Openwrt Support (Andrwe#53)

* add install routine for opkg to helper
* add interactive test mode
* implement OpenWRT support
* add Github workflow for OpenWRT & Alpine
* tests: only create lock-dir when missing

---------

Signed-off-by: Andrwe Lord Weber <[email protected]>

.github/workflows/pytest.yml

@@ -10,8 +10,8 @@ name: "Test Suite"
   workflow_dispatch:
 
 jobs:
-  pytest:
-    name: Pytest
+  pytest-ubuntu:
+    name: Pytest-Ubuntu
     runs-on: ubuntu-latest
     permissions:
       actions: read
@@ -41,3 +41,78 @@ jobs:
           sudo pkill -9 privoxy || true
           # run pytest as sudo to allow pytestshellutils to stop privoxy
           sudo --preserve-env=ACTIONS_STEP_DEBUG,RUNNER_DEBUG pytest -v -s --color yes tests/
+
+  pytest-alpine:
+    name: Pytest-Alpine
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: write
+    container:
+      image: alpine:latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: prepare environment
+        run: |
+          apk add --no-cache --quiet build-base linux-headers py3-pip python3-dev
+          python3 -m venv .venv
+          . .venv/bin/activate
+          pip install --no-cache-dir -qr tests/requirements.txt
+          sh helper/install_deps.sh
+          bash -c "for f in /etc/privoxy/*.new; do cp -p \$f \${f%.*};done"
+
+      - name: run pytest
+        env:
+          ACTIONS_STEP_DEBUG: ${{ vars.ACTIONS_STEP_DEBUG }}
+          RUNNER_DEBUG: ${{ runner.debug }}
+        run: |
+          . .venv/bin/activate
+          pytest -v -s --color yes tests/
+
+  pytest-openwrt:
+    name: Pytest-OpenWRT
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: write
+    container:
+      image: openwrt/rootfs:latest
+
+    steps:
+      - name: Prepare OPKG
+        run: |
+          mkdir -p /var/lock /var/run
+          opkg update
+      - name: Checkout repository (custom)
+        # required as 'node dist/index.js' succeeds with errors
+        continue-on-error: true
+        env:
+          INPUT_TOKEN: ${{ github.token }}
+        run: |
+          set -x
+          opkg install git-http node-npm
+          git clone -b "v4" https://github.com/actions/checkout.git /tmp/checkout
+          cd /tmp/checkout
+          npm install
+          node dist/index.js
+          echo "end: $?"
+          ls -l "${GITHUB_WORKSPACE}"
+
+      - name: prepare environment
+        run: |
+          opkg install curl gcc make python3 python3-pip python3-dev
+          pip install --no-cache-dir -qr tests/requirements.txt
+          sh helper/install_deps.sh
+          /etc/rc.d/K10privoxy stop || true
+          echo "        list    listen_address  '127.0.0.1:8118'" >> /etc/config/privoxy
+          echo "        list    permit_access           '127.0.0.0/24'" >> /etc/config/privoxy
+
+      - name: run pytest
+        env:
+          ACTIONS_STEP_DEBUG: ${{ vars.ACTIONS_STEP_DEBUG }}
+          RUNNER_DEBUG: ${{ runner.debug }}
+        run: |
+          pytest -v -s --color yes tests/

helper/install_deps.sh

@@ -1,7 +1,6 @@
 #!/bin/sh
 
 set -e
-
 exists() {
     if command -v "$1" > /dev/null 2>&1; then
         return 0
@@ -10,7 +9,12 @@ exists() {
 }
 
 if exists apk; then
-    apk add --no-cache privoxy sed grep bash wget
+    apk add --no-cache \
+        bash \
+        grep \
+        privoxy \
+        sed \
+        wget
     if ! grep -q '^debug' /etc/privoxy/config; then
         cat >> /etc/privoxy/config << EOF
 # activate debugging of rules & access log
@@ -22,7 +26,12 @@ fi
 if exists apt-get; then
     export DEBIAN_FRONTEND=noninteractive
     apt-get update -qq -y
-    apt-get install -y privoxy sed grep bash wget
+    apt-get install -y \
+        bash \
+        grep \
+        privoxy \
+        sed \
+        wget
     if [ -n "${HTTPS_SUPPORT:-}" ]; then
         # prepare HTTPS inspection
         mkdir -p /etc/privoxy/CA/certs /usr/local/share/ca-certificates/privoxy
@@ -64,5 +73,51 @@ EOF
     fi
     exit 0
 fi
+if exists opkg; then
+    if ! [ -e "/var/lock" ]; then
+        mkdir /var/lock/
+    fi
+    if ! [ -e "/var/run" ]; then
+        mkdir /var/run/
+    fi
+    opkg update
+    opkg install \
+        bash \
+        grep \
+        privoxy \
+        sed \
+        wget-ssl
+
+    # openwrt version not compiled with HTTPS support, thus just keeping for future reference
+    if [ -n "${HTTPS_SUPPORT:-}" ]; then
+        # prepare HTTPS inspection
+        opkg install openssl-util
+        privoxy_cert_dir="/etc/config/privoxy_certs"
+        cert_path="${privoxy_cert_dir}/privoxy_cacert.crt"
+        mkdir -p "${privoxy_cert_dir}"
+        openssl req -new -x509 -extensions v3_ca -keyout "${privoxy_cert_dir}/cakey.pem" -out "${cert_path}" -days 3650 -noenc -batch
+        cert_hash="$(openssl x509 -hash -noout -in "${cert_path}").0"
+        ln -s "${cert_path}" "/etc/ssl/certs/privoxy_cacert.crt"
+        ln -s "/etc/ssl/certs/privoxy_cacert.crt" "/etc/ssl/certs/${cert_hash}"
+        chown -R privoxy "${privoxy_cert_dir}"
+        if ! grep -q '^{+https-inspection}' /etc/config/privoxy_https.action; then
+            cat >> /etc/config/privoxy_https.action << EOF
+{+https-inspection}
+.
+EOF
+        fi
+        if ! grep -q '^\s*option\s*ca-directory' /etc/config/privoxy; then
+            cat >> /etc/config/privoxy << EOF
+        option  ca-directory            '${privoxy_cert_dir}'
+        option  certificate-directory   '${privoxy_cert_dir}'
+        option  trusted-cas-file        '/etc/ssl/certs/ca-certificates.crt'
+        option  ca-cert-file            'privoxy_cacert.crt'
+        option  ca-key-file             'cakey.pem'
+        list    actionsfile             '/etc/config/privoxy_https.action'
+EOF
+        fi
+    fi
+    exit 0
+fi
 echo "no install command found"
 exit 1