Added site config

batman-adv uses gratuitous ARP packets with certain target addresses for
BLA.

Fixes #1198

.gitignore

@@ -1,7 +1,6 @@
 *~
-/build
-/images
+/lede
+/output
 /site
-/openwrt
+/tmp
 /packages
-/modules.local

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "site"]
+	path = site
+	url = https://git.dezentrale.cloud/Freifunk-Leipzig/gluon-site.git

CONTRIBUTING.md

@@ -0,0 +1,53 @@
+Contribution Guidelines
+=======================
+
+Because Gluon is such a universal software package that is used by several
+different communities with different expectations and requirements, it is both
+essential and difficult to have contributions from the communities. While they
+are sometimes necessary to adapt Gluon to the needs of the communities, they
+also have to be adaptable enough to fit as many needs as possible. On the other
+hands, very special needs are better addressed in [packages] in community
+repositories, because the Gluon maintainers would not use or test them and
+thus couldn't do their "job" of maintaining them.
+
+To ease the work for the maintainers and to reduce the frustration of
+contributors, please adhere to the following guidelines:
+
+Discuss first, build later
+--------------------------
+If you have some non-trivial enhancement like a new package, some modification
+of what is announced by a node, it is often best to first discuss the precise
+solution first. The maintainers might have hints as to how a solution could be
+implemented easiest, point out solutions how the same thing can already be done
+using other parts or why the proposed change breaks other parts of the system.
+They might even refuse the idea altogether - after all, they have to sleep well
+after merging the changes, too.
+
+The preferred way to discuss in the IRC channel ([#gluon] on irc.hackint.org)
+or on the [mailing list], however, you can also open a new issue on Github to
+discuss there. We maintain a [list of rejected features] and we'd like to
+kindly ask you to review it first. In general, looking for duplicates may save
+you some time.
+
+Develop on top of master
+------------------------
+If you are not developing something specific to a release (like for example a
+security fix to a feature that got completely rewritten since the release),
+develop it on top of the master branch. New features and even feature changes
+aren't usually backported to old releases, but will be included in the upcoming
+release, which will be built from master.
+
+Use descriptive commit messages
+-------------------------------
+If you modify a single package, start the first line of your commit message
+with the package name followed by a colon. The first line should be enough to
+identify the commit a week later and still know roughly what it did. If you
+fix some bug, detail in the remaining commit message exactly how it could be
+triggered and what you did to fix it. If in question, have a glance at the
+existing commit messages to get the idea.
+
+
+[packages]: http://gluon.readthedocs.org/en/latest/user/site.html#packages
+[#gluon]: https://webirc.hackint.org/#gluon
+[mailing list]: mailto:gluon@luebeck.freifunk.net
+[list of rejected features]: https://github.com/freifunk-gluon/gluon/issues?q=label%3Arejected

LICENSE

@@ -1,7 +1,7 @@
 The code of Project Gluon may be distributed under the following terms, unless
-noted otherwise in indiviual files or subtrees.
+noted otherwise in individual files or subtrees.
 
-Copyright (c) 2013, Project Gluon
+Copyright (c) 2013-2017, Project Gluon
 All rights reserved.
 
 Redistribution and use in source and binary forms, with or without
@@ -25,10 +25,10 @@ OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 
-OpenWRT is licensed under the terms of the GNU General Public License Version 2,
-which can be found under openwrt/LICENSE after the openwrt submodule has been
-obtained. This applies to the following submodules:
- * openwrt
+LEDE and OpenWrt are licensed under the terms of the GNU General Public License
+Version 2, which can be found at lede/LICENSE after the lede repository has been
+obtained. This applies to the following repositories:
+ * lede
  * packages/openwrt
  * packages/routing
  * packages/luci

Makefile

@@ -4,411 +4,158 @@ LC_ALL:=C
 LANG:=C
 export LC_ALL LANG
 
-empty:=
-space:= $(empty) $(empty)
 
-GLUONMAKE_EARLY = $(SUBMAKE) -C $(GLUON_ORIGOPENWRTDIR) -f $(GLUONDIR)/Makefile GLUON_TOOLS=0
-GLUONMAKE = $(SUBMAKE) -C $(GLUON_OPENWRTDIR) -f $(GLUONDIR)/Makefile
+GLUON_SITEDIR ?= $(CURDIR)/site
+GLUON_TMPDIR ?= $(CURDIR)/tmp
 
-ifneq ($(OPENWRT_BUILD),1)
+GLUON_OUTPUTDIR ?= $(CURDIR)/output
+GLUON_IMAGEDIR ?= $(GLUON_OUTPUTDIR)/images
+GLUON_PACKAGEDIR ?= $(GLUON_OUTPUTDIR)/packages
 
-GLUONDIR:=${CURDIR}
+export GLUON_TMPDIR GLUON_IMAGEDIR GLUON_PACKAGEDIR DEVICES
 
-include $(GLUONDIR)/include/gluon.mk
 
-TOPDIR:=$(GLUON_ORIGOPENWRTDIR)
-export TOPDIR
+$(GLUON_SITEDIR)/site.mk:
+	$(error No site configuration was found. Please check out a site configuration to $(GLUON_SITEDIR))
+
+include $(GLUON_SITEDIR)/site.mk
+
+
+GLUON_RELEASE ?= $(error GLUON_RELEASE not set. GLUON_RELEASE can be set in site.mk or on the command line)
+
+
+export GLUON_RELEASE GLUON_ATH10K_MESH GLUON_REGION GLUON_DEBUG
+
+show-release:
+	@echo '$(GLUON_RELEASE)'
 
 
 update: FORCE
-	$(GLUONDIR)/scripts/update.sh
-	$(GLUONDIR)/scripts/patch.sh
-
-patch: FORCE
-	$(GLUONDIR)/scripts/patch.sh
-
-unpatch: FORCE
-	$(GLUONDIR)/scripts/unpatch.sh
+	@GLUON_SITEDIR='$(GLUON_SITEDIR)' scripts/update.sh
+	@GLUON_SITEDIR='$(GLUON_SITEDIR)' scripts/patch.sh
+	@GLUON_SITEDIR='$(GLUON_SITEDIR)' scripts/feeds.sh
 
 update-patches: FORCE
-	$(GLUONDIR)/scripts/update.sh
-	$(GLUONDIR)/scripts/update-patches.sh
-	$(GLUONDIR)/scripts/patch.sh
+	@GLUON_SITEDIR='$(GLUON_SITEDIR)' scripts/update.sh
+	@GLUON_SITEDIR='$(GLUON_SITEDIR)' scripts/update-patches.sh
+	@GLUON_SITEDIR='$(GLUON_SITEDIR)' scripts/patch.sh
 
--include $(TOPDIR)/include/host.mk
-
-_SINGLE=export MAKEFLAGS=$(space);
-
-override OPENWRT_BUILD=1
-override GLUON_TOOLS=1
-GREP_OPTIONS=
-export OPENWRT_BUILD GLUON_TOOLS GREP_OPTIONS
-
--include $(TOPDIR)/include/debug.mk
--include $(TOPDIR)/include/depends.mk
-include $(GLUONDIR)/include/toplevel.mk
+update-feeds: FORCE
+	@GLUON_SITEDIR='$(GLUON_SITEDIR)' scripts/feeds.sh
 
 
-include $(GLUONDIR)/targets/targets.mk
+GLUON_TARGETS :=
+
+define GluonTarget
+gluon_target := $(1)$$(if $(2),-$(2))
+GLUON_TARGETS += $$(gluon_target)
+GLUON_TARGET_$$(gluon_target)_BOARD := $(1)
+GLUON_TARGET_$$(gluon_target)_SUBTARGET := $(if $(3),$(3),$(2))
+endef
+
+include targets/targets.mk
 
 
-CheckTarget := [ -n '$(GLUON_TARGET)' -a -n '$(GLUON_TARGET_$(GLUON_TARGET)_BOARD)' -a -n '$(GLUON_TARGET_$(GLUON_TARGET)_SUBTARGET)' ] \
-	|| (echo -e 'Please set GLUON_TARGET to a valid target. Gluon supports the following targets:$(subst $(space),\n * ,$(GLUON_TARGETS))'; false)
+LEDEMAKE = $(MAKE) -C lede
+
+BOARD := $(GLUON_TARGET_$(GLUON_TARGET)_BOARD)
+SUBTARGET := $(GLUON_TARGET_$(GLUON_TARGET)_SUBTARGET)
+LEDE_TARGET := $(BOARD)$(if $(SUBTARGET),-$(SUBTARGET))
+
+export LEDE_TARGET
 
 
-CheckExternal := test -d $(GLUON_ORIGOPENWRTDIR) || (echo 'You don'"'"'t seem to have obtained the external repositories needed by Gluon; please call `make update` first!'; false)
+CheckTarget := [ '$(LEDE_TARGET)' ] \
+	|| (echo 'Please set GLUON_TARGET to a valid target. Gluon supports the following targets:'; $(foreach target,$(GLUON_TARGETS),echo ' * $(target)';) false)
+
+CheckExternal := test -d lede || (echo 'You don'"'"'t seem to have obtained the external repositories needed by Gluon; please call `make update` first!'; false)
 
 
-prepare-target: FORCE
+list-targets: FORCE
+	@$(foreach target,$(GLUON_TARGETS),echo '$(target)';)
+
+
+GLUON_DEFAULT_PACKAGES := -odhcpd -ppp -ppp-mod-pppoe -wpad-mini gluon-core ip6tables hostapd-mini
+
+GLUON_PACKAGES :=
+define merge_packages
+  $(foreach pkg,$(1),
+    GLUON_PACKAGES := $$(strip $$(filter-out -$$(patsubst -%,%,$(pkg)) $$(patsubst -%,%,$(pkg)),$$(GLUON_PACKAGES)) $(pkg))
+  )
+endef
+$(eval $(call merge_packages,$(GLUON_DEFAULT_PACKAGES) $(GLUON_SITE_PACKAGES)))
+
+GLUON_PACKAGES_YES := $(filter-out -%,$(GLUON_PACKAGES))
+GLUON_PACKAGES_NO := $(patsubst -%,%,$(filter -%,$(GLUON_PACKAGES)))
+
+
+config: FORCE
 	@$(CheckExternal)
 	@$(CheckTarget)
-	+@$(GLUONMAKE_EARLY) prepare-target
 
+	@( \
+		echo 'CONFIG_TARGET_$(BOARD)=y' \
+		$(if $(SUBTARGET),&& echo 'CONFIG_TARGET_$(BOARD)_$(SUBTARGET)=y') \
+		$(foreach pkg,$(GLUON_PACKAGES_NO),&& echo '# CONFIG_PACKAGE_$(pkg) is not set') \
+		&& scripts/target_config.sh generic \
+		&& GLUON_SITEDIR='$(GLUON_SITEDIR)' scripts/target_config.sh '$(GLUON_TARGET)' \
+		$(foreach pkg,$(GLUON_PACKAGES_YES),&& echo 'CONFIG_PACKAGE_$(pkg)=y') \
+		$(foreach lang,$(GLUON_LANGS),&& echo 'CONFIG_GLUON_WEB_LANG_$(lang)=y') \
+		&& echo 'CONFIG_GLUON_RELEASE="$(GLUON_RELEASE)"' \
+		&& echo 'CONFIG_GLUON_SITEDIR="$(GLUON_SITEDIR)"' \
+		&& echo 'CONFIG_GLUON_BRANCH="$(GLUON_BRANCH)"' \
+	) > lede/.config
+	+@$(LEDEMAKE) defconfig
+
+	@GLUON_SITEDIR='$(GLUON_SITEDIR)' scripts/target_config_check.sh '$(GLUON_TARGET)' '$(GLUON_PACKAGES_YES)'
+
+
+LUA := lede/staging_dir/hostpkg/bin/lua
+
+$(LUA):
+	@$(CheckExternal)
+
+	+@[ -e lede/.config ] || $(LEDEMAKE) defconfig
+	+@$(LEDEMAKE) tools/install
+	+@$(LEDEMAKE) package/lua/host/install
+
+prepare-target: config $(LUA) ;
 
 all: prepare-target
-	+@$(GLUONMAKE) prepare
-	+@$(GLUONMAKE) images
+	@GLUON_SITEDIR='$(GLUON_SITEDIR)' $(LUA) scripts/site_config.lua \
+                || (echo 'Your site configuration did not pass validation.'; false)
 
-prepare: prepare-target
-	+@$(GLUONMAKE) $@
+	@scripts/clean_output.sh
+	+@$(LEDEMAKE)
+	@GLUON_SITEDIR='$(GLUON_SITEDIR)' scripts/copy_output.sh '$(GLUON_TARGET)'
 
-clean download images: FORCE
-	@$(CheckExternal)
-	@$(CheckTarget)
-	+@$(GLUONMAKE_EARLY) maybe-prepare-target
-	+@$(GLUONMAKE) $@
+clean download: config
+	+@$(LEDEMAKE) $@
 
-toolchain/% package/% target/% image/%: FORCE
-	@$(CheckExternal)
-	@$(CheckTarget)
-	+@$(GLUONMAKE_EARLY) maybe-prepare-target
-	+@$(GLUONMAKE) $@
+dirclean: FORCE
+	+@[ -e lede/.config ] || $(LEDEMAKE) defconfig
+	+@$(LEDEMAKE) dirclean
+	@rm -rf $(GLUON_TMPDIR) $(GLUON_OUTPUTDIR)
 
-manifest: FORCE
-	@[ -n '$(GLUON_BRANCH)' ] || (echo 'Please set GLUON_BRANCH to create a manifest.'; false)
+manifest: $(LUA) FORCE
+	@[ '$(GLUON_BRANCH)' ] || (echo 'Please set GLUON_BRANCH to create a manifest.'; false)
 	@echo '$(GLUON_PRIORITY)' | grep -qE '^([0-9]*\.)?[0-9]+$$' || (echo 'Please specify a numeric value for GLUON_PRIORITY to create a manifest.'; false)
 	@$(CheckExternal)
 
-	( \
+	@( \
 		echo 'BRANCH=$(GLUON_BRANCH)' && \
-		echo 'DATE=$(shell $(GLUON_ORIGOPENWRTDIR)/staging_dir/host/bin/lua $(GLUONDIR)/scripts/rfc3339date.lua)' && \
+		echo "DATE=$$($(LUA) scripts/rfc3339date.lua)" && \
 		echo 'PRIORITY=$(GLUON_PRIORITY)' && \
-		echo \
-	) > $(GLUON_BUILDDIR)/$(GLUON_BRANCH).manifest.tmp
-
-	+($(foreach GLUON_TARGET,$(GLUON_TARGETS), \
-		( [ ! -e $(BOARD_BUILDDIR)/prepared ] || ( $(GLUONMAKE) manifest GLUON_TARGET='$(GLUON_TARGET)' V=s$(OPENWRT_VERBOSE) ) ) && \
-	) :)
-
-	mkdir -p $(GLUON_IMAGEDIR)/sysupgrade
-	mv $(GLUON_BUILDDIR)/$(GLUON_BRANCH).manifest.tmp $(GLUON_IMAGEDIR)/sysupgrade/$(GLUON_BRANCH).manifest
-
-dirclean : FORCE
-	for dir in build_dir dl staging_dir tmp; do \
-		rm -rf $(GLUON_ORIGOPENWRTDIR)/$$dir; \
-	done
-	rm -rf $(GLUON_BUILDDIR) $(GLUON_IMAGEDIR)
-
-else
-
-TOPDIR=${CURDIR}
-export TOPDIR
-
-include rules.mk
-
-include $(GLUONDIR)/include/gluon.mk
-
-include $(INCLUDE_DIR)/host.mk
-include $(INCLUDE_DIR)/depends.mk
-include $(INCLUDE_DIR)/subdir.mk
-
-include package/Makefile
-include tools/Makefile
-include toolchain/Makefile
-include target/Makefile
-
-
-PROFILES :=
-PROFILE_PACKAGES :=
-
-define Profile
-  $(eval $(call Profile/Default))
-  $(eval $(call Profile/$(1)))
-endef
-
-define GluonProfile
-PROFILES += $(1)
-PROFILE_PACKAGES += $(filter-out -%,$(2) $(GLUON_$(1)_SITE_PACKAGES))
-GLUON_$(1)_DEFAULT_PACKAGES := $(2)
-GLUON_$(1)_FACTORY_SUFFIX := -squashfs-factory
-GLUON_$(1)_SYSUPGRADE_SUFFIX := -squashfs-sysupgrade
-GLUON_$(1)_FACTORY_EXT := .bin
-GLUON_$(1)_SYSUPGRADE_EXT := .bin
-GLUON_$(1)_MODELS :=
-endef
-
-define GluonProfileFactorySuffix
-GLUON_$(1)_FACTORY_SUFFIX := $(2)
-GLUON_$(1)_FACTORY_EXT := $(3)
-endef
-
-define GluonProfileSysupgradeSuffix
-GLUON_$(1)_SYSUPGRADE_SUFFIX := $(2)
-GLUON_$(1)_SYSUPGRADE_EXT := $(3)
-endef
-
-define GluonModel
-GLUON_$(1)_MODELS += $(3)
-GLUON_$(1)_MODEL_$(3) := $(2)
-endef
-
-
-include $(GLUONDIR)/targets/targets.mk
-include $(GLUONDIR)/targets/$(GLUON_TARGET)/profiles.mk
-
-BOARD := $(GLUON_TARGET_$(GLUON_TARGET)_BOARD)
-override SUBTARGET := $(GLUON_TARGET_$(GLUON_TARGET)_SUBTARGET)
-
-target_prepared_stamp := $(BOARD_BUILDDIR)/target-prepared
-gluon_prepared_stamp := $(BOARD_BUILDDIR)/prepared
-
-
-include $(INCLUDE_DIR)/target.mk
-
-
-prereq: FORCE
-	+$(NO_TRACE_MAKE) prereq
-
-gluon-tools: FORCE
-	+$(GLUONMAKE_EARLY) tools/sed/install
-	+$(GLUONMAKE_EARLY) package/lua/host/install
-
-prepare-tmpinfo: FORCE
-	mkdir -p tmp/info
-	$(_SINGLE)$(NO_TRACE_MAKE) -j1 -r -s -f include/scan.mk SCAN_TARGET="packageinfo" SCAN_DIR="package" SCAN_NAME="package" SCAN_DEPS="$(TOPDIR)/include/package*.mk $(TOPDIR)/overlay/*/*.mk" SCAN_EXTRA=""
-	$(_SINGLE)$(NO_TRACE_MAKE) -j1 -r -s -f include/scan.mk SCAN_TARGET="targetinfo" SCAN_DIR="target/linux" SCAN_NAME="target" SCAN_DEPS="profiles/*.mk $(TOPDIR)/include/kernel*.mk $(TOPDIR)/include/target.mk" SCAN_DEPTH=2 SCAN_EXTRA="" SCAN_MAKEOPTS="TARGET_BUILD=1"
-	for type in package target; do \
-		f=tmp/.$${type}info; t=tmp/.config-$${type}.in; \
-		[ "$$t" -nt "$$f" ] || ./scripts/metadata.pl $${type}_config "$$f" > "$$t" || { rm -f "$$t"; echo "Failed to build $$t"; false; break; }; \
-	done
-	[ tmp/.config-feeds.in -nt tmp/.packagefeeds ] || ./scripts/feeds feed_config > tmp/.config-feeds.in
-	./scripts/metadata.pl package_mk tmp/.packageinfo > tmp/.packagedeps || { rm -f tmp/.packagedeps; false; }
-	./scripts/metadata.pl package_feeds tmp/.packageinfo > tmp/.packagefeeds || { rm -f tmp/.packagefeeds; false; }
-	touch $(TOPDIR)/tmp/.build
-
-feeds: FORCE
-	rm -rf $(TOPDIR)/package/feeds
-	mkdir $(TOPDIR)/package/feeds
-	[ ! -f $(GLUON_SITEDIR)/modules ] || . $(GLUON_SITEDIR)/modules && for feed in $$GLUON_SITE_FEEDS; do ln -s ../../../packages/$$feed $(TOPDIR)/package/feeds/$$feed; done
-	ln -s ../../../package $(TOPDIR)/package/feeds/gluon
-	. $(GLUONDIR)/modules && for feed in $$GLUON_FEEDS; do ln -s ../../../packages/$$feed $(TOPDIR)/package/feeds/module_$$feed; done
-	+$(GLUONMAKE_EARLY) prepare-tmpinfo
-
-config: FORCE
-	+$(NO_TRACE_MAKE) scripts/config/conf OPENWRT_BUILD=0
-	+$(GLUONMAKE) prepare-tmpinfo
-	( \
-		cat $(GLUONDIR)/include/config $(GLUONDIR)/targets/$(GLUON_TARGET)/config; \
-		echo 'CONFIG_BUILD_SUFFIX="gluon-$(GLUON_TARGET)"'; \
-		echo '$(patsubst %,CONFIG_PACKAGE_%=m,$(sort $(filter-out -%,$(GLUON_DEFAULT_PACKAGES) $(GLUON_SITE_PACKAGES) $(PROFILE_PACKAGES))))' \
-			| sed -e 's/ /\n/g'; \
-		echo '$(patsubst %,CONFIG_GLUON_LANG_%=y,$(GLUON_LANGS))' \
-			| sed -e 's/ /\n/g'; \
-	) > $(BOARD_BUILDDIR)/config.tmp
-	scripts/config/conf --defconfig=$(BOARD_BUILDDIR)/config.tmp Config.in
-	mv .config $(BOARD_BUILDDIR)/config
-
-	echo 'CONFIG_ALL_KMODS=y' >> $(BOARD_BUILDDIR)/config.tmp
-	scripts/config/conf --defconfig=$(BOARD_BUILDDIR)/config.tmp Config.in
-	mv .config $(BOARD_BUILDDIR)/config-allmods
-
-	cp $(BOARD_BUILDDIR)/config .config
-
-prepare-target: FORCE
-	rm $(GLUON_OPENWRTDIR)/tmp || true
-	mkdir -p $(GLUON_OPENWRTDIR)/tmp
-
-	for dir in build_dir dl staging_dir; do \
-		mkdir -p $(GLUON_ORIGOPENWRTDIR)/$$dir; \
-	done
-	for link in build_dir config Config.in dl include Makefile package rules.mk scripts staging_dir target toolchain tools; do \
-		ln -sf $(GLUON_ORIGOPENWRTDIR)/$$link $(GLUON_OPENWRTDIR); \
-	done
-
-	+$(GLUONMAKE_EARLY) feeds
-	+$(GLUONMAKE_EARLY) gluon-tools
-	+$(GLUONMAKE) config
-	touch $(target_prepared_stamp)
-
-$(target_prepared_stamp):
-	+$(GLUONMAKE_EARLY) prepare-target
-
-maybe-prepare-target: $(target_prepared_stamp)
-
-$(BUILD_DIR)/.prepared: Makefile
-	@mkdir -p $$(dirname $@)
-	@touch $@
-
-$(toolchain/stamp-install): $(tools/stamp-install)
-$(package/stamp-compile): $(package/stamp-cleanup)
-
-
-clean: FORCE
-	+$(SUBMAKE) clean
-	rm -f $(gluon_prepared_stamp)
-
-
-export SHA512SUM := $(GLUONDIR)/scripts/sha512sum.sh
-
-
-download: FORCE
-	+$(SUBMAKE) tools/download
-	+$(SUBMAKE) toolchain/download
-	+$(SUBMAKE) package/download
-	+$(SUBMAKE) target/download
-
-toolchain: $(toolchain/stamp-install) $(tools/stamp-install)
-
-include $(INCLUDE_DIR)/kernel.mk
-
-kernel: FORCE
-	+$(NO_TRACE_MAKE) -C $(TOPDIR)/target/linux/$(BOARD) -f $(GLUONDIR)/include/Makefile.target $(LINUX_DIR)/.image TARGET_BUILD=1
-	+$(NO_TRACE_MAKE) -C $(TOPDIR)/target/linux/$(BOARD) -f $(GLUONDIR)/include/Makefile.target $(LINUX_DIR)/.modules TARGET_BUILD=1
-
-packages: $(package/stamp-compile)
-	$(_SINGLE)$(SUBMAKE) -r package/index
-
-prepare-image: FORCE
-	rm -rf $(BOARD_KDIR)
-	mkdir -p $(BOARD_KDIR)
-	cp $(KERNEL_BUILD_DIR)/vmlinux $(KERNEL_BUILD_DIR)/vmlinux.elf $(BOARD_KDIR)/
-	+$(SUBMAKE) -C $(TOPDIR)/target/linux/$(BOARD)/image -f $(GLUONDIR)/include/Makefile.image prepare KDIR="$(BOARD_KDIR)"
-
-prepare: FORCE
-	@$(STAGING_DIR_HOST)/bin/lua $(GLUONDIR)/package/gluon-core/files/usr/lib/lua/gluon/site_config.lua \
-		|| (echo 'Your site configuration did not pass validation.'; false)
-
-	mkdir -p $(GLUON_IMAGEDIR) $(BOARD_BUILDDIR)
-	echo 'src packages file:../openwrt/bin/$(BOARD)/packages' > $(BOARD_BUILDDIR)/opkg.conf
-
-	+$(GLUONMAKE) toolchain
-	+$(GLUONMAKE) kernel
-	+$(GLUONMAKE) packages
-	+$(GLUONMAKE) prepare-image
-
-	echo "$(GLUON_RELEASE)" > $(gluon_prepared_stamp)
-
-$(gluon_prepared_stamp):
-	+$(GLUONMAKE) prepare
-
-
-include $(INCLUDE_DIR)/package-ipkg.mk
-
-# override variables from rules.mk
-PACKAGE_DIR = $(GLUON_OPENWRTDIR)/bin/$(BOARD)/packages
-
-PROFILE_BUILDDIR = $(BOARD_BUILDDIR)/profiles/$(PROFILE)
-PROFILE_KDIR = $(PROFILE_BUILDDIR)/kernel
-BIN_DIR = $(PROFILE_BUILDDIR)/images
-
-TARGET_DIR = $(PROFILE_BUILDDIR)/root
-
-PREPARED_RELEASE = $$(cat $(gluon_prepared_stamp))
-IMAGE_PREFIX = gluon-$(GLUON_SITE_CODE)-$(PREPARED_RELEASE)
-
-OPKG:= \
-  IPKG_TMP="$(TMP_DIR)/ipkgtmp" \
-  IPKG_INSTROOT="$(TARGET_DIR)" \
-  IPKG_CONF_DIR="$(TMP_DIR)" \
-  IPKG_OFFLINE_ROOT="$(TARGET_DIR)" \
-  $(STAGING_DIR_HOST)/bin/opkg \
-	-f $(BOARD_BUILDDIR)/opkg.conf \
-	--cache $(TMP_DIR)/dl \
-	--offline-root $(TARGET_DIR) \
-	--force-postinstall \
-	--add-dest root:/ \
-	--add-arch all:100 \
-	--add-arch $(ARCH_PACKAGES):200
-
-EnableInitscript = ! grep -q '\#!/bin/sh /etc/rc.common' $(1) || bash ./etc/rc.common $(1) enable
-
-
-enable_initscripts: FORCE
-	cd $(TARGET_DIR) && ( export IPKG_INSTROOT=$(TARGET_DIR); \
-		$(foreach script,$(wildcard $(TARGET_DIR)/etc/init.d/*), \
-			$(call EnableInitscript,$(script)); \
+		echo && \
+		$(foreach GLUON_TARGET,$(GLUON_TARGETS), \
+			GLUON_SITEDIR='$(GLUON_SITEDIR)' scripts/generate_manifest.sh '$(GLUON_TARGET)' && \
 		) : \
-	)
+	) > 'tmp/$(GLUON_BRANCH).manifest.tmp'
 
+	@mkdir -p '$(GLUON_IMAGEDIR)/sysupgrade'
+	@mv 'tmp/$(GLUON_BRANCH).manifest.tmp' '$(GLUON_IMAGEDIR)/sysupgrade/$(GLUON_BRANCH).manifest'
 
-# Generate package list
-$(eval $(call merge-lists,INSTALL_PACKAGES,DEFAULT_PACKAGES GLUON_DEFAULT_PACKAGES GLUON_SITE_PACKAGES GLUON_$(PROFILE)_DEFAULT_PACKAGES GLUON_$(PROFILE)_SITE_PACKAGES))
+FORCE: ;
 
-package_install: FORCE
-	$(OPKG) update
-	$(OPKG) install $(PACKAGE_DIR)/libc_*.ipk
-	$(OPKG) install $(PACKAGE_DIR)/kernel_*.ipk
-
-	$(OPKG) install $(INSTALL_PACKAGES)
-	+$(GLUONMAKE) enable_initscripts
-
-	rm -f $(TARGET_DIR)/usr/lib/opkg/lists/* $(TARGET_DIR)/tmp/opkg.lock
-
-ifeq ($(GLUON_OPKG_CONFIG),1)
-include $(INCLUDE_DIR)/version.mk
-endif
-
-opkg_config: FORCE
-	cp $(GLUON_OPENWRTDIR)/package/system/opkg/files/opkg.conf $(TARGET_DIR)/etc/opkg.conf
-	for d in base luci packages routing telephony management oldpackages; do \
-		echo "src/gz %n_$$d %U/$$d" >> $(TARGET_DIR)/etc/opkg.conf; \
-	done
-	$(VERSION_SED) $(TARGET_DIR)/etc/opkg.conf
-
-
-image: FORCE
-	rm -rf $(TARGET_DIR) $(BIN_DIR) $(PROFILE_KDIR)
-	mkdir -p $(TARGET_DIR) $(BIN_DIR) $(TARGET_DIR)/tmp $(GLUON_IMAGEDIR)/factory $(GLUON_IMAGEDIR)/sysupgrade
-	cp -r $(BOARD_KDIR) $(PROFILE_KDIR)
-
-	+$(GLUONMAKE) package_install
-	+$(GLUONMAKE) opkg_config GLUON_OPKG_CONFIG=1
-
-	$(call Image/mkfs/prepare)
-	$(_SINGLE)$(NO_TRACE_MAKE) -C $(TOPDIR)/target/linux/$(BOARD)/image install TARGET_BUILD=1 IB=1 IMG_PREFIX=gluon \
-		PROFILE="$(PROFILE)" KDIR="$(PROFILE_KDIR)" TARGET_DIR="$(TARGET_DIR)" BIN_DIR="$(BIN_DIR)" TMP_DIR="$(TMP_DIR)"
-
-	$(foreach model,$(GLUON_$(PROFILE)_MODELS), \
-		$(if $(GLUON_$(PROFILE)_SYSUPGRADE_EXT), \
-			rm -f $(GLUON_IMAGEDIR)/sysupgrade/gluon-*-$(model)-sysupgrade$(GLUON_$(PROFILE)_SYSUPGRADE_EXT) && \
-			cp $(BIN_DIR)/gluon-$(GLUON_$(PROFILE)_MODEL_$(model))$(GLUON_$(PROFILE)_SYSUPGRADE_SUFFIX)$(GLUON_$(PROFILE)_SYSUPGRADE_EXT) $(GLUON_IMAGEDIR)/sysupgrade/$(IMAGE_PREFIX)-$(model)-sysupgrade$(GLUON_$(PROFILE)_SYSUPGRADE_EXT) && \
-		) \
-		$(if $(GLUON_$(PROFILE)_FACTORY_EXT), \
-			rm -f $(GLUON_IMAGEDIR)/factory/gluon-*-$(model)$(GLUON_$(PROFILE)_FACTORY_EXT) && \
-			cp $(BIN_DIR)/gluon-$(GLUON_$(PROFILE)_MODEL_$(model))$(GLUON_$(PROFILE)_FACTORY_SUFFIX)$(GLUON_$(PROFILE)_FACTORY_EXT) $(GLUON_IMAGEDIR)/factory/$(IMAGE_PREFIX)-$(model)$(GLUON_$(PROFILE)_FACTORY_EXT) && \
-		) \
-	) :
-
-image/%: $(gluon_prepared_stamp)
-	+$(GLUONMAKE) image PROFILE="$(patsubst image/%,%,$@)" V=s$(OPENWRT_VERBOSE)
-
-call_image/%: FORCE
-	+$(GLUONMAKE) $(patsubst call_image/%,image/%,$@)
-
-images: $(patsubst %,call_image/%,$(PROFILES)) ;
-
-manifest: FORCE
-	( \
-		cd $(GLUON_IMAGEDIR)/sysupgrade; \
-		$(foreach profile,$(PROFILES), \
-			$(foreach model,$(GLUON_$(profile)_MODELS), \
-				file="$(IMAGE_PREFIX)-$(model)-sysupgrade$(GLUON_$(profile)_SYSUPGRADE_EXT)"; \
-				[ -e "$$file" ] && echo '$(model)' "$(PREPARED_RELEASE)" "$$($(SHA512SUM) "$$file")" "$$file"; \
-			) \
-		) : \
-	) >> $(GLUON_BUILDDIR)/$(GLUON_BRANCH).manifest.tmp
-
-
-.PHONY: all images prepare clean gluon-tools manifest
-
-endif
+.PHONY: FORCE
+.NOTPARALLEL:

README.md

@@ -1,5 +1,5 @@
 Documentation (incomplete at this time, contribute if you can!) may be found at
-http://gluon.readthedocs.org/
+http://gluon.readthedocs.org/.
 
 If you're new to Gluon and ready to get your feet wet, have a look at the
 [Getting Started Guide](http://gluon.readthedocs.org/en/latest/user/getting_started.html).
@@ -8,15 +8,18 @@ If you're new to Gluon and ready to get your feet wet, have a look at the
 
 ## Issues & Feature requests
 
-Before opening an issue make sure to read check whether any existing issues
+Before opening an issue, make sure to check whether any existing issues
 (open or closed) match. If you're suggesting a new feature, drop by on IRC or
 our mailinglist to discuss it first.
 
+We maintain a [Roadmap](https://github.com/freifunk-gluon/gluon/wiki/Roadmap) for
+the future development of Gluon.
+
 ## Use a release!
 
-Please refrain from using the master branch for anything else but development purposes!
-Use the most recent release instead. You can list all relaseses by running `git branch -a`
-and switch to one by running `git checkout v2015.1 && make update`.
+Please refrain from using the `master` branch for anything else but development purposes!
+Use the most recent release instead. You can list all releases by running `git tag`
+and switch to one by running `git checkout v2017.1.5 && make update`.
 
 If you're using the autoupdater, do not autoupdate nodes with anything but releases.
 If you upgrade using random master commits the nodes *will break* eventually.
@@ -25,11 +28,11 @@ If you upgrade using random master commits the nodes *will break* eventually.
 
 To subscribe to the list, send a message to:
 
-    gluon-subscribe@luebeck.freifunk.net
+    gluon+subscribe@luebeck.freifunk.net
 
 To remove your address from the list, just send a message to
 the address in the `List-Unsubscribe` header of any list
 message. If you haven't changed addresses since subscribing,
 you can also send a message to:
 
-    gluon-unsubscribe@luebeck.freifunk.net
+    gluon+unsubscribe@luebeck.freifunk.net

contrib/depdot.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+
+# Script to output the dependency graph of Gluon's packages
+# Limitations:
+#  * Works only if directory names and package names are the same (true for all Gluon packages)
+#  * Doesn't show dependencies through virtual packages correctly
+
+
+
+shopt -s nullglob
+
+
+pushd "$(dirname "$0")/.." >/dev/null
+
+
+escape_name() {
+	echo -n "_$1" | tr -c '[:alnum:]' _
+}
+
+print_node () {
+	echo "$(escape_name "$1") [label=\"$1\", shape=box];"
+}
+
+print_dep() {
+	echo "$(escape_name "$1") -> $(escape_name "$2");"
+}
+
+echo 'digraph G {'
+
+for makefile in ./package/*/Makefile; do
+	dir="$(dirname "$makefile")"
+	package="$(basename "$dir")"
+
+	deps=$(grep -w DEPENDS "$makefile" | cut -d= -f2 | tr -d +)
+
+	print_node "$package"
+	for dep in $deps; do
+		print_node "$dep"
+		print_dep "$package" "$dep"
+	done
+done | sort -u
+
+popd >/dev/null
+
+echo '}'

contrib/i18n-scan.pl

@@ -0,0 +1,128 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+use Text::Balanced qw(extract_bracketed extract_delimited extract_tagged);
+
+@ARGV >= 1 || die "Usage: $0 <source direcory>\n";
+
+
+my %stringtable;
+
+sub dec_lua_str
+{
+	my $s = shift;
+	$s =~ s/[\s\n]+/ /g;
+	$s =~ s/\\n/\n/g;
+	$s =~ s/\\t/\t/g;
+	$s =~ s/\\(.)/$1/g;
+	$s =~ s/^ //;
+	$s =~ s/ $//;
+	return $s;
+}
+
+sub dec_tpl_str
+{
+	my $s = shift;
+	$s =~ s/-$//;
+	$s =~ s/[\s\n]+/ /g;
+	$s =~ s/^ //;
+	$s =~ s/ $//;
+	$s =~ s/\\/\\\\/g;
+	return $s;
+}
+
+
+if( open F, "find @ARGV -type f '(' -name '*.html' -o -name '*.lua' ')' |" )
+{
+	while( defined( my $file = readline F ) )
+	{
+		chomp $file;
+
+		if( open S, "< $file" )
+		{
+			local $/ = undef;
+			my $raw = <S>;
+			close S;
+
+
+			my $text = $raw;
+
+			while( $text =~ s/ ^ .*? (?:translate|translatef|i18n|_) [\n\s]* \( /(/sgx )
+			{
+				( my $code, $text ) = extract_bracketed($text, q{('")});
+
+				$code =~ s/\\\n/ /g;
+				$code =~ s/^\([\n\s]*//;
+				$code =~ s/[\n\s]*\)$//;
+
+				my $res = "";
+				my $sub = "";
+
+				if( $code =~ /^['"]/ )
+				{
+					while( defined $sub )
+					{
+						( $sub, $code ) = extract_delimited($code, q{'"}, q{\s*(?:\.\.\s*)?});
+
+						if( defined $sub && length($sub) > 2 )
+						{
+							$res .= substr $sub, 1, length($sub) - 2;
+						}
+						else
+						{
+							undef $sub;
+						}
+					}
+				}
+				elsif( $code =~ /^(\[=*\[)/ )
+				{
+					my $stag = quotemeta $1;
+					my $etag = $stag;
+					   $etag =~ s/\[/]/g;
+
+					( $res ) = extract_tagged($code, $stag, $etag);
+
+					$res =~ s/^$stag//;
+					$res =~ s/$etag$//;
+				}
+
+				$res = dec_lua_str($res);
+				$stringtable{$res}++ if $res;
+			}
+
+
+			$text = $raw;
+
+			while( $text =~ s/ ^ .*? <% -? [:_] /<%/sgx )
+			{
+				( my $code, $text ) = extract_tagged($text, '<%', '%>');
+
+				if( defined $code )
+				{
+					$code = dec_tpl_str(substr $code, 2, length($code) - 4);
+					$stringtable{$code}++;
+				}
+			}
+		}
+	}
+
+	close F;
+}
+
+
+if( open C, "| msgcat -" )
+{
+	printf C "msgid \"\"\nmsgstr \"Content-Type: text/plain; charset=UTF-8\"\n\n";
+
+	foreach my $key ( sort keys %stringtable )
+	{
+		if( length $key )
+		{
+			$key =~ s/"/\\"/g;
+			printf C "msgid \"%s\"\nmsgstr \"\"\n\n", $key;
+		}
+	}
+
+	close C;
+}

contrib/lsupgrade.sh

@@ -2,10 +2,11 @@
 
 # Script to list all upgrade scripts in a clear manner
 # Limitations:
-#  * Does only show scripts of packages whose `files' directory represent the whole image filesystem (which are all Gluon packages)
+#  * Does only show scripts of packages whose `files'/`luasrc' directories represent the whole image filesystem (which are all Gluon packages)
 
 
-SUFFIX=files/lib/gluon/upgrade
+SUFFIX1=files/lib/gluon/upgrade
+SUFFIX2=luasrc/lib/gluon/upgrade
 
 
 shopt -s nullglob
@@ -35,8 +36,11 @@ find ./package packages -name Makefile | while read makefile; do
 	dirname="$(dirname "$dir" | cut -d/ -f 3-)"
 	package="$(basename "$dir")"
 
-	for file in "${SUFFIX}"/*; do
-		echo "${GREEN}$(basename "${file}")${RESET}" "(${BLUE}${repo}${RESET}/${dirname}${dirname:+/}${RED}${package}${RESET}/${SUFFIX})"
+	for file in "${SUFFIX1}"/*; do
+		echo "${GREEN}$(basename "${file}")${RESET}" "(${BLUE}${repo}${RESET}/${dirname}${dirname:+/}${RED}${package}${RESET}/${SUFFIX1})"
+	done
+	for file in "${SUFFIX2}"/*; do
+		echo "${GREEN}$(basename "${file}")${RESET}" "(${BLUE}${repo}${RESET}/${dirname}${dirname:+/}${RED}${package}${RESET}/${SUFFIX2})"
 	done
 	popd >/dev/null
 done | sort

contrib/sign.sh

@@ -1,6 +1,8 @@
 #!/bin/sh
 
-if [ $# -eq 0 -o "-h" = "$1" -o "-help" = "$1" -o "--help" = "$1" ]; then
+set -e
+
+if [ $# -ne 2 -o "-h" = "$1" -o "--help" = "$1" -o ! -r "$1" -o ! -r "$2" ]; then
 	cat <<EOHELP
 Usage: $0 <secret> <manifest>
 
@@ -25,16 +27,18 @@ manifest="$2"
 upper="$(mktemp)"
 lower="$(mktemp)"
 
-awk "BEGIN    { sep=0 }
-     /^---\$/ { sep=1; next }
-              { if(sep==0) print > \"$upper\";
-                else       print > \"$lower\"}" \
+trap 'rm -f "$upper" "$lower"' EXIT
+
+awk 'BEGIN    { sep=0 }
+     /^---$/ { sep=1; next }
+              { if(sep==0) print > "'"$upper"'";
+                else       print > "'"$lower"'"}' \
     "$manifest"
 
 ecdsasign "$upper" < "$SECRET" >> "$lower"
 
-cat  "$upper"  > "$manifest"
-echo ---      >> "$manifest"
-cat  "$lower" >> "$manifest"
-
-rm -f "$upper" "$lower"
+(
+	cat  "$upper"
+	echo ---
+	cat  "$lower"
+) > "$manifest"

contrib/sigtest.sh

@@ -0,0 +1,39 @@
+#!/bin/sh
+
+if [ $# -eq 0 -o "-h" = "$1" -o "-help" = "$1" -o "--help" = "$1" ]; then
+    cat <<EOHELP
+Usage: $0 <public> <signed manifest>
+
+sigtest.sh checks if a manifest is signed by the public key <public>. There is
+no output, success or failure is indicated via the return code.
+
+See also:
+ * ecdsautils in https://github.com/tcatm/ecdsautils
+ * http://gluon.readthedocs.org/en/latest/features/autoupdater.html
+
+EOHELP
+    exit 1
+fi
+
+public="$1"
+manifest="$2"
+upper="$(mktemp)"
+lower="$(mktemp)"
+ret=1
+
+awk "BEGIN    { sep=0 }
+    /^---\$/ { sep=1; next }
+              { if(sep==0) print > \"$upper\";
+                else       print > \"$lower\"}" \
+    "$manifest"
+
+while read line
+do
+    if ecdsaverify -s "$line" -p "$public" "$upper"; then
+        ret=0
+        break
+    fi
+done < "$lower"
+
+rm -f "$upper" "$lower"
+exit $ret

docs/conf.py

@@ -47,16 +47,16 @@ master_doc = 'index'
 
 # General information about the project.
 project = 'Gluon'
-copyright = '2015, Project Gluon'
+copyright = '2015-2017, Project Gluon'
 
 # The version info for the project you're documenting, acts as replacement for
 # |version| and |release|, also used in various other places throughout the
 # built documents.
 #
 # The short X.Y version.
-version = '2015.1'
+version = '2017.1.5'
 # The full version, including alpha/beta/rc tags.
-release = '2015.1'
+release = '2017.1.5'
 
 # The language for content autogenerated by Sphinx. Refer to documentation
 # for a list of supported languages.

docs/dev/basics.rst

@@ -34,21 +34,7 @@ rerun
 `patches`; the resulting branch will be called `patched`, while the commit specified in `modules`
 can be refered to by the branch `base`.
 
-::
-
-	make unpatch
-
-sets the repositories to the `base` branch,
-
-::
-
-	make patch
-
-re-applies the patches by resetting the `patched` branch to `base` and calling `git am`
-for the patch files. Calling `make` or a similar command after calling `make unpatch`
-is generally not a good idea.
-
-After new patches have been commited on top of the patched branch (or existing commits
+After new patches have been commited on top of the `patched` branch (or existing commits
 since the base commit have been edited or removed), the patch directories can be regenerated
 using
 
@@ -61,3 +47,19 @@ and you can try rebasing it onto the new `base` branch yourself and after that c
 
 Always call `make update-patches` after making changes to a module repository as `make update` will overwrite your
 commits, making `git reflog` the only way to recover them!
+
+Development Guidelines
+----------------------
+lua should be used instead of sh whenever sensible. The following criteria
+should be considered:
+
+- Is the script doing more than just executing external commands? if so, use lua
+- Is the script parsing/editing json-data? If so, use lua for speed
+- When using sh, use jsonfilter instead of json_* functions for speed
+
+Code formatting may sound like a topic for the pedantic, however it helps if
+the code in the project is formatted in the same way. The following rules
+apply:
+
+- use tabs instead of spaces
+- trailing whitespaces must be eliminated

docs/dev/configmode.rst

@@ -1,92 +0,0 @@
-Config Mode
-===========
-
-As of 2014.4 `gluon-config-mode` consists of several modules.
-
-gluon-config-mode-core
-    This modules provides the core functionality for the config mode.
-    All modules must depend on it.
-
-gluon-config-mode-hostname
-    Provides a hostname field.
-
-gluon-config-mode-autoupdater
-    Informs whether the autoupdater is enabled.
-
-gluon-config-mode-mesh-vpn
-    Allows toggling of mesh-vpn-fastd and setting a bandwidth limit.
-
-gluon-config-mode-geo-location
-    Enables the user to set the geographical location of the node.
-
-gluon-config-mode-contact-info
-    Adds a field where the user can provide contact information.
-
-In order to get a config mode close to the one found in 2014.3.x you may add
-these modules to your `site.mk`:
-gluon-config-mode-hostname,
-gluon-config-mode-autoupdater,
-gluon-config-mode-mesh-vpn,
-gluon-config-mode-geo-location,
-gluon-config-mode-contact-info
-
-Writing Config Mode Modules
-~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-Config mode modules are located at `/lib/gluon/config-mode/wizard` and
-`/lib/gluon/config-mode/reboot`. Modules are named like `0000-name.lua` and
-are executed in lexical order. If you take the standard set of modules, the
-order is, for wizard modules:
-
-  - 0050-autoupdater-info
-  - 0100-hostname
-  - 0300-mesh-vpn
-  - 0400-geo-location
-  - 0500-contact-info
-
-While for reboot modules it is:
-
-  - 0100-mesh-vpn
-  - 0900-msg-reboot
-
-Wizards
--------
-
-Wizard modules return a UCI section. A simple module capable of changing the
-hostname might look like this::
-
-  local cbi = require "luci.cbi"
-  local uci = luci.model.uci.cursor()
-
-  local M = {}
-
-  function M.section(form)
-    local s = form:section(cbi.SimpleSection, nil, nil)
-    local o = s:option(cbi.Value, "_hostname", "Hostname")
-    o.value = uci:get_first("system", "system", "hostname")
-    o.rmempty = false
-    o.datatype = "hostname"
-  end
-
-  function M.handle(data)
-    uci:set("system", uci:get_first("system", "system"), "hostname", data._hostname)
-    uci:save("system")
-    uci:commit("system")
-  end
-
-  return M
-
-Reboot page
------------
-
-Reboot modules return a function that will be called when the page is to be
-rendered or nil (i.e. the module is skipped)::
-
-  if no_hello_world_today then
-    return nil
-  else
-    return function ()
-      luci.template.render_string("Hello World!")
-    end
-  end
-

docs/dev/hardware.rst

@@ -11,85 +11,132 @@ is a requirement. At the moment, Gluon's scripts can't handle devices
 without WLAN adapters (although such environments may also be interesting,
 e.g. for automated testing in virtual machines).
 
+
 .. _hardware-adding-profiles:
 
 Adding profiles
 ---------------
-The vast majority of devices with ath9k WLAN uses the ar71xx target of OpenWrt.
+The vast majority of devices with ath9k WLAN uses the ar71xx target of LEDE.
 If the hardware you want to add support for is also ar71xx, adding a new profile
 is enough.
 
-Profiles are defined in ``targets/<target>-<subtarget>/profiles.mk``. There are two macros
-used to define which images are generated: ``GluonProfile`` and ``GluonModel``. The following examples
-are taken from ``profiles.mk`` of the ``ar71xx-generic`` target::
+Profiles are defined in ``targets/*`` in a shell-based DSL (so common shell
+commands syntax like ``if`` can be used.
 
-    $(eval $(call GluonProfile,TLWR1043))
-    $(eval $(call GluonModel,TLWR1043,tl-wr1043nd-v1-squashfs,tp-link-tl-wr1043n-nd-v1))
-    $(eval $(call GluonModel,TLWR1043,tl-wr1043nd-v2-squashfs,tp-link-tl-wr1043n-nd-v2))
+The ``device`` command is used to define an image build for a device. It takes
+two or three parameters.
 
-The ``GluonProfile`` macro takes at least one parameter, the profile name as it is
-defined in the Makefiles of OpenWrt (``openwrt/target/linux/<target>/<subtarget>/profiles/*``
-and ``openwrt/target/linux/<target>/image/Makefile``). If the target you are on doesn't define
-profiles (e.g. on x86), just add a single profile called ``Generic`` or similar.
-
-It may optionally take a second parameter which defines additional packages to include for the profile
-(e.g. ath10k). The additional packages defined in ``openwrt/target/linux/<target>/<subtarget>/profiles/*``
-aren't used.
-
-The ``GluonModel`` macro takes three parameters: The profile name, the suffix of the image file
-generated by OpenWrt (without the file extension), and the final image name of the Gluon image.
-The final image name must be the same that is returned by the following command.
-
-::
+The first parameter defines the Gluon profile name, which is used to refer to the
+device and is part of the generated image name. The profile name must be same as
+the output of the following command (on the target device), so the autoupdater
+can work::
 
     lua -e 'print(require("platform_info").get_image_name())'
 
+The second parameter defines the name of the image files generated by LEDE. Usually,
+it is also the LEDE profile name; for devices that still use the old image build
+code, a third parameter with the LEDE profile name can be passed. The profile names
+can be found in the image Makefiles in ``lede/target/linux/<target>/image/Makefile``.
 
-This is just so the autoupdater can work. The command has to be executed _on_ the target (eg. the hardware router with a flashed image). So you'll first have to build an image with a guessed name, and afterwards build a new, correctly named image. On targets which aren't supported by the autoupdater,
-``require("platform_info").get_image_name()`` will just return ``nil`` and the final image name
-may be defined arbitrarily.
+Examples::
+
+    device tp-link-tl-wr1043n-nd-v1 tl-wr1043nd-v1
+    device alfa-network-hornet-ub hornet-ub HORNETUB
+
+Suffixes and extensions
+'''''''''''''''''''''''
+
+By default, image files are expected to have the extension ``.bin``. In addition,
+the images generated by LEDE have a suffix before the extension that defaults to
+``-squashfs-factory`` and ``-squashfs-sysupgrade``.
+
+This can be changed using the ``factory`` and ``sysupgrade`` commands, either at
+the top of the file to set the defaults for all images, or for a single image. There
+are three forms with 0 to 2 arguments (all work with ``sysupgrade`` as well)::
+
+    factory SUFFIX .EXT
+    factory .EXT
+    factory
+
+When only an extension is given, the default suffix is retained. When no arguments
+are given, this signals that no factory (or sysupgrade) image exists.
+
+Aliases
+'''''''
+
+Sometimes multiple models use the same LEDE images. In this case, the ``alias``
+command can be used to create symlinks and additional entries in the autoupdater
+manifest for the alternative models.
+
+Standalone images
+'''''''''''''''''
+
+On targets without *per-device rootfs* support in LEDE, the commands described above
+can't be used. Instead, ``factory_image`` and ``sysupgrade_image`` are used::
+
+    factory_image PROFILE IMAGE .EXT
+    sysupgrade_image PROFILE IMAGE .EXT
+
+Again, the profile name must match the value printed by the aforementioned Lua
+command. The image name must match the part between the target name and the extension
+as generated by LEDE and is to be omitted when no such part exists.
+
+Packages
+''''''''
+
+The ``packages`` command takes an arbitrary number of arguments. Each argument
+defines an additional package to include in the images in addition to the default
+package sets defined by LEDE. When a package name is prefixed by a minus sign, the
+packages are excluded instead.
+
+The ``packages`` command may be used at the top of a target definition to modify
+the default package list for all images, or just for a single device (when the
+target supports *per-default rootfs*).
+
+
+Configuration
+'''''''''''''
+
+The ``config`` command allows to add arbitary target-specific LEDE configuration
+to be emitted to ``.config``.
+
+Notes
+'''''
 
 On devices with multiple WLAN adapters, care must also be taken that the primary MAC address is
 configured correctly. ``/lib/gluon/core/sysconfig/primary_mac`` should contain the MAC address which
-can be found on a label on most hardware; if it does not, ``/lib/gluon/upgrade/core/initial/001-sysconfig``
+can be found on a label on most hardware; if it does not, ``/lib/gluon/upgrade/010-primary-mac``
 in ``gluon-core`` might need a fix. (There have also been cases in which the address was incorrect
-even on devices with only one WLAN adapter, in these cases an OpenWrt bug was the cause).
+even on devices with only one WLAN adapter, in these cases a LEDE bug was the cause).
+
 
 Adding support for new hardware targets
 ---------------------------------------
+
 Adding a new target is much more complex than adding a new profile. There are two basic steps
 required for adding a new target:
 
-Adjust packages
-'''''''''''''''
-One package that definitely needs adjustments for every new target added is ``lua-platform-info``. Just
-start with a copy of an existing platform info script, adjust it for the new target, and add the new target
-to the list of supported targets in the package Makefile.
+Package adjustments
+'''''''''''''''''''
 
-On many targets, Gluon's network setup scripts (mainly in the packages ``gluon-core`` and ``gluon-mesh-batman-adv-core``)
+One package that may need adjustments for new targets is ``libplatforminfo`` (to be found in
+`packages/gluon/libs/libplatforminfo <https://github.com/freifunk-gluon/packages/tree/master/libs/libplatforminfo>`_).
+If the new platform works fine with the definitions found in ``default.c``, nothing needs to be done. Otherwise,
+create a definition for the added target or subtarget, either by symlinking one of the files in the ``templates``
+directory, or adding a new source file.
+
+On many targets, Gluon's network setup scripts (mainly in the package ``gluon-core``)
 won't run correctly without some adjustments, so better double check that everything is fine there (and the files
 ``primary_mac``, ``lan_ifname`` and ``wan_ifname`` in ``/lib/gluon/core/sysconfig/`` contain sensible values).
 
-Add support to the build system
-'''''''''''''''''''''''''''''''
-A directory for the new target must be created under ``targets``, and it must be added
-to ``targets/targets.mk``. In the new target directory, three files must be created:
+Build system support
+''''''''''''''''''''
 
-* config
-* profiles.mk
-* vermagic
+A definition for the new target must be created under ``targets``, and it must be added
+to ``targets/targets.mk``. The ``GluonTarget`` macro takes one to three arguments:
+the target name, the Gluon subtarget name (if the target has subtargets), and the
+LEDE subtarget name (if it differs from the Gluon subtarget). The third argument
+can be used to define multiple Gluon targets with different configuration for the
+same LEDE target, like it is done for the ``ar71xx-tiny`` target.
 
-The file ``config`` can be used to add additional, target-specific options to the OpenWrt config. It
-must at least select the correct target and subtarget. For ``profiles.mk``, see :ref:`hardware-adding-profiles`.
-
-The files ``vermagic`` must have the correct content so kernel modules from the upstream repositories
-can be installed without dependency issues. The OpenWrt version a Gluon release is based on is defined by the upstream package repo URL in ``include/gluon.mk``
-(in the variable ``CONFIG_VERSION_REPO``); at the time this documentation was written, this was ``barrier_breaker/14.07``; whenever
-the package repo is updated, all ``vermagic`` files must be updated as well.
-
-The content is a hash which is part of the version number of the kernel package. So in the case of ``ar71xx-generic`` on
-``barrier_breaker``, we look for the kernel package in the directory ``https://downloads.openwrt.org/barrier_breaker/14.07/ar71xx/generic/packages/base/``.
-As the kernel package is called ``kernel_3.10.49-1-0114c71ed85677c9c1e4911437af4743_ar71xx.ipk``, the correct ``vermagic`` string
-is ``0114c71ed85677c9c1e4911437af4743``.
-
-After this, is should be sufficient to call ``make GLUON_TARGET=<target>-<subtarget>`` to build the images for the new target.
+After this, is should be sufficient to call ``make GLUON_TARGET=<target>`` to build the images for the new target.

docs/dev/i18n.rst

@@ -1,88 +0,0 @@
-Internationalization support
-============================
-
-General guidelines
-------------------
-
-* All config mode packages must be fully translatable, with complete English and German texts.
-* All new expert mode packages be fully translatable. English texts are required, German texts recommended.
-* Existing expert mode packages should be made translatable as soon as possible.
-* The "message IDs" (which are the arguments to the ``translate`` function) should be the
-  English texts.
-
-i18n support in LuCI
---------------------
-
-Internationalization support can be found in the ``luci.i18n`` package.
-Strings are translated using the ``i18n.translate`` and ``i18n.translatef`` functions
-(``translate`` for static strings, ``translatef`` for printf-like formatted string).
-
-Example from the ``gluon-config-mode-geo-location`` package::
-
-  local i18n = require "luci.i18n"
-  o = s:option(cbi.Flag, "_location", i18n.translate("Show node on the map"))
-
-Adding translation templates to Gluon packages
-----------------------------------------------
-
-The i18n support is based on the standard gettext system. For each translatable package,
-a translation template with extension ``.pot`` can be created using the ``i18n-scan.pl``
-script from the LuCI repository::
-
-  cd package/gluon-config-mode-geo-location
-  mkdir i18n
-  cd i18n
-  ../../../packages/luci/build/i18n-scan.pl ../files > gluon-config-mode-geo-location.pot
-
-The entries in the template can be reordered after the generation if desirable. Lots of standard
-translations like "Cancel" are already available in the LuCI base translation file (see
-``packages/luci/po/templates/base.pot``) and can be removed from the template.
-
-In addition, some additions to the Makefile must be made. Instead of OpenWrt's default package.mk,
-the Gluon version ``$(GLUONDIR)/include/package.mk`` must be used. The i18n files must be installed
-and PKG_CONFIG_DEPENDS must be added::
-
-  ...
-  include $(GLUONDIR)/include/package.mk
-
-  PKG_CONFIG_DEPENDS += $(GLUON_I18N_CONFIG)
-  ...
-  define Build/Compile
-    $(call GluonBuildI18N,gluon-config-mode-geo-location,i18n)
-  endef
-
-  define Package/gluon-config-mode-geo-location/install
-    ...
-    $(call GluonInstallI18N,gluon-config-mode-geo-location,$(1))
-  endef
-  ...
-
-
-Adding translations
--------------------
-
-A new translation file for a template can be added using the ``msginit`` command::
-
-  cd package/gluon-config-mode-geo-location/i18n
-  msginit -l de
-
-This will create the file ``de.po`` in which the translations can be added.
-
-The translation file can be updated to a new template version using the ``msgmerge`` command::
-
-  msgmerge -U de.po gluon-config-mode-geo-location.pot
-
-After the merge, the translation file should be checked for "fuzzy matched" entries where
-the original English texts have changed. All entries from the the translation file should be
-translated in the ``.po`` file (or removed from it, so the original English texts are displayed
-instead).
-
-Adding support for new languages
---------------------------------
-
-A list of all languages supported by LuCI can be found in the ``include/package.mk`` file of
-the Gluon repository. Adding translations for these languages is straightforward using the ``msginit``
-command.
-
-For other languages, support must be added tu LuCI first, which constitutes completely translating
-the ``base.pot``. Please contact the upstream LuCI maintainers if you'd like to do this.

docs/dev/mac_addresses.rst

@@ -0,0 +1,18 @@
+MAC addresses
+=============
+
+Many devices don't have enough unique MAC addresses assigned by the vendor
+(in batman-adv, each mesh interface needs an own MAC address that must be unique
+mesh-wide).
+
+Gluon tries to solve this issue by using a hash of the primary MAC address as a
+45 bit MAC address prefix. The resulting 8 addresses are used as follows:
+
+* 0: client0; WAN
+* 1: mesh0
+* 2: ibss0
+* 3: wan_radio0 (private WLAN); batman-adv primary address
+* 4: client1; LAN
+* 5: mesh1
+* 6: ibss1
+* 7: wan_radio1 (private WLAN); mesh VPN

docs/dev/upgrade.rst

@@ -6,7 +6,7 @@ Basics
 
 After each sysupgrade (including the initial installation), Gluon will execute all scripts
 under ``/lib/gluon/upgrade``. These scripts' filenames usually begin with a 3-digit number
-specifying the order of execution.
+specifying the order of execution. Note that the script files need to be executable.
 
 To get an overview of the ordering of all scripts of all packages, the helper script ``contrib/lsupgrade.sh``
 in the Gluon repository can be used, which will print all upgrade scripts' filenames and directories. If executed
@@ -16,17 +16,15 @@ Best practices
 --------------
 
 * Most upgrade scripts are written in Lua. This allows using lots of helper functions provided
-  by LuCi and Gluon, e.g. to access the site configuration or edit UCI configuration files.
+  by Gluon, e.g. to access the site configuration or edit UCI configuration files.
 
 * Whenever possible, scripts shouldn't check if they are running for the first time, but just edit configuration
-  files to achive a valid configuration (without overwriting configuration changes made by the user where desirable).
+  files to achieve a valid configuration (without overwriting configuration changes made by the user where desirable).
   This allows using the same code to create the initial configuration and upgrade configurations on upgrades.
 
 * If it is unavoidable to run different code during the initial installation, the ``sysconfig.gluon_version`` variable
-  can be checked. This variable in ``nil`` during the initial installation and contains the previously install Gluon
-  version otherwise. The package ``gluon-legacy`` (which is responsible for upgrades from the old firmwares of
-  Hamburg/Kiel/Lübeck) uses the special value ``legacy``; other packages should handle this value just as any other
-  string.
+  can be checked. This variable is ``nil`` during the initial installation and contains the previously install Gluon
+  version otherwise.
 
 Script ordering
 ---------------

docs/dev/wan.rst

@@ -46,4 +46,4 @@ so the WAN DNS servers aren't leaked to the primary DNS daemon.
 *libpacketmark* is used to make the secondary DNS daemon send its requests over the WAN interface.
 
 The package ``gluon-mesh-vpn-fastd`` provides an iptables rule which will redirect all DNS requests from processes running
-with the primary group ``gluon-fastd`` to ``127.0.0.1:54``, thus making fastd use the secondary DNS daemon.
+with the primary group ``gluon-mesh-vpn`` to ``127.0.0.1:54``, thus making fastd use the secondary DNS daemon.

docs/dev/web/config-mode.rst

@@ -0,0 +1,82 @@
+Config Mode
+===========
+
+The `Config Mode` consists of several modules that provide a range of different
+condiguration options:
+
+gluon-config-mode-core
+    This modules provides the core functionality for the config mode.
+    All modules must depend on it.
+
+gluon-config-mode-hostname
+    Provides a hostname field.
+
+gluon-config-mode-autoupdater
+    Informs whether the autoupdater is enabled.
+
+gluon-config-mode-mesh-vpn
+    Allows toggling of mesh-vpn-fastd and setting a bandwidth limit.
+
+gluon-config-mode-geo-location
+    Enables the user to set the geographical location of the node.
+
+gluon-config-mode-contact-info
+    Adds a field where the user can provide contact information.
+
+
+Writing Config Mode modules
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Config mode modules are located at ``/lib/gluon/config-mode/wizard`` and
+``/lib/gluon/config-mode/reboot``. Modules are named like ``0000-name.lua`` and
+are executed in lexical order. In the standard package set, the
+order is, for wizard modules:
+
+  - 0050-autoupdater-info
+  - 0100-hostname
+  - 0300-mesh-vpn
+  - 0400-geo-location
+  - 0500-contact-info
+
+The reboot module order is:
+
+  - 0100-mesh-vpn
+  - 0900-msg-reboot
+
+All modules are run in the gluon-web model context and have access to the same
+variables as "full" gluon-web modules.
+
+Wizards
+-------
+
+Wizard modules must return a function that is provided with the wizard form and an
+UCI cursor. The function can create configuration sections in the form:
+
+.. code-block:: lua
+
+  return function(form, uci)
+    local s = form:section(Section)
+    local o = s:option(Value, "hostname", "Hostname")
+    o.default = uci:get_first("system", "system", "hostname")
+    o.datatype = "hostname"
+
+    function o:write(data)
+      uci:set("system", uci:get_first("system", "system"), "hostname", data)
+    end
+
+    return {'system'}
+  end
+
+The function may return a table of UCI packages to commit after the individual
+fields' `write` methods have been executed. This is done to avoid committing the
+packages repeatedly when multiple wizard modules modify the same package.
+
+Reboot page
+-----------
+
+Reboot modules are simply executed when the reboot page is
+rendered:
+
+.. code-block:: lua
+
+  renderer.render_string("Hello World!")

docs/dev/web/controller.rst

@@ -0,0 +1,117 @@
+Controllers
+===========
+
+Controllers live in ``/lib/gluon/web/controller``. They define which pages ("routes")
+exist under the ``/cgi-bin/gluon`` path, and what code is run when these pages are requested.
+
+Controller scripts mostly consist of calls of the `entry` function, which each define
+one route:
+
+.. code-block:: lua
+
+  entry({"admin"}, alias("admin", "info"), _("Advanced settings"), 10)
+  entry({"admin", "info"}, template("admin/info"), _("Information"), 1)
+
+The entry function expects 4 arguments:
+
+  - `path`: Components of the path to define a route for.
+
+    The above example defines routes for the paths ``admin`` and ``admin/info``.
+
+  - `target`: Dispatcher for the route. See the following section for details.
+  - `title`: Page title (also used in navigation). The underscore function is used
+
+  - `order`: Sort index in navigation (defaults to 100)
+
+Navigation indexes are automatically generated for each path level. Pages can be
+hidden from the navigation by setting the `hidden` property of the node object
+returned by `entry`:
+
+.. code-block:: lua
+
+  entry({"hidden"}, alias("foo"), _("I'm hidden!")).hidden = true
+
+
+Dispatchers
+-----------
+
+  - *alias* (*path*, ...): Redirects to a different page. The path components are
+    passed as individual arguments.
+  - *call* (*func*, ...): Runs a Lua function for custom request handling. The given
+    function is called with the HTTP object and the template renderer as first
+    two arguments, followed by all additional arguments passed to `call`.
+  - *template* (*view*): Renders the given view. See :doc:`view`.
+  - *model* (*name*): Displays and evaluates a form as defined by the given model. See the
+    :doc:`model` page for an explanation of gluon-web models.
+
+
+.. _web-controller-http:
+
+The HTTP object
+---------------
+
+The HTTP object provides information about the HTTP requests and allows to add
+data to the reply. Using it directly is rarely necessary when gluon-web
+models and views are used.
+
+Useful functions:
+
+  - *getenv* (*key*): Returns a value from the CGI environment passed by the webserver.
+  - *formvalue* (*key*): Returns a value passed in a query string or in the content
+    of a POST request. If multiple values with the same name have been passed, only
+    the first is returned.
+  - *formvaluetable* (*key*): Similar to *formvalue*, but returns a table of all
+    values for the given key.
+  - *status* (*code*, *message*): Writes the HTTP status to the reply. Has no effect
+    if a status has already been sent or non-header data has been written.
+  - *header* (*key*, *value*): Adds an HTTP header to the reply to be sent to to
+    the client. Has no effect when non-header data has already been written.
+  - *prepare_content* (*mime*): Sets the *Content-Type* header to the given MIME
+    type, potentially setting additional headers or modifying the MIME type to
+    accommodate browser quirks
+  - *write* (*data*, ...): Sends the given data to the client. If headers have not
+    been sent, it will be done before the data is written.
+
+
+HTTP functions are called in method syntax, for example:
+
+.. code-block:: lua
+
+  http:write('Output!')
+
+
+.. _web-controller-template-renderer:
+
+The template renderer
+---------------------
+
+The template renderer allows to render templates (views). The most useful functions
+are:
+
+  - *render* (*view*, *scope*): Renders the given view, optionally passing a table
+    with additional variables to make available in the template.
+  - *render_string* (*str*, *scope*): Same as *render*, but the template is passed
+    directly instead of being loaded from the view directory.
+
+The renderer functions are called in property syntax, for example:
+
+.. code-block:: lua
+
+  renderer.render('layout')
+
+
+Differences from LuCI
+---------------------
+
+  - Controllers must not use the *module* function to define a Lua module (*gluon-web*
+    will set up a proper environment for each controller itself)
+  - Entries are defined at top level, not inside an *index* function
+  - The *alias* dispatcher triggers an HTTP redirect instead of directly running
+    the dispatcher of the aliased route.
+  - The *call* dispatcher is passed a function instead of a string with a function
+    name.
+  - The *cbi* dispatcher of LuCI has been renamed to *model*.
+  - The HTTP POST handler support the multipart/form-data encoding only, so
+    ``enctype="multipart/form-data"`` must be included in all *<form>* HTML
+    elements.
+  - Other dispatchers like *form* are not provided.

docs/dev/web/i18n.rst

@@ -0,0 +1,96 @@
+Internationalization support
+============================
+
+General guidelines
+------------------
+
+* All config mode packages must be fully translatable, with complete English and German texts.
+* All new expert mode packages must be fully translatable. English texts are required.
+* German translations are recommended. Other supported languages, especially French, are
+  nice-to-have, but not required. If you don't know a language well, rather leave the translation
+  blank, so it is obvious that there is no proper translation yet.
+* Existing expert mode packages should be made translatable as soon as possible.
+* The "message IDs" (which are the arguments to the *translate* function) should be the
+  English texts.
+
+i18n support in Gluon
+---------------------
+
+Internationalization support is available in all components (models, view and
+controllers) of *gluon-web*-based packages. Strings are translated using the *translate*,
+*_translate* and *translatef* functions (*translate* for static strings, *translatef*
+for printf-like formatted string; *_translate* works the same as *translate*, but
+will return *nil* instead of the original string when no translation is available)
+. In views, the special tags ``<%:...%>`` can be used to translate the contained string.
+
+Example from the *gluon-config-mode-geo-location* package:
+
+.. code-block:: lua
+
+  local share_location = s:option(Flag, "location", translate("Show node on the map"))
+
+Adding translation templates to Gluon packages
+----------------------------------------------
+
+The i18n support is based on the standard gettext system. For each translatable package,
+a translation template with extension ``.pot`` can be created using the *i18n-scan.pl*
+script in the ``contrib`` directory:
+
+.. code-block:: sh
+
+  cd package/gluon-web-mesh-vpn-fastd
+  mkdir i18n
+  cd i18n
+  ../../../contrib/i18n-scan.pl ../files ../luasrc > gluon-web-mesh-vpn-fastd.pot
+
+The same command can be run again to update the template.
+
+In addition, some additions to the Makefile must be made. Instead of LEDE's default *package.mk*,
+the Gluon version (``../gluon.mk`` for core packages) must be used. The i18n files must be installed
+and PKG_CONFIG_DEPENDS must be added::
+
+  ...
+  include ../gluon.mk
+
+  PKG_CONFIG_DEPENDS += $(GLUON_I18N_CONFIG)
+  ...
+  define Build/Compile
+    $(call GluonBuildI18N,gluon-web-mesh-vpn-fastd,i18n)
+  endef
+
+  define Package/gluon-web-mesh-vpn-fastd/install
+    ...
+    $(call GluonInstallI18N,gluon-web-mesh-vpn-fastd,$(1))
+  endef
+  ...
+
+
+Adding translations
+-------------------
+
+A new translation file for a template can be added using the *msginit* command:
+
+.. code-block:: sh
+
+  cd package/gluon-web-mesh-vpn-fastd/i18n
+  msginit -l de
+
+This will create the file *de.po* in which the translations can be added.
+
+The translation file can be updated to a new template version using the *msgmerge* command:
+
+.. code-block:: sh
+
+  msgmerge -U de.po gluon-web-mesh-vpn-fastd.pot
+
+After the merge, the translation file should be checked for "fuzzy matched" entries where
+the original English texts have changed. All entries from the translation file should be
+translated in the *.po* file (or removed from it, so the original English texts are displayed
+instead).
+
+Adding support for new languages
+--------------------------------
+
+A list of all languages supported by *gluon-web* can be found in ``package/gluon.mk``.
+New languages just need to be added to *GLUON_SUPPORTED_LANGS*, after a human-readable
+language name has been defined in the same file.

docs/dev/web/model.rst

@@ -0,0 +1,148 @@
+Models
+======
+
+Models are defined in ``/lib/gluon/web/model``. Each model defines one or more
+forms to display on a page, and how the submitted form data is handled.
+
+Let's start with an example:
+
+.. code-block:: lua
+
+  local f = Form(translate('Hostname'))
+
+  local s = f:section(Section)
+
+  local o = s:option(Value, 'hostname', translate('Hostname'))
+  o.default = uci:get_first('system', 'system', 'hostname')
+  function o:write(data)
+    uci:set('system', uci:get_first('system', 'system'), 'hostname', data)
+    uci:commit('system')
+  end
+
+  return f
+
+The toplevel element of a model is always a *Form*, but it is also possible for
+a model to return multiple forms, which are displayed one below the other.
+
+A *Form* has one or more *Sections*, and each *Section* has different types
+of options.
+
+All of these elements have an *id*, which is used to identify them in the HTML
+form and handlers. If no ID is given, numerical IDs will be assigned automatically,
+but using explicitly named elements is often advisable (and it is required if a
+form does not always include the same elements, i.e., some forms, sections or
+options are added conditionally). IDs are hierarchical, so in the above example,
+the *Value* would get the ID ``1.1.hostname`` (value *hostname* in first section
+of first form).
+
+Classes and methods
+-------------------
+
+  - *Form* (*title*, *description*, *id*)
+
+    - *Form:section* (*type*, *title*, *description*, *id*)
+
+      Creates a new section of the given type (usually *Section*).
+
+    - *Form:write* ()
+
+      Is called after the form has beed submitted (but only if the data is valid). It
+      is called last (after all options' *write* methods) and is usually used
+      to commit changed UCI packages.
+
+      The default implementation of *write* doesn't to anything, but it can be
+      overridden.
+
+  - *Section* (usually instanciated through *Form:section*)
+
+    - *Section:option* (*type*, *id*, *title*, *description*)
+
+      Creates a new option of the given type. Option types:
+
+        - *Value*: simple text entry
+        - *TextValue*: multiline text field
+        - *ListValue*: radio buttons or dropdown selection
+        - *DynamicList*: variable number of text entry fields
+        - *Flag*: checkbox
+
+Most option types share the same properties and methods:
+
+  - *default*: default value
+  - *optional*: value may be empty
+  - *datatype*: one of the types described in :ref:`web-model-datatypes`
+
+    By default (when *datatype* is *nil*), all values are accepted.
+
+  - *state*: has one of the values *FORM_NODATA*, *FORM_VALID* and *FORM_INVALID*
+    when read in a form handler
+
+    An option that has not been submitted because of its dependencies will have
+    the state *FORM_NODATA*, *FORM_INVALID* if the submitted value is not valid
+    according to the set *datatype*, and *FORM_VALID* otherwise.
+
+  - *data*: can be read in form handlers to get the submitted value
+
+  - *depends* (*self*, *option*, *value*): adds a dependency on another option
+
+    The option will only be shown when the passed option has the given value. This
+    is mainly useful when the other value is a *Flag* or *ListValue*.
+
+  - *depends* (*self*, *deps*): adds a dependency on multiple other options
+
+    *deps* must be a table with options as keys and values as values. The option
+    will only be shown when all passed options have the corresponding values.
+
+    Multiple alternative dependencies can be added by calling *depends* repeatedly.
+
+  - *value* (*self*, *value*, *text*): adds a choice to a *ListValue*
+
+  - *write* (*self*, *data*): is called with the submitted value when all form data is valid.
+
+    Does not do anything by default, but can be overridden.
+
+The *default* value, the *value* argument to *depends* and the output *data* always have
+the same type, which is usually a string (or *nil* for optional values). Exceptions
+are:
+
+  - *Flag* uses boolean values
+  - *DynamicList* uses a table of strings
+
+Despite its name, the *datatype* setting does not affect the returned value type,
+but only defines a validator the check the submitted value with.
+
+For a more complete example that actually makes use of most of these features,
+have a look at the model of the *gluon-web-network* package.
+
+.. _web-model-datatypes:
+
+Data types
+----------
+
+  - *integer*: an integral number
+  - *uinteger*: an integral number greater than or equal to zero
+  - *float*: a number
+  - *ufloat*: a number greater than or equal to zero
+  - *ipaddr*: an IPv4 or IPv6 address
+  - *ip4addr*: an IPv4 address
+  - *ip6addr*: an IPv6 address
+  - *wpakey*: a string usable as a WPA key (either between 8 and 63 characters, or 64 hex digits)
+  - *range* (*min*, *max*): a number in the given range (inclusive)
+  - *min* (*min*): a number greater than or equal to the given minimum
+  - *max* (*max*): a number less than or equal to the given maximum
+  - *irange* (*min*, *max*): an integral number in the given range (inclusive)
+  - *imin* (*min*): an integral number greater than or equal to the given minimum
+  - *imax* (*max*): an integral number less than or equal to the given maximum
+  - *minlength* (*min*): a string with the given minimum length
+  - *maxlength* (*max*): a string with the given maximum length
+
+Differences from LuCI
+---------------------
+
+  - LuCI's *SimpleForm* and *SimpleSection* are called *Form* and *Section*, respectively
+  - Is it not possible to add options to a *Form* directly, a *Section* must always
+    be created explicitly
+  - Many of LuCI's CBI classes have been removed, most importantly the *Map*
+  - The *rmempty* option attribute does not exist, use *optional* instead
+  - Only the described data types are supported
+  - Form handlers work completely differently (in particular, a *Form*'s *handle*
+    method should usually not be overridden in *gluon-web*)

docs/dev/web/view.rst

@@ -0,0 +1,55 @@
+Views
+=====
+
+The template parser reads views from ``/lib/gluon/web/view``. Writing own view
+should be avoided in favour of using :doc:`model` with their predefined views.
+
+Views are partial HTML pages, with additional template tags that allow
+to embed Lua code and translation strings. The following tags are defined:
+
+  - ``<%`` ... ``%>`` evaluates the enclosed Lua expression.
+  - ``<%=`` ... ``%>`` evaluates the enclosed Lua expression and prints its value.
+  - ``<%+`` ... ``%>`` includes another template.
+  - ``<%:`` ... ``%>`` translates the enclosed string using the loaded i18n catalog.
+  - ``<%_`` ... ``%>`` translates the enclosed string *without escaping HTML entities*
+    in the translation. This only makes sense when the i18n catalog contains HTML code.
+  - ``<%#`` ... ``%>`` is a comment.
+
+All of these also come in the whitespace-stripping variants ``<%-`` and ``-%>`` that
+remove all whitespace before or after the tag.
+
+Complex combinations of HTML and Lua code are possible, for example:
+
+.. code-block:: text
+
+  <div>
+    <% if foo then %>
+      Content
+    <% end %>
+  </div>
+
+
+Variables and functions
+-----------------------
+
+Many call sites define additional variables (for example, model templates can
+access the model as *self* and a unique element ID as *id*), but the following
+variables and functions should always be available for the embedded Lua code:
+
+  - *renderer*: :ref:`web-controller-template-renderer`
+  - *http*: :ref:`web-controller-http`
+  - *request*: Table containing the path components of the current page
+  - *url* (*path*): returns the URL for the given path, which is passed as a table of path components.
+  - *attr* (*key*, *value*): Returns a string of the form ``key="value"``
+    (with a leading space character before the key).
+
+    *value* is converted to a string (tables are serialized as JSON) and HTML entities
+    are escaped. Returns an empty string when *value* is *nil* or *false*.
+  - *include* (*template*): Includes another template.
+  - *node* (*path*, ...): Returns the controller node for the given page (passed as
+    one argument per path component).
+
+    Use ``node(unpack(request))`` to get the node for the current page.
+  - *pcdata* (*str*): Escapes HTML entities in the passed string.
+  - *urlencode* (*str*): Escapes the passed string for use in an URL.
+  - *translate*, *_translate* and *translatef*: see :doc:`i18n`

docs/features/authorized-keys.rst

@@ -8,7 +8,7 @@ If you select this package, add a list of authorized keys to ``site.conf`` like
 
   {
     authorized_keys = { 'ssh-rsa AAA.... user1@host',
-                        'ssh-rsa AAA.... user2@host },
+                        'ssh-rsa AAA.... user2@host' },
     hostname_prefix = ...
     ...
 

docs/features/autoupdater.rst

@@ -11,14 +11,19 @@ during development), but it can be enabled by setting the variable GLUON_BRANCH
 to override the default branch set in the set in the site configuration.
 
 A manifest file for the updater can be generated with `make manifest`. A signing script (using
-ecdsautils) can by found in the `contrib` directory. When creating the manifest, ``GLUON_PRIORITY`` can
-be set on the command line, or it can be taken from the ``site.mk``.
+``ecdsautils``) can by found in the `contrib` directory. When creating the manifest, the 
+``PRIORITY`` value may be defined by setting ``GLUON_PRIORITY`` on the command line or in ``site.mk``.
 
-The priority defines the maximum number of days that may pass between releasing an update and installation
-of the images. The update probability with start at 0 after the release time mentioned in the manifest
-and then slowly rise to 1 after the number of days given by the priority has passed.
+``GLUON_PRIORITY`` defines the maximum number of days that may pass between releasing an update and installation
+of the images. The update probability will start at 0 after the release time declared in the manifest file
+by the variable DATE and then slowly rise up to 1 when ``GLUON_PRIORITY`` days have passed. The autoupdater checks
+for updates hourly (at a random minute of the hour), but usually only updates during its run between
+4am and 5am, except when the whole ``GLUON_PRIORITY`` days and another 24 hours have passed.
 
-The priority may be an integer or a decimal fraction.
+``GLUON_PRIORITY`` may be an integer or a decimal fraction.
+
+Automated nightly builds
+------------------------
 
 A fully automated nightly build could use the following commands:
 
@@ -28,12 +33,13 @@ A fully automated nightly build could use the following commands:
     (cd site && git pull)
     make update
     make clean
-    make -j5 GLUON_TARGET=ar71xx-generic GLUON_BRANCH=experimental
+    NUM_CORES_PLUS_ONE=$(expr $(nproc) + 1)
+    make -j$NUM_CORES_PLUS_ONE GLUON_TARGET=ar71xx-generic GLUON_BRANCH=experimental
     make manifest GLUON_BRANCH=experimental
-    contrib/sign.sh $SECRETKEY images/sysupgrade/experimental.manifest
+    contrib/sign.sh $SECRETKEY output/images/sysupgrade/experimental.manifest
 
     rm -rf /where/to/put/this/experimental
-    cp -r images /where/to/put/this/experimental
+    cp -r output/images /where/to/put/this/experimental
 
 
 Infrastructure
@@ -59,7 +65,7 @@ The server must be available via IPv6.
 Command Line
 ------------
 
-These commands can be used on a node.
+These commands can be used on a node:
 
 ::
 
@@ -71,4 +77,8 @@ These commands can be used on a node.
    # Force update check, even when the updater is disabled
    autoupdater -f
 
+::
 
+   # If fallback is true the updater will perform an update only if the timespan 
+   # PRIORITY days (as defined in the manifest) and another 24h have passed
+   autoupdater --fallback

docs/features/dns-cache.rst

@@ -0,0 +1,41 @@
+DNS caching
+===========
+
+User experience may be greatly improved when dns is accelerated. Also, it
+seems like a good idea to keep the number of packages being exchanged
+between node and gateway as small as possible. In order to do this, a
+DNS cache may be used on a node. The dnsmasq instance listening on port
+53 on the node will be reconfigured to answer requests, use a list of
+upstream servers and a specific cache size if the options listed below are
+added to site.conf. Upstream servers are the DNS servers which are normally
+used by the nodes to resolve hostnames (e.g. gateways/supernodes).
+
+There are the following settings:
+    servers
+    cacheentries
+
+If both options are set the node will cache as much DNS records as set with
+'cacheentries' in RAM. The 'servers' list will be used to resolve the received
+DNS queries if the request cannot be answered from cache.
+If these settings do not exist, the cache is not intialized and RAM usage will not increase.
+
+When next_node.name is set, an A record and an AAAA record for the
+next-node IP address are placed in the dnsmasq configuration. This means that the content
+of next_node.name may be resolved even without upstream connectivity.
+
+::
+
+  dns = {
+    cacheentries = 5000,
+    servers = { '2001:db8::1', },
+  },
+
+  next_node = {
+    name = 'nextnode',
+    ip6 = '2001:db8:8::1',
+    ip4 = '198.51.100.1',
+  }
+
+
+The cache will be initialized during startup.
+Each cache entry will occupy about 90 bytes of RAM.

docs/features/mesh-on-wan.rst

@@ -1,18 +0,0 @@
-Mesh on WAN
-===========
-
-It's possible to enable the mesh on the WAN port like this::
-
-  uci set network.mesh_wan.auto=1
-  uci commit
-
-It may also be disabled again by running::
-
-  uci set network.mesh_wan.auto=0
-  uci commit
-
-site.conf
----------
-
-The optional option ``mesh_on_wan`` may be set to ``true`` (``false`` is the
-default) to enable meshing on the WAN port without further configuration.

docs/features/monitoring.rst

@@ -1,5 +1,5 @@
-Announcing Node Information
-===========================
+Node monitoring
+===============
 
 Gluon is capable of announcing information about each node to the mesh
 and to neighbouring nodes. This allows nodes to learn each others hostname,
@@ -8,7 +8,7 @@ IP addresses, location, software versions and various other information.
 Format of collected data
 ------------------------
 
-Information to be announced is currently split into two categories:
+Information to be announced is currently split into three categories:
 
   nodeinfo
     In this category (mostly) static information is collected. If
@@ -19,15 +19,19 @@ Information to be announced is currently split into two categories:
     This category holds fast changing data, like traffic counters, uptime,
     system load or the selected gateway.
 
-Both categories will have a ``node_id`` key by default. It should be used to
-match data from *statistics* to *nodeinfo*.
+  neighbours
+    `neighbours` contains information about all neighbouring nodes of all
+    interfaces. This data can be used to determine the network topology.
+
+All categories will have a ``node_id`` key. It should be used to
+relate data of different catagories.
 
 Accessing Node Information
 --------------------------
 
 There are two packages responsible for distribution of the information. For
 one, information is distributed across the mesh using alfred_. Information
-between neighbouring nodes is exchanged using `gluon-announced`.
+between neighbouring nodes is exchanged using `gluon-respondd`.
 
 .. _alfred: http://www.open-mesh.org/projects/alfred
 
@@ -41,10 +45,15 @@ retrieve the data you'll need both a local alfred daemon and alfred-json_
 installed. Please note that at least one alfred daemon is required to run as
 `master`.
 
-.. _alfred-json: https://github.com/tcatm/alfred-json
+.. _alfred-json: https://github.com/ffnord/alfred-json
 
-`nodeinfo` is distributed as alfred datatype `158`, while `statistics` uses
-`159`. Both are compressed using GZip (alfred-json can handle the decompression).
+The following datatypes are used:
+
+* `nodeinfo`: 158
+* `statistics`: 159
+* `neighbours`: 160
+
+All data is compressed using GZip (alfred-json can handle the decompression).
 
 In order to retrieve statistics data you could run:
 
@@ -88,20 +97,28 @@ In order to retrieve statistics data you could run:
 
 You can find more information about alfred in its README_.
 
-.. _README: http://www.open-mesh.org/projects/alfred/repository/revisions/master/entry/README
+.. _README: https://git.open-mesh.org/alfred.git/blob_plain/refs/heads/master:/README
 
-gluon-announced
-~~~~~~~~~~~~~~~
+gluon-respondd
+~~~~~~~~~~~~~~
 
-`gluon-announced` allows querying neighbouring nodes for their `nodeinfo`.
+`gluon-respondd` allows querying neighbouring nodes for their information.
 It is a daemon listening on the multicast address ``ff02::2:1001`` on
-UDP port 1001 on the bare mesh interfaces.
+UDP port 1001 on both the bare mesh interfaces and `br-client`. Unicast
+requests are supported as well.
+
+The supported requests are:
+
+* ``nodeinfo``, ``statistics``, ``neighbours``: Returns the data of single category uncompressed.
+* ``GET nodeinfo``, ...: Returns the data of one or multiple categories (separated by spaces)
+  compressed using the `deflate` algorithm (without a gzip header). The data may
+  be decompressed using zlib and many zlib bindings using -15 as the window size parameter.
 
 gluon-neighbour-info
 ~~~~~~~~~~~~~~~~~~~~
 
-A programm called `gluon-neighbour-info` has been developed to retrieve
-information from neighbours.
+The programm `gluon-neighbour-info` can be used to retrieve
+information from other nodes.
 
 ::
 
@@ -109,55 +126,13 @@ information from neighbours.
   -p 1001 -d ff02:0:0:0:0:0:2:1001 \
   -r nodeinfo
 
-On optional timeout may be specified, e.g. `-t 5` (default: 3 seconds).
+An optional timeout may be specified, e.g. `-t 5` (default: 3 seconds). See
+the usage information printed by ``gluon-neighbour-info -h`` for more information
+about the supported arguments.
 
-Adding a fact
--------------
+Adding a data provider
+----------------------
 
-To add a fact just add a file to either ``/lib/gluon/announce/nodeinfo.d/`` or
-``/lib/gluon/announce/statistics.d/``.
-
-The file must contain a lua script and its name will become the key for the
-resulting JSON object. A simple script adding a ``hostname`` field might look
-like this:
-
-::
-
-  return uci:get_first('system', 'system', 'hostname')
-
-The directory structure will be converted to a JSON object, i.e. you may
-create subdirectories. So, if the directories look like this
-
-::
-
-  .
-  ├── hardware
-  │   └── model
-  ├── hostname
-  ├── network
-  │   └── mac
-  ├── node_id
-  └── software
-      └── firmware
-
-the resulting JSON would become:
-
-::
-
-  # /lib/gluon/announce/announce.lua nodeinfo
-  {
-     "hardware" : {
-        "model" : "TP-Link TL-MR3420 v1"
-     },
-     "hostname" : "mr3420-test",
-     "network" : {
-        "mac" : "90:f6:52:82:06:02"
-     },
-     "node_id" : "90f652820602",
-     "software" : {
-        "firmware" : {
-           "base" : "gluon-v2014.2-32-ge831099",
-           "release" : "0.4.1+0-exp20140720"
-        }
-     }
-  }
+To add a provider, you need to install a shared object into ``/lib/gluon/respondd``.
+For more information, refer to the `respondd README <https://github.com/freifunk-gluon/packages/blob/master/net/respondd/README.md>`_
+and have a look the existing providers.

docs/features/private-wlan.rst

@@ -4,7 +4,7 @@ Private WLAN
 It is possible to set up a private WLAN that bridges the WAN port and is seperated from the mesh network.
 Please note that you should not enable ``mesh_on_wan`` simultaneously.
 
-The private WLAN can be enabled through the config mode if the package ``gluon-luci-private-wifi`` is installed.
+The private WLAN can be enabled through the config mode if the package ``gluon-web-private-wifi`` is installed.
 You may also enable a private WLAN using the command line::
 
   uci set wireless.wan_radio0=wifi-iface

docs/features/roles.rst

@@ -2,7 +2,7 @@ Roles
 =====
 
 It is possible to define a set of roles you want to distinguish at backend side. One node can own one
-role which it will announce via alfred inside the mesh. This will make it easier to differentiate 
+role which it will announce via alfred inside the mesh. This will make it easier to differentiate
 nodes when parsing alfred data. E.g to count only **normal** nodes and not the gateways
 or servers (nodemap). A lot of things are possible.
 
@@ -11,18 +11,20 @@ For this the section ``roles`` in ``site.conf`` is needed::
   roles = {
     default = 'node',
     list = {
-      node = 'Normal Node',
-      test = 'Test Node',
-      backbone = 'Backbone Node',
-      service = 'Service Node',
+      'node',
+      'test',
+      'backbone',
+      'service',
     },
   },
 
+The strings to display in the web interface are configured per language in the
+``i18n/en.po``, ``i18n/de.po``, etc. files of the site repository using message IDs like
+``gluon-web-node-role:role:node`` and ``gluon-web-node-role:role:backbone``.
+
 The value of ``default`` is the role every node will initially own. This value should be part of ``list`` as well.
 If you want node owners to change the defined roles via config-mode you can add the package
-``gluon-luci-node-role`` to your ``site.mk``. Then, you can select one of the defined roles from a dropdown list
-where the right-handed value is the one which is displayed and the left-handed key the one which is configured into 
-the system.
+``gluon-web-node-role`` to your ``site.mk``.
 
 The role is saved in ``gluon-node-info.system.role``. To change the role using command line do::
 

docs/features/wired-mesh.rst

@@ -0,0 +1,65 @@
+Wired mesh (Mesh-on-WAN/LAN)
+============================
+
+In addition to meshing over WLAN and VPN, it is also possible to
+configure wired meshing over the LAN or WAN ports. This allows
+nodes to be connected directly or over wireless bridges.
+
+Mesh-on-WAN can be enabled in addition to the mesh VPN, so multiple nodes
+in the same local network that is used as VPN uplink can also mesh directly.
+Enabling Mesh-on-WAN should be avoided if the local network is also bridged with
+a WLAN access point, as meshing over batman-adv causes large amounts of
+multicast traffic, which will take up a lot of airtime.
+
+Enabling Mesh-on-LAN will replace the normal "client network" function
+of the LAN ports, as client network ports may never be connected (so care must be taken to always
+enable Mesh-on-LAN before connecting two nodes' LAN ports).
+
+Configuration
+~~~~~~~~~~~~~
+
+Both Mesh-on-WAN and Mesh-on-LAN can be configured on the "Network" page
+of the *Advanced settings* (if the package ``gluon-web-network`` is installed).
+
+It is also possible to enable Mesh-on-WAN and Mesh-on-LAN by default by
+adding ``mesh_on_wan = true`` and ``mesh_on_lan = true`` to ``site.conf``.
+
+Commandline configuration
+-------------------------
+
+Mesh-on-WAN
+...........
+
+It's possible to enable Mesh-on-WAN like this::
+
+  uci set network.mesh_wan.auto=1
+  uci commit network
+
+It may be disabled by running::
+
+  uci set network.mesh_wan.auto=0
+  uci commit network
+
+
+Mesh-on-LAN
+...........
+
+Configuring Mesh-on-LAN is a bit more complicated::
+
+  uci set network.mesh_lan.auto=1
+  for ifname in $(cat /lib/gluon/core/sysconfig/lan_ifname); do
+    uci del_list network.client.ifname=$ifname
+  done
+  uci commit network
+
+It may be disabled by running::
+
+  uci set network.mesh_lan.auto=0
+  for ifname in $(cat /lib/gluon/core/sysconfig/lan_ifname); do
+    uci add_list network.client.ifname=$ifname
+  done
+  uci commit network
+
+Please note that this configuration has changed in Gluon v2016.1. Using
+the old commands on v2016.1 and later will break the corresponding options
+in the *Advanced settings*.

docs/features/wlan-configuration.rst

@@ -0,0 +1,34 @@
+WLAN configuration
+==================
+
+Gluon allows to configure 2.4GHz and 5GHz radios independently. The configuration
+may include any or all of the three networks "client" (AP mode), "mesh" (802.11s
+mode) and "ibss" (adhoc mode), which can be used simultaneously (using "mesh" and
+"ibss" at same time should be avoided though as weaker hardware usually can't handle the additional
+load). See :doc:`../user/site` for details on the configuration.
+
+Upgrade behaviour
+-----------------
+
+For each of these networks, the site configuration may define a `disabled` flag (by
+default, all configured networks are enabled). This flag is merely a default setting,
+on upgrades the existing setting is always retained (as this setting may have been changed
+by the user). This means that it is not possible to enable or disable an existing network
+configurations during upgrades.
+
+For the "mesh" and "ibss" networks, the default setting only has an effect if none
+of the two has existed before. If a new configuration has been added for "mesh" or "ibss",
+while the other of the two has already existed before, the enabled/disabled state of the
+existing configuration will also be set for the new configuration.
+
+This allows upgrades to change from IBSS to 11s and vice-versa while retaining the
+"wireless meshing is enabled/disabled" property configured by the user regardless
+of the used mode.
+
+During upgrades the wifi channel of the 2.4GHz and 5GHz radio will be restored to the channel
+configured in the site.conf. If you need to preserve a user defined wifi channel during upgrades
+you can configure this via the uci section ``gluon-core.wireless``::
+
+  uci set gluon-core.@wireless[0].preserve_channels='1'
+
+Keep in mind that nodes running wifi interfaces on custom channels can't mesh with default nodes anymore!

docs/index.rst

@@ -5,10 +5,8 @@ Gluon is a modular framework for creating OpenWrt-based firmwares for wireless m
 Several Freifunk communities in Germany use Gluon as the foundation of their Freifunk firmwares.
 
 
-User Documentation
-------------------
-
 .. toctree::
+   :caption: User Documentation
    :maxdepth: 2
 
    user/getting_started
@@ -16,39 +14,79 @@ User Documentation
    user/x86
    user/faq
 
-Features
---------
-
 .. toctree::
+   :caption: Features
    :maxdepth: 2
 
    features/configmode
    features/autoupdater
+   features/wlan-configuration
    features/private-wlan
-   features/mesh-on-wan
-   features/announce
+   features/wired-mesh
+   features/dns-cache
+   features/monitoring
    features/authorized-keys
    features/roles
 
-Developer Documentation
------------------------
-
 .. toctree::
+   :caption: Developer Documentation
    :maxdepth: 2
 
    dev/basics
    dev/hardware
    dev/upgrade
-   dev/configmode
    dev/wan
-   dev/i18n
-
-Releases
---------
+   dev/mac_addresses
 
 .. toctree::
+   :caption: gluon-web Reference
    :maxdepth: 1
 
+   dev/web/controller
+   dev/web/model
+   dev/web/view
+   dev/web/i18n
+   dev/web/config-mode
+
+.. toctree::
+   :caption: Packages
+   :maxdepth: 1
+
+   package/gluon-client-bridge
+   package/gluon-config-mode-contact-info
+   package/gluon-config-mode-geo-location
+   package/gluon-ebtables-filter-multicast
+   package/gluon-ebtables-filter-ra-dhcp
+   package/gluon-ebtables-segment-mld
+   package/gluon-ebtables-source-filter
+
+.. toctree::
+   :caption: Releases
+   :maxdepth: 1
+
+   releases/v2017.1.5
+   releases/v2017.1.4
+   releases/v2017.1.3
+   releases/v2017.1.2
+   releases/v2017.1.1
+   releases/v2017.1
+   releases/v2016.2.7
+   releases/v2016.2.6
+   releases/v2016.2.5
+   releases/v2016.2.4
+   releases/v2016.2.3
+   releases/v2016.2.2
+   releases/v2016.2.1
+   releases/v2016.2
+   releases/v2016.1.6
+   releases/v2016.1.5
+   releases/v2016.1.4
+   releases/v2016.1.3
+   releases/v2016.1.2
+   releases/v2016.1.1
+   releases/v2016.1
+   releases/v2015.1.2
+   releases/v2015.1.1
    releases/v2015.1
    releases/v2014.4
    releases/v2014.3.1
@@ -61,6 +99,19 @@ Supported Devices & Architectures
 ar71xx-generic
 ^^^^^^^^^^^^^^
 
+* 8devices
+
+  - Carambola 2
+
+* ALFA Network
+
+  - AP121
+  - AP121U
+  - Hornet-UB
+  - Tube2H
+  - N2
+  - N5
+
 * Allnet
 
   - ALL0315N
@@ -68,17 +119,21 @@ ar71xx-generic
 * Buffalo
 
   - WZR-HP-AG300H / WZR-600DHP
+  - WZR-HP-G300NH
+  - WZR-HP-G300NH2
   - WZR-HP-G450H
 
 * D-Link
 
-  - DIR-825 (B1)
+  - DIR-505 (A1, A2)
   - DIR-615 (C1)
+  - DIR-825 (B1)
 
-* GL-Inet
+* GL Innovations
 
-  - 6408A (v1)
-  - 6416A (v1)
+  - GL-AR150
+  - GL-iNet 6408A (v1)
+  - GL-iNet 6416A (v1)
 
 * Linksys
 
@@ -90,47 +145,72 @@ ar71xx-generic
   - WNDR3800
   - WNDRMAC (v2)
 
+* Onion
+
+  - Omega
+
+* OpenMesh
+
+  - MR600 (v1, v2)
+  - MR900 (v1, v2)
+  - MR1750 (v1, v2) [#ath10k]_
+  - OM2P (v1, v2)
+  - OM2P-HS (v1, v2, v3)
+  - OM2P-LC
+  - OM5P
+  - OM5P-AN
+  - OM5P-AC (v1, v2) [#ath10k]_
+
 * TP-Link
 
-  - CPE210 (v1)
-  - CPE220 (v1)
-  - CPE510 (v1)
-  - CPE520 (v1)
-  - TL-MR3020 (v1)
-  - TL-MR3040 (v1, v2)
-  - TL-MR3220 (v1, v2)
-  - TL-MR3420 (v1, v2)
-  - TL-WA701N/ND (v1)
-  - TL-WA750RE (v1)
-  - TL-WA801N/ND (v2)
-  - TL-WA850RE (v1)
-  - TL-WA860RE (v1)
-  - TL-WA901N/ND (v2, v3)
+  - Archer C5 (v1) [#ath10k]_
+  - Archer C7 (v2) [#ath10k]_
+  - CPE210 (v1.0, v1.1)
+  - CPE220 (v1.1)
+  - CPE510 (v1.0, v1.1)
+  - CPE520 (v1.1)
+  - RE450
   - TL-WDR3500 (v1)
   - TL-WDR3600 (v1)
   - TL-WDR4300 (v1)
-  - TL-WR1043N/ND (v1, v2)
-  - TL-WR703N (v1)
-  - TL-WR710N (v1)
-  - TL-WR740N (v1, v3, v4)
-  - TL-WR741N/ND (v1, v2, v4)
-  - TL-WR743N/ND (v1, v2)
-  - TL-WR841N/ND (v3, v5, v7, v8, v9)
-  - TL-WR842N/ND (v1, v2)
-  - TL-WR941N/ND (v2, v3, v4, v5)
+  - TL-WR710N (v1, v2.1)
+  - TL-WR842N/ND (v1, v2, v3)
+  - TL-WR1043N/ND (v1, v2, v3, v4)
   - TL-WR2543N/ND (v1)
+  - WBS210 (v1.20)
+  - WBS510 (v1.20)
 
 * Ubiquiti
 
-  - Bullet M2
-  - Nanostation M2
-  - Nanostation M XW
-  - Loco M XW
-  - Picostation M2
-  - Rocket M2
+  - Air Gateway
+  - Air Gateway LR
+  - Air Gateway PRO
+  - Air Router
+  - Bullet M2/M5
+  - Loco M2/M5
+  - Loco M2/M5 XW
+  - Nanostation M2/M5
+  - Nanostation M2/M5 XW
+  - Picostation M2/M5
+  - Rocket M2/M5
+  - Rocket M2/M5 Ti
+  - Rocket M2/M5 XW
   - UniFi AP
+  - UniFi AP AC Lite [#ath10k]_
+  - UniFi AP AC Pro [#ath10k]_
+  - UniFi AP LR
   - UniFi AP Pro
   - UniFi AP Outdoor
+  - UniFi AP Outdoor+
+
+* Western Digital
+
+  - My Net N600
+  - My Net N750
+
+.. [#ath10k]
+  Device uses the ath10k WLAN driver; no image is built unless GLUON_ATH10K_MESH
+  is set as described in :ref:`getting-started-make-variables`
 
 ar71xx-nand
 ^^^^^^^^^^^
@@ -140,6 +220,50 @@ ar71xx-nand
   - WNDR3700 (v4)
   - WNDR4300 (v1)
 
+ar71xx-tiny
+^^^^^^^^^^^
+
+* D-Link
+
+  - DIR-615 (C1)
+
+* TP-Link
+
+  - TL-MR13U (v1)
+  - TL-MR3020 (v1)
+  - TL-MR3040 (v1, v2)
+  - TL-MR3220 (v1, v2)
+  - TL-MR3420 (v1, v2)
+  - TL-WA701N/ND (v1, v2)
+  - TL-WA730RE (v1)
+  - TL-WA750RE (v1)
+  - TL-WA801N/ND (v1, v2, v3)
+  - TL-WA830RE (v1, v2)
+  - TL-WA850RE (v1)
+  - TL-WA860RE (v1)
+  - TL-WA901N/ND (v1, v2, v3, v4)
+  - TL-WA7210N (v2)
+  - TL-WA7510N (v1)
+  - TL-WR703N (v1)
+  - TL-WR710N (v1, v2, v2.1)
+  - TL-WR740N (v1, v3, v4, v5)
+  - TL-WR741N/ND (v1, v2, v4, v5)
+  - TL-WR743N/ND (v1, v2)
+  - TL-WR841N/ND (v3, v5, v7, v8, v9, v10, v11, v12)
+  - TL-WR843N/ND (v1)
+  - TL-WR940N (v1, v2, v3, v4)
+  - TL-WR941ND (v2, v3, v4, v5, v6)
+
+brcm2708-bcm2708
+^^^^^^^^^^^^^^^^
+
+* RaspberryPi 1
+
+brcm2708-bcm2709
+^^^^^^^^^^^^^^^^
+
+* RaspberryPi 2
+
 mpc85xx-generic
 ^^^^^^^^^^^^^^^
 
@@ -149,15 +273,26 @@ mpc85xx-generic
 
 x86-generic
 ^^^^^^^^^^^
+
 * x86-generic
 * x86-virtualbox
 * x86-vmware
 
 See also: :doc:`user/x86`
 
-x86-kvm_guest
-^^^^^^^^^^^^^
-* x86-kvm
+x86-geode
+^^^^^^^^^
+
+* x86-geode
+
+See also: :doc:`user/x86`
+
+x86-64
+^^^^^^
+
+* x86-64-generic
+* x86-64-virtualbox
+* x86-64-vmware
 
 See also: :doc:`user/x86`
 

docs/package/gluon-client-bridge.rst

@@ -0,0 +1,11 @@
+gluon-client-bridge
+===================
+
+This package provides a bridge (*br-client*) for connecting clients. It will
+also setup a wireless interface, provided it is configured in *site.conf*.
+
+site.conf
+---------
+
+wifi24.ap.ssid / wifi5.ap.ssid
+    SSID for the client network

docs/package/gluon-config-mode-contact-info.rst

@@ -0,0 +1,21 @@
+gluon-config-mode-contact-info
+==============================
+
+This package allows the user to provide contact information within config mode to be
+distributed in the mesh. You can define whether the owner contact field is
+obligatory or not in your site.conf.
+
+site.conf
+---------
+
+config_mode.owner.obligatory \: optional (defaults to false)
+  If ``obligatory`` is set to ``true``, the contact info field must be supplied
+  and may not be left empty.
+
+Example::
+
+  config_mode = {
+    owner = {
+      obligatory = true
+    }
+  }

docs/package/gluon-config-mode-geo-location.rst

@@ -0,0 +1,14 @@
+gluon-config-mode-geo-location
+==============================
+
+This package enables the user to set latitude, longitude and altitude of their
+node within config mode. As the usage of the altitude is not well defined the
+corresponding field can be disabled.
+
+site.conf
+---------
+
+config_mode.geo_location.show_altitude : optional
+    - ``true`` enables the altitude field
+    - ``false`` disables the altitude field if altitude has not yet been set
+    - defaults to ``true``

docs/package/gluon-ebtables-filter-multicast.rst

@@ -0,0 +1,30 @@
+gluon-ebtables-filter-multicast
+===============================
+
+The *gluon-ebtables-filter-multicast* package filters out various kinds of
+non-essential multicast traffic, as this traffic often constitutes a
+disproportionate burden on the mesh network. Unfortunately, this breaks many useful services
+(Avahi, Bonjour chat, ...), but this seems unavoidable, as the current Avahi implementation is
+optimized for small local networks and causes too much traffic in large mesh networks.
+
+The multicast packets are filtered between the nodes' client bridge (*br-client*) and mesh
+interface (*bat0*) on output.
+
+
+The following packet types are considered essential and aren't filtered:
+
+* ARP (except requests for/replies from 0.0.0.0)
+* DHCP, DHCPv6
+* ICMPv6 (except Echo Requests (ping) and Node Information Queries (RFC4620)
+* IGMP
+
+In addition, the following packet types are allowed to allow experimentation with
+layer 3 routing protocols.
+
+* Babel
+* OSPF
+* RIPng
+
+The following packet types are also allowed:
+
+* BitTorrent Local Peer Discovery (it seems better to have local peers for BitTorrent than sending everything through the internet)

docs/package/gluon-ebtables-filter-ra-dhcp.rst

@@ -0,0 +1,13 @@
+gluon-ebtables-filter-ra-dhcp
+=============================
+
+The *gluon-ebtables-filter-ra-dhcp* package tries to prevent common
+misconfigurations (i.e. connecting the client interface of a Gluon
+node to a private network) from causing issues for either of the
+networks.
+
+The rules are the following:
+
+* DHCP requests, DHCPv6 requests and Router Solicitations may only be sent from clients to the mesh, but aren't forwarded
+  from the mesh to clients
+* DHCP replies, DHCPv6 replies and Router Advertisements from clients aren't forwarded to the mesh

docs/package/gluon-ebtables-segment-mld.rst

@@ -0,0 +1,16 @@
+gluon-ebtables-segment-mld
+==========================
+
+These filters drop IGMP/MLD packets before they enter the mesh and
+filter any IGMP/MLD packets coming from the mesh.
+
+IGMP/MLD have the concept of a local, elected Querier. For more
+decentralization and increased robustness, the idea of this package is
+to split the IGMP/MLD domain a querier is responsible for, allowing to
+have a querier per node. The split IGMP/MLD domain will also reduce
+overhead for this packet type, increasing scalability.
+
+Beware of the consequences of using this package though: You might need
+to explicitly, manually mark ports on snooping switches leading towards
+your mesh node as multicast router ports for now (Multicast Router
+Discovery, MRD, not implemented yet).

docs/package/gluon-ebtables-source-filter.rst

@@ -0,0 +1,30 @@
+gluon-ebtables-source-filter
+============================
+
+The *gluon-ebtables-source-filter* package adds an additional layer-2 filter
+ruleset to prevent unreasonable traffic entering the network via the nodes.
+Unreasonable means traffic entering the mesh via a node which source IP does
+not belong to the configured IP space.
+
+One may first check if there is a certain proportion of unreasonable traffic,
+before adding this package to the firmware image. Additional one should not
+use this package if some kind of gateway or upstream network is provided by
+a device connected to the client port.
+
+site.conf
+---------
+
+prefix4 : optional
+    - IPv4 subnet
+
+prefix6 :
+    - IPv6 subnet
+
+extra_prefixes6 : optional
+    - list of additional IPv6 subnets
+
+Example::
+
+  prefix4 = '198.51.100.0/21',
+  prefix6 = '2001:db8:8::/64',
+  extra_prefixes6 = { '2001:db8:9::/64', '2001:db8:100::/60' },

docs/releases/v2015.1.1.rst

@@ -0,0 +1,27 @@
+Gluon 2015.1.1
+==============
+
+Added hardware support
+~~~~~~~~~~~~~~~~~~~~~~
+ar71xx-generic
+^^^^^^^^^^^^^^
+
+* TP-Link
+
+  - TL-WA830RE (v1)
+
+New features
+~~~~~~~~~~~~
+The `x86-generic` and `x86-kvm_guest` images now support two ethernet interfaces by default. If two interfaces exist during
+the first boot, `eth0` will be used as LAN and `eth1` as WAN.
+
+Bugfixes
+~~~~~~~~
+
+* Fix German "Expert Mode" label (was "Export Mode")
+* Fix download of OpenSSL during build (because of broken OpenSSL download servers...)
+* Fix ABI break causing kernel panics when trying to use network-related modules from the official OpenWrt repository (like `kmod-pppoe`)
+* Fix race conditions breaking parallel build occasionally
+* A broken network configuration would be generated when an older Gluon version was updated to 2015.1 with
+  ``mesh_on_lan`` enabled in `site.conf`
+* Minor announced/alfred JSON format fixes (don't output empty lists where empty objects would be expected)

docs/releases/v2015.1.2.rst

@@ -0,0 +1,41 @@
+Gluon 2015.1.2
+==============
+
+Added hardware support
+~~~~~~~~~~~~~~~~~~~~~~
+ar71xx-generic
+^^^^^^^^^^^^^^
+
+* TP-Link
+
+  - TL-WA701N/ND (v2)
+  - TL-WA801N/ND (v1)
+  - TL-WA830RE (v2)
+  - TL-WR740N / TL-WR741ND (v5)
+
+New features
+~~~~~~~~~~~~
+
+* Ubiquiti Loco M, Picostation M and Rocket M now get their own images (which are just copies of the Bullet M image)
+  so it's more obvious for users which image to use
+* The x86-generic images now contain the e1000e ethernet driver by default
+
+Bugfixes
+~~~~~~~~
+
+* Fix download of OpenSSL during build because of broken OpenSSL download servers (again...)
+* Fix another ABI incompatiblity with the upstream kernel modules which prevented loading some filesystem-related modules
+* Fix potential MAC address conflicts on x86 target when using mesh-on-wan/lan
+* Fix signal strength indicators on TP-LINK CPE210/510
+* Fix the model name string on some NETGEAR WNDR3700v2
+* Fix 5GHz WLAN switching channels and losing connectivity when other WLANs using the same channel are detected (including other Gluon nodes...); see https://github.com/freifunk-gluon/gluon/issues/386
+* Fix DNS resolution for mesh VPN on IPv6-only WAN; see https://github.com/freifunk-gluon/gluon/issues/397
+* gluon-mesh-batman-adv-15: update batman-adv to 2015.0 with additional bugfixes (fixes various minor bugs)
+* gluon-mesh-batman-adv-15: fix forwarding of fragmented frames over multiple links with different MTUs
+
+  batman-adv compat 15 doesn't re-fragment frames that are fragmented already. In particular,
+  this breaks transmission of large packets which are first fragmented for mesh-on-lan/wan and are then sent
+  over the mesh VPN, which has an even smaller MTU. Work around this limitation by decreasing the maximum fragment
+  size to 1280, so they can always be forwarded as long there's no link with a MTU smaller than 1280.
+
+  See https://github.com/freifunk-gluon/gluon/issues/435

docs/releases/v2016.1.1.rst

@@ -0,0 +1,64 @@
+Gluon 2016.1.1
+==============
+
+Added hardware support
+~~~~~~~~~~~~~~~~~~~~~~
+
+ar71xx-generic
+^^^^^^^^^^^^^^
+
+* Onion Omega
+* TP-Link TL-MR13U v1
+
+
+Bugfixes
+~~~~~~~~
+
+Build
+^^^^^
+
+Don't overwrite the opkg repository key on each build.
+
+AirOS 5.6.x compatiblity
+^^^^^^^^^^^^^^^^^^^^^^^^
+
+Downgrading to AirOS 5.5.x before flashing Gluon on Airmax M XM/XW devices
+(NanoStation, Bullet, ...) is not necessary anymore.
+
+Status page
+^^^^^^^^^^^
+
+* Fix purging of disappered neighbours from the list
+* Don't clear the signal graphs when scrolling in mobile browsers
+* Improve browser compability (don't assume the Internationalization API is available,
+  fixes the display of numbers in Firefox for Android)
+
+Config mode
+^^^^^^^^^^^
+
+* Strip trailing whitespace from number input fields (LuCI's validator doesn't catch this)
+* Don't allow negative bandwidth limits
+
+Failsafe mode
+^^^^^^^^^^^^^
+
+* Fix entering the failsafe mode on the TL-WDR4900.
+
+Known Issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Expert Mode is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd/announced API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
+
+* Nondeterministic production of broken images for some (very old) hardware (`#669 <https://github.com/freifunk-gluon/gluon/issues/669>`_)
+
+  At the moment it seems like only the TL-WR841N v5 is affected.

docs/releases/v2016.1.2.rst

@@ -0,0 +1,29 @@
+Gluon 2016.1.2
+==============
+
+Added hardware support
+~~~~~~~~~~~~~~~~~~~~~~
+
+The *x86-generic* images now contain the ATIIXP PATA driver, adding support for
+FUTRO Thin Clients.
+
+Bugfixes
+~~~~~~~~
+
+A nondeterministic boot hang (`#669 <https://github.com/freifunk-gluon/gluon/issues/669>`_) has been fixed.
+The TL-WR841N v5 seems to be affected in particular, but the kernel bug is not hardware-specific per se.
+
+Known Issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Expert Mode is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.

docs/releases/v2016.1.3.rst

@@ -0,0 +1,43 @@
+Gluon 2016.1.3
+==============
+
+Added hardware support
+~~~~~~~~~~~~~~~~~~~~~~
+
+ar71xx-generic
+^^^^^^^^^^^^^^
+
+* ALFA Hornet UB / AP121 / AP121U
+* TP-Link TL-WA7510N
+
+Bugfixes
+~~~~~~~~
+
+* The nondeterministic boot hang (`#669 <https://github.com/freifunk-gluon/gluon/issues/669>`_) that was thought to
+  be fixed in Gluon v2016.1.2 has resurfaced on other hardware. We believe it is now fixed properly.
+* Sysupgrades on the Xen DomU have been fixed.
+* Gluon can now be built on systems that use LibreSSL instead of OpenSSL.
+
+Known Issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Expert Mode is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
+
+* Unwritable flash on some Ubiquiti PicoStations (`#687 <https://github.com/freifunk-gluon/gluon/issues/687>`_)
+
+  Gluon v2016.1.1 added support for Ubiquiti AirMAX devices with AirOS 5.6.x without downgrading AirOS first before
+  flashing Gluon. It was discovered that on Ubiquiti PicoStations, this downgrade is still necessary, as the
+  flash is not correctly unlocked, leaving the device unable to leave Config Mode and making regular sysupgrades
+  impossible.
+
+  TFTP recovery can be used in this state to flash a new firmware.

docs/releases/v2016.1.4.rst

@@ -0,0 +1,46 @@
+Gluon 2016.1.4
+==============
+
+Added hardware support
+~~~~~~~~~~~~~~~~~~~~~~
+
+ar71xx-generic
+^^^^^^^^^^^^^^
+
+* 8devices Carambola 2
+* Meraki MR12/MR62/MR16/MR66
+
+Bugfixes
+~~~~~~~~
+
+* Major update of all WLAN drivers
+
+  We've taken the unusual step of updating the WLAN drivers ("wireless-backports") to a much newer version, as
+  it was reported that the new version fixes unstable WLAN seen in many setups
+* Build fix: a race condition causing parallel builds to fail has been fixed
+* Build fix: the Gluon tree could get into a state in which all commands fail with "Too many levels of symbolic links"
+* Build fix: allow building Gluon on systems with certain versions of *dash* as */bin/sh*
+
+Known Issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Expert Mode is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
+
+* Unwritable flash on some Ubiquiti PicoStations (`#687 <https://github.com/freifunk-gluon/gluon/issues/687>`_)
+
+  Gluon v2016.1.1 added support for Ubiquiti AirMAX devices with AirOS 5.6.x without downgrading AirOS first before
+  flashing Gluon. It was discovered that on Ubiquiti PicoStations, this downgrade is still necessary, as the
+  flash is not correctly unlocked, leaving the device unable to leave Config Mode and making regular sysupgrades
+  impossible.
+
+  TFTP recovery can be used in this state to flash a new firmware.

docs/releases/v2016.1.5.rst

@@ -0,0 +1,66 @@
+Gluon 2016.1.5
+==============
+
+Added hardware support
+~~~~~~~~~~~~~~~~~~~~~~
+
+ar71xx-generic
+^^^^^^^^^^^^^^
+
+* OpenMesh
+
+ - MR600 (v1, v2)
+ - MR900 (v1, v2)
+ - OM2P (v1, v2)
+ - OM2P-HS (v1, v2)
+ - OM2P-LC
+ - OM5P
+ - OM5P-AN
+
+* Ubiquiti
+
+ - Rocket M XW
+
+* TP-LINK
+
+ - TL-WR841N/ND v11
+
+Bugfixes
+~~~~~~~~
+
+* build: fix race condition caused by using certain make targets (like *clean*, *images* or *package/\**)
+  with parallel build options without doing a full build before
+* build: fix package dependency issue causing "recursive dependency" warning
+
+  This dependency issue could lead to broken configurations and reportedly caused failed builds in some cases
+  when additional (site-specific) packages were used.
+* build: Gluon will now build correctly with GCC 6 as host compiler
+* Fix configuration of batman-adv when VLANs are used on top of IBSS interfaces (regression due to netifd update in :doc:`v2016.1.4`)
+* Add back missing ath10k firmware (regression due to mac80211 update in :doc:`v2016.1.4`)
+* Gluon can now be used on all supported Ubiquiti AirMAX devices without downgrading to AirOS 5.5.x before
+
+  :doc:`v2016.1.1` added support for most Ubiquiti AirMAX devices with AirOS 5.6.x without downgrading AirOS,
+  but left some devices (at least some PicoStations and Bullets) with unwritable flash. This issue has been
+  resolved (`#687 <https://github.com/freifunk-gluon/gluon/issues/687>`_).
+* Add upgrade script to automatically remove whitespace from configured geolocation
+
+  The new respondd implementation included in :doc:`v2016.1` is stricter about the number format than the
+  old one and doesn't accept trailing whitespace (so one or both coordinates are missing from the output).
+
+  The Config Mode has been fixed to strip whitespace from numeric fields in new configurations since :doc:`v2016.1.1`.
+  This still left old configurations, which are now fixed by this script.
+
+Known Issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Expert Mode is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.

docs/releases/v2016.1.6.rst

@@ -0,0 +1,55 @@
+Gluon 2016.1.6
+==============
+
+Bugfixes
+~~~~~~~~
+
+* build: fix nodejs host build on Debian Wheezy (`#776 <https://github.com/freifunk-gluon/gluon/issues/776>`_)
+* build: fix parallel builds with Make 4.2+
+
+  Trying to use ``-j N`` with Make 4.2 would spawn an unlimited number of processes,
+  eventually leading to memory exhaustion.
+
+* build: fix occasional build failure in libpcap package
+* build: don't require hexdump for x86 builds (`#811 <https://github.com/freifunk-gluon/gluon/issues/811>`_)
+
+  Trying to build Gluon for x86 on systems without hexdump would silently generate
+  broken images.
+
+* Add support for DNS servers given by their link-local IPv6 address in Router Advertisements
+  (`#854 <https://github.com/freifunk-gluon/gluon/issues/854>`_)
+
+* ar71xx-generic: correctly setup LNA GPIOs on CPE210/510 (`#796 <https://github.com/freifunk-gluon/gluon/issues/796>`_)
+
+  Improves the reception by about 20dB.
+
+* ar71xx-generic: switch default WAN/LAN assignment on Ubiquiti UAP Pro
+  (`#764 <https://github.com/freifunk-gluon/gluon/issues/764>`_)
+
+  Switch to the usual "PoE is WAN/setup mode, secondary is LAN" scheme. This only affects
+  new installations; the assignment won't be changed on updates unless the configuration is
+  reset.
+
+* ar71xx-generic: fix ath10k memory leak (`#690 <https://github.com/freifunk-gluon/gluon/issues/690>`_)
+* ar71xx-generic: add support for new TP-Link region codes
+  (`#860 <https://github.com/freifunk-gluon/gluon/issues/860>`_)
+
+  TP-Link has started providing US- and EU-specific firmwares for the Archer C7 v2. To generate
+  Gluon images installable from these new firmwares, the ``GLUON_REGION`` variable must be set
+  to ``eu`` or ``us`` in ``site.mk`` or on the ``make`` command line (the images will still be
+  installable from all old firmwares without region codes).
+
+Known Issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Expert Mode is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.

docs/releases/v2016.1.rst

@@ -0,0 +1,276 @@
+Gluon 2016.1
+============
+
+Added hardware support
+~~~~~~~~~~~~~~~~~~~~~~
+
+ar71xx-generic
+^^^^^^^^^^^^^^
+
+* Buffalo
+
+  - WZR-HP-G300NH
+
+* D-Link
+
+  - DIR-505 (A1)
+
+* TP-Link
+
+  - CPE210/220/510/520 v1.1
+  - TL-WA901N/ND v1
+  - TL-WR710N v2
+  - TL-WR801N/ND v1, v2
+  - TL-WR841N/ND v10
+  - TL-WR843N/ND v1
+  - TL-WR940N v1, v2, v3
+  - TL-WR941ND v6
+  - TL-WR1043N/ND v3
+
+* Ubiquiti
+
+  - airGateway
+  - airRouter
+  - UniFi AP Outdoor+
+
+* Western Digital
+
+  - My Net N600
+  - My Net N750
+
+x86-xen_domu
+^^^^^^^^^^^^
+
+New target containing the necessary drivers for use in Xen.
+
+x86-64
+^^^^^^
+
+64bit version of `x86-generic`. The generic image can also be used in KVM with VirtIO.
+
+New features
+~~~~~~~~~~~~
+
+Kernel module opkg repository
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+We've not been able to keep ABI compatiblity with the kernel of the official OpenWrt images.
+Therefore, Gluon now generates an opkg repository with modules itself.
+
+The repository can be found at `output/modules/` by default, the image output directory has
+been moved from `images/` to `output/images/`. See the updated :doc:`../user/getting_started` guide
+for information on the handling of the signing keys for this repository.
+
+The `opkg_repo` site.conf option has been replaced to allow specifying this and other additional repositories.
+
+New status page
+^^^^^^^^^^^^^^^
+
+The new status page provides a visually pleasing experience, and displays all important information
+on a node in a clear manner. It also contains a real-time signal strength graph for all neighbouring
+nodes to aid with the alignment of antennas.
+
+802.11s mesh support
+^^^^^^^^^^^^^^^^^^^^
+
+Gluon now supports using 802.11s for its mesh links instead of IBSS (Adhoc). This will allow supporting
+more WLAN hardware in the future (like Ralink/Mediatek, which don't support AP and IBSS mode simultaneously).
+
+Note that batman-adv is still used on top of 802.11s (and 802.11s forwarding is disabled), the mesh routing protocol
+provided by 802.11s is not used.
+
+Multicast filter extension
+^^^^^^^^^^^^^^^^^^^^^^^^^^
+
+The `gluon-ebtables-filter-multicast` package has been extended to filter out multicast
+ICMP and ICMPv6 Echo Requests (ping) and Node Information Queries (RFC4620). This prevents
+pings to multicast addresses like ff02::1 to cause traffic peaks
+(as all nodes and clients would answer such a ping).
+
+French translation
+^^^^^^^^^^^^^^^^^^
+
+A French translation for the Config Mode/Expert Mode has been added.
+
+Bugfixes
+~~~~~~~~
+
+* Update kernel code for the QCA953x
+
+  Might improve stability of the TP-Link TL-WR841N/ND v9.
+* Fix model detection on some Netgear WNDR3700v2
+
+  The broken devices will identify as "NETGEAR ".
+  This also breaks the autoupdater, making a manual upgrade necessary.
+* Ensure that `odhcp6c` doesn't spawn multiple instances of ``dhcpv6.script``
+* Fix support for Buffalo WZR-600DHP
+
+  A flashable factory image is generated now. The sysupgrade image is still shared
+  with the WZR-HP-AG300H.
+
+Site changes
+~~~~~~~~~~~~
+
+* ``site.conf``
+
+  - New WLAN configuration
+
+    ``wifi24`` and ``wifi5`` need to be updated to a new more flexible format.
+    A configuration using the old format
+
+    ::
+
+      {
+        channel = 1,
+        htmode = 'HT20'
+        ssid = 'entenhausen.freifunk.net',
+        mesh_ssid = 'xe:xx:xx:xx:xx:xx',
+        mesh_bssid = 'xe:xx:xx:xx:xx:xx',
+        mesh_mcast_rate = 12000,
+      }
+
+    would look like this in the new format::
+
+      {
+        channel = 1,
+        ap = {
+          ssid = 'entenhausen.freifunk.net',
+        },
+        ibss = {
+          ssid = 'xe:xx:xx:xx:xx:xx',
+          bssid = 'xe:xx:xx:xx:xx:xx',
+          mcast_rate = 12000,
+        },
+      }
+
+    The ``htmode`` option has been dropped, the channel width is now always set to 20MHz
+    (see https://github.com/freifunk-gluon/gluon/issues/487 for a discussion of this change).
+
+    In addition to the old IBSS (Adhoc) based meshing, 802.11s-based meshing can be configured
+    using the ``mesh`` section. Example::
+
+      {
+        channel = 1,
+        ap = {
+          ssid = 'entenhausen.freifunk.net',
+        },
+        mesh = {
+          id = 'mesh.entenhausen.freifunk.net', -- can by any string, human-readable or random
+          mcast_rate = 12000,
+        },
+      }
+
+    While using ``ibss`` and ``mesh`` at the same time is possible, is causes high load in
+    very active meshes, so it is advisable to avoid such configurations.
+
+  - Bandwidth limitation defaults
+
+    The old section ``simple_tc.mesh_vpn`` has been moved to ``fastd_mesh_vpn.bandwidth_limit`` and the ``ifname``
+    field isn't used anymore. What looked like this
+    before
+
+    ::
+
+      simple_tc = {
+        mesh_vpn = {
+          ifname = 'mesh-vpn',
+          enabled = false,
+          limit_egress = 200,
+          limit_ingress = 3000,
+        },
+      }
+
+    needs to be changed to
+
+    ::
+
+      fastd_mesh_vpn = {
+        -- ...
+
+        bandwidth_limit = {
+          enabled = false,
+          egress = 200,
+          ingress = 3000,
+        },
+      }
+
+  - opkg repository configuration
+
+    The opkg configuration has been changed to be more flexible and allow specifying custom repositories.
+    Example::
+
+      opkg = {
+        openwrt = 'http://opkg.services.ffeh/openwrt/%n/%v/%S/packages',
+        extra = {
+          modules = 'http://opkg.services.ffeh/modules/gluon-%GS-%GR/%S',
+        },
+      }
+
+    The keys of the ``extra`` table (like ``modules`` in this example) can be chosen arbitrarily.
+
+    Instead of explicitly specifying the whole URL, using patterns is recommended. The following
+    patterns are understood:
+
+    - ``%n`` is replaced by the OpenWrt version codename (e.g. "chaos_calmer")
+    - ``%v`` is replaced by the OpenWrt version number (e.g. "15.05")
+    - ``%S`` is replaced by the target architecture (e.g. "ar71xx/generic")
+    - ``%GS`` is replaced by the Gluon site code (as specified in ``site.conf``)
+    - ``%GV`` is replaced by the Gluon version
+    - ``%GR`` is replaced by the Gluon release (as specified in ``site.mk``)
+
+
+* ``site.mk``
+
+  - The packages `gluon-announce` and `gluon-announced` were merged into
+    the package `gluon-respondd`. If you had any of them (probably
+    `gluon-announced`) in your package list, you have to replace them.
+
+
+* ``i18n/``
+
+  - The translations of ``gluon-config-mode:pubkey`` now have to show the fastd
+    public key themselves if desired, making the formatting of the key and whether it is shown at
+    all configurable. To retain the old format, add ``<p>`` to the beginning of
+    your translations and append::
+
+    "</p>"
+    "<div class=\"the-key\">"
+    " # <%= hostname %>"
+    " <br/>"
+    "<%= pubkey %>"
+    "</div>"
+
+Internals
+~~~~~~~~~
+
+* OpenWrt has been updated to Chaos Calmer
+* mac80211 has been backported from OpenWrt trunk r47249 (wireless-testing 2015-07-21)
+
+  This allows us to support the TL-WR940N v3/TL-WR941ND v6, which uses a TP9343 (QCA956x) SoC.
+* Several packages have been moved from the Gluon repo to the packages repo, removing references to Gluon:
+
+  - gluon-cron -> micrond (the crontabs are now read from ``/usr/lib/micron.d`` instead of ``/lib/gluon/cron``)
+  - gluon-radvd -> uradvd
+  - gluon-simple-tc -> simple-tc (the config file has been renamed as well)
+
+* Some of the Gluon-specific i18n support code in the build system has been removed, as LuCI now provides
+  similar facilities
+* The C-based `luci-lib-jsonc` library is now used for JSON encoding/decoding instead of the pure Lua `luci-lib-json`
+* The site config is now stored as JSON on the node. The Lua interface ``gluon.site_config`` is still available, and a C interface was added as part of the new package `libgluonutil`.
+* The `respondd` daemon now uses C modules instead of Lua snippets, which greatly enhances response speed and reduces memory usage. The Gluon integration package has
+  been renamed from `gluon-announced` to `gluon-respondd`.
+
+Known Issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Expert Mode is recommended.
+* batman-adv causes stability issues for both alfred and respondd/announced (`#177 <https://github.com/freifunk-gluon/gluon/issues/177>`_)
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd/announced API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced in the next release. The old API will still be supported for a while.

docs/releases/v2016.2.1.rst

@@ -0,0 +1,59 @@
+Gluon 2016.2.1
+==============
+
+Added hardware support
+~~~~~~~~~~~~~~~~~~~~~~
+
+ar71xx-generic
+^^^^^^^^^^^^^^
+
+* TP-Link
+
+  - TL-WA901ND v4
+
+Bugfixes
+~~~~~~~~
+
+* Make status page work with disabled cookies/local storage
+  (`#912 <https://github.com/freifunk-gluon/gluon/pull/912>`_)
+
+* Update kernel to 3.18.44
+
+  Fixes CVE-2016-5195 and CVE-2016-7117. It is unlikely that these issues pose
+  a threat to usual Gluon setups, but installing additional packages may make a
+  system vulnerable. In any case, updating is highly recommended.
+
+* Downgrade mac80211 to an earlier state
+
+  Unfortunately, a mac80211 update that was done shortly before the release of
+  Gluon v2016.2 (that seemed necessary to properly support ath10k devices) had
+  again caused severe ath9k stability issues that remained unreported until v2016.2
+  was out.
+
+  We have now reverted mac80211 to an earlier state that was reported to be very
+  stable (while keeping the ath10k-specific changes); in addition, some patches
+  that were reported to cause connection or performance issues with certain clients
+  have been reverted. While is it still not perfectly stable, is should be at least
+  as good as (and probably better than) the v2016.1.x release series.
+
+Known Issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
+
+* Git HTTPS downloads from git.kernel.org fail on Debian Wheezy (`#919 <https://github.com/freifunk-gluon/gluon/issues/919>`_)
+
+  The GnuTLS version on Debian Wheezy is too old and can't establish a connection with
+  git.kernel.org anymore. A newer GnuTLS version is available in wheezy-backports, but
+  as there is no libcurl3-gnutls package linked against the new version, installing the
+  new version has no effect.

docs/releases/v2016.2.2.rst

@@ -0,0 +1,78 @@
+Gluon 2016.2.2
+==============
+
+Added hardware support
+~~~~~~~~~~~~~~~~~~~~~~
+
+ar71xx-generic
+^^^^^^^^^^^^^^
+
+* TP-Link
+
+  - CPE210/510 EU/US versions
+  - TL-WA801N/ND v3
+  - TL-WR841ND v11 EU/US versions
+
+Bugfixes
+~~~~~~~~
+
+* Fix boot on certain QCA955x-based devices (e.g. OpenMesh OM5P AC v2) (`#965 <https://github.com/freifunk-gluon/gluon/pull/965>`_)
+
+  This issue was a regression in Gluon v2016.2.1.
+
+* Build: Fix git downloads from git.kernel.org on Debian Wheezy (`#919 <https://github.com/freifunk-gluon/gluon/issues/919>`_)
+
+  We've switched back from HTTPS to the git protocol for now to avoid using
+  the old GnuTLS version of Debian Wheezy which can't establish a HTTPS connection
+  with git.kernel.org anymore.
+
+  This issue was a regression in Gluon v2016.2.
+
+* Fix RX filter of Ubiquiti UAP Outdoor+ (`d43147a8e03d <https://github.com/freifunk-gluon/gluon/commit/d43147a8e03dd17bc27e4ab203736f2151f9db3d>`_)
+
+  This issue was a regression in Gluon v2016.2.
+
+* Fix switched WAN/LAN interface assignment on CPE210 (`59deb2064d54 <https://github.com/freifunk-gluon/gluon/commit/59deb2064d54a37e27139b76a3b6064f5f10f364>`_)
+
+  This issue was a regression in Gluon v2016.2.
+
+* Significantly reduce CPU load used by signal strength LEDs (`#897 <https://github.com/freifunk-gluon/gluon/issues/897>`_)
+
+* Fix ethernet port of the Ubiquiti UAP AC Lite (`#911 <https://github.com/freifunk-gluon/gluon/issues/911>`_)
+
+* Build: Don't use host ``/tmp`` directory (`f9072a36411b <https://github.com/freifunk-gluon/gluon/commit/f9072a36411b92089c697b2c0a564155bfe10bd1>`_)
+
+  Fixes build when ``/tmp`` is mounted with *noexec*.
+
+* Fix mesh interface type respondd/alfred announcements when using VLANs over IBSS (`#941 <https://github.com/freifunk-gluon/gluon/issues/941>`_)
+
+* Fix next-node ebtables rules without *next_node.ip4* (`9dbe9f785d2b <https://github.com/freifunk-gluon/gluon/commit/9dbe9f785d2b439c3ebdae365b808ebf42b3cf03>`_)
+
+  Gluon v2016.2 added support for using the next-node feature without specifying an IPv4
+  address. Some scripts had not been adjusted, making the next-node unreliable when
+  no IPv4 address was specified.
+
+Other changes
+~~~~~~~~~~~~~
+
+* x86-generic and x86-64 images now have PATA and MMC support to allow using them
+  on various devices that were previously unsupported.
+
+* Clean up opkg postinst scripts up on image generation
+
+  OpenWrt does this by default to save a little space.
+
+Known Issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.

docs/releases/v2016.2.3.rst

@@ -0,0 +1,62 @@
+Gluon 2016.2.3
+==============
+
+Added hardware support
+~~~~~~~~~~~~~~~~~~~~~~
+
+ar71xx-generic
+^^^^^^^^^^^^^^
+
+* TP-Link TL-WR940N v4
+* TP-Link TL-WR1043ND v4
+
+Removed hardware support
+~~~~~~~~~~~~~~~~~~~~~~~~
+
+Support for Meraki devices (MR12/16/62/66) has been removed for now because of
+severe problems (all devices were using the same MAC addresses). Support will return
+when the issues have been fixed.
+
+Bugfixes
+~~~~~~~~
+
+* Automatically restart respondd on failure (`#863 <https://github.com/freifunk-gluon/gluon/issues/863>`_)
+
+  There have been many reports of respondd processes disappearing; the exact cause is unclear,
+  but might be related to the batman-adv debugfs interface and/or out-of-memory conditions.
+
+  A new respondd initscript uses procd to automatically restart respondd when it dies.
+
+* Make autoupdater timeouts more robust (`#987 <https://github.com/freifunk-gluon/gluon/issues/987>`_)
+
+  It was reported that wget processes sometimes hang indefinitely during the autoupdater manifest
+  download. The autoupdater has been improved to ensure that wget can always be interrupted after
+  a timeout.
+
+  This issue, together with the recent addition of lock files to ensure that only one instance
+  of the autoupdater can run at a time, had caused the autoupdater to blocked completely
+  by hanging processes in some cases (till a node was rebooted).
+
+* Fix regulation domain switching in ath10k (`#1001 <https://github.com/freifunk-gluon/gluon/pull/1001>`_)
+
+  Prevents use of too high transmission power in some cases.
+
+* Ensure that *prefix6* in site.conf is always a /64 prefix (`6b62e2f <https://github.com/freifunk-gluon/gluon/commit/6b62e2fc788cd1f83f6634288a15724dfc42b0fd>`_)
+
+  Other prefix lengths were never supported and don't make sense in many places the prefix is used. Ensure
+  that such configurations will not pass validation.
+
+Known Issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.

docs/releases/v2016.2.4.rst

@@ -0,0 +1,55 @@
+Gluon 2016.2.4
+==============
+
+Bugfixes
+~~~~~~~~
+
+* Fix batman-adv (compat 15) not being able to transmit packages of specific sizes (`b7eeef9 <https://github.com/freifunk-gluon/gluon/commit/b7eeef9b04b44a70b2a953c4efe35a3fdceba2db>`_)
+
+  We suspect that this issue was also the reason for the autoupdater/wget hangs observed by many communities.
+  Non-Gluon nodes like gateways should be updated to batman-adv 2017.0.1 to get the fix.
+
+* Fix build after ftp.all.kernel.org discontinuation (`#1059 <https://github.com/freifunk-gluon/gluon/issues/1059>`_)
+
+* Fix high load because of frequent calls of the respondd initscript (`9a0aeb9 <https://github.com/freifunk-gluon/gluon/commit/9a0aeb9b7482df4e4515e61356b9d393e3a7eacb>`_)
+
+  The respondd restart triggers added in v2016.2.3 ran a significant portion of the respondd initscript for each router advertisement
+  received. This was fixed by a backport of a netifd patch.
+
+* x86 sysupgrade fixes (`41fd50d <https://github.com/freifunk-gluon/gluon/commit/41fd50d20ba31d73c4796c5b2d4eb44ad2258b90>`_,
+  `ad37e2b <https://github.com/freifunk-gluon/gluon/commit/ad37e2b6b43b2c3389356d892b04f3873d8f6b93>`_)
+
+  This fixes sysupgrade on mmcblk and similar devices.
+
+Other changes
+~~~~~~~~~~~~~
+
+* The manifest generator has been extended to generate SHA256 checksums in addition to SHA512 ones
+  (`f9d59be <https://github.com/freifunk-gluon/gluon/commit/f9d59be731efd31a26c59e049ccbdc4b1762f6b1>`_)
+
+  We have recently switched the autoupdater to SHA256 in the Gluon master to avoid mixing two different
+  lengths of hashes for no good reason. This makes the manifests of Gluon v2016.2.x compatible with the
+  new autoupdater so it doesn't prevent backports or downgrades.
+
+  **Note:** Downgrades of major Gluon versions are generally unsupported and will often lead to
+  broken configurations.
+
+Known Issues
+~~~~~~~~~~~~
+
+* x86 sysupgrade (sometimes) loses config when kernel partition grows (`#1010 <https://github.com/freifunk-gluon/gluon/issues/1010>`_)
+
+  This issue affects upgrades from v2016.2.x and older to the Gluon master only, we hope to fix it before the next
+  major release.
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.

docs/releases/v2016.2.5.rst

@@ -0,0 +1,36 @@
+Gluon 2016.2.5
+==============
+
+This version contains only a single bugfix for a regression introduced in Gluon v2016.2.4.
+As the regression affects batman-adv compat 15 only, firmwares using the compat 14 legacy
+version don't need to be updated.
+
+Bugfixes
+~~~~~~~~
+
+* Fix kernel crash with batman-adv compat 15 (`d452a7c <https://github.com/freifunk-gluon/gluon/commit/d452a7c2cf1c0da4e034666a50dc0e7aa9ddc592>`_)
+
+  An incorrect backport of a fix for a very improbable kernel crash caused a much more
+  frequent kernel crash. The backport has been fixed.
+
+  This bug a regression in Gluon v2016.2.4.
+
+Known Issues
+~~~~~~~~~~~~
+
+* x86 sysupgrade (sometimes) loses config when kernel partition grows (`#1010 <https://github.com/freifunk-gluon/gluon/issues/1010>`_)
+
+  This issue affects upgrades from v2016.2.x and older to the Gluon master only, we hope to fix it before the next
+  major release.
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.

docs/releases/v2016.2.6.rst

@@ -0,0 +1,57 @@
+Gluon 2016.2.6
+==============
+
+Added hardware support
+~~~~~~~~~~~~~~~~~~~~~~
+
+ar71xx-generic
+^^^^^^^^^^^^^^
+
+* TP-Link TL-WR841N/ND v12
+
+Bugfixes
+~~~~~~~~
+
+* Fix `CVE-2016-10229 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10229>`_
+  (`#1097 <https://github.com/freifunk-gluon/gluon/issues/1097>`_)
+
+  Fortunately, the standard Gluon setup is not vulnerable, as the issue only affects
+  applications that use MSG_PEEK on UDP sockets. dnsmasq does use MSG_PEEK, but
+  only in the DHCP component, which is not enabled during normal node operation.
+
+* Fix roaming issue affecting communication between clients
+  (`#1121 <https://github.com/freifunk-gluon/gluon/issues/1121>`_)
+
+  This issue affects all previous releases of Gluon v2016.2.x.
+
+* Fix build against OpenSSL 1.1 (`b6a22ce <https://github.com/freifunk-gluon/gluon/commit/b6a22ce79307853b175192178bb0333d976a3a6f>`_)
+
+* Fix build with long path names (`#1120 <https://github.com/freifunk-gluon/gluon/issues/1120>`_)
+
+* Use new staged sysupgrade procedure (`d4a69c0 <https://github.com/freifunk-gluon/gluon/commit/d4a69c00047f72696a2400cd7129be032de458e3>`_)
+
+  The new sysupgrade fixes an issue affecting x86, causing nodes to lose their
+  configuration on upgrade when the size of the kernel partition grows. This is
+  the case when upgrading from Gluon v2016.2.x to newer (LEDE-based) Gluon
+  versions. **This means that a Gluon node running an older version must be
+  upgraded to Gluon v2016.2.6 first before switching to a LEDE-based version!**
+
+  One downside of the staged sysupgrade is that all processes, including the SSH
+  server, will be terminated at the start of the sysupgrade to allow unmounting
+  the root filesystem. This makes it impossible to get any feedback from the
+  upgrade process without a serial console.
+
+Known Issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.

docs/releases/v2016.2.7.rst

@@ -0,0 +1,31 @@
+Gluon 2016.2.7
+==============
+
+This release only fixes a single regression introduced in Gluon v2016.2.6, and
+add support for building using Perl 5.26.
+
+Bugfixes
+~~~~~~~~
+
+* Improve sysupgrade error handling (`#1160 <https://github.com/freifunk-gluon/gluon/issues/1160>`_)
+
+  If for some reason processes don't react to SIGKILL (usually because of a kernel bug),
+  a node could hang forever in sysupgrade, requiring a power cycle. This has been
+  fixed, triggering a reboot instead.
+
+* Backport fixes to support building with Perl 5.26 or newer (`76753ed <https://github.com/freifunk-gluon/gluon/commit/76753ede0da78e24208f10675fa288247deec961>`_)
+
+Known Issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.

docs/releases/v2016.2.rst

@@ -0,0 +1,179 @@
+Gluon 2016.2
+============
+
+Added hardware support
+~~~~~~~~~~~~~~~~~~~~~~
+
+ar71xx-generic
+^^^^^^^^^^^^^^
+
+* ALFA Network
+
+  - Tube2H
+  - N2
+  - N5
+
+* Buffalo
+
+  - WZR-HP-G300NH2
+
+* GL Innovations
+
+  - GL-AR150
+
+* OpenMesh
+
+  - MR1750 v1, v2 [#ath10k]_
+  - OM2P-HS v3
+  - OM5P-AC v1, v2 [#ath10k]_
+
+* TP-Link
+
+  - Archer C5 v1 [#ath10k]_
+  - Archer C7 v2 [#ath10k]_
+  - TL-WR710N v2.1
+  - TL-WR842N/ND v3
+
+* Ubiquiti
+
+  - UniFi AP AC Lite [#ath10k]_
+  - UniFi AP AC Pro [#ath10k]_
+
+.. [#ath10k]
+  Device uses the ath10k WLAN driver; no image is built unless GLUON_ATH10K_MESH
+  is set as described in :ref:`getting-started-make-variables`
+
+brcm2708-bcm2708
+^^^^^^^^^^^^^^^^
+
+* RaspberryPi 1
+
+brcm2708-bcm2709
+^^^^^^^^^^^^^^^^
+
+* RaspberryPi 2
+
+New features
+~~~~~~~~~~~~
+
+* Many UBNT Airmax XM model names are detected correctly now (e.g., the Loco
+  is no longer displayed as Bullet) (`#632 <https://github.com/freifunk-gluon/gluon/pull/632>`_)
+
+  Also, various new image aliases have been added for these devices.
+
+* batman-adv: mesh_no_rebroadcast is now enabled for Mesh-on-WAN/LAN (`#652 <https://github.com/freifunk-gluon/gluon/issues/652>`_)
+
+* The new UCI option ``gluon-core.@wireless[0].preserve_channels`` can be used to
+  prevent a changed WLAN channel from being reset on firmware upgrades (`#640 <https://github.com/freifunk-gluon/gluon/issues/640>`_)
+
+* PoE passthrough can now be configured from site.conf and the Advanced Settings
+  on TP-Link CPE 210/510 and Ubiquiti NanoStations (`#328 <https://github.com/freifunk-gluon/gluon/issues/328>`_)
+
+* The config mode *altitude* field can now be hidden using the ``config_mode.geo_location.show_altitude``
+  site.conf setting (`#693 <https://github.com/freifunk-gluon/gluon/issues/693>`_)
+
+* The contact information field in the config mode can be made obligatory using
+  the ``config_mode.owner.obligatory`` site.conf option
+
+* The *node name* setting in the config mode is no longer restricted to valid DNS
+  hostnames, but allows any UTF-8 string (`#414 <https://github.com/freifunk-gluon/gluon/issues/414>`_)
+
+* Besides the hostname, public key, site config and primary MAC address, the contact
+  information can now be accessed from config mode site texts
+
+* The functions ``escape`` and ``urlescape`` for HTML and URL escaping are now available from config mode
+  site texts. They should always be used when including user-provided information like
+  hostnames and contact information in HTML code or URLs.
+
+* Dropbear has been updated to a newer version, enabling new SSH crypto methods and removing
+  some old ones like DSA. This reduces the time needed for the first boot and makes
+  SSH logins faster (`#223 <https://github.com/freifunk-gluon/gluon/issues/223>`_)
+
+* WLAN basic and supported rate sets have been made configurable, to allow disabling
+  802.11b rates (`#810 <https://github.com/freifunk-gluon/gluon/pull/810>`_)
+
+* ath10k-based devices are now supported officially; it's possible to choose between
+  IBSS- and 11s-capable firmwares in site.mk (`#864 <https://github.com/freifunk-gluon/gluon/pull/864>`_)
+
+* The ``prefix4`` and ``next_node.ip4`` site.conf options are optional now.
+
+Bugfixes
+~~~~~~~~
+
+* The stability of the ath9k WLAN driver has been improved significantly
+  (`#605 <https://github.com/freifunk-gluon/gluon/issues/605>`_)
+
+  mac80211, hostapd and other related drivers and services have been backported from LEDE ``42f559e``.
+
+* Extremely slow downloads could lead to multiple instances of the autoupdater
+  running concurrently (`#582 <https://github.com/freifunk-gluon/gluon/pull/582>`_)
+
+  A lockfile is used to prevent this and timeouts have been added to download processes.
+
+* Usage of static DNS servers on the WAN port has been fixed
+  (`#886 <https://github.com/freifunk-gluon/gluon/issues/886>`_)
+
+  This is a regression introduced in Gluon v2016.1.6.
+
+Other changes
+~~~~~~~~~~~~~
+
+* The "Expert Mode" has been renamed to "Advanced Settings"
+
+Site changes
+~~~~~~~~~~~~
+
+site.mk
+^^^^^^^
+
+If you want to support ath10k-based devices, you should set GLUON_ATH10K_MESH
+and GLUON_REGION as described in :ref:`getting-started-make-variables`.
+
+i18n
+^^^^
+
+As the hostname field may now contain an arbitrary UTF-8 string, escaping must
+be added.
+
+Change
+
+::
+
+  <%=hostname%>
+
+to
+
+::
+
+  <%=escape(hostname)%>
+
+Inside of URLs, ``urlescape`` must be used instead of ``escape``.
+
+Internals
+~~~~~~~~~
+
+* Mesh interfaces are now configured in a protocol-independent way in UCI (`#870 <https://github.com/freifunk-gluon/gluon/pull/870>`_)
+
+  The MAC address assignment of all mesh and WLAN interfaces has been modified to prepare for support of
+  Ralink/Mediatek-based WLAN chips.
+
+* Preparations for supporting the new batman-adv multicast optimizations have been made
+  (`#674 <https://github.com/freifunk-gluon/gluon/pull/674>`_, `#675 <https://github.com/freifunk-gluon/gluon/pull/675>`_,
+  `#679 <https://github.com/freifunk-gluon/gluon/pull/679>`_)
+
+* All Lua code is minified now to save some space
+
+Known Issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.

docs/releases/v2017.1.1.rst

@@ -0,0 +1,41 @@
+Gluon 2017.1.1
+==============
+
+Bugfixes
+~~~~~~~~
+
+* The autoupdater manifest has been extended to allow automatic upgrades from
+  old *x86-kvm* and *x86-xen_domu* systems to the new *x86-generic* image
+  (`869ceb4 <https://github.com/freifunk-gluon/gluon/commit/869ceb425cd5f9db3eafddcc52377fd94c6ba0dd>`_)
+
+* Make flash writable again on Ubiquiti PicoStations with certain bootloader
+  versions (and possibly other devices)
+  (`9a787c9 <https://github.com/freifunk-gluon/gluon/commit/9a787c9878069158151c843b8fd9aa338815d61e>`_)
+
+  Units affected by this issue running Gluon v2017.1 can't leave config mode and
+  no regular sysupgrades are possible. TFTP recovery is necessary to make them
+  work again.
+
+* Add workaround to prevent sporadic segfaults of busybox (ash) when running shell scripts on ar71xx
+  (`#1157 <https://github.com/freifunk-gluon/gluon/issues/1157>`_)
+
+* Disable batman-adv multicast optimizations to work around issue causing large
+  amounts of management traffic
+  (`819758f <https://github.com/freifunk-gluon/gluon/commit/819758f4250af8820851945ba1a6c17748b0ab4b>`_)
+
+  Multicast optimizations will be enabled again when a proper fix is available.
+
+Known issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.

docs/releases/v2017.1.2.rst

@@ -0,0 +1,84 @@
+Gluon 2017.1.2
+==============
+
+New features
+~~~~~~~~~~~~
+
+* Preserve *gw_mode* on sysupgrades (`#1196 <https://github.com/freifunk-gluon/gluon/issues/1196>`_)
+
+  When a Gluon node is used as uplink (for example by connecting it to a router with
+  a DHCP server directly, instead of using non-Gluon servers for the internet uplink),
+  the *gw_mode* must be set to *server* on that node. The changed *gw_mode* is now
+  preserved on upgrades.
+
+* Allow configuring the batman-adv routing algorithm (*BATMAN IV* or *BATMAN V*)
+  in *site.conf* (`#1185 <https://github.com/freifunk-gluon/gluon/issues/1185>`_)
+
+  *BATMAN V* still hasn't received extensive testing (and is incompatible with *BATMAN IV*).
+  This new option allows to set up *BATMAN V*-based test meshes. If unset, the routing
+  algorithm will default to *BATMAN IV*.
+
+  Configuration:
+
+  .. code-block:: lua
+
+    mesh = {
+      batman_adv = {
+        routing_algo = 'BATMAN_V'
+      }
+    }
+
+* New *show-release* Make target
+
+  The command ``make show-release`` can be used to print the release number
+  defined by *GLUON_RELEASE* to the standard output. This can be useful for build scripts
+  when a ``$(shell ...)`` expression is used in *site.mk* to generate the release
+  number.
+
+Bugfixes
+~~~~~~~~
+
+* The image build code used for some devices has been fixed, solving multiple
+  issues (`#1193 <https://github.com/freifunk-gluon/gluon/issues/1193>`_)
+
+  Problems caused by this issue include:
+
+  - sysupgrade rejecting Allnet images
+  - OpenMesh devices losing their configuration on upgrades
+
+  This is a regression introduced in Gluon v2017.1.
+
+* Improve sysupgrade error handling (`#1160 <https://github.com/freifunk-gluon/gluon/issues/1160>`_)
+
+  If for some reason processes don't react to SIGKILL (usually because of a kernel bug),
+  a node could hang forever in sysupgrade, requiring a power cycle. This has been
+  fixed, triggering a reboot instead.
+
+* Also display *gluon-config-mode:novpn* message when Tunneldigger is installed, but disabled
+  (`#1172 <https://github.com/freifunk-gluon/gluon/issues/1172>`_)
+
+  It was only displayed on nodes with fastd before.
+
+* Fix migration of enabled/disabled state between fastd and Tunneldigger
+  (`#1187 <https://github.com/freifunk-gluon/gluon/issues/1187>`_)
+
+Known issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
+
+* Sporadic segfaults of busybox (ash) when running shell scripts on ar71xx
+  (`#1157 <https://github.com/freifunk-gluon/gluon/issues/1157>`_)
+
+  The workaround added in Gluon v2017.1.1 has greatly reduced the frequency of
+  segfaults, but did not make them disappear completely.

docs/releases/v2017.1.3.rst

@@ -0,0 +1,65 @@
+Gluon 2017.1.3
+==============
+
+The LEDE base of Gluon has been updated to v17.01.3, including various updates,
+stability improvements and security fixes. This includes some critical fixes
+to core packages like dnsmasq (see below for details); upgrading all Gluon
+nodes to v2017.1.3 is highly recommended.
+
+
+Bugfixes
+~~~~~~~~
+
+* dnsmasq has been upgraded to v2.78, fixing CVE-2017-13704, CVE-2017-14491,
+  CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, 2017-CVE-14495 and
+  2017-CVE-14496
+
+  While many of the most severe (remote code execution) vulnarabilities are in
+  the DHCP component of dnsmasq, which is not active on a Gluon node unless in
+  Config Mode, CVE-2017-14491 does affect us. An attacker can cause memory
+  corruption and possibly remote code execution by deploying a malicious DNS
+  server and tricking a node into querying this server.
+
+* The Linux kernel has been upgraded to v4.4.89
+
+* Multiple security issues have been fixed in packages that are not usually part
+  of the Gluon build, including tcpdump, curl and mbedtls
+
+  Please refer to the
+  `LEDE commit log <https://git.lede-project.org/?p=source.git;a=shortlog;h=refs/heads/lede-17.01>`_
+  for details.
+
+* Filtering of multicast packets between the mesh and the *local-node* interface
+  has been fixed (`#1230 <https://github.com/freifunk-gluon/gluon/issues/1230>`_)
+
+  This issue was causing gluon-radvd to send a router advertisement to the local
+  clients whenever a router solicitation from the mesh was received. In busy
+  meshes, it would continuously send router advertisements every 3 seconds.
+
+* Reject autoupdater mirror URLs not starting with ``http://`` during build
+  (`9ab93992d1fc <https://github.com/freifunk-gluon/gluon/commit/9ab93992d1fca1b9cfa09c54d39cc92d3699055a>`_)
+
+* Fix MAC addresses on TP-Link TL-WR1043ND v4 when installing Gluon over newer
+  stock firmwares (`#1223 <https://github.com/freifunk-gluon/gluon/issues/1223>`_)
+
+
+Known issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
+
+* Sporadic segfaults of busybox (ash) when running shell scripts on ar71xx
+  (`#1157 <https://github.com/freifunk-gluon/gluon/issues/1157>`_)
+
+  The workaround added in Gluon v2017.1.1 has greatly reduced the frequency of
+  segfaults, but did not make them disappear completely.

docs/releases/v2017.1.4.rst

@@ -0,0 +1,56 @@
+Gluon 2017.1.4
+==============
+
+Added hardware support
+~~~~~~~~~~~~~~~~~~~~~~
+
+ar71xx-generic
+^^^^^^^^^^^^^^
+
+* GL Innovations GL-AR300M
+
+
+Bugfixes
+~~~~~~~~
+
+* LEDE has been updated to the latest stable commit, including various fixes for
+  the kernel (including security updates), and making opkg work again. This also
+  includes fixes for the KRACK issue (which is irrelevant for most Gluon
+  deployments, as Gluon nodes are rarely used as WLAN clients)
+  (`b62af904bbfd <https://github.com/freifunk-gluon/gluon/commit/b62af904bbfd6360ed728fc9ae69af3d8e8db1d7>`_,
+  `ba56b41ddaf6 <https://github.com/freifunk-gluon/gluon/commit/ba56b41ddaf6033e3cdef18d30da6b34cd438e8c>`_,
+  `ad0824136e5b <https://github.com/freifunk-gluon/gluon/commit/ad0824136e5b47482e11483c50e7bc88ba2c506e>`_,
+  `017fbe88bb8a <https://github.com/freifunk-gluon/gluon/commit/017fbe88bb8a89623464b02e09178696c1d077a6>`_)
+
+* Fix DNS resolution for mesh VPN (fastd / tunneldigger) on ARM-based targets
+  (`#1245 <https://github.com/freifunk-gluon/gluon/issues/1245>`_)
+
+* Fix a build issue in *kmod-jool*
+  (`06842728233a <https://github.com/freifunk-gluon/gluon/commit/06842728233a39784c437767eb9df4167ab07a87>`_)
+
+* Fix enabling/disabling PoE Passthrough in *site.conf* or in the
+  advanced settings
+  (`7268e49a301f <https://github.com/freifunk-gluon/gluon/commit/7268e49a301fcd643a49b329bd6097a0f85bdaBb>`_,
+  `7c2636d28264 <https://github.com/freifunk-gluon/gluon/commit/7c2636d28264df20b448b0160b69f5059c40b84a>`_)
+
+
+Known issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
+
+* Sporadic segfaults of busybox (ash) when running shell scripts on ar71xx
+  (`#1157 <https://github.com/freifunk-gluon/gluon/issues/1157>`_)
+
+  The workaround added in Gluon v2017.1.1 has greatly reduced the frequency of
+  segfaults, but it did not make them disappear completely.

docs/releases/v2017.1.5.rst

@@ -0,0 +1,57 @@
+Gluon 2017.1.5
+==============
+
+Added hardware support
+~~~~~~~~~~~~~~~~~~~~~~
+
+ar71xx-generic
+^^^^^^^^^^^^^^
+
+* TP-Link TL-WR1043N v5
+
+ramips-mt7621
+^^^^^^^^^^^^^
+
+* Ubiquiti EdgeRouter-X
+* Ubiquiti EdgeRouter-X SFP
+
+
+Bugfixes
+~~~~~~~~
+
+* Fix build with empty ``site/modules``
+  (`#1262 <https://github.com/freifunk-gluon/gluon/issues/1262>`_)
+
+* Fix Ethernet stalls at high throughput on certain devices
+  (`#1101 <https://github.com/freifunk-gluon/gluon/issues/1101>`_)
+
+* Update Tunneldigger to support connections with servers running newer kernel
+  versions (`9ed6ff752eb7 <https://github.com/freifunk-gluon/gluon/commit/9ed6ff752eb7972d90b138197641f12eeb4572fb>`_)
+
+* Fix batman-adv Bridge Loop Avoidance (BLA) with *gluon-ebtables-filter-multicast*
+  (`#1198 <https://github.com/freifunk-gluon/gluon/issues/1198>`_)
+
+
+Known issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.
+
+* Sporadic segfaults of busybox (ash) when running shell scripts on ar71xx
+  (`#1157 <https://github.com/freifunk-gluon/gluon/issues/1157>`_)
+
+  The workaround added in Gluon v2017.1.1 has greatly reduced the frequency of
+  segfaults, but it did not make them disappear completely.
+
+* Frequent reboots due to out-of-memory on weak hardware in larger meshes
+  (`#1243 <https://github.com/freifunk-gluon/gluon/issues/1243>`_)

docs/releases/v2017.1.rst

@@ -0,0 +1,234 @@
+Gluon 2017.1
+============
+
+General changes
+~~~~~~~~~~~~~~~
+
+Gluon 2017.1 is the first release of Gluon based on the LEDE 17.01 branch. The
+kernel has been updated from 3.18.x to 4.4.x.
+
+We've used the opportunity to greatly simplify the Gluon build system, removing
+many hacks that were required to make the build work with older OpenWrt releases.
+
+The *output/modules* directory is now called *output/packages* and provides a
+replacement for the whole repository with target-specific packages of LEDE (in
+contrast to packages that are common for all targets of the same architecture).
+Another change to the build system makes it necessary that the same *GLUON_RELEASE*
+value that is used to build the images is also set for ``make manifest``.
+
+GCC 4.8 or newer is now required to build Gluon.
+
+**Note: There is an issue in all Gluon versions before 2016.2.6 that will
+lead to x86 systems losing their configuration when upgrading to Gluon 2017.1!**
+Older Gluon versions should be upgraded to 2016.2.6 first before switching to
+2017.1.
+
+Another potential issue mostly affects virtual machines: Gluon 2017.1 images are
+bigger than 2016.2.x images on x86. If your virtual harddisk is based on a
+2016.2.x image, it must be resized to 273MB or bigger before upgrading to Gluon
+2017.1. Using qemu, the command
+
+::
+
+  qemu-img resize $IMAGE 273MB
+
+can be used to do this.
+
+Added hardware support
+~~~~~~~~~~~~~~~~~~~~~~
+
+ar71xx-generic
+^^^^^^^^^^^^^^
+
+* TP-Link
+
+  - RE450
+  - WBS210 v1.20
+  - WBS510 v1.20
+
+* Ubiquiti
+
+  - AirGateway LR
+  - AirGateway PRO
+  - Rocket M2/M5 Ti
+  - UniFi AP LR
+
+ar71xx-tiny
+^^^^^^^^^^^
+
+The new *ar71xx-tiny* target has split out of *ar71xx-generic*; all
+*ar71xx-generic* devices with only 4MB of flash have been moved to this target.
+
+In contrast to *ar71xx-generic*, *ar71xx-tiny* **does not support opkg anymore**
+to save some space.
+
+* TP-Link
+
+  - TL-WA730RE v1
+  - TL-WA7210N v2
+
+x86-generic
+^^^^^^^^^^^
+
+The *x86-kvm* and *x86-xen_domu* targets have been removed; the *x86-generic*
+images now support these usecases as well, so no separate targets are needed
+anymore.
+
+x86-geode
+^^^^^^^^^
+
+The new *x86-geode* target for hardware based on Geode CPUs has been added.
+
+New features
+~~~~~~~~~~~~
+
+* Localization support has been added to the status page. In addition to German,
+  there are English and Russian translations now (`#1044 <https://github.com/freifunk-gluon/gluon/issues/1044>`_)
+
+* Add support for making nodes a DNS cache for clients
+  (`#1000 <https://github.com/freifunk-gluon/gluon/issues/1000>`_)
+
+  See also: :doc:`../features/dns-cache`
+
+* Add L2TP via tunneldigger as an alternative VPN system
+  (`#978 <https://github.com/freifunk-gluon/gluon/issues/978>`_)
+
+  L2TP will usually give better performance than fastd as it runs in kernel
+  space, but it does not provide encryption. Also, tunneling over IPv6 is
+  currently unsupported by tunneldigger.
+
+  It is not possible to include both fastd and tunneldigger in the same
+  firmware.
+
+* Add source filter package (`#1015 <https://github.com/freifunk-gluon/gluon/issues/1015>`_)
+
+  The new package *gluon-ebtables-source-filter* can be used to prevent traffic
+  using unexpected IP addresses or packet types from entering the mesh.
+
+  See also: :doc:`../package/gluon-ebtables-source-filter`
+
+Bugfixes
+~~~~~~~~
+
+* Disabling batman-adv on an interface (for example when an Ethernet link is lost
+  or before sysupgrades) could lead to a kernel crash in certain configurations
+  (`#680 <https://github.com/freifunk-gluon/gluon/issues/680>`_)
+
+* A race condition in the network setup scripts could lead to incomplete setup
+  during boot or when interfaces were added or removed from batman-adv after
+  Ethernet link changes (`#905 <https://github.com/freifunk-gluon/gluon/issues/905>`_)
+
+  The fix also solved the long-standing issue of Ethernet-only nodes (i.e. no
+  WLAN or VPN mesh) not booting up correctly without an Ethernet mesh link.
+
+* Some fixes in the WLAN stack of LEDE have improved the stability of the ath9k
+  driver (`#605 <https://github.com/freifunk-gluon/gluon/issues/605>`_)
+
+Site changes
+~~~~~~~~~~~~
+
+site.mk
+^^^^^^^
+
+* The *gluon-legacy* package does not exist anymore
+* All *gluon-luci-* packages have been renamed to *gluon-web-*;
+  *gluon-luci-portconfig* is now called *gluon-web-network*
+* The *gluon-next-node* package has been merged into the Gluon core and must not
+  be specified in *site.mk* anymore
+
+site.conf
+^^^^^^^^^
+
+* The *fastd_mesh_vpn* configuration section has been restructured to allow
+  sharing more options with tunneldigger. Instead of
+
+  .. code-block:: lua
+
+    fastd_mesh_vpn = {
+      mtu = 1280,
+      configurable = true,
+      methods = {'salsa2012+umac'},
+      groups = { ... },
+      bandwidth_limit = { ... },
+    }
+
+  the configuration must look like this now:
+
+  .. code-block:: lua
+
+    mesh_vpn = {
+      mtu = 1280,
+      fastd = {
+        configurable = true,
+        methods = {'salsa2012+umac'},
+        groups = { ... },
+      }
+      bandwidth_limit = { ... },
+    }
+
+* The *opkg.openwrt* option has been renamed to *opkg.lede*
+
+i18n
+^^^^
+
+* The *escape* function has been removed as it was duplicating the existing
+  *pcdata* function. All uses of *escape* in i18n templates must be changed to
+  use *pcdata* instead.
+
+* The *gluon-config-mode:altitude-label* and *gluon-config-mode:altitude-help*
+  translation IDs have been added to allow adjusting the texts for different
+  kinds of altitudes that might be expected.
+
+* The optional *gluon-config-mode:novpn* label has been added, which will be
+  shown in place of *gluon-config-mode:pubkey* when mesh VPN is disabled.
+
+Internals
+~~~~~~~~~
+
+* The LuCI base libraries have been replaced by a stripped-down
+  version called "gluon-web" (`#1007 <https://github.com/freifunk-gluon/gluon/issues/1007>`_)
+
+  Custom packages will need to be adjusted; in particular, all uses of *luci.model.uci*
+  need to be replaced with *simple-uci*. The Gluon documentation explains the most important
+  changes required to migrate from LuCI to gluon-web.
+
+* respondd now listens on ``ff05::2:1001`` in addition to ``ff02::2:1001`` for mesh-wide
+  operation (`#984 <https://github.com/freifunk-gluon/gluon/issues/984>`_)
+
+  Eventually, ``ff02::2:1001`` will be available for exchanging information
+  between neighbouring nodes only; map servers should be moved to ``ff05::2:1001``.
+
+* batman-adv has been updated to version 2017.1
+
+* Directly running make commands in the *lede* directory is supported now. Consequently,
+  build targets like ``target/linux/clean`` and ``package/NAME/compile`` can't be used
+  in the Gluon repository root anymore.
+
+  The command ``make config`` will set up the LEDE *.config* in the way a normal
+  Gluon build would, so it's possible to build individual packages for testing
+  and development afterwards.
+
+* Target definitions have been migrated from a Make-based format to a simpler
+  shell-based DSL
+
+* Gluon does not pass any custom variables into the LEDE build anymore, so things
+  like *GLUONDIR*, *GLUON_VERSION*, or *GLUON_SITEDIR* aren't available
+  to package Makefiles in Gluon 2017.1.
+
+  Instead of ``$(GLUONDIR)/package.mk``, ``$(TOPDIR)/../package/gluon.mk`` must
+  be included in custom packages now.
+
+Known issues
+~~~~~~~~~~~~
+
+* Default TX power on many Ubiquiti devices is too high, correct offsets are unknown (`#94 <https://github.com/freifunk-gluon/gluon/issues/94>`_)
+
+  Reducing the TX power in the Advanced Settings is recommended.
+
+* The MAC address of the WAN interface is modified even when Mesh-on-WAN is disabled (`#496 <https://github.com/freifunk-gluon/gluon/issues/496>`_)
+
+  This may lead to issues in environments where a fixed MAC address is expected (like VMware when promicious mode is disallowed).
+
+* Inconsistent respondd API (`#522 <https://github.com/freifunk-gluon/gluon/issues/522>`_)
+
+  The current API is inconsistent and will be replaced eventually. The old API will still be supported for a while.

docs/site-example/i18n/de.po

@@ -12,27 +12,49 @@ msgstr ""
 
 msgid "gluon-config-mode:welcome"
 msgstr ""
-"Willkommen zum Einrichtungsassistenten für deinen neuen Entenhausener "
+"Willkommen zum Einrichtungsassistenten für deinen neuen Alpha Centauri "
 "Freifunk-Knoten. Fülle das folgende Formular deinen Vorstellungen "
 "entsprechend aus und sende es ab."
 
 msgid "gluon-config-mode:pubkey"
 msgstr ""
-"Dies ist der öffentliche Schlüssel deines Freifunk-Knotens. Erst nachdem "
-"er auf den Servern des Entenhausener Freifunk-Projektes eingetragen wurde, "
-"kann sich dein Knoten mit dem Entenhausener Mesh-VPN zu verbinden. Bitte "
+"<p>Dies ist der öffentliche Schlüssel deines Freifunk-Knotens. Erst nachdem "
+"er auf den Servern des Freifunk-Projektes auf Alpha Centauri eingetragen wurde, "
+"kann sich dein Knoten mit dem Mesh-VPN dort verbinden. Bitte "
 "schicke dazu diesen Schlüssel und den Namen deines Knotens "
-"(<em><%=hostname%></em>) an "
-"<a href=\"mailto:keys@entenhausen.freifunk.net\">keys@entenhausen.freifunk.net</a>."
+"(<em><%=pcdata(hostname)%></em>) an "
+"<a href=\"mailto:keys@alpha-centauri.freifunk.net?subject=<%= urlencode('Anmeldung: ' .. hostname) %>&amp;"
+"body=<%= urlencode('# ' .. hostname .. '\n' .. pubkey) %>\">keys@alpha-centauri.freifunk.net</a>."
+"</p>"
+"<div class=\"the-key\">"
+" # <%= pcdata(hostname) %>"
+" <br />"
+"<%= pubkey %>"
+"</div>"
+
+msgid "gluon-config-mode:novpn"
+msgstr ""
+"<p>Du hast ausgewählt, <strong>kein Mesh-VPN</strong> "
+"zu nutzen. Dein Knoten kann also nur dann eine Verbindung zum Freifunk-Netz "
+"aufbauen, wenn andere Freifunk-Router in WLAN-Reichweite sind."
+"</p>"
 
 msgid "gluon-config-mode:reboot"
 msgstr ""
-"<p>Dein Knoten startet gerade neu und wird anschließend versuchen, "
-"sich mit anderen Freifunkknoten in seiner Nähe zu "
+"<p>Dein Knoten <em><%= pcdata(hostname) %></em> startet gerade neu und wird "
+"anschließend versuchen, sich mit anderen Freifunkknoten in seiner Nähe zu "
 "verbinden. Weitere Informationen zur "
-"Entenhausener Freifunk-Community findest du auf "
-"<a href=\"https://entenhausen.freifunk.net/\">unserer Webseite</a>.</p>"
+"Alpha Centauri Freifunk-Community findest du auf "
+"<a href=\"https://alpha-centauri.freifunk.net/\">unserer Webseite</a>.</p>"
 "<p>Um zu dieser Konfigurationsseite zurückzugelangen, drücke im normalen "
 "Betrieb für drei Sekunden den Reset-Button. Das Gerät wird dann im Config "
 "Mode neustarten.</p>"
 "<p>Viel Spaß mit deinem Knoten und der Erkundung von Freifunk!</p>"
+
+msgid "gluon-config-mode:altitude-label"
+msgstr "Höhe"
+
+msgid "gluon-config-mode:altitude-help"
+msgstr ""
+"Die Höhenangabe ist optional und sollte nur gesetzt werden, wenn ein "
+"exakter Wert bekannt ist."

docs/site-example/i18n/en.po

@@ -2,8 +2,8 @@ msgid ""
 msgstr ""
 "Content-Type: text/plain; charset=UTF-8\n"
 "Project-Id-Version: PACKAGE VERSION\n"
-"PO-Revision-Date: 2015-03-19 20:28+0100\n"
-"Last-Translator: Matthias Schiffer <mschiffer@universe-factory.net>\n"
+"PO-Revision-Date: 2016-02-04 14:28+0100\n"
+"Last-Translator: David Lutz <kpanic@hirnduenger.de>\n"
 "Language-Team: English\n"
 "Language: en\n"
 "MIME-Version: 1.0\n"
@@ -12,25 +12,44 @@ msgstr ""
 
 msgid "gluon-config-mode:welcome"
 msgstr ""
-"Welcome the the setup wizard of your new Freifunk Duckburg node. "
-"Please fill out the following form and transmit it."
+"Welcome to the setup wizard of your new Freifunk Alpha Centauri node. "
+"Please fill out the following form and submit it."
 
 msgid "gluon-config-mode:pubkey"
 msgstr ""
-"This is your Freifunk node's public key. The node won't be able to "
-"connect to the mesh VPN until the key has been registered on the Freifunk "
-"Duckburg servers. "
-"To register the key send it together with your node's name (<em><%=hostname%></em>) to "
-"<a href=\"mailto:keys@entenhausen.freifunk.net\">keys@entenhausen.freifunk.net</a>."
+"<p>This is your Freifunk node's public key. The node won't be able to "
+"connect to the mesh VPN until the key has been registered on the Freifunk servers. "
+"To register, send the key together with your node's name (<em><%=pcdata(hostname)%></em>) to "
+"<a href=\"mailto:keys@alpha-centauri.freifunk.net?subject=<%= urlencode('Registration: ' .. hostname) %>&amp;"
+"body=<%= urlencode('# ' .. hostname .. '\n' .. pubkey) %>\">keys@alpha-centauri.freifunk.net</a>."
+"</p>"
+"<div class=\"the-key\">"
+" # <%= pcdata(hostname) %>"
+" <br />"
+"<%= pubkey %>"
+"</div>"
 
+msgid "gluon-config-mode:novpn"
+msgstr ""
+"<p>You have selected <strong>not</strong> to use the mesh VPN. "
+"Your node will only be able to connect to the Freifunk network if other nodes in reach "
+"already have a connection.</p>"
 
 msgid "gluon-config-mode:reboot"
 msgstr ""
-"<p>The node is currently rebooting and will try to connect to other "
-"nearby Freifunk nodes  after that. "
-"Your can find lots of information on the Freifunk Duckburg community on "
-"<a href=\"https://entenhausen.freifunk.net/\">our homepage</a>.</p>"
+"<p>Your node <em><%= pcdata(hostname) %></em> is currently rebooting and will "
+"try to connect to other nearby Freifunk nodes after that. For more "
+"information about the Freifunk community on Alpha Centauri, have a look at "
+"<a href=\"https://alpha-centauri.freifunk.net/\">our homepage</a>.</p>"
 "<p>To get back to this configuration interface, press the reset button for "
 "3 seconds during normal operation. The device will then reboot into config "
 "mode.</p>"
-"<p>Have fun with your node and exploring the Freifunk network!</p>"
+"<p>Have fun with your node and exploring of the Freifunk network!</p>"
+
+msgid "gluon-config-mode:altitude-label"
+msgstr "Altitude"
+
+msgid "gluon-config-mode:altitude-help"
+msgstr ""
+"Specifying the altitude is optional and should only be done if a proper "
+"value is known."

docs/site-example/i18n/fr.po

@@ -0,0 +1,58 @@
+msgid ""
+msgstr ""
+"Content-Type: text/plain; charset=UTF-8\n"
+"Project-Id-Version: PACKAGE VERSION\n"
+"PO-Revision-Date: 2015-08-06 20:28+0100\n"
+"Last-Translator: Tobias Bernot <tqbs@airmail.cc>\n"
+"Language-Team: French\n"
+"Language: fr\n"
+"MIME-Version: 1.0\n"
+"Content-Transfer-Encoding: 8bit\n"
+"Plural-Forms: nplurals=2; plural=(n != 1);\n"
+
+msgid "gluon-config-mode:welcome"
+msgstr ""
+"Bienvenue dans l'assistant de configuration pour votre nouveau nœud "
+"Freifunk. Remplissez le formulaire suivant en fonction de vos besoins "
+"et enregistrez le"
+
+msgid "gluon-config-mode:pubkey"
+msgstr ""
+"<p>Ceci est la clé publique de votre nœud Freifunk. Seulment après que la clé soit "
+"entrée sur les serveurs de votre groupe de Freifunk votre nœud pourra se connecter "
+"sur les serveur Mesh-VPN de votre groupe Freifunk. Veuillez envoyer la clé avec le "
+"nom de votre nœud "
+"(<em><%=pcdata(hostname)%></em>) à "
+"<a href=\"mailto:keys@alpha-centauri.freifunk.net?subject=<%= urlencode('Enregistrement: ' .. hostname) %>&amp;"
+"body=<%= urlencode('# ' .. hostname .. '\n' .. pubkey) %>\">keys@alpha-centauri.freifunk.net</a>."
+"</p>"
+"<div class=\"the-key\">"
+" # <%= pcdata(hostname) %>"
+" <br />"
+"<%= pubkey %>"
+"</div>"
+
+msgid "gluon-config-mode:novpn"
+msgstr ""
+"<p>Vous avez choisi de <strong>ne pas utiliser</strong> "
+"le réseau VPN. Votre nœud ne pourra se connecter au réseau Freifunk que si "
+"d'autres nœuds à portée ont déjà une connexion.</p>"
+
+msgid "gluon-config-mode:reboot"
+msgstr ""
+"<p>Votre nœud <em><%= pcdata(hostname) %></em> es en train de redémarrer et "
+"va ensuite éssayer de se connecter avec les autres nœuds du réseau Freifunk "
+"Vous pourrez trouver plus d'informations sur votre groupe Freifunk sur la page "
+"<a href=\"https://alpha-centauri.freifunk.net/\"> de ton groupe </a>.</p> "
+"<p> Pour retrouver cette page de configuration veuillier appuyez pendant le "
+"fonctionement normal pendant 3 Secondes sur le bouton reset. L'appareil va ensuite "
+"redémarer en mode configuration.</p> "
+"<p>Profitez votre de nœud et amusez vous à découvrir le réseau Freifunk!</p>"
+
+msgid "gluon-config-mode:altitude-label"
+msgstr "Hauteur"
+
+msgid "gluon-config-mode:altitude-help"
+msgstr ""
+"La altitude est optionelle et ne devrait que être ajoutée si la valeur "
+"exacte est connue."

docs/site-example/i18n/gluon-site.pot

@@ -7,5 +7,14 @@ msgstr ""
 msgid "gluon-config-mode:pubkey"
 msgstr ""
 
+msgid "gluon-config-mode:novpn"
+msgstr ""
+
 msgid "gluon-config-mode:reboot"
 msgstr ""
+
+msgid "gluon-config-mode:altitude-label"
+msgstr ""
+
+msgid "gluon-config-mode:altitude-help"
+msgstr ""

docs/site-example/site.conf

@@ -1,4 +1,4 @@
--- This is an example site configuration for Gluon v2015.1
+-- This is an example site configuration for Gluon v2017.1.5
 --
 -- Take a look at the documentation located at
 -- http://gluon.readthedocs.org/ for details.
@@ -10,12 +10,14 @@
   -- hostname_prefix = 'freifunk-',
 
   -- Name of the community.
-  site_name = 'Freifunk Entenhausen',
+  site_name = 'Freifunk Alpha Centauri',
 
   -- Shorthand of the community.
   site_code = 'ffxx',
 
-  -- Prefixes used within the mesh. Both are required.
+  -- Prefixes used within the mesh.
+  -- prefix6 is required, prefix4 can be omitted if next_node.ip4
+  -- is not set.
   prefix4 = '10.xxx.0.0/20',
   prefix6 = 'fdxx:xxxx:xxxx::/64',
 
@@ -35,42 +37,40 @@
     -- Wireless channel.
     channel = 1,
 
+    -- List of supported wifi rates (optional)
+    -- Example removes 802.11b compatibility for better performance
+    supported_rates = {6000, 9000, 12000, 18000, 24000, 36000, 48000, 54000},
+
+    -- List of basic wifi rates (optional, required if supported_rates is set)
+    -- Example removes 802.11b compatibility for better performance
+    basic_rate = {6000, 9000, 18000, 36000, 54000},
+
     -- ESSID used for client network.
-    ssid = 'entenhausen.freifunk.net',
+    ap = {
+      ssid = 'alpha-centauri.freifunk.net',
+      -- disabled = true, (optional)
+    },
 
-    -- Specifies the channel width in 802.11n and 802.11ac mode.
-    -- Possible values are:
-    -- HT20 (single 20MHz channel),
-    -- HT40- (2x 20MHz channels, secondary below)
-    -- HT40+ (2x 20MHz channels, secondary above)
-    htmode = 'HT20',
-
-    -- Adjust these values!
-    mesh_ssid = 'xe:xx:xx:xx:xx:xx',  -- ESSID used for mesh
-    mesh_bssid = 'xe:xx:xx:xx:xx:xx', -- BSSID used for mesh
-
-    -- Bitrate used for multicast/broadcast packets.
-    mesh_mcast_rate = 12000,
-
-    -- (optional) mesh VLAN on 802.11 ad-hoc interface (1-4095)
-    -- mesh_vlan = 14,
-    -- client_disabled = true,
-    -- mesh_disabled = false,
+    mesh = {
+      -- Adjust these values!
+      id = 'ffxx-mesh',
+      mcast_rate = 12000,
+      -- disabled = true, (optional)
+    },
   },
 
   -- Wireless configuration for 5 GHz interfaces.
   -- This should be equal to the 2.4 GHz variant, except
-  -- for channel and htmode.
+  -- for channel.
   wifi5 = {
-    ssid = 'entenhausen.freifunk.net',
     channel = 44,
-    htmode = 'HT20',
-    mesh_ssid = 'xx:xx:xx:xx:xx:xx',
-    mesh_bssid = 'xx:xx:xx:xx:xx:xx',
-    mesh_mcast_rate = 12000,
-    -- mesh_vlan = 14,
-    -- client_disabled = true,
-    -- mesh_disabled = false,
+    ap = {
+      ssid = 'alpha-centauri.freifunk.net',
+    },
+    mesh = {
+      id = 'ffxx-mesh',
+      mcast_rate = 12000,
+    },
   },
 
   -- The next node feature allows clients to always reach the node it is
@@ -84,47 +84,74 @@
     mac = 'xe:xx:xx:xx:xx:xx',
   },
 
-  -- Refer to http://fastd.readthedocs.org/en/latest/ to better understand
-  -- what these options do.
-  fastd_mesh_vpn = {
-    -- List of crypto-methods to use.
-    methods = {'salsa2012+umac'},
+  -- Options specific to routing protocols (optional)
+  -- mesh = {
+    -- Options specific to the batman-adv routing protocol (optional)
+    -- batman_adv = {
+      -- Gateway selection class (optional)
+      -- The default class 20 is based on the link quality (TQ) only,
+      -- class 1 is calculated from both the TQ and the announced bandwidth
+      -- gw_sel_class = 1,
+    -- },
+  -- },
+
+  mesh_vpn = {
     -- enabled = true,
-    -- configurable = true,
+    mtu = 1280,
 
-    mtu = 1426,
-    groups = {
-      backbone = {
-        -- Limit number of connected peers to reduce bandwidth.
-        limit = 2,
+    fastd = {
+      -- Refer to http://fastd.readthedocs.org/en/latest/ to better understand
+      -- what these options do.
 
-        -- List of peers.
-        peers = {
-          peer1 = {
-            key = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
+      -- List of crypto-methods to use.
+      methods = {'salsa2012+umac'},
+      -- configurable = true,
+      -- syslog_level = 'warn',
 
-            -- This is a list, so you might add multiple entries.
-            remotes = {'ipv4 "xxx.somehost.invalid" port xxxxxx'},
-          },
-          peer2 = {
-            key = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
-            -- You can also omit the ipv4 to allow both connection via ipv4 and ipv6
-            remotes = {'"xxx.somehost2.invalid" port xxxxx'},
+      groups = {
+        backbone = {
+          -- Limit number of connected peers to reduce bandwidth.
+          limit = 1,
+
+          -- List of peers.
+          peers = {
+            peer1 = {
+              key = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
+
+              -- This is a list, so you might add multiple entries.
+              remotes = {'ipv4 "xxx.somehost.invalid" port xxxxxx'},
+            },
+            peer2 = {
+              key = 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx',
+              -- You can also omit the ipv4 to allow both connection via ipv4 and ipv6
+              remotes = {'"xxx.somehost2.invalid" port xxxxx'},
+            },
           },
+
+          -- Optional: nested peer groups
+          -- groups = {
+          --   backbone_sub = {
+          --     ...
+          --   },
+          --   ...
+          -- },
         },
-
-        -- Optional: nested peer groups
-        -- groups = {
-        --   backbone_sub = {
-        --     ...
-        --   },
+        -- Optional: additional peer groups, possibly with other limits
+        -- backbone2 = {
         --   ...
         -- },
       },
-      -- Optional: additional peer groups, possibly with other limits
-      -- backbone2 = {
-      --   ...
-      -- },
+    },
+
+    bandwidth_limit = {
+      -- The bandwidth limit can be enabled by default here.
+      enabled = false,
+
+      -- Default upload limit (kbit/s).
+      egress = 200,
+
+      -- Default download limit (kbit/s).
+      ingress = 3000,
     },
   },
 
@@ -167,24 +194,20 @@
   --   },
   -- },
 
-  -- Bandwidth limiting
-  simple_tc = {
-    mesh_vpn = {
-      ifname = 'mesh-vpn',
-
-      -- You may enable it by default here.
-      enabled = false,
-
-      -- Default upload limit (kbit/s).
-      limit_egress = 200,
-
-      -- Default download limit (kbit/s).
-      limit_ingress = 3000,
-    },
-  },
-
   -- Skip setup mode (config mode) on first boot
   -- setup_mode = {
   --  skip = true,
   -- },
+
+  -- config_mode = {
+    -- Show/hide the altitude field
+    -- geo_location = {
+      -- show_altitude = false,
+    -- },
+    -- define if the contact field is obligatory (optional)
+    -- owner = {
+      -- obligatory = true
+    -- },
+  -- },
+
 }

docs/site-example/site.mk

@@ -1,13 +1,11 @@
 ##	gluon site.mk makefile example
 
 ##	GLUON_SITE_PACKAGES
-#		specify gluon/openwrt packages to include here
-#		The gluon-mesh-batman-adv-* package must come first because of the dependency resolution
+#		specify Gluon/LEDE packages to include here
 
 GLUON_SITE_PACKAGES := \
-	gluon-mesh-batman-adv-15 \
 	gluon-alfred \
-	gluon-announced \
+	gluon-respondd \
 	gluon-autoupdater \
 	gluon-config-mode-autoupdater \
 	gluon-config-mode-contact-info \
@@ -17,17 +15,16 @@ GLUON_SITE_PACKAGES := \
 	gluon-config-mode-mesh-vpn \
 	gluon-ebtables-filter-multicast \
 	gluon-ebtables-filter-ra-dhcp \
-	gluon-luci-admin \
-	gluon-luci-autoupdater \
-	gluon-luci-portconfig \
-	gluon-luci-wifi-config \
-	gluon-next-node \
+	gluon-web-admin \
+	gluon-web-autoupdater \
+	gluon-web-network \
+	gluon-web-wifi-config \
+	gluon-mesh-batman-adv-15 \
 	gluon-mesh-vpn-fastd \
 	gluon-radvd \
 	gluon-setup-mode \
 	gluon-status-page \
 	haveged \
-	iptables \
 	iwinfo
 
 ##	DEFAULT_GLUON_RELEASE
@@ -38,6 +35,7 @@ GLUON_SITE_PACKAGES := \
 
 DEFAULT_GLUON_RELEASE := 0.6+exp$(shell date '+%Y%m%d')
 
+# Variables set with ?= can be overwritten from the command line
 
 ##	GLUON_RELEASE
 #		call make with custom GLUON_RELEASE flag, to use your own release version scheme.
@@ -46,11 +44,13 @@ DEFAULT_GLUON_RELEASE := 0.6+exp$(shell date '+%Y%m%d')
 #		would generate images named like this:
 #			gluon-ff%site_code%-23.42+5-%router_model%.bin
 
-# Allow overriding the release number from the command line
 GLUON_RELEASE ?= $(DEFAULT_GLUON_RELEASE)
 
 # Default priority for updates.
 GLUON_PRIORITY ?= 0
 
+# Region code required for some images; supported values: us eu
+GLUON_REGION ?= eu
+
 # Languages to include
 GLUON_LANGS ?= en de

docs/user/faq.rst

@@ -1,3 +1,17 @@
 Frequently Asked Questions
 ==========================
 
+.. _faq-dns:
+
+DNS does not work on the nodes
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Gluon nodes will ignore the DNS server on the WAN port for everything except
+the mesh VPN, which can lead to confusion.
+
+All normal services on the nodes exclusively use the DNS server on the mesh
+interface. This DNS server must be announced in router advertisements (using
+*radvd* or a similar software) from one or more central servers in meshes based
+on *batman-adv*. If your mesh does not have global IPv6 connectivity, you can setup
+your *radvd* not to announce a default route by setting the *default lifetime* to 0;
+in this case, the *radvd* is only used to announce the DNS server.

docs/user/getting_started.rst

@@ -4,18 +4,20 @@ Getting Started
 Selecting the right version
 ---------------------------
 
-Gluon's releases are managed using `Git tags`_. If you're a community getting
+Gluon's releases are managed using `Git tags`_. If you are just getting
 started with Gluon we recommend to use the latest stable release of Gluon.
 
 Take a look at the `list of gluon releases`_ and notice the latest release,
-e.g. *v2014.3*.
+e.g. *v2017.1.5*. Always get Gluon using git and don't try to download it
+as a Zip archive as the archive will be missing version information.
 
-Please keep in mind that a matching site configuration for your community
-is required. Due to new features being added (or sometimes being removed)
-the format of the site configuration changes slightly between releases.
+Please keep in mind that there is no "default Gluon" build; a site configuration
+is required to adjust Gluon to your needs. Due to new features being added (or
+sometimes being removed) the format of the site configuration changes slightly
+between releases. Please refer to our release notes for instructions to update
+an old site configuration to a newer release of Gluon.
 
-Recent releases (starting with *v2014.3.1*) will come with an example
-configuration located in *docs/site-example/*.
+An example configuration can be found in the Gluon repository at *docs/site-example/*.
 
 .. _Git tags: http://git-scm.com/book/en/Git-Basics-Tagging
 .. _list of gluon releases: https://github.com/freifunk-gluon/gluon/releases
@@ -27,18 +29,21 @@ freshly installed Debian Wheezy system the following packages are required:
 
 * `git` (to get Gluon and other dependencies)
 * `subversion`
+* `python` (Python 3 doesn't work)
 * `build-essential`
 * `gawk`
 * `unzip`
 * `libncurses-dev` (actually `libncurses5-dev`)
 * `libz-dev` (actually `zlib1g-dev`)
+* `libssl-dev`
+* `wget`
 
 
 Building the images
 -------------------
 
 To build Gluon, first check out the repository. Replace *RELEASE* with the
-version you'd like to checkout, e.g. *v2015.1*.
+version you'd like to checkout, e.g. *v2017.1.5*.
 
 ::
 
@@ -47,88 +52,157 @@ version you'd like to checkout, e.g. *v2015.1*.
 This command will create a directory named *gluon/*.
 It might also tell a scary message about being in a *detached state*.
 **Don't panic!** Everything's fine.
-Now, enter the freshly created directory:
-
-::
+Now, enter the freshly created directory::
 
     cd gluon
 
-It's time to add (or create) your site configuration.
-So let's create the directory *site/*:
+It's time to add (or create) your site configuration. If you already
+have a site repository, just clone it::
 
-::
+   git clone https://github.com/freifunk-alpha-centauri/site-ffac.git site
+
+If you want to build a new site, create a new git repository *site/*::
 
     mkdir site
     cd site
+    git init
 
-Copy *site.conf*, *site.mk* and *i18n* from *docs/site-example*:
-
-::
+Copy *site.conf*, *site.mk* and *i18n* from *docs/site-example*::
 
     cp ../docs/site-example/site.conf .
     cp ../docs/site-example/site.mk .
     cp -r ../docs/site-example/i18n .
 
-Edit these files to match your community, then go back to the top-level Gluon
-directory and build Gluon:
+Edit these files as you see fit and commit them into the site repository.
+Extensive documentation about the site configuration can be found at:
+:doc:`site`. The
+site directory should always be a git repository by itself; committing site-specific files
+to the Gluon main repository should be avoided, as it will make updates more complicated.
 
-::
+Next go back to the top-level Gluon directory and build Gluon::
 
     cd ..
     make update                        # Get other repositories used by Gluon
     make GLUON_TARGET=ar71xx-generic   # Build Gluon
 
-When calling make, the OpenWrt build environment is prepared/updated.
 In case of errors read the messages carefully and try to fix the stated issues (e.g. install tools not available yet).
 
-``ar71xx-generic`` is the most common target and will generated images for most of the supported hardware.
+``ar71xx-generic`` is the most common target and will generate images for most of the supported hardware.
 To see a complete list of supported targets, call ``make`` without setting ``GLUON_TARGET``.
 
-The built images can be found in the directory `images`. Of these, the factory
-images are to be used when flashing from the original firmware a device came with,
-and sysupgrade is to upgrade from other versions of Gluon or any other OpenWRT-based
-system.
-
 You should reserve about 10GB of disk space for each `GLUON_TARGET`.
 
-There are two levels of `make clean`:
+The built images can be found in the directory `output/images`. Of these, the `factory`
+images are to be used when flashing from the original firmware a device came with,
+and `sysupgrade` is to upgrade from other versions of Gluon or any other OpenWrt/LEDE-based
+system.
 
-::
+**Note:** The images for some models are identical; to save disk space, symlinks are generated instead
+of multiple copies of the same image. If your webserver's configuration prohibits following
+symlinks, you can use the following command to resolve these links while copying the images::
+
+    cp -rL output/images /var/www
+
+Cleaning the build tree
+.......................
+
+There are two levels of `make clean`::
 
     make clean GLUON_TARGET=ar71xx-generic
 
-will ensure all packages are rebuilt for a single target; this is what you normally want to do after an update.
+will ensure all packages are rebuilt for a single target. This normally not
+necessary, but may fix certain kinds of build failures.
 
 ::
 
     make dirclean
 
-will clean the entire tree, so the toolchain will be rebuilt as well, which is
-not necessary in most cases, and will take a while.
+will clean the entire tree, so the toolchain will be rebuilt as well, which will take a while.
 
+opkg repositories
+-----------------
 
-Environment variables
----------------------
+Gluon is mostly compatible with LEDE, so the normal LEDE package repositories
+can be used for Gluon as well.
 
-Gluon's build process can be controlled by various environment variables.
+This is not true for kernel modules; the Gluon kernel is incompatible with the
+kernel of the default LEDE images. Therefore, Gluon will not only generate images,
+but also an opkg repository containing all core packages provided by LEDE,
+including modules for the kernel of the generated images.
 
-GLUON_SITEDIR
-  Path to the site configuration. Defaults to ``site/``.
+Signing keys
+............
 
-GLUON_IMAGEDIR
-  Path where images will be stored. Defaults to ``images/``.
+Gluon does not support HTTPS for downloading packages; fortunately, opkg deploys
+public-key cryptography to ensure package integrity.
+
+The Gluon images will contain public keys from two sources: the official LEDE keyring
+(to allow installing userspace packages) and a Gluon-specific key (which is used
+to sign the generated package repository).
+
+LEDE will handle the generation and handling of the keys itself.
+When making firmware releases based on Gluon, it might make sense to store
+the keypair, so updating the module repository later is possible.
+
+.. _getting-started-make-variables:
+
+Make variables
+--------------
+
+Gluon's build process can be controlled by various variables. They can
+usually be set on the command line or in ``site.mk``.
+
+Common variables
+................
+
+GLUON_ATH10K_MESH
+  While Gluon does support some hardware with ath10k-based 5GHz WLAN, these WLAN adapters don't work
+  well for meshing at the moment, so building images for these models is disabled by default. In addition,
+  ath10k can't support IBSS and 11s meshing in the same image due to WLAN firmware restrictions.
+
+  Setting GLUON_ATH10K_MESH to ``11s`` or ``ibss`` will enable generation of images for ath10k devices
+  and install the firmware for the corresponding WLAN mode.
+
+GLUON_BRANCH
+  Sets the default branch of the autoupdater. If unset, the autoupdater is disabled
+  by default. For the ``make manifest`` command, GLUON_BRANCH defines the branch to
+  generate a manifest for.
+
+GLUON_LANGS
+  Space-separated list of languages to include for the config mode/advanced settings. Defaults to ``en``.
+  ``en`` should always be included, other supported languages are ``de`` and ``fr``.
+
+GLUON_PRIORITY
+  Defines the priority of an automatic update in ``make manifest``. See :doc:`../features/autoupdater` for
+  a detailed description of this value.
+
+GLUON_REGION
+  Some devices (at the moment the TP-Link Archer C7) contain a region code that restricts
+  firmware installations. Set GLUON_REGION to ``eu`` or ``us`` to make the resulting
+  images installable from the respective stock firmwares.
+
+GLUON_RELEASE
+  Firmware release number: This string is displayed in the config mode, announced
+  via respondd/alfred and used by the autoupdater to decide if a newer version
+  is available.
+
+GLUON_TARGET
+  Target architecture to build.
+
+Special variables
+.................
 
 GLUON_BUILDDIR
-  Working directory during build. Defaults to ``build/``.
+  Working directory during build. Defaults to ``build``.
 
+GLUON_IMAGEDIR
+  Path where images will be stored. Defaults to ``$(GLUON_OUTPUTDIR)/images``.
 
-So all in all, to update and rebuild a Gluon build tree, the following commands should be used (repeat the
-``make clean`` and ``make`` for all targets you want to build):
+GLUON_PACKAGEDIR
+  Path where the opkg package repository will be stored. Defaults to ``$(GLUON_OUTPUTDIR)/packages``.
 
-::
+GLUON_OUTPUTDIR
+  Path where output files will be stored. Defaults to ``output``.
 
-    git pull
-    (cd site && git pull)
-    make update
-    make clean GLUON_TARGET=ar71xx-generic
-    make GLUON_TARGET=ar71xx-generic
+GLUON_SITEDIR
+  Path to the site configuration. Defaults to ``site``.

docs/user/site.rst

@@ -1,5 +1,5 @@
-Site
-====
+Site configuration
+==================
 
 The ``site`` consists of the files ``site.conf`` and ``site.mk``.
 In the first community based values are defined, which both are processed
@@ -21,12 +21,14 @@ site_code
     The code of your community. It is good practice to use the TLD of
     your community here.
 
-prefix4
+prefix4 \: optional
     The IPv4 Subnet of your community mesh network in CIDR notation, e.g.
     ::
 
        prefix4 = '10.111.111.0/18'
 
+    Required if ``next_node.ip4`` is set.
+
 prefix6
     The IPv6 subnet of your community mesh network, e.g.
     ::
@@ -44,48 +46,105 @@ ntp_server
     List of NTP servers available in your community or used by your community, e.g.:
     ::
 
-       ntp_servers = {'1.ntp.services.ffeh','2.tnp.services.ffeh'}
+       ntp_servers = {'1.ntp.services.ffac','2.ntp.services.ffac'}
+
+    This NTP servers must be reachable via IPv6 from the nodes. If you don't want to set an IPv6 address
+    explicitly, but use a hostname (which is recommended), see also the :ref:`FAQ <faq-dns>`.
+
+opkg \: optional
+    ``opkg`` package manager configuration.
+
+    There are two optional fields in the ``opkg`` section:
+
+    - ``lede`` overrides the default LEDE repository URL. The default URL would
+      correspond to ``http://downloads.lede-project.org/snapshots/packages/%A``
+      and usually doesn't need to be changed when nodes are expected to have IPv6
+      internet connectivity.
+    - ``extra`` specifies a table of additional repositories (with arbitrary keys)
 
-opkg_repo : optional
-    Overwrite the default ``opkg`` repository server, e.g.:
     ::
 
-      opkg_repo = 'http://opkg.services.ffeh/attitude_adjustment/12.09/%S/packages'
+      opkg = {
+        lede = 'http://opkg.services.ffac/lede/snapshots/packages/%A',
+        extra = {
+          gluon = 'http://opkg.services.ffac/modules/gluon-%GS-%GR/%S',
+        },
+      }
 
-    The `%S` is a variable, which is replaced with the platform of an device
-    during the build process.
+    There are various patterns which can be used in the URLs:
 
-regdom
+    - ``%n`` is replaced by the LEDE version codename
+    - ``%v`` is replaced by the LEDE version number (e.g. "17.01")
+    - ``%S`` is replaced by the target board (e.g. "ar71xx/generic")
+    - ``%A`` is replaced by the target architecture (e.g. "mips_24kc")
+    - ``%GS`` is replaced by the Gluon site code (as specified in ``site.conf``)
+    - ``%GV`` is replaced by the Gluon version
+    - ``%GR`` is replaced by the Gluon release (as specified in ``site.mk``)
+
+regdom \: optional
     The wireless regulatory domain responsible for your area, e.g.:
     ::
 
       regdom = 'DE'
 
-wifi24
-    WLAN Configuration of your community in the 2.4Ghz radio. Consisting
-    of ``ssid`` of your client network, the ``channel`` your community is using,
-    ``htmode``, the adhoc ssid ``mesh_ssid`` used between devices, the adhoc
-    bssid ``mesh_bssid`` and the adhoc multicast rate ``mesh_mcast_rate``.
-    Optionally ``mesh_vlan`` can be used to setup VLAN on top of the 802.11
-    ad-hoc interface. The options ``mesh_disabled`` and ``client_disabled``
-    are optional, too. They allow to disable the SSID by default, e.g. for
-    preconfigured node. This only affects first configuraton.
-    Combined in an dictionary, e.g.:
+    Setting ``regdom`` is mandatory if ``wifi24`` or ``wifi5`` is defined.
+
+wifi24 \: optional
+    WLAN configuration for 2.4 GHz devices.
+    ``channel`` must be set to a valid wireless channel for your radio.
+
+    There are currently three interface types available. You many choose to
+    configure any subset of them:
+
+    - ``ap`` creates a master interface where clients may connect
+    - ``mesh`` creates an 802.11s mesh interface with forwarding disabled
+    - ``ibss`` creates an ad-hoc interface
+
+    Each interface may be disabled by setting ``disabled`` to ``true``.
+    This will only affect new installations.
+    Upgrades will not change the disabled state.
+
+    Additionally it is possible to configure the ``supported_rates`` and ``basic_rate``
+    of each radio. Both are optional, by default hostapd/driver dictate the rates.
+    If ``supported_rates`` is set, ``basic_rate`` is required, because ``basic_rate``
+    has to be a subset of ``supported_rates``.
+    The example below disables 802.11b rates.
+
+    ``ap`` requires a single parameter, a string, named ``ssid`` which sets the
+    interface's ESSID.
+
+    ``mesh`` requires a single parameter, a string, named ``id`` which sets the mesh id.
+
+    ``ibss`` requires two parametersr: ``ssid`` (a string) and ``bssid`` (a MAC).
+    An optional parameter ``vlan`` (integer) is supported.
+
+    Both ``mesh`` and ``ibss`` accept an optional ``mcast_rate`` (kbit/s) parameter for
+    setting the multicast bitrate. Increasing the default value of 1000 to something
+    like 12000 is recommended.
     ::
 
        wifi24 = {
-         ssid = 'entenhausen.freifunk.net',
          channel = 11,
-         htmode = 'HT40-',
-         mesh_ssid = 'ff:ff:ff:ee:ba:be',
-         mesh_bssid = 'ff:ff:ff:ee:ba:be',
-         mesh_mcast_rate = 12000,
+         supported_rates = {6000, 9000, 12000, 18000, 24000, 36000, 48000, 54000},
+         basic_rate = {6000, 9000, 18000, 36000, 54000},
+         ap = {
+           ssid = 'alpha-centauri.freifunk.net',
+         },
+         mesh = {
+           id = 'alpha-centauri-mesh',
+           mcast_rate = 12000,
+         },
+         ibss = {
+           ssid = 'ff:ff:ff:ee:ba:be',
+           bssid = 'ff:ff:ff:ee:ba:be',
+           mcast_rate = 12000,
+         },
        },
 
-wifi5
+wifi5 \: optional
     Same as `wifi24` but for the 5Ghz radio.
 
-next_node : package
+next_node \: package
     Configuration of the local node feature of Gluon
     ::
 
@@ -95,61 +154,156 @@ next_node : package
         mac = 'ca:ff:ee:ba:be:00'
       }
 
+    The IPv4 next-node address is optional.
 
-fastd_mesh_vpn
-    Remote server setup for the fastd-based mesh VPN.
+mesh \: optional
+    Options specific to routing protocols.
 
-    The `enabled` option can be set to true to enable the VPN by default.
+    At the moment, only the ``batman_adv`` routing protocol has such options:
 
-    If `configurable` is `false` or unset, the method list will be replaced on updates
-    with the list in the site configuration. Setting `configurable` to `true` will allow the user to
-    add the method ``null`` to the front of the method list or remove ``null`` from it,
-    and make this change survive updates. Settings configurable is necessary for the
-    package `gluon-luci-mesh-vpn-fastd`, which adds a UI for this configuration.
+    The optional value ``gw_sel_class`` sets the gateway selection class. The default
+    class 20 is based on the link quality (TQ) only, class 1 is calculated from
+    both the TQ and the announced bandwidth.
+    ::
+
+       mesh = {
+         batman_adv = {
+           gw_sel_class = 1,
+         },
+       }
+
+
+mesh_vpn
+    Remote server setup for the mesh VPN.
+
+    The `enabled` option can be set to true to enable the VPN by default. `mtu`
+    defines the MTU of the VPN interface.
+
+    The `fastd` section configures settings specific to the *fastd* VPN
+    implementation.
+
+    If `configurable` is set to `false` or unset, the method list will be replaced on updates
+    with the list from the site configuration. Setting `configurable` to `true` will allow the user to
+    add the method ``null`` to the beginning of the method list or remove ``null`` from it,
+    and make this change survive updates. Setting `configurable` is necessary for the
+    package `gluon-web-mesh-vpn-fastd`, which adds a UI for this configuration.
 
     In any case, the ``null`` method should always be the first method in the list
     if it is supported at all. You should only set `configurable` to `true` if the
     configured peers support both the ``null`` method and methods with encryption.
+
+    You can set syslog_level from verbose (default) to warn to reduce syslog output.
+
+    The `tunneldigger` section is used to define the *tunneldigger* broker list.
+
+    **Note:** It doesn't make sense to include both `fastd` and `tunneldigger`
+    sections in the same configuration file, as only one of the packages *gluon-mesh-vpn-fastd*
+    and *gluon-mesh-vpn-tunneldigger* should be installed with the current
+    implementation.
+
     ::
 
-      fastd_mesh_vpn = {
-        methods = {'salsa2012+umac'},
-	-- enabled = true,
-	-- configurable = true,
-        mtu = 1426,
-        groups = {
-          backbone = {
-            limit = 2,
-            peers = {
-              peer1 = {
-                key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
-                remotes = {'ipv4 "vpn1.entenhausen.freifunk.net" port 10000'},
+      mesh_vpn = {
+        -- enabled = true,
+        mtu = 1280,
+
+        fastd = {
+          methods = {'salsa2012+umac'},
+          -- configurable = true,
+          -- syslog_level = 'warn',
+          groups = {
+            backbone = {
+              -- Limit number of connected peers from this group
+              limit = 1,
+              peers = {
+                peer1 = {
+                  key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
+                  -- Having multiple domains prevents SPOF in freifunk.net
+                  remotes = {
+                    'ipv4 "vpn1.alpha-centauri.freifunk.net" port 10000',
+                    'ipv4 "vpn1.alpha-centauri-freifunk.de" port 10000',
+                  },
+                },
+                peer2 = {
+                  key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
+                  -- You can also omit the ipv4 to allow both connection via ipv4 and ipv6
+                  remotes = {'"vpn2.alpha-centauri.freifunk.net" port 10000'},
+                },
+                peer3 = {
+                  key = 'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX',
+                  -- In addition to domains you can also add ip addresses, which provides
+                  -- resilience in case of dns outages
+                  remotes = {
+                    '"vpn3.alpha-centauri.freifunk.net" port 10000',
+                    '[2001:db8::3:1]:10000',
+                    '192.0.2.3:10000',
+                  },
+                },
               },
-            }
-          }
-        }
+              -- Optional: nested peer groups
+              -- groups = {
+              --   lowend_backbone = {
+              --     limit = 1,
+              --     peers = ...
+              --   },
+              -- },
+            },
+            -- Optional: additional peer groups, possibly with other limits
+            -- peertopeer = {
+            --   limit = 10,
+            --   peers = { ... },
+            -- },
+          },
+        },
+
+        tunneldigger = {
+          brokers = {'vpn1.alpha-centauri.freifunk.net'}
+        },
+
+        bandwidth_limit = {
+          -- The bandwidth limit can be enabled by default here.
+          enabled = false,
+
+          -- Default upload limit (kbit/s).
+          egress = 200,
+
+          -- Default download limit (kbit/s).
+          ingress = 3000,
+        },
       }
 
-mesh_on_wan : optional
+mesh_on_wan \: optional
     Enables the mesh on the WAN port (``true`` or ``false``).
+    ::
 
-mesh_on_lan : optional
+       mesh_on_wan = true,
+
+mesh_on_lan \: optional
     Enables the mesh on the LAN port (``true`` or ``false``).
+    ::
+    
+        mesh_on_lan = true,
 
-autoupdater : package
+poe_passthrough \: optional
+    Enable PoE passthrough by default on hardware with such a feature.
+
+autoupdater \: package
     Configuration for the autoupdater feature of Gluon.
+
+    The mirrors are checked in random order until the manifest could be downloaded
+    successfully or all mirrors have been tried.
     ::
 
       autoupdater = {
-        branch = 'experimental',
+        branch = 'stable',
         branches = {
           stable = {
             name = 'stable',
             mirrors = {
               'http://[fdca:ffee:babe:1::fec1]/firmware/stable/sysupgrade/',
-              'http://[fdca:ffee:babe:1::fec2]/firmware/stable/sysupgrade/',
+              'http://autoupdate.alpha-centauri.freifunk.net/firmware/stable/sysupgrade/',
             },
-            probability = 0.08,
+            -- Number of good signatures required
             good_signatures = 2,
             pubkeys = {
               'XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX', -- someguy
@@ -159,18 +313,21 @@ autoupdater : package
         }
       }
 
-roles : optional
-    Optional role definitions. With this nodes will announce their role inside the mesh.
-    In the backend this adds the facility to distinguish between normal, backbone and
-    service nodes or even gateways (if they advertise the role, also). It is up to
+    All configured mirrors must be reachable from the nodes via IPv6. If you don't want to set an IPv6 address
+    explicitly, but use a hostname (which is recommended), see also the :ref:`FAQ <faq-dns>`.
+
+roles \: optional
+    Optional role definitions. Nodes will announce their role inside the mesh.
+    This will allow in the backend to distinguish between normal, backbone and
+    service nodes or even gateways (if they advertise that role). It is up to
     the community which roles to define. See the section below as an example.
     ``default`` takes the default role which is set initially. This value should be
     part of ``list``. If you want node owners to change the role via config mode add
-    the package ``gluon-luci-node-role`` to ``site.mk``.
+    the package ``gluon-web-node-role`` to ``site.mk``.
 
-    The strings to display in the LuCI interface can be configured per language in the
+    The strings to display in the web interface are configured per language in the
     ``i18n/en.po``, ``i18n/de.po``, etc. files of the site repository using message IDs like
-    ``gluon-luci-node-role:role:node`` and ``gluon-luci-node-role:role:backbone``.
+    ``gluon-web-node-role:role:node`` and ``gluon-web-node-role:role:backbone``.
     ::
 
       roles = {
@@ -183,20 +340,7 @@ roles : optional
         },
       },
 
-simple_tc : package
-    Uplink traffic control, ingress and egress values are specified in kbit/s.
-    ::
-
-      simple_tc = {
-        mesh_vpn = {
-          ifname = 'mesh-vpn',
-          enabled = false,
-          limit_egress = 200,
-          limit_ingress = 3000,
-        },
-      },
-
-setup_mode : package
+setup_mode \: package
     Allows skipping setup mode (config mode) at first boot when attribute
     ``skip`` is set to ``true``. This is optional and may be left out.
     ::
@@ -205,16 +349,16 @@ setup_mode : package
         skip = true,
       },
 
-legacy : package
+legacy \: package
     Configuration for the legacy upgrade path.
     This is only required in communities upgrading from Lübeck's LFF-0.3.x.
     ::
 
       legacy = {
              version_files = {'/etc/.freifunk_version_keep', '/etc/.eff_version_keep'},
-             old_files = {'/etc/config/config_mode', '/etc/config/ffeh', '/etc/config/freifunk'},
-             config_mode_configs = {'config_mode', 'ffeh', 'freifunk'},
-             fastd_configs = {'ffeh_mesh_vpn', 'mesh_vpn'},
+             old_files = {'/etc/config/config_mode', '/etc/config/ffac', '/etc/config/freifunk'},
+             config_mode_configs = {'config_mode', 'ffac', 'freifunk'},
+             fastd_configs = {'ffac_mesh_vpn', 'mesh_vpn'},
              mesh_ifname = 'freifunk',
              tc_configs = {'ffki', 'freifunk'},
              wifi_names = {'wifi_freifunk', 'wifi_freifunk5', 'wifi_mesh', 'wifi_mesh5'},
@@ -227,8 +371,8 @@ The ``site.mk`` is a Makefile which should define constants
 involved in the build process of Gluon.
 
 GLUON_SITE_PACKAGES
-    Defines a list of packages which should installed additional
-    to the ``gluon_core`` package.
+    Defines a list of packages which should be installed additionally
+    to the ``gluon-core`` package.
 
 GLUON_RELEASE
     The current release version Gluon should use.
@@ -237,8 +381,12 @@ GLUON_PRIORITY
     The default priority for the generated manifests (see the autoupdater documentation
     for more information).
 
+GLUON_REGION
+    Region code to build into images where necessary. Valid values are the empty string,
+    ``us`` and ``eu``.
+
 GLUON_LANGS
-    List of languages (as two-letter-codes) to include for the web interface. Should always contain
+    List of languages (as two-letter-codes) to be included in the web interface. Should always contain
     ``en``.
 
 .. _site-config-mode-texts:
@@ -255,14 +403,67 @@ gluon-config-mode:welcome
 gluon-config-mode:pubkey
     Information about the public VPN key on the reboot page.
 
+gluon-config-mode:novpn
+    Information shown on the reboot page, if the mesh VPN was not selected.
+
+gluon-config-mode:altitude-label
+    Label for the ``altitude`` field
+
+gluon-config-mode:altitude-help
+    Description for the usage of the ``altitude`` field
+
 gluon-config-mode:reboot
-    General information about the reboot page.
+    General information shown on the reboot page.
 
 There is a POT file in the site example directory which can be used to create templates
 for the language files. The command ``msginit -l en -i ../../docs/site-example/i18n/gluon-site.pot``
 can be used from the ``i18n`` directory to create an initial PO file called ``en.po`` if the ``gettext``
 utilities are installed.
 
+.. note::
+
+   An empty ``msgstr``, as is the default after running ``msginit``, leads to
+   the ``msgid`` being printed as-is. It does *not* hide the whole text, as
+   might be expected.
+
+   Depending on the context, you might be able to use comments like
+   ``<!-- empty -->`` as translations to effectively hide the text.
+
+Site modules
+------------
+
+The file ``modules`` in the site repository is completely optional and can be used
+to supply additional package feeds from which packages are built. The git repositories
+specified here are retrieved in addition to the default feeds when ``make update``
+it called.
+
+This file's format is very similar to the toplevel ``modules`` file of the Gluon
+tree, with the important different that the list of feeds must be assigned to
+the variable ``GLUON_SITE_FEEDS``. Multiple feed names must be separated by spaces,
+for example::
+
+    GLUON_SITE_FEEDS='foo bar'
+
+The feed names may only contain alphanumerical characters, underscores and slashes.
+For each of the feeds, the following variables are used to specify how to update
+the feed:
+
+PACKAGES_${feed}_REPO
+    The URL of the git repository to clone (usually ``git://`` or ``http(s)://``)
+
+PACKAGES_${feed}_COMMIT
+    The commit ID of the repository to use
+
+PACKAGES_${feed}_BRANCH
+    Optional: The branch of the repository the given commit ID can be found in.
+    Defaults to the default branch of the repository (usually ``master``)
+
+These variables are always all uppercase, so for an entry ``foo`` in GLUON_SITE_FEEDS,
+the corresponding configuration variables would be ``PACKAGES_FOO_REPO``,
+``PACKAGES_FOO_COMMIT`` and ``PACKAGES_FOO_BRANCH``. Slashes in feed names are
+replaced by underscores to get valid shell variable identifiers.
+
+
 Examples
 --------
 
@@ -301,22 +502,37 @@ site-repos in the wild
 
 This is a non-exhaustive list of site-repos from various communities:
 
+* `site-ffa <https://github.com/tecff/site-ffa>`_ (Altdorf, Landshut & Umgebung)
+* `site-ffac <https://github.com/ffac/site>`_ (Regio Aachen)
 * `site-ffbs <https://github.com/ffbs/site-ffbs>`_ (Braunschweig)
 * `site-ffhb <https://github.com/FreifunkBremen/gluon-site-ffhb>`_ (Bremen)
 * `site-ffda <https://github.com/freifunk-darmstadt/site-ffda>`_ (Darmstadt)
+* `site-ffeh <https://github.com/freifunk-ehingen/site-ffeh>`_ (Ehingen)
+* `site-fffl <https://github.com/freifunk-flensburg/site-fffl>`_ (Flensburg)
 * `site-ffgoe <https://github.com/freifunk-goettingen/site-ffgoe>`_ (Göttingen)
+* `site-ffgt-rhw <https://github.com/ffgtso/site-ffgt-rhw>`_ (Guetersloh)
 * `site-ffhh <https://github.com/freifunkhamburg/site-ffhh>`_ (Hamburg)
+* `site-ffho <https://git.ffho.net/freifunkhochstift/ffho-site>`_ (Hochstift)
 * `site-ffhgw <https://github.com/lorenzo-greifswald/site-ffhgw>`_ (Greifswald)
-* `site-ffhl <https://github.com/freifunk-luebeck/site-ffhl>`_ (Lübeck)
-* `site-ffmd <https://github.com/FreifunkMD/site-ffmd>`_ (Magdeburg)
-* `site-ffmwu <https://github.com/freifunk-mwu/site-ffmwu>`_ (Mainz, Wiesbaden & Umgebung)
-* `site-ffmyk <https://github.com/FreifunkMYK/site-ffmyk>`_ (Mayen-Koblenz)
-* `site-ffm <https://github.com/freifunkMUC/site-ffm>`_ (München)
-* `site-ffms <https://github.com/FreiFunkMuenster/site-ffms>`_ (Münster)
-* `site-ffnw <https://git.freifunk-ol.de/root/siteconf.git>`_ (Nordwest)
-* `site-ffpb <https://git.c3pb.de/freifunk-pb/site-ffpb>`_ (Paderborn)
 * `site-ffka <https://github.com/ffka/site-ffka>`_ (Karlsruhe)
-* `site-ffrl <https://github.com/ffrl/sites-ffrl>`_ (Rheinland)
-* `site-ffrg <https://github.com/ffruhr/site-ffruhr>`_ (Ruhrgebiet)
+* `site-ffki <http://git.freifunk.in-kiel.de/ffki-site/>`_ (Kiel)
+* `site-fflz <https://github.com/freifunk-lausitz/site-fflz>`_ (Lausitz)
+* `site-ffl <https://github.com/freifunk-leipzig/freifunk-gluon-leipzig>`_ (Leipzig)
+* `site-ffhl <https://github.com/freifunk-luebeck/site-ffhl>`_ (Lübeck)
+* `site-fflg <https://github.com/kartenkarsten/site-fflg>`_ (Lüneburg)
+* `site-ffmd <https://github.com/FreifunkMD/site-ffmd>`_ (Magdeburg)
+* `site-ffmwu <https://github.com/freifunk-mwu/sites-ffmwu>`_ (Mainz, Wiesbaden & Umgebung)
+* `site-ffmyk <https://github.com/FreifunkMYK/site-ffmyk>`_ (Mayen-Koblenz)
+* `site-ffmo <https://github.com/ffruhr/site-ffmo>`_ (Moers)
+* `site-ffmg <https://github.com/ffruhr/site-ffmg>`_ (Mönchengladbach)
+* `site-ffm <https://github.com/freifunkMUC/site-ffm>`_ (München)
+* `site-ffhmue <https://github.com/Freifunk-Muenden/site-conf>`_ (Münden)
+* `site-ffms <https://github.com/FreiFunkMuenster/site-ffms>`_ (Münsterland)
+* `site-neuss <https://github.com/ffne/site-neuss>`_ (Neuss)
+* `site-ffniers <https://github.com/ffruhr/site-ffniers>`_ (Niersufer)
+* `site-ffnw <https://git.nordwest.freifunk.net/ffnw-firmware/siteconf/tree/master>`_ (Nordwest)
+* `site-ffrgb <https://github.com/ffrgb/site-ffrgb>`_ (Regensburg)
+* `site-ffrn <https://github.com/Freifunk-Rhein-Neckar/site-ffrn>`_ (Rhein-Neckar)
+* `site-ffruhr <https://github.com/ffruhr?utf8=✓&query=site>`_ (Ruhrgebiet, Multi-Communities)
 * `site-ffs <https://github.com/freifunk-stuttgart/site-ffs>`_ (Stuttgart)
 * `site-fftr <https://github.com/freifunktrier/site-fftr>`_ (Trier)

docs/user/x86.rst

@@ -2,12 +2,12 @@ x86 support
 ===========
 
 Gluon can run on normal x86 systems, for example virtual machines
-and VPN boxes. There is no WLAN support on x86 though.
+and VPN boxes. By default, there is no WLAN support on x86 though.
 
 Targets
 ^^^^^^^
 
-There are two targets for x86 images:
+The following targets for x86 images exist:
 
 `x86-generic`
     Generic x86 support with many different ethernet drivers; should run on
@@ -22,8 +22,8 @@ There are two targets for x86 images:
     These images only differ in the image file format, the content is the same. Therefore there is
     only a single `x86-generic` sysupgrade image instead of three.
 
-    Please note that the `x86-generic` image doesn't include VirtIO support, so another virtual NIC
-    like `pcnet32` must be chosen when using VirtualBox.
+`x86-geode`
+    x86 image for Geode CPUs.
 
-`x86-kvm`
-    The `x86-kvm` image uses VirtIO as its harddisk and network driver.
+`x86-64`
+    64bit version of `x86-generic`.

include/Makefile.image

@@ -1,7 +0,0 @@
-override define BuildImage
-prepare: FORCE
-	$(call Image/Prepare)
-endef
-
-# The Makefile included here is $(TOPDIR)/target/linux/$(BOARD)/image/Makefile
-include Makefile

include/Makefile.target

@@ -1,20 +0,0 @@
-# code adjusted from openwrt/include/kernel-defaults.mk
-
-override define Kernel/Configure
-	$(LINUX_CONF_CMD) > $(LINUX_DIR)/.config.target
-# copy CONFIG_KERNEL_* settings over to .config.target
-	awk '/^(#[[:space:]]+)?CONFIG_KERNEL/{sub("CONFIG_KERNEL_","CONFIG_");print}' $(BOARD_BUILDDIR)/config-allmods >> $(LINUX_DIR)/.config.target
-	echo "# CONFIG_KALLSYMS_EXTRA_PASS is not set" >> $(LINUX_DIR)/.config.target
-	echo "# CONFIG_KALLSYMS_ALL is not set" >> $(LINUX_DIR)/.config.target
-	echo "# CONFIG_KALLSYMS_UNCOMPRESSED is not set" >> $(LINUX_DIR)/.config.target
-	echo "# CONFIG_KPROBES is not set" >> $(LINUX_DIR)/.config.target
-	$(SCRIPT_DIR)/metadata.pl kconfig $(TMP_DIR)/.packageinfo $(BOARD_BUILDDIR)/config-allmods > $(LINUX_DIR)/.config.override
-	$(SCRIPT_DIR)/kconfig.pl 'm+' '+' $(LINUX_DIR)/.config.target /dev/null $(LINUX_DIR)/.config.override > $(LINUX_DIR)/.config
-	$(call Kernel/SetNoInitramfs)
-	rm -rf $(KERNEL_BUILD_DIR)/modules
-	$(_SINGLE) [ -d $(LINUX_DIR)/user_headers ] || $(MAKE) $(KERNEL_MAKEOPTS) INSTALL_HDR_PATH=$(LINUX_DIR)/user_headers headers_install
-	cp $(GLUONDIR)/targets/$(GLUON_TARGET)/vermagic $(LINUX_DIR)/.vermagic
-endef
-
-# The Makefile included here is $(TOPDIR)/target/linux/$(BOARD)/Makefile
-include Makefile

include/config

@@ -1,22 +0,0 @@
-CONFIG_IMAGEOPT=y
-# CONFIG_PER_FEED_REPO is not set
-
-CONFIG_DEVEL=y
-
-CONFIG_BUSYBOX_CUSTOM=y
-CONFIG_BUSYBOX_CONFIG_SHA512SUM=y
-# CONFIG_BUSYBOX_CONFIG_FEATURE_PREFER_IPV4_ADDRESS is not set
-CONFIG_BUSYBOX_CONFIG_IP=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_IP_ADDRESS=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_IP_LINK=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_IP_ROUTE=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_IP_TUNNEL=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_IP_RULE=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_IP_SHORT_FORMS=y
-CONFIG_BUSYBOX_CONFIG_FEATURE_WGET_TIMEOUT=y
-
-CONFIG_ATH_USER_REGD=y
-CONFIG_PACKAGE_ATH_DEBUG=y
-CONFIG_ATH10K_CT_COMMUNITY_FW=y
-
-CONFIG_PACKAGE_luci-base_srcdiet=y

include/gluon.mk

@@ -1,72 +0,0 @@
-ifneq ($(__gluon_inc),1)
-__gluon_inc=1
-
-GLUON_SITEDIR ?= $(GLUONDIR)/site
-GLUON_IMAGEDIR ?= $(GLUONDIR)/images
-GLUON_BUILDDIR ?= $(GLUONDIR)/build
-
-GLUON_ORIGOPENWRTDIR := $(GLUONDIR)/openwrt
-GLUON_SITE_CONFIG := $(GLUON_SITEDIR)/site.conf
-
-export GLUONDIR GLUON_SITEDIR GLUON_SITE_CONFIG GLUON_IMAGEDIR GLUON_BUILDDIR
-
-
-BOARD_BUILDDIR = $(GLUON_BUILDDIR)/$(GLUON_TARGET)
-BOARD_KDIR = $(BOARD_BUILDDIR)/kernel
-
-export BOARD_BUILDDIR
-
-GLUON_OPENWRTDIR = $(BOARD_BUILDDIR)/openwrt
-
-
-$(GLUON_SITEDIR)/site.mk:
-	$(error There was no site configuration found. Please check out a site configuration to $(GLUON_SITEDIR))
-
--include $(GLUON_SITEDIR)/site.mk
-
-
-GLUON_VERSION := $(shell cd $(GLUONDIR) && git describe --always 2>/dev/null || echo unknown)
-export GLUON_VERSION
-
-GLUON_LANGS ?= en
-export GLUON_LANGS
-
-
-ifeq ($(OPENWRT_BUILD),1)
-ifeq ($(GLUON_TOOLS),1)
-
-CONFIG_VERSION_REPO := $(shell $(GLUONDIR)/scripts/site.sh opkg_repo || echo http://downloads.openwrt.org/barrier_breaker/14.07/%S/packages)
-export CONFIG_VERSION_REPO
-
-GLUON_SITE_CODE := $(shell $(GLUONDIR)/scripts/site.sh site_code)
-export GLUON_SITE_CODE
-
-ifeq ($(GLUON_RELEASE),)
-$(error GLUON_RELEASE not set. GLUON_RELEASE can be set in site.mk or on the command line.)
-endif
-export GLUON_RELEASE
-
-endif
-endif
-
-
-define merge-lists
-$(1) :=
-$(foreach var,$(2),$(1) := $$(filter-out -% $$(patsubst -%,%,$$(filter -%,$$($(var)))),$$($(1)) $$($(var)))
-)
-endef
-
-GLUON_TARGETS :=
-
-define GluonTarget
-gluon_target := $(1)$$(if $(2),-$(2))
-GLUON_TARGETS += $$(gluon_target)
-GLUON_TARGET_$$(gluon_target)_BOARD := $(1)
-GLUON_TARGET_$$(gluon_target)_SUBTARGET := $(2)
-endef
-
-GLUON_DEFAULT_PACKAGES := gluon-core kmod-ipv6 firewall ip6tables -uboot-envtools
-
-override DEFAULT_PACKAGES.router :=
-
-endif #__gluon_inc

include/package.mk

@@ -1,60 +0,0 @@
-include $(INCLUDE_DIR)/package.mk
-
-# Annoyingly, make's shell function replaces all newlines with spaces, so we have to do some escaping work. Yuck.
-define GluonCheckSite
-[ -z "$$GLUONDIR" ] || sed -e 's/-@/\n/g' -e 's/+@/@/g' <<'END__GLUON__CHECK__SITE' | "$$GLUONDIR"/scripts/check_site.sh
-$(shell cat $(1) | sed -ne '1h; 1!H; $$ {g; s/@/+@/g; s/\n/-@/g; p}')
-END__GLUON__CHECK__SITE
-endef
-
-
-# Languages supported by LuCi
-GLUON_SUPPORTED_LANGS := ca zh_cn en fr de el he hu it ja ms no pl pt_br pt ro ru es sv uk vi
-
-GLUON_LANG_ca := catalan
-GLUON_LANG_zh_cn := chinese
-GLUON_LANG_en := english
-GLUON_LANG_fr := french
-GLUON_LANG_de := german
-GLUON_LANG_el := greek
-GLUON_LANG_he := hebrew
-GLUON_LANG_hu := hungarian
-GLUON_LANG_it := italian
-GLUON_LANG_ja := japanese
-GLUON_LANG_ms := malay
-GLUON_LANG_no := norwegian
-GLUON_LANG_pl := polish
-GLUON_LANG_pt_br := portuguese-brazilian
-GLUON_LANG_pt := portuguese
-GLUON_LANG_ro := romanian
-GLUON_LANG_ru := russian
-GLUON_LANG_es := spanish
-GLUON_LANG_sv := swedish
-GLUON_LANG_uk := ukrainian
-GLUON_LANG_vi := vietnamese
-
-GLUON_I18N_PACKAGES := $(foreach lang,$(GLUON_SUPPORTED_LANGS),+GLUON_LANG_$(lang):luci-i18n-$(GLUON_LANG_$(lang)))
-GLUON_I18N_CONFIG := $(foreach lang,$(GLUON_SUPPORTED_LANGS),CONFIG_GLUON_LANG_$(lang))
-GLUON_ENABLED_LANGS := $(foreach lang,$(GLUON_SUPPORTED_LANGS),$(if $(CONFIG_GLUON_LANG_$(lang)),$(lang)))
-
-
-GLUON_PO2LMO := $(BUILD_DIR)/luci/build/po2lmo
-
-define GluonBuildI18N
-	mkdir -p $$(PKG_BUILD_DIR)/i18n
-	for lang in $$(GLUON_ENABLED_LANGS); do \
-		if [ -e $(2)/$$$$lang.po ]; then \
-			rm -f $$(PKG_BUILD_DIR)/i18n/$(1).$$$$lang.lmo; \
-			$(GLUON_PO2LMO) $(2)/$$$$lang.po $$(PKG_BUILD_DIR)/i18n/$(1).$$$$lang.lmo; \
-		fi; \
-	done
-endef
-
-define GluonInstallI18N
-	$$(INSTALL_DIR) $(2)/usr/lib/lua/luci/i18n
-	for lang in $$(GLUON_ENABLED_LANGS); do \
-		if [ -e $$(PKG_BUILD_DIR)/i18n/$(1).$$$$lang.lmo ]; then \
-			$$(INSTALL_DATA) $$(PKG_BUILD_DIR)/i18n/$(1).$$$$lang.lmo $(2)/usr/lib/lua/luci/i18n/$(1).$$$$lang.lmo; \
-		fi; \
-	done
-endef

include/toplevel.mk

@@ -1,66 +0,0 @@
-# Makefile for OpenWrt
-#
-# Copyright (C) 2007-2012 OpenWrt.org
-# Copyright (C) 2013-2014 Project Gluon
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-RELEASE:=Barrier Breaker
-PREP_MK= OPENWRT_BUILD= QUIET=0
-
-export IS_TTY=$(shell tty -s && echo 1 || echo 0)
-
-include $(GLUONDIR)/include/verbose.mk
-
-REVISION:=$(shell [ -d $(TOPDIR) ] && cd $(TOPDIR) && ./scripts/getver.sh 2>/dev/null)
-
-HOSTCC ?= gcc
-OPENWRTVERSION:=$(RELEASE)$(if $(REVISION), ($(REVISION)))
-export RELEASE
-export REVISION
-export OPENWRTVERSION
-export IS_TTY=$(shell tty -s && echo 1 || echo 0)
-export LD_LIBRARY_PATH:=$(subst ::,:,$(if $(LD_LIBRARY_PATH),$(LD_LIBRARY_PATH):)$(STAGING_DIR_HOST)/lib)
-export DYLD_LIBRARY_PATH:=$(subst ::,:,$(if $(DYLD_LIBRARY_PATH),$(DYLD_LIBRARY_PATH):)$(STAGING_DIR_HOST)/lib)
-export GIT_CONFIG_PARAMETERS='core.autocrlf=false'
-export MAKE_JOBSERVER=$(filter --jobserver%,$(MAKEFLAGS))
-
-# prevent perforce from messing with the patch utility
-unexport P4PORT P4USER P4CONFIG P4CLIENT
-
-# prevent user defaults for quilt from interfering
-unexport QUILT_PATCHES QUILT_PATCH_OPTS
-
-unexport C_INCLUDE_PATH CROSS_COMPILE ARCH
-
-# prevent distro default LPATH from interfering
-unexport LPATH
-
-# make sure that a predefined CFLAGS variable does not disturb packages
-export CFLAGS=
-
-ifneq ($(shell $(HOSTCC) 2>&1 | grep clang),)
-  export HOSTCC_REAL?=$(HOSTCC)
-  export HOSTCC_WRAPPER:=$(TOPDIR)/scripts/clang-gcc-wrapper
-else
-  export HOSTCC_WRAPPER:=$(HOSTCC)
-endif
-
-ifeq ($(FORCE),)
-  .config scripts/config/conf scripts/config/mconf: tmp/.prereq-build
-endif
-
-SCAN_COOKIE?=$(shell echo $$$$)
-export SCAN_COOKIE
-
-SUBMAKE:=umask 022; $(SUBMAKE)
-
-ULIMIT_FIX=_limit=`ulimit -n`; [ "$$_limit" = "unlimited" -o "$$_limit" -ge 1024 ] || ulimit -n 1024;
-
-FORCE: ;
-
-.PHONY: FORCE
-.NOTPARALLEL:
-

include/verbose.mk

@@ -1,67 +0,0 @@
-# 
-# Copyright (C) 2006 OpenWrt.org
-#
-# This is free software, licensed under the GNU General Public License v2.
-# See /LICENSE for more information.
-#
-
-ifndef OPENWRT_VERBOSE
-  OPENWRT_VERBOSE:=
-endif
-ifeq ("$(origin V)", "command line")
-  OPENWRT_VERBOSE:=$(V)
-endif
-
-ifeq ($(OPENWRT_VERBOSE),1)
-  OPENWRT_VERBOSE:=w
-endif
-ifeq ($(OPENWRT_VERBOSE),99)
-  OPENWRT_VERBOSE:=s
-endif
-
-ifeq ($(NO_TRACE_MAKE),)
-NO_TRACE_MAKE := $(MAKE) V=s$(OPENWRT_VERBOSE)
-export NO_TRACE_MAKE
-endif
-
-ifeq ($(IS_TTY),1)
-  ifneq ($(strip $(NO_COLOR)),1)
-    _Y:=\\033[33m
-    _R:=\\033[31m
-    _N:=\\033[m
-  endif
-endif
-
-ifeq ($(findstring s,$(OPENWRT_VERBOSE)),)
-  define MESSAGE
-	printf "$(_Y)%s$(_N)\n" "$(1)" >&8
-  endef
-
-  define ERROR_MESSAGE
-	printf "$(_R)%s$(_N)\n" "$(1)" >&8
-  endef
-
-  ifeq ($(QUIET),1)
-    ifneq ($(CURDIR),$(TOPDIR))
-      _DIR:=$(patsubst $(TOPDIR)/%,%,${CURDIR})
-    else
-      _DIR:=
-    endif
-    _NULL:=$(if $(MAKECMDGOALS),$(shell \
-		$(call MESSAGE, make[$(MAKELEVEL)]$(if $(_DIR), -C $(_DIR)) $(MAKECMDGOALS)); \
-    ))
-    SUBMAKE=$(MAKE)
-  else
-    SILENT:=>/dev/null $(if $(findstring w,$(OPENWRT_VERBOSE)),,2>&1)
-    export QUIET:=1
-    SUBMAKE=cmd() { $(SILENT) $(MAKE) -s $$* < /dev/null || { echo "make $$*: build failed. Please re-run make with V=s to see what's going on"; false; } } 8>&1 9>&2; cmd
-  endif
-
-  .SILENT: $(MAKECMDGOALS)
-else
-  SUBMAKE=$(MAKE) -w
-  define MESSAGE
-    printf "%s\n" "$(1)"
-  endef
-  ERROR_MESSAGE=$(MESSAGE)
-endif

modules

@@ -1,18 +1,20 @@
 GLUON_FEEDS='openwrt gluon routing luci'
 
-OPENWRT_REPO=git://git.openwrt.org/14.07/openwrt.git
-OPENWRT_COMMIT=179bab8b1700d74b28cc6cd25322f9a1ad670107
+LEDE_REPO=https://git.lede-project.org/openwrt/openwrt.git
+LEDE_BRANCH=lede-17.01
+LEDE_COMMIT=6b6578feec74dfe1f5767c573d75ba08cc57c885
 
-PACKAGES_OPENWRT_REPO=git://github.com/openwrt/packages.git
-PACKAGES_OPENWRT_COMMIT=01fcd1f29174a56d6ddb59901ed8c67ea42c3a8f
-PACKAGES_OPENWRT_BRANCH=for-14.07
+PACKAGES_OPENWRT_REPO=https://github.com/openwrt/packages.git
+PACKAGES_OPENWRT_BRANCH=lede-17.01
+PACKAGES_OPENWRT_COMMIT=82ef2fd773987a72678a32b862f50085c3f57d56
 
-PACKAGES_GLUON_REPO=git://github.com/freifunk-gluon/packages.git
-PACKAGES_GLUON_COMMIT=e8ee21d116a0abc2e328b0ee181d79845654582e
+PACKAGES_GLUON_REPO=https://github.com/freifunk-gluon/packages.git
+PACKAGES_GLUON_BRANCH=v2017.1.x
+PACKAGES_GLUON_COMMIT=906f5ef13ec91dd7433bd1a6bd4ffbd15614bbb3
 
-PACKAGES_ROUTING_REPO=git://github.com/openwrt-routing/packages.git
-PACKAGES_ROUTING_COMMIT=5d4ad63897b435d5df0f39a49bd58962c22c33b8
-PACKAGES_ROUTING_BRANCH=for-14.07
+PACKAGES_ROUTING_REPO=https://github.com/openwrt-routing/packages.git
+PACKAGES_ROUTING_COMMIT=e656a6e0e69dd45b7caa24775bc86b6eb5dcfe7f
 
-PACKAGES_LUCI_REPO=git://github.com/openwrt/luci.git
-PACKAGES_LUCI_COMMIT=f81be49ae756dab82e1758a6c9de145f0d36960e
+PACKAGES_LUCI_REPO=https://github.com/openwrt/luci.git
+PACKAGES_LUCI_BRANCH=lede-17.01
+PACKAGES_LUCI_COMMIT=1f014bd2180b364bec4c3f6457f72a0621884f9a

overlay/opkg.mk

@@ -0,0 +1,10 @@
+# LEDE doesn't have a nice way to set the list of feeds in
+# /etc/opkg/distfeeds.conf, so we use this overlay file (which is included by
+# the opkg package Makefile though LEDE's IncludeOverlay mechanism).
+
+# The following definitions make /etc/opkg/distfeeds.conf match the one included
+# in official LEDE builds (by default, FEEDS_DISABLED contains the original list
+# of feeds (which are unused by Gluon), and FEEDS_ENABLED our own feed list).
+
+FEEDS_ENABLED := $(FEEDS_DISABLED)
+FEEDS_DISABLED :=

package/gluon-alfred/Makefile

@@ -6,12 +6,13 @@ PKG_RELEASE:=1
 
 PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
 
-include $(INCLUDE_DIR)/package.mk
+include ../gluon.mk
+
 
 define Package/gluon-alfred
   SECTION:=gluon
   CATEGORY:=Gluon
-  DEPENDS:=+gluon-core +gluon-announce +gluon-cron +alfred
+  DEPENDS:=+gluon-core +gluon-respondd +gluon-neighbour-info gluon-mesh-batman-adv +micrond +alfred
   TITLE:=Configure alfred
 endef
 
@@ -23,10 +24,12 @@ define Build/Configure
 endef
 
 define Build/Compile
+	$(call GluonSrcDiet,./luasrc,$(PKG_BUILD_DIR)/luadest/)
 endef
 
 define Package/gluon-alfred/install
 	$(CP) ./files/* $(1)/
+	$(CP) $(PKG_BUILD_DIR)/luadest/* $(1)/
 endef
 
 $(eval $(call BuildPackage,gluon-alfred))

package/gluon-alfred/files/lib/gluon/cron/alfred

@@ -1 +0,0 @@
-* * * * * /lib/gluon/announce/collect.lua nodeinfo | gzip | alfred -s 158; /lib/gluon/announce/collect.lua statistics | gzip | alfred -s 159; /lib/gluon/announce/collect.lua neighbours | gzip | alfred -s 160

package/gluon-alfred/files/lib/gluon/upgrade/500-enable-alfred

@@ -1,19 +0,0 @@
-#!/usr/bin/lua
-
-local uci = require 'luci.model.uci'
-local c = uci.cursor()
-
-
-c:delete('alfred', 'alfred')
-c:section('alfred', 'alfred', 'alfred',
-	  {
-		  interface = 'br-client',
-		  mode = 'slave',
-		  batmanif = 'bat0',
-		  start_vis = '1',
-		  run_facters = '0',
-	  }
-)
-
-c:save('alfred')
-c:commit('alfred')

package/gluon-alfred/files/usr/lib/autoupdater/abort.d/60gluon-alfred

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+. /lib/gluon/autoupdater/lib.sh
+
+
+start_enabled alfred

package/gluon-alfred/files/usr/lib/autoupdater/download.d/40gluon-alfred

@@ -0,0 +1,6 @@
+#!/bin/sh
+
+. /lib/gluon/autoupdater/lib.sh
+
+
+stop alfred

package/gluon-alfred/files/usr/lib/micron.d/alfred

@@ -0,0 +1 @@
+* * * * * gluon-neighbour-info -d ::1 -p 1001 -t 1 -c 1 -r nodeinfo | gzip | alfred -s 158; gluon-neighbour-info -d ::1 -p 1001 -t 1 -c 1 -r statistics | gzip | alfred -s 159; gluon-neighbour-info -d ::1 -p 1001 -t 1 -c 1 -r neighbours | gzip | alfred -s 160

package/gluon-alfred/luasrc/lib/gluon/upgrade/500-enable-alfred

@@ -0,0 +1,14 @@
+#!/usr/bin/lua
+
+local uci = require('simple-uci').cursor()
+
+uci:delete('alfred', 'alfred')
+uci:section('alfred', 'alfred', 'alfred', {
+	interface = 'br-client',
+	mode = 'slave',
+	batmanif = 'bat0',
+	start_vis = true,
+	run_facters = false,
+})
+
+uci:save('alfred')

package/gluon-announce/Makefile

@@ -1,32 +0,0 @@
-include $(TOPDIR)/rules.mk
-
-PKG_NAME:=gluon-announce
-PKG_VERSION:=1
-PKG_RELEASE:=1
-
-PKG_BUILD_DIR := $(BUILD_DIR)/$(PKG_NAME)
-
-include $(INCLUDE_DIR)/package.mk
-
-define Package/gluon-announce
-  SECTION:=gluon
-  CATEGORY:=Gluon
-  DEPENDS:=+gluon-core +luci-lib-json +lua-ethtool-stats
-  TITLE:=Lua scripts announcing various information
-endef
-
-define Build/Prepare
-	mkdir -p $(PKG_BUILD_DIR)
-endef
-
-define Build/Configure
-endef
-
-define Build/Compile
-endef
-
-define Package/gluon-announce/install
-	$(CP) ./files/* $(1)/
-endef
-
-$(eval $(call BuildPackage,gluon-announce))

package/gluon-announce/files/lib/gluon/announce/collect.lua

@@ -1,10 +0,0 @@
-#!/usr/bin/lua
-
-local announce = require 'gluon.announce'
-local json = require 'luci.json'
-local ltn12 = require 'luci.ltn12'
-
-local announce_dir = '/lib/gluon/announce/' .. arg[1] .. '.d'
-
-encoder = json.Encoder(announce.collect_dir(announce_dir))
-ltn12.pump.all(encoder:source(), ltn12.sink.file(io.stdout))

package/gluon-announce/files/lib/gluon/announce/neighbours.d/node_id

@@ -1 +0,0 @@
-return require('gluon.util').node_id()

package/gluon-announce/files/lib/gluon/announce/nodeinfo.d/hardware/model

@@ -1 +0,0 @@
-return require('platform_info').get_model()

package/gluon-announce/files/lib/gluon/announce/nodeinfo.d/hardware/nproc

@@ -1,14 +0,0 @@
-local n = 0
-
-local cpus = util.trim(fs.readfile('/sys/devices/system/cpu/online'))
-
-for _, entry in ipairs(cpus:split(',')) do
-  local x, y = entry:match('(%d+)-(%d+)')
-  if x then
-    n = n + tonumber(y) - tonumber(x) + 1
-  else
-    n = n + 1
-  end
-end
-
-return n

package/gluon-announce/files/lib/gluon/announce/nodeinfo.d/hostname

@@ -1 +0,0 @@
-return uci:get_first('system', 'system', 'hostname')

package/gluon-announce/files/lib/gluon/announce/nodeinfo.d/network/mac

@@ -1 +0,0 @@
-return require('gluon.sysconfig').primary_mac

package/gluon-announce/files/lib/gluon/announce/nodeinfo.d/node_id

@@ -1 +0,0 @@
-return require('gluon.util').node_id()

package/gluon-announce/files/lib/gluon/announce/nodeinfo.d/software/firmware

@@ -1,4 +0,0 @@
-return {
-	base = 'gluon-' .. util.trim(fs.readfile('/lib/gluon/gluon-version')),
-	release = util.trim(fs.readfile('/lib/gluon/release')),
-}

package/gluon-announce/files/lib/gluon/announce/nodeinfo.d/system/site_code

@@ -1,3 +0,0 @@
-local site = require 'gluon.site_config'
-
-return site.site_code