Add OpenWRT build option

build/foss/Cargo.toml

@@ -9,4 +9,4 @@ crate-type = ["staticlib"]
 
 [dependencies]
 norddrop = { git = "https://github.com/NordSecurity/libdrop", tag = "v5.4.0_moose_backport" }
-telio = { git = "https://github.com/NordSecurity/libtelio", tag= "v4.3.3" }
+telio = { git = "https://github.com/NordSecurity/libtelio", tag= "v4.3.5" }

build/foss/build_openwrt.sh

@@ -0,0 +1,25 @@
+#!/usr/bin/env bash
+set -euox
+
+source "${WORKDIR}/ci/archs.sh"
+source "${WORKDIR}/ci/env.sh"
+
+declare -A targets=(
+  [amd64]=x86_64-unknown-linux-musl
+  [aarch64]=aarch64-unknown-linux-musl
+)
+
+declare -A cc=(
+  [amd64]="x86_64-openwrt-linux-musl-gcc"
+  [aarch64]="aarch64-openwrt-linux-musl-gcc"
+)
+
+pushd "${WORKDIR}/build/foss"
+for arch in "${ARCHS[@]}"; do
+  target="${targets[$arch]}"
+  compiler="${cc[$arch]}"
+  TARGET_CC="${compiler}" cargo build --target "${target}" --release
+  mkdir -p "${WORKDIR}/bin/deps/foss/${arch}"
+  ln -frs "${WORKDIR}/build/foss/target/${target}/release" "${WORKDIR}/bin/deps/foss/${arch}/latest"
+done
+popd

build/openvpn/build.sh

@@ -68,43 +68,63 @@ declare -A cross_compiler_map=(
     [aarch64]=aarch64-linux-gnu-gcc
 )
 
+declare -A cross_compiler_map_openwrt=(
+    [amd64]="x86_64-openwrt-linux-musl-gcc"
+    [aarch64]="aarch64-openwrt-linux-musl-gcc"
+)
+
 pushd "${current_dir}"
   target=""
+  compiler=""
   openssl_cflags=""
   openssl_ldflags=""
   lzo_cflags="-g -O2"
   lzo_ldflags=""
   openvpn_cflags="-Wall -Wno-unused-parameter -Wno-unused-function -g -O2 -D_FORTIFY_SOURCE=2 -std=c99 -fstack-protector"
   openvpn_ldflags="-Wl,-z,relro,-z,now -Wl,--as-needed"
-  compiler="${cross_compiler_map[${ARCH}]}"
-  case "${ARCH}" in
-    "i386")
-      target="i686-linux-gnu"
-      prefix="$target-"
-      openssl_cflags+=" -m32"
-      openssl_ldflags+=" -m32"
-      lzo_cflags+=" -m32"
-      lzo_ldflags+=" -m32"
-      openvpn_cflags+=" -m32"
-      openvpn_ldflags+=" -m32"
-    ;;
-    "amd64")
-      target="x86_64-linux-gnu"
-      prefix="$target-"
-    ;;
-    "armel")
-      target="arm-linux-gnueabi"
-      prefix="$target-"
-    ;;
-    "armhf")
-      target="arm-linux-gnueabihf"
-      prefix="$target-"
-    ;;
-    "aarch64")
-      target="aarch64-linux-gnu"
-      prefix="$target-"
-    ;;
-  esac
+
+  if [[ "${OS}" == "openwrt" ]]; then
+    compiler="${cross_compiler_map_openwrt[${ARCH}]}"
+    case "${ARCH}" in
+      "amd64")
+        target="x86_64-openwrt-linux-musl"
+      ;;
+      "aarch64")
+        target="aarch64-openwrt-linux-musl"
+      ;;
+    esac
+    prefix="$target-"
+  else
+    compiler="${cross_compiler_map[${ARCH}]}"
+    case "${ARCH}" in
+      "i386")
+        target="i686-linux-gnu"
+        prefix="$target-"
+        openssl_cflags+=" -m32"
+        openssl_ldflags+=" -m32"
+        lzo_cflags+=" -m32"
+        lzo_ldflags+=" -m32"
+        openvpn_cflags+=" -m32"
+        openvpn_ldflags+=" -m32"
+      ;;
+      "amd64")
+        target="x86_64-linux-gnu"
+        prefix="$target-"
+      ;;
+      "armel")
+        target="arm-linux-gnueabi"
+        prefix="$target-"
+      ;;
+      "armhf")
+        target="arm-linux-gnueabihf"
+        prefix="$target-"
+      ;;
+      "aarch64")
+        target="aarch64-linux-gnu"
+        prefix="$target-"
+      ;;
+    esac
+  fi
 
   pushd "${sources}/openssl-${OPENSSL_VERSION}"
     configure_openssl "${compiler}"

ci/compile.sh

@@ -4,6 +4,7 @@ set -euox
 source "${WORKDIR}"/ci/env.sh
 source "${WORKDIR}"/ci/archs.sh
 
+
 # Since race detector has huge performance price and it works only on amd64 and does not
 # work with pie executables, its enabled only for development builds.
 # shellcheck disable=SC2153
@@ -30,22 +31,35 @@ declare -A names_map=(
 	[norduser]=norduserd
 )
 
+declare -A cross_compiler_map
+declare -A cross_compiler_map_openwrt
+
 # shellcheck disable=SC2034
-declare -A cross_compiler_map=(
+cross_compiler_map=(
     [i386]=i686-linux-gnu-gcc
     [amd64]=x86_64-linux-gnu-gcc
     [armel]=arm-linux-gnueabi-gcc
     [armhf]=arm-linux-gnueabihf-gcc
     [aarch64]=aarch64-linux-gnu-gcc
 )
 
+cross_compiler_map_openwrt=(
+    [amd64]="x86_64-openwrt-linux-musl-gcc"
+  	[aarch64]="aarch64-openwrt-linux-musl-gcc"
+)
+
 # Required by Go when cross-compiling
 export CGO_ENABLED=1
-GOARCH="${ARCHS_GO["${ARCH}"]}"
-export GOARCH="${GOARCH}"
+
+if [[ "${OS}" == "openwrt" ]]; then
+	mkdir -p "$GO_BUILD_DIR/bin" "$GO_BUILD_CACHE_DIR" "$GO_MOD_CACHE_DIR" "$GO_BUILD_BIN_DIR"
+else
+	GOARCH="${ARCHS_GO["${ARCH}"]}"
+	export GOARCH
+fi
 
 # C compiler flags for binary hardening.
-export CGO_CFLAGS="-g -O2 -D_FORTIFY_SOURCE=2"
+export CGO_CFLAGS="${CGO_CFLAGS:-""} -g -O2 -D_FORTIFY_SOURCE=2"
 
 # These C linker flags get appended to the ones specified in the source code
 export CGO_LDFLAGS="${CGO_LDFLAGS:-""} -Wl,-z,relro,-z,now"
@@ -83,12 +97,20 @@ fi
 
 for program in ${!names_map[*]}; do # looping over keys
 	pushd "${WORKDIR}/cmd/${program}"
-	# BUILDMODE can be no value and `go` does not like empty parameter ''
-	# this is why surrounding double quotes are removed to not cause empty parameter i.e. ''
-	# shellcheck disable=SC2086
-	CC="${cross_compiler_map[${ARCH}]}" \
-		go build ${BUILD_FLAGS:+"${BUILD_FLAGS}"} ${BUILDMODE:-} -tags "${tags}" \
-		-ldflags "-linkmode=external ${ldflags}" \
-		-o "${WORKDIR}/bin/${ARCH}/${names_map[${program}]}"
+	if [[ "${OS}" == "openwrt" ]]; then
+		CC="${cross_compiler_map_openwrt[${ARCH}]}" \
+			go build ${BUILD_FLAGS:+"${BUILD_FLAGS}"} ${BUILDMODE:-} -tags "${tags}" \
+				-ldflags "-linkmode=external ${ldflags}" \
+				-o "${WORKDIR}/bin/${ARCH}/${names_map[${program}]}"
+		cp -r "${WORKDIR}/bin/${ARCH}/${names_map[${program}]}" "${GO_BUILD_BIN_DIR}"
+	else
+		# BUILDMODE can be no value and `go` does not like empty parameter ''
+		# this is why surrounding double quotes are removed to not cause empty parameter i.e. ''
+		# shellcheck disable=SC2086
+		CC="${cross_compiler_map[${ARCH}]}" \
+			go build ${BUILD_FLAGS:+"${BUILD_FLAGS}"} ${BUILDMODE:-}-tags "${tags}" \
+				-ldflags "-linkmode=external ${ldflags}" \
+				-o "${WORKDIR}/bin/${ARCH}/${names_map[${program}]}"
+	fi
 	popd
 done

daemon/vpn/openvpn/config.go

@@ -13,8 +13,8 @@ import (
 	"github.com/NordSecurity/nordvpn-linux/config"
 	"github.com/NordSecurity/nordvpn-linux/internal"
 
-	"github.com/jbowtie/gokogiri/xml"
-	"github.com/jbowtie/ratago/xslt"
+	"github.com/NordSecurity/gokogiri/xml"
+	"github.com/NordSecurity/ratago/xslt"
 )
 
 const ovpnConfig = `<?xml version="1.0"?>