$(to_upper "$listtype")] Update failed."
@@ -137,10 +137,10 @@ case "$1" in
 	check_geodata_update "$1" "1715173329/sing-geosite"
 	;;
 "china_ip4")
-	check_list_update "$1" "gaoyifan/china-operator-ip" "ip-lists" "china.txt"
+	check_list_update "$1" "1715173329/IPCIDR-CHINA" "master" "ipv4.txt"
 	;;
 "china_ip6")
-	check_list_update "$1" "gaoyifan/china-operator-ip" "ip-lists" "china6.txt"
+	check_list_update "$1" "1715173329/IPCIDR-CHINA" "master" "ipv6.txt"
 	;;
 "gfw_list")
 	check_list_update "$1" "Loyalsoldier/v2ray-rules-dat" "release" "gfw.txt"

homeproxy/root/etc/homeproxy/scripts/update_subscriptions.uc

@@ -15,7 +15,7 @@ import { urldecode, urlencode, urldecode_params } from 'luci.http';
 import { init_action } from 'luci.sys';
 
 import {
-	calcStringMD5, cURL, executeCommand, decodeBase64Str,
+	calcStringMD5, wGET, executeCommand, decodeBase64Str,
 	getTime, isEmpty, parseURL, validation,
 	HP_DIR, RUN_DIR
 } from 'homeproxy';
@@ -413,7 +413,7 @@ function main() {
 	}
 
 	for (let url in subscription_urls) {
-		const res = cURL(url);
+		const res = wGET(url);
 		if (!res) {
 			log(sprintf('Failed to fetch resources from %s.', url));
 			continue;
@@ -561,7 +561,8 @@ if (!isEmpty(subscription_urls))
 		call(main);
 	} catch(e) {
 		log('[FATAL ERROR] An error occurred during updating subscriptions:');
-		log(e);
+		log(sprintf('%s: %s', e.type, e.message));
+		log(e.stacktrace[0].context);
 
 		log('Restarting service...');
 		init_action('homeproxy', 'stop');

homeproxy/root/etc/init.d/homeproxy

@@ -70,31 +70,48 @@ start_service() {
 		config_get_bool ipv6_support "config" "ipv6_support" "0"
 
 		# DNSMasq rules
-		local dns_port nftset_v6
+		local dns_port china_dns_server china_dns_port
 		config_get dns_port "infra" "dns_port" "5333"
-		[ "$ipv6_support" -eq "0" ] || nftset_v6=",6#inet#fw4#homeproxy_gfw_list_v6"
 		mkdir -p "$DNSMASQ_DIR"
 		echo -e "conf-dir=$DNSMASQ_DIR" > "$DNSMASQ_DIR/../dnsmasq-homeproxy.conf"
-		if [ "$routing_mode" = "gfwlist" ]; then
-			sed -r -e "s/(.*)/server=\/\1\/127.0.0.1#$dns_port\nnftset=\/\1\\/4#inet#fw4#homeproxy_gfw_list_v4$nftset_v6/g" \
+		case "$routing_mode" in
+		"gfwlist")
+			[ "$ipv6_support" -eq "0" ] || local gfw_nftset_v6=",6#inet#fw4#homeproxy_gfw_list_v6"
+			sed -r -e "s/(.*)/server=\/\1\/127.0.0.1#$dns_port\nnftset=\/\1\\/4#inet#fw4#homeproxy_gfw_list_v4$gfw_nftset_v6/g" \
 				"$HP_DIR/resources/gfw_list.txt" > "$DNSMASQ_DIR/gfw_list.conf"
-		elif [ "$routing_mode" = "bypass_mainland_china" ]; then
-			sed -r -e "s/(.*)/server=\/\1\/127.0.0.1#$dns_port/g" \
-				"$HP_DIR/resources/gfw_list.txt" > "$DNSMASQ_DIR/gfw_list.conf"
-		elif [ "$routing_mode" = "proxy_mainland_china" ]; then
+			;;
+		"bypass_mainland_china")
+			config_get china_dns_server "config" "china_dns_server"
+			config_get china_dns_port "infra" "china_dns_port" "5334"
+
+			if [ -e "/usr/bin/chinadns-ng" ] && [ -n "$china_dns_server" ]; then
+				cat <<-EOF >> "$DNSMASQ_DIR/redirect-dns.conf"
+					no-poll
+					no-resolv
+					server=127.0.0.1#$china_dns_port
+				EOF
+			else
+				china_dns_server=""
+				sed -r -e "s/(.*)/server=\/\1\/127.0.0.1#$dns_port/g" \
+					"$HP_DIR/resources/gfw_list.txt" > "$DNSMASQ_DIR/gfw_list.conf"
+			fi
+			;;
+		"proxy_mainland_china")
 			sed -r -e "s/full://g" -e "/:/d" -e "s/(.*)/server=\/\1\/127.0.0.1#$dns_port/g" \
 				"$HP_DIR/resources/china_list.txt" > "$DNSMASQ_DIR/china_list.conf"
-		else
+			;;
+		"custom"|"global")
 			cat <<-EOF >> "$DNSMASQ_DIR/redirect-dns.conf"
 				no-poll
 				no-resolv
 				server=127.0.0.1#$dns_port
 			EOF
-		fi
+			;;
+		esac
 
 		if [ "$routing_mode" != "custom" ] && [ -s "$DNSMASQ_DIR/proxy_list.conf" ]; then
-			[ "$ipv6_support" -eq "0" ] || nftset_v6=",6#inet#fw4#homeproxy_wan_proxy_addr_v6"
-			sed -r -e '/^\s*$/d' -e "s/(.*)/server=\/\1\/127.0.0.1#$dns_port\nnftset=\/\1\\/4#inet#fw4#homeproxy_wan_proxy_addr_v4$nftset_v6/g" \
+			[ "$ipv6_support" -eq "0" ] || local wan_nftset_v6=",6#inet#fw4#homeproxy_wan_proxy_addr_v6"
+			sed -r -e '/^\s*$/d' -e "s/(.*)/server=\/\1\/127.0.0.1#$dns_port\nnftset=\/\1\\/4#inet#fw4#homeproxy_wan_proxy_addr_v4$wan_nftset_v6/g" \
 				"$HP_DIR/resources/proxy_list.txt" > "$DNSMASQ_DIR/proxy_list.conf"
 		fi
 		/etc/init.d/dnsmasq restart >"/dev/null" 2>&1
@@ -102,7 +119,8 @@ start_service() {
 		# Setup firewall
 		local table_mark
 		config_get table_mark "infra" "table_mark" "100"
-		if [ "$proxy_mode" = "redirect_tproxy" ]; then
+		case "$proxy_mode" in
+		"redirect_tproxy")
 			local outbound_udp_node
 			config_get outbound_udp_node "config" "main_udp_node" "nil"
 			if [ "$outbound_udp_node" != "nil" ] || [ "$routing_mode" = "custom" ]; then
@@ -117,7 +135,8 @@ start_service() {
 					ip -6 route add local ::/0 dev lo table "$table_mark"
 				fi
 			fi
-		elif [ "$proxy_mode" = "redirect_tun" ] || [ "$proxy_mode" = "tun" ]; then
+			;;
+		"redirect_tun"|"tun")
 			local tun_name tun_mark
 			config_get tun_name "infra" "tun_name" "singtun0"
 			config_get tun_mark "infra" "tun_mark" "102"
@@ -130,7 +149,8 @@ start_service() {
 
 			ip -6 route replace default dev "$tun_name" table "$table_mark"
 			ip -6 rule add fwmark "$tun_mark" lookup "$table_mark"
-		fi
+			;;
+		esac
 
 		utpl -S "$HP_DIR/scripts/firewall_post.ut" > "$RUN_DIR/fw4_post.nft"
 	fi
@@ -138,6 +158,7 @@ start_service() {
 	utpl -S "$HP_DIR/scripts/firewall_pre.ut" > "$RUN_DIR/fw4_pre.nft"
 	fw4 reload >"/dev/null" 2>&1
 
+	# sing-box
 	procd_open_instance "sing-box"
 
 	procd_set_param command "$PROG"
@@ -150,6 +171,34 @@ start_service() {
 
 	procd_close_instance
 
+	# chinadns-ng
+	if [ -n "$china_dns_server" ]; then
+		local wandns="$(ifstatus wan | jsonfilter -e '@["dns-server"][0]' || echo "119.29.29.29")"
+		case "$china_dns_server" in
+		"wan") china_dns_server="$wandns" ;;
+		"wan_114") china_dns_server="$wandns,114.114.114.114" ;;
+		esac
+
+		procd_open_instance "chinadns-ng"
+
+		procd_set_param command "/usr/bin/chinadns-ng"
+		procd_append_param command --bind-port "$china_dns_port"
+		procd_append_param command --china-dns "$china_dns_server"
+		procd_append_param command --trust-dns "127.0.0.1#$dns_port"
+		procd_append_param command --ipset-name4 "inet@fw4@homeproxy_mainland_addr_v4"
+		procd_append_param command --ipset-name6 "inet@fw4@homeproxy_mainland_addr_v6"
+		procd_append_param command --gfwlist-file "$HP_DIR/resources/gfw_list.txt"
+		[ "$ipv6_support" -eq "1" ] || procd_append_param command --no-ipv6=tC
+
+		procd_set_param limits core="unlimited"
+		procd_set_param limits nofile="1000000 1000000"
+		procd_set_param stderr 1
+		procd_set_param respawn
+
+		procd_close_instance
+	fi
+
+	# log-cleaner
 	procd_open_instance "log-cleaner"
 	procd_set_param command "$HP_DIR/scripts/clean_log.sh"
 	procd_set_param respawn

homeproxy/root/usr/share/rpcd/ucode/luci.homeproxy

@@ -148,6 +148,7 @@ const methods = {
 				fd.close();
 			}
 
+			features.hp_has_chinadns_ng = access('/usr/bin/chinadns-ng');
 			features.hp_has_tproxy = access('/etc/modules.d/nft-tproxy');
 			features.hp_has_tun = access('/etc/modules.d/30-tun');
 

luci-app-quickstart/Makefile

@@ -9,7 +9,7 @@ LUCI_TITLE:=LuCI support for quickstart
 LUCI_DEPENDS:=+quickstart +luci-app-store
 LUCI_PKGARCH:=all
 
-PKG_VERSION:=0.7.2-1
+PKG_VERSION:=0.7.4-1
 # PKG_RELEASE MUST be empty for luci.mk
 PKG_RELEASE:=
 

quickstart/Makefile

@@ -10,11 +10,11 @@ include $(TOPDIR)/rules.mk
 PKG_ARCH_quickstart:=$(ARCH)
 
 PKG_NAME:=quickstart
-PKG_VERSION:=0.7.3
+PKG_VERSION:=0.7.4
 PKG_RELEASE:=1
 PKG_SOURCE:=$(PKG_NAME)-binary-$(PKG_VERSION).tar.gz
-PKG_SOURCE_URL:=https://fw.koolcenter.com/binary/quickstart/
-PKG_HASH:=65c14deccf7afb8179a347e31a6f1e5d20333e7b01f9003837abae15c3955ada
+PKG_SOURCE_URL:=https://github.com/linkease/istore-packages/releases/download/prebuilt/
+PKG_HASH:=1a4d4fe3f9011c7b40e430e782cbd9268ba4ed102897f864ccaadba5fe9f9d51
 
 PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-binary-$(PKG_VERSION)