xmake: Fix dropbear downgrade

.github/workflows/build.yml

@@ -3,16 +3,21 @@ name: build
 on:
   workflow_dispatch:
     inputs:
-      first_kernel_compile:
-        description: 'First kernel compile'
+      use_cache:
+        description: 'Restore cache for host tools'
         required: true
         default: 'true'
         type: choice
         options:
         - true
         - false
+      cache_ver:
+        description: 'Use cache version'
+        required: false
+        default: '0'
+        type: string
       test_build:
-        description: 'Test build'
+        description: 'Test build (only spec target) '
         required: true
         default: 'false'
         type: choice
@@ -20,12 +25,12 @@ on:
         - true
         - false
       target_name:
-        description: 'Target Name'
+        description: 'Target Name for test build'
         required: false
         default: 'r3d'
         type: string
       package_dir:
-        description: 'Package Dir'
+        description: 'Package Dir for test build'
         required: false
         default: ''
         type: string
@@ -44,17 +49,15 @@ on:
         type: string
 
 env:
-  FIRST_KERNEL_COMPILE:  ${{ github.event.inputs.first_kernel_compile == 'true' }}
   TEST_BUILD: ${{ github.event.inputs.test_build == 'true' }}
   FAKE_BUILD: ${{ github.event.inputs.fake_build == 'true' }}
   TAG_SUFFIX: ${{ github.event.inputs.fake_build == 'true' && '-fake' || github.event.inputs.test_build == 'true' && '-test' || '' }}
   TARGET_NAME: ${{ github.event.inputs.target_name }}
-  PACKAGE_DIR: ${{ github.event.inputs.package_dir }}
+  G_PKG_DIR: ${{ github.event.inputs.package_dir }}
   REPO_URL: https://github.com/openwrt-xiaomi/openwrt
   REPO_LNK: openwrt-xiaomi/openwrt
   REPO_BRANCH: xq-25.12
   TAG_PREFIX: v25-
-  DEPENDENCIES: ${{ github.workspace }}/dependencies-ubuntu.txt
   TZ: UTC
   DEVICE_NAME: unknown
   BUILD_DATE: unknown
@@ -171,9 +174,9 @@ jobs:
           sudo apt-get -qq update
           #sudo apt-get -qq update && sudo apt-get -qq upgrade
           sudo apt-get -qq install  build-essential gawk flex rsync swig unzip zlib1g-dev file wget
-          sudo apt-get -qq install  libc6-dev clang flex bison g++ gcc-multilib g++-multilib
+          sudo apt-get -qq install  libc6-dev clang bison g++ gcc-multilib g++-multilib
           sudo apt-get -qq install  gettext git libncurses5-dev libssl-dev python3-setuptools
-          sudo apt-get -qq install  libc6-dev pkg-config
+          sudo apt-get -qq install  libc6-dev pkg-config squashfs-tools
           sudo apt-get -qq autoremove --purge
           sudo apt-get -qq clean
           sudo timedatectl set-timezone "$TZ"
@@ -186,7 +189,17 @@ jobs:
           remove-haskell: true
           remove-codeql: true
           remove-docker-images: true
-        
+
+      - name: Set fixed workspace
+        env: 
+          GITHUB_WORKSPACE: ${{ github.workspace }}
+        run: |
+          sudo mkdir -p $GITHUB_WORKSPACE/_temp
+          #sudo chown -R $USER:$USER $GITHUB_WORKSPACE
+          echo "GITHUB_WORKSPACE = $GITHUB_WORKSPACE"
+          echo "GITHUB_WORKSPACE=$GITHUB_WORKSPACE" >> $GITHUB_ENV
+          echo "RUNNER_TEMP=$GITHUB_WORKSPACE/_temp" >> $GITHUB_ENV
+          
       - name: Checkout builder
         uses: actions/checkout@main
 
@@ -200,16 +213,8 @@ jobs:
       - name: Init builder
         run: |
           chmod +x *.sh
-          wget https://github.com/fantastic-packages/packages/raw/refs/heads/25.12/keys/usign/53FF2B6672243D28.pub
-
-      - name: Cache downloads (dl)
-        if: false
-        uses: actions/cache@v4
-        with:
-          path: dl
-          key: dl-${{ hashFiles('feeds.conf.default') }}
-          restore-keys: |
-            dl-
+          #wget https://github.com/fantastic-packages/packages/raw/refs/heads/master/keys/apksign/20241123170031.pub
+          wget https://fantastic-packages.github.io/releases/25.12/20241123170031.pub
 
       - name: Update OpenWrt packages
         id: update
@@ -217,6 +222,67 @@ jobs:
           ./xupdate.sh -f
           mkdir -p logs
           echo "status=success" >> $GITHUB_OUTPUT
+          
+      - name: Prepare for cache
+        id: cache_prepare
+        env: 
+          TARGET: ${{ matrix.target }}
+          USE_CACHE: ${{ github.event.inputs.use_cache }}
+          CACHE_VER: ${{ github.event.inputs.cache_ver }}
+        run: |
+          if [ "$USE_CACHE" = "true" ]; then
+              rm -rf staging_dir/
+              mkdir -p staging_dir/host
+              rm -rf build_dir/
+              mkdir -p build_dir/host
+          fi
+          if [[ " kng_re r3g r3p " == *" $TARGET "* ]]; then
+              CACHE_ARCH=mips
+          else
+              CACHE_ARCH=arm
+          fi
+          echo "CACHE_ARCH = $CACHE_ARCH"
+          echo "USE_CACHE=$USE_CACHE" >> $GITHUB_ENV
+          echo "CACHE_VER=$CACHE_VER" >> $GITHUB_ENV
+          echo "CACHE_ARCH=$CACHE_ARCH" >> $GITHUB_ENV
+          echo "status=success" >> $GITHUB_OUTPUT
+
+      - name: Restore cache for host tools
+        id: tools_cache_restore
+        if: github.event.inputs.use_cache == 'true'
+        uses: actions/cache/restore@v4
+        with:
+          key: host-tools-${{ env.CACHE_VER }}-${{ env.CACHE_ARCH }}-${{ hashFiles('tools/**') }}
+          path: |
+            staging_dir/host
+            build_dir/host
+
+      - name: Fix time stamps into restored dirs
+        if: github.event.inputs.use_cache == 'true' && steps.tools_cache_restore.outputs.cache-hit == 'true'
+        run: |
+          touch staging_dir/host/.prepared
+          touch staging_dir/host/.prereq-build
+          touch staging_dir/host/stamp/.* 2>/dev/null
+          find build_dir/host -name ".prepared*"  -exec touch {} +
+          find build_dir/host -name ".configured" -exec touch {} +
+          find build_dir/host -name ".built"      -exec touch {} +
+
+      - name: Inspect restored host tools
+        if: github.event.inputs.use_cache == 'true'
+        run: |
+          echo "====== openwrt-native.txt ======"
+          cat build_dir/host/pkgconf-*/openwrt-native.txt || true
+          echo "====== staging_dir/host ====="
+          du -sh staging_dir/host || true
+          ls -la staging_dir/host || true
+          echo "====== staging_dir/host/bin ====="
+          du -sh staging_dir/host/bin || true
+          ls -1  staging_dir/host/bin | head -20 || true
+          echo "====== build_dir/host ======="
+          du -sh build_dir/host || true
+          ls -1  build_dir/host | head -20 || true
+          echo "====== path info ========"
+          grep -R "/home/runner" build_dir/host | head
 
       - name: Configure
         id: configure
@@ -255,51 +321,9 @@ jobs:
           echo "====== .config ========="
           cat .config
           echo "========================"
+          cp -f .config logs/config1
+          cp -f .config config1
 
-      - name: Prepare for use cache of tools and toolchain
-        run: |
-          echo "G_TARGET_ARCH = $G_TARGET_ARCH"
-          mkdir -p staging_dir/host
-          rm -rf /tmp/staging-host
-          mkdir -p /tmp/staging-host
-          cp -a staging_dir/host/* /tmp/staging-host/
-          rm -rf staging_dir/host/*
-    
-      - name: Cache host tools
-        uses: actions/cache@v4
-        with:
-          path: staging_dir/host
-          key: host-tools-${{ runner.os }}-${{ hashFiles('tools/**') }}
-          save-always: true
-          restore-keys: |
-            host-tools-${{ runner.os }}-
-
-      - name: Cache toolchain
-        if: false
-        uses: actions/cache@v4
-        with:
-          path: staging_dir/toolchain-*
-          key: toolchain-${{ env.G_TARGET_ARCH }}-${{ hashFiles('toolchain/**') }}
-          save-always: true
-          restore-keys: |
-            toolchain-${{ env.G_TARGET_ARCH }}-
-
-      - name: Restore saved host staging
-        run: |
-          cp -af /tmp/staging-host/* staging_dir/host
-          rm -rf /tmp/staging-host
-    
-      - name: Increase swap to 16G
-        if: false
-        run: |
-          free -h
-          sudo swapoff -a || true
-          sudo rm -f /swapfile
-          sudo fallocate -l 16G /swapfile
-          sudo chmod 600 /swapfile
-          sudo mkswap /swapfile
-          sudo swapon /swapfile
-    
       - name: Monitor memory
         run: |
           echo "CPU cores = $(nproc)"
@@ -311,6 +335,23 @@ jobs:
           echo "Available storage:"
           sudo df -h
 
+      - name: Download sources (dl)
+        id: download
+        if: ${{ steps.configure.outputs.status == 'success' && github.event.inputs.fake_build != 'true' }}
+        run: |
+          make -j$(nproc) download
+          echo "status=success" >> $GITHUB_OUTPUT
+
+      - name: Fix time stamps into restored dirs
+        if: github.event.inputs.use_cache == 'true' && steps.tools_cache_restore.outputs.cache-hit == 'true'
+        run: |
+          touch staging_dir/host/.prepared
+          touch staging_dir/host/.prereq-build
+          touch staging_dir/host/stamp/.* 2>/dev/null
+          find build_dir/host -name ".prepared*"  -exec touch {} +
+          find build_dir/host -name ".configured" -exec touch {} +
+          find build_dir/host -name ".built"      -exec touch {} +
+
       - name: Build tools and toolchain
         id: tools
         if: ${{ steps.configure.outputs.status == 'success' && github.event.inputs.fake_build != 'true' }}
@@ -318,9 +359,31 @@ jobs:
           make toolchain/install -j$(nproc)
           echo "status=success" >> $GITHUB_OUTPUT
 
+      - name: Save cache for host tools
+        id: tools_cache_save
+        if: steps.tools.outputs.status == 'success'
+        uses: actions/cache/save@v4
+        with:
+          key: host-tools-${{ env.CACHE_VER }}-${{ env.CACHE_ARCH }}-${{ hashFiles('tools/**') }}
+          path: |
+            staging_dir/host
+            build_dir/host
+
+      - name: Configure 2
+        id: configure2
+        if: steps.tools.outputs.status == 'success'
+        env: 
+          TARGET: ${{ matrix.target }}
+        run: |
+          make clean
+          ./xmake.sh -I -t $TARGET
+          mkdir -p logs
+          cp -f .config logs/config2
+          [ -f config1 ] && cp -f config1 logs/config1
+
       - name: Kernel compile
         id: kernel
-        if: ${{ steps.tools.outputs.status == 'success' && github.event.inputs.first_kernel_compile == 'true' && github.event.inputs.fake_build != 'true' }}
+        if: ${{ steps.tools.outputs.status == 'success' && github.event.inputs.fake_build != 'true' }}
         run: |
           make target/linux/compile -j$(nproc)
           echo "status=success" >> $GITHUB_OUTPUT
@@ -342,15 +405,17 @@ jobs:
           TARGET: ${{ matrix.target }}
         run: |
           echo "Run $(nproc) thread compile"
-          if [ "$FAKE_BUILD" != "true" -a "$TEST_BUILD" = "true" -a "$PACKAGE_DIR" != "" ]; then
-              make $PACKAGE_DIR/compile V=sc BUILD_LOG=1
+          if [ "$FAKE_BUILD" != "true" -a "$TEST_BUILD" = "true" -a "$G_PKG_DIR" != "" ]; then
+              make target/linux/compile -j$(npoc)
+              echo "=============== BUILD PACKAGE: $G_PKG_DIR ==============="
+              make $G_PKG_DIR/compile V=sc BUILD_LOG=1
               exit 99
           fi
           if [ "$FAKE_BUILD" != "true" ]; then
               if [ "$TEST_BUILD" != "true" ]; then
-                  make -j$(nproc) download world
+                  make -j$(nproc) world
               else
-                  make V=sc download world
+                  make V=sc world
               fi
           fi
           # process results
@@ -436,7 +501,7 @@ jobs:
         if: always()
         uses: actions/upload-artifact@v4
         with:
-          name: logs-${{ matrix.target }}-${{ env.FW_DATE }}
+          name: logs-${{ matrix.target }}-${{ needs.check.outputs.fw_date }}
           path: logs-*.tar.xz
 
   release:
@@ -474,7 +539,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           TAG: ${{ needs.check.outputs.tag }}
         with:
-          prerelease: ${{ env.TEST_BUILD == 'true' || env.FAKE_BUILD == 'true' }}
+          prerelease: true
           tag_name: ${{ needs.check.outputs.tag }}${{ env.TAG_SUFFIX }}
           name: '${{ needs.check.outputs.tag }}'
           body: |

_proxy.config

@@ -9,12 +9,7 @@ CONFIG_PACKAGE_luci-i18n-https-dns-proxy-ru=y
 CONFIG_PACKAGE_igmpproxy=y
 
 CONFIG_PACKAGE_zapret=y
-CONFIG_PACKAGE_zapret-tpws=y
-CONFIG_PACKAGE_zapret-mdig=y
-CONFIG_PACKAGE_zapret-ip2net=y
 CONFIG_PACKAGE_luci-app-zapret=y
 
 CONFIG_PACKAGE_zapret2=y
-CONFIG_PACKAGE_zapret2-mdig=y
-CONFIG_PACKAGE_zapret2-ip2net=y
 CONFIG_PACKAGE_luci-app-zapret2=y

xmake.sh

@@ -108,6 +108,7 @@ function build_target {
 		############ change images prefix ############
 		# IMG_PREFIX:=$(VERSION_DIST_SANITIZED)-$(IMG_PREFIX_VERNUM)$(IMG_PREFIX_VERCODE)$(IMG_PREFIX_EXTRA)$(BOARD)$(if $(SUBTARGET),-$(SUBTARGET))
 		sed -i -e 's/^IMG_PREFIX:=.*/IMG_PREFIX:=$(VERSION_DIST_SANITIZED)-$(call sanitize,$(VERSION_NUMBER))-'$CURDATE'/g' $XDIR/include/image.mk
+		echo ">>> image.mk patched !!!"
 	fi
 	if [ 1 = 1 ]; then
 		############ remove "squashfs" suffix ############
@@ -142,10 +143,13 @@ function build_target {
 	PODKOP_SH=$XDIR/package/feeds/_podkop/podkop/files/usr/bin/podkop
 	if [ -f $PODKOP_SH ] && ! grep -q '(which sing-box)' $PODKOP_SH ; then
 		sed -i '/,\\"dns_configured\\":/i [ -z "$(which sing-box)" ] && status="not installed"' $PODKOP_SH
+		echo ">>> podkop patched !!!"
 	fi
 
 	DROPBEAR_DIR=$XDIR/package/network/services/dropbear
+	DROPBEAR_MK=$DROPBEAR_DIR/Makefile
 	TMP_DROPBEAR_DIR=$XDIR/_dropbear2024
+	TMP_DROPBEAR_MK=$TMP_DROPBEAR_DIR/Makefile
 	if [ -f $DROPBEAR_MK ]; then
 		# download dropbear 2024.86 (OpenWrt v24.10)
 		if [ ! -f $TMP_DROPBEAR_DIR/Makefile ]; then
@@ -159,20 +163,22 @@ function build_target {
 			rm -rf $TMP_DROPBEAR_DIR/package
 			rm -rf $TMP_DROPBEAR_DIR/.git
 		fi
-		rm -rf $DROPBEAR_DIR/files
-		rm -rf $DROPBEAR_DIR/patches
 	fi
-	DROPBEAR_MK=$DROPBEAR_DIR/Makefile
-	if [ -f $DROPBEAR_MK ]; then
-		# downgrade dropbear to 2024.86 (OpenWrt v24.10)
-		cp -a $TMP_DROPBEAR_DIR/. $DROPBEAR_DIR/
+	if [ -f $TMP_DROPBEAR_MK ] && ! grep -q 'PKG_RELEASE:=0' $TMP_DROPBEAR_MK ; then
 		# patch: Disable MODERN and enable RSA/DH-SHA1
-		sed -i 's/^PKG_RELEASE:=.*/PKG_RELEASE:=0/g' $DROPBEAR_MK
-		sed -i '/,CONFIG_DROPBEAR_MODERN_ONLY,/d' $DROPBEAR_MK
-		sed -i 's/\tCONFIG_DROPBEAR_MODERN_ONLY/ /g' $DROPBEAR_MK
-		sed -i 's/ CONFIG_DROPBEAR_MODERN_ONLY/ /g' $DROPBEAR_MK
-		sed -i 's/DROPBEAR_DH_GROUP14_SHA1,0/ /g' $DROPBEAR_MK
-		sed -i 's/DROPBEAR_SHA1_HMAC,0/ /g' $DROPBEAR_MK
+		sed -i 's/^PKG_RELEASE:=.*/PKG_RELEASE:=0/g' $TMP_DROPBEAR_MK
+		sed -i '/,CONFIG_DROPBEAR_MODERN_ONLY,/d' $TMP_DROPBEAR_MK
+		sed -i 's/\tCONFIG_DROPBEAR_MODERN_ONLY/ /g' $TMP_DROPBEAR_MK
+		sed -i 's/ CONFIG_DROPBEAR_MODERN_ONLY/ /g' $TMP_DROPBEAR_MK
+		sed -i 's/DROPBEAR_DH_GROUP14_SHA1,0/ /g' $TMP_DROPBEAR_MK
+		sed -i 's/DROPBEAR_SHA1_HMAC,0/ /g' $TMP_DROPBEAR_MK
+		echo ">>> dropbear patched !!! (disable MODERN_ONLY)"
+	fi
+	if [ -f $DROPBEAR_MK ]  && [ -f $TMP_DROPBEAR_MK ] && ! cmp -s $DROPBEAR_MK $TMP_DROPBEAR_MK ; then
+		# downgrade dropbear to 2024.86 (OpenWrt v24.10)
+		rm -rf $DROPBEAR_DIR/*
+		cp -a $TMP_DROPBEAR_DIR/. $DROPBEAR_DIR/
+		echo ">>> dropbear downgraded to 2024.86 !!!"
 	fi
 
 	make defconfig
@@ -282,28 +288,29 @@ function build_target {
 		echo "Patch '$(basename $incfn)' result: OK"
 	done
 	
-	OPKG_DIR=$XDIR/files/etc/opkg
-	if [ -d $OPKG_DIR ]; then
-		rm -rf $OPKG_DIR
+	APK_DIR=$XDIR/files/etc/apk
+	if [ -d $APK_DIR ]; then
+		rm -rf $APK_DIR
 	fi
-	FANT_PKG_KEY=$XDIR/53FF2B6672243D28.pub
+	FANT_PKG_KEY=$XDIR/20241123170031.pub
 	if [ -f $FANT_PKG_KEY ]; then
-		OPKG_SRC_DIR=$XDIR/package/system/opkg/files
-		OPKG_KEYS_DIR=$OPKG_DIR/keys
-		mkdir -p $OPKG_KEYS_DIR
-		cp $FANT_PKG_KEY $OPKG_KEYS_DIR/53ff2b6672243d28
-		OPKG_CFEED_FN=$OPKG_DIR/customfeeds.conf
-		cp $OPKG_SRC_DIR/customfeeds.conf $OPKG_CFEED_FN
-		PKG_LINK="https://fantastic-packages.github.io/packages/releases/<<VER>>/packages/<<ARCH>>"
-		echo "" >> $OPKG_CFEED_FN
-		echo "src/gz  fantastic_packages_luci      $PKG_LINK/luci"      >> $OPKG_CFEED_FN
-		echo "src/gz  fantastic_packages_packages  $PKG_LINK/packages"  >> $OPKG_CFEED_FN
-		echo "src/gz  fantastic_packages_special   $PKG_LINK/special"   >> $OPKG_CFEED_FN
+		APK_SRC_DIR=$XDIR/package/system/apk/files
+		APK_KEYS_DIR=$APK_DIR/keys
+		mkdir -p $APK_KEYS_DIR
+		cp $FANT_PKG_KEY $APK_KEYS_DIR/fantastic-packages-20241123170031.pem
+		APK_CFEED_FN=$APK_DIR/repositories.d/customfeeds.list
+		mkdir -p $APK_DIR/repositories.d
+		cp $APK_SRC_DIR/customfeeds.list $APK_CFEED_FN
+		PKG_LINK="https://fantastic-packages.github.io/releases/<<VER>>/packages/<<ARCH>>"
+		echo "" >> $APK_CFEED_FN
+		echo "$PKG_LINK/luci/packages.adb"      >> $APK_CFEED_FN
+		echo "$PKG_LINK/packages/packages.adb"  >> $APK_CFEED_FN
+		echo "$PKG_LINK/special/packages.adb"   >> $APK_CFEED_FN
 		TARGET_ARCH_PACKAGES=$( get_cfg_opt_value $CFG TARGET_ARCH_PACKAGES )
 		[ -z "$TARGET_ARCH_PACKAGES" ] && die "Cannot find TARGET ARCH"
-		sed -i "s/<<VER>>/25.12/g" $OPKG_CFEED_FN
-		sed -i "s/<<ARCH>>/$TARGET_ARCH_PACKAGES/g" $OPKG_CFEED_FN
-		logmsg "Added support of Fantastic packages [https://fantastic-packages.github.io/packages]"
+		sed -i "s/<<VER>>/25.12/g" $APK_CFEED_FN
+		sed -i "s/<<ARCH>>/$TARGET_ARCH_PACKAGES/g" $APK_CFEED_FN
+		logmsg "Added support of Fantastic packages [https://fantastic-packages.github.io/releases]"
 	fi
 
 	SYSCTLCONF_FN=$XDIR/files/etc/sysctl.conf