Note: Following was tested only with vuzero box, but it should also work with any other VU+ box. You just need to change the MACHINE properly below to one of the supported OpenPLi boxes.
Note: Tested on Ubuntu 18.04
sudo apt-get install sed wget cvs subversion git-core \
coreutils unzip texi2html texinfo docbook-utils \
gawk python-pysqlite2 diffstat help2man make gcc build-essential g++ \
desktop-file-utils chrpath sshpass openjdk-11-jre python3-distutils \
libncurses5-dev libncursesw5-dev
git clone https://github.com/OpenPLi/openpli-oe-core
cd openpli-oe-core
git checkout release-7.1
MACHINE=vuzero make image
If the build is successful you can continue with the next steps
Note: This is to prevent errors such as: "opera-hbbtv_20180316_1.tar.gz: Cannot open: No such file or directory".
More info here: https://forums.openpli.org/topic/58631-cant-build-hbbtv/
Open following file with your favorite editor:
meta-vuplus/conf/machine/vuzero.conf
Change this line:
MACHINE_FEATURES += "hbbtv ctrlrc vupluszap opera-browser"
To:
MACHINE_FEATURES += "hbbtv ctrlrc vupluszap"
cd build
source env.source
Note: Kernel version at the time of writing was 3.13.5. Replace the version with your version.
Edit kernel config with your favorite editor:
meta-vuplus/recipes-bsp/linux/linux-vuzero-3.13.5/vuzero_defconfig
and add following to the config:
CONFIG_NETFILTER=y
CONFIG_NETFILTER_ADVANCED=y
CONFIG_BRIDGE_NETFILTER=y
CONFIG_NETFILTER_NETLINK=y
CONFIG_NETFILTER_NETLINK_ACCT=y
CONFIG_NETFILTER_NETLINK_QUEUE=y
CONFIG_NETFILTER_NETLINK_LOG=y
CONFIG_NF_CONNTRACK=y
CONFIG_NF_CONNTRACK_MARK=y
CONFIG_NF_CONNTRACK_EVENTS=y
CONFIG_NF_CONNTRACK_TIMEOUT=y
CONFIG_NF_CONNTRACK_TIMESTAMP=y
CONFIG_NF_CONNTRACK_LABELS=y
CONFIG_NETFILTER_XTABLES=y
CONFIG_NETFILTER_XT_MARK=y
CONFIG_NETFILTER_XT_CONNMARK=y
CONFIG_NETFILTER_XT_TARGET_CLASSIFY=y
CONFIG_NETFILTER_XT_TARGET_CONNMARK=y
CONFIG_NETFILTER_XT_TARGET_HMARK=y
CONFIG_NETFILTER_XT_TARGET_LOG=y
CONFIG_NETFILTER_XT_TARGET_MARK=y
CONFIG_NETFILTER_XT_TARGET_NFLOG=y
CONFIG_NETFILTER_XT_TARGET_REDIRECT=y
CONFIG_NETFILTER_XT_MATCH_CONNLABEL=y
CONFIG_NETFILTER_XT_MATCH_CONNLIMIT=y
CONFIG_NETFILTER_XT_MATCH_CONNMARK=y
CONFIG_NETFILTER_XT_MATCH_CONNTRACK=y
CONFIG_NETFILTER_XT_MATCH_IPRANGE=y
CONFIG_NETFILTER_XT_MATCH_LENGTH=y
CONFIG_NETFILTER_XT_MATCH_LIMIT=y
CONFIG_NETFILTER_XT_MATCH_MAC=y
CONFIG_NETFILTER_XT_MATCH_MARK=y
CONFIG_NETFILTER_XT_MATCH_MULTIPORT=y
CONFIG_NETFILTER_XT_MATCH_NFACCT=y
CONFIG_NETFILTER_XT_MATCH_STATE=y
CONFIG_NF_CONNTRACK_IPV4=y
CONFIG_IP_NF_IPTABLES=y
Note: I added them to the kernel, but it should work also with modules. Warning: If you'll build them as modules, bitbake should automatically create a separate ipk for each module. This means that you need to install all these ipks and load them using modprobe or insmod before using them. I find it easier to include them with the kernel.
If you want to know what each option does, run bitbake --help. In short, we're invalidating timestamp and forcing the rebuild of kernel.
MACHINE=vuzero bitbake -C compile -f linux-vuzero
MACHINE=vuzero bitbake openpli-enigma2-image
Now you have your new image in the tmp/deploy/images/vuzero directory, e.g: openpli-enigma2-homebuild-vuzero_usb.zip
You need this because you just built a custom image (not genuine) and you need to have your own feeds.
MACHINE=vuzero bitbake openpli-enigma2-feed
You need to install Apache or some other web server and serve the deploy directory so that your box can access it.
I have a directory /u1/feeds/openpli-homebuild on my server where I copied content of the tmp/deploy/ipk directory. I created a symlink to the /srv/http and started httpd server on my NAS server (Arch linux).
ln -s /u1/feeds /srv/http/
systemctl enable httpd.service
systemctl start httpd.service
Unpack your image (zip) to a FAT32 formatted USB drive, put it into the box and flash it.
Telnet to the box and read the /etc/opkg/*.conf files to see the feed server URL that you need create on your feed server. In my case:
cat /etc/opkg/vuzero-feed.conf
src/gz openpli-vuzero http://nas/feeds/openpli-homebuild/vuzero
Modify these files to match with the URL of your feed server or change your feed server to match with these URLs.
Telnet to the box and run following commands:
opkg update
opkg install iptables
iptables -L
cat /proc/net/ip_tables_matches
Example (firewall.sh):
#!/bin/sh
# flush any existing rules
iptables -F
# default policy rules
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
# allow everything from loopback interface
iptables -A INPUT -i lo -j ACCEPT
# allow ssh from everywhere
#iptables -A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
# allow connections we initiated
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# allow connections from nas
iptables -A INPUT -p tcp -s 192.168.2.56 -j ACCEPT
# allow connection from laptop
iptables -A INPUT -p tcp -s 192.168.2.5 -j ACCEPT
iptables -A INPUT -p tcp -s 192.168.2.6 -j ACCEPT
Use cron or screen to run the script
In case you just accidentally locked yourself out of your box, just restart your box. Once the script is working for you, create your own sysv init file in /etc/init.d/yourscript and make it executable. Then create a symlink from /etc/init.d/yourscript to /etc/rc3.d/S01yourscript.
Enjoy!