Next release

[pktpls]

I'm coming to the conclusion that we need a Falter 1.2.4 release before doing an upgrade to OpenWrt 22.03 (Falter 1.3.0) or 23.05 (Falter 1.4.0). The Autoupdater needs to deal with changes of compat-version and target names, which it currently doesn't. These are two easy changes, but they neccessitate a release before the OpenWrt upgrade, if we don't want to lose devices with regard to autoupdates.

I pulled OpenWifiMap data and looked at nodes updated at in July 2024. There are 256 nodes running the 1.2.3 release, most of which probably have the Autoupdater enabled. This number doesn't include BBB-Configs nodes, which show up as 1.x.y-snapshot (~153 nodes). In total there were 736 updated in July.

First a list of the challenges that need our attention, then a list of tasks for 1.2.4, 1.3.0 and 1.4.0 releases.

Challenges

Direct upgrade

• Ideally we'd go from Falter 1.2.3 (OpenWrt 21.02) directly to 1.4.0, skipping over 1.3.0.
• But OpenWrt doesn't officially support skipping a release during upgrades.
• In practice this might not be a problem if we're very careful about the configuration migrations involved. But there's still the risk of undocumented low-level partitioning changes, for example, and other things.
• Gluon works around this by always regenerating the complete config after an upgrade, based on user config. We'd do this based on ffwizard.json.

DSA migration

• Background: https://openwrt.org/releases/21.02/notes-21.02.0#initial_dsa_support
• The configuration syntax changes were already done in Falter 1.2.0: Changes needed for 2102 falter-packages#212
• Affected are all devices that have their compat-version bumped from 1.0 to 1.1
  • Relevant for us in 22.03 are lantiq/xrx200 devices (AVM and TP-Link DSL modems)
  • In 23.05 ipq40xx (Mikrotik and newer Fritzboxes), mpc85xx (TL-WDR4900), and mt7622 (BPi-R64)
• Sysupgrade rejects images with a changed compat-version, which means the Autoupdater must be changed to keep supporting these devices.
• Autoupdater needs to use sysupgrade's --ignore-minor-compat-version option.

Firewall migration

• Background: https://openwrt.org/releases/22.03/notes-22.03.0#firewall4_based_on_nftables
• We need to check that all our firewall rules/actions in UCI are still supported, and also look at the few direct iptables invocations.

Changes of target names

• Many of the old Ubiquiti devices have been moved from ath79/generic to the ath79/tiny target. There are also other targets that have been renamed or refactored.
• Right now Autoupdater first looks at the target name and won't find image files if they're now part of a different target.
• Autoupdater needs to look only at the device profile name (e.g. ubnt_nanostation-m), and not at the target name.

Changes of disk partitions

• Ubiquiti Unifi AC Mesh/Lite/Pro got a partition size increase in 23.05, but can be softbricked by an upgrade if the new image is too large to fit into the old partition. A bigger image can only be used after first flashing a smaller image that supports the big partition.
• We need to make sure that images for these devices are small. In a later release they can be big.

DNS servers degradation

• The upstream DNS servers configuren in Falter have deteriorated over the years.
  • as250.net is broken at L105
  • fdn.fr is often overloaded and times out
  • dns2.digitalcourage is deprecated and shouldn't be used in new installations
• It's pretty bad UX and might even fail the Autoupdater.
• In BBB-Configs we're using only Quad9 for the short term, which has high-performance resolvers in Berlin (L105 + AK36) - context all: update the upstream DNS servers bbb-configs#862 (comment)
• We'll get access to more resolvers in Berlin in the future if we implement DNS-over-TLS.

Tasks

Falter 1.2.4

• buildbot: custom imagebuilder for x86/64 which supports running in a VM (for automated testing)
• buildbot: generate release manifest listing all device profiles and image files
• buildbot: remove backbone variant
• autoupdater: pick changes from 1.3.0 branch
• autoupdater: use sysupgrade --ignore-minor-compat-version
• autoupdater: ignore target name, look only for device profile name (use manifest from buildbot)
• autoupdater: handle profile name changes (e.g. nanostation profiles were unified in 22.03/23.05)
• autoupdater: handle variant changes (e.g. removal of backbone variant, or unification of tunneldigger+notunnel into a standard variant)
• dnsmasq: update DNS upstream servers
• ffwizard: add more freifunk config to ffwizard.json (e.g. swapports, policyrouting, community profile, etc.)
• optional: owm: add more info about board, target, autoupdater

Falter 1.3.0

• firewall: fw3->fw4 migration (config rules, direct iptables invocations)

Falter 1.4.0

• build: small images for unifiac-mesh/pro/lite devices (partition migration)
• optional: ffwizard: reconfigure device config after an upgrade, based on ffwizard.json

[pktpls]

(edited first post above and removed it here)

[pktpls]

Added DNS server challenge

[Akira25]

--ignore-minor-compat-version is not available in Falter-1.2.3. We need to either make it conditional, or to care for when it was introduced.

I wrote code addressing this in MR falter-packages/#440