networking: add support for WireGuard VPN

.github/workflows/build-ovms.yml

@@ -0,0 +1,202 @@
+---
+# This is an ESP-IDF workflow to build OVMS v3
+
+name: 'Build and store artifacts for OVMS v3'
+
+# Controls when the action will run.
+on:
+  # # Triggers the workflow on tag create like v1.0, v2.0.0 and so on
+  push:
+  #   tags:
+  #    - 'v*'
+
+  # Allows you to run this workflow manually from the Actions tab
+  workflow_dispatch:
+
+# A workflow run is made up of one or more jobs that can run sequentially or in parallel
+jobs:
+  # This workflow contains a single job called 'build_ovms'
+  build_ovms:
+
+    strategy:
+      matrix:
+        # idf_ver: ["latest", "release-v5.1", "release-v5.0", "v5.0.1", "v5.0"]
+        # idf_ver: ["release-v5.0", "v5.0.1", "v5.0", "release-v4.4", "v4.4.4", "v3.3.4"]
+        # idf_ver: ["latest", "release-v5.1", "release-v5.0", "v5.0.1", "v5.0", "release-v4.4", "v3.3.4"]
+        idf_ver: ["release-v5.0", "v5.0.2", "v5.0.1", "v5.0", "release-v4.4", "v3.3.4"] # v3.3.4 is our own fork / special handling
+        idf_target: ["esp32"]
+        mongoose_ver: ["6.11"] # 6.11 is our own fork / special handling
+        include:
+
+          # All the following items are 'default' values for ALL the matrix entries
+          - patch_mongoose_6_11: true
+            build_command: "idf.py build"
+            sdkconfig: "sdkconfig.defaults.esp5.0.1"
+            patch_esp_idf_ovms: false
+            force_wolfssl_470: false
+            patch_esp_idf_whole_archive: false
+
+          # All the following items are updates of specific entries in the matrix
+          - idf_ver: "v5.0"
+            sdkconfig: "sdkconfig.defaults.esp5"
+
+          - idf_ver: "release-v4.4"
+            sdkconfig: "sdkconfig.defaults.esp4"
+            patch_esp_idf_whole_archive: true
+
+          # - idf_ver: "v4.4.4"
+          #   sdkconfig: "sdkconfig.defaults.esp4"
+          #   patch_mongoose_6_11: false
+          #   patch_esp_idf_whole_archive: true
+
+          # - idf_ver: "v3.3.6"
+          #   build_command: "make -j all"
+          #   patch_mongoose_6_11: false
+          #   force_wolfssl_470: true
+
+          - idf_ver: "v3.3.4"
+            build_command: "TERM=vt100 make defconfig all"
+            sdkconfig: "sdkconfig.defaults.esp3"
+            patch_mongoose_6_11: false
+            patch_esp_idf_ovms: true
+            # force_wolfssl_470: false
+
+    # The type of runner that the job will run on
+    runs-on: 'ubuntu-22.04'
+    container: 'espressif/idf:${{ matrix.idf_ver }}'
+
+    # For the moment, only on this branch
+    if: github.repository == 'llange/Open-Vehicle-Monitoring-System-3'
+    steps:
+
+      # For older builds (3.3.x), a few tweaks are needed:
+      # - the git version bundled in the official ESP-IDF docker image is too old
+      #   for GitHub's `actions/checkout` below. We upgrade it
+      # - We also replace the official ESP-IDF repo with OVMSv3's customized ESP-IDF repo
+      - name: 'Use ESP-IDF v3.3 with OVMS tweaks'
+        if: matrix.patch_esp_idf_ovms
+        run: |
+          # Git 2.17.x is not enough for the `actions/checkout` below - upgrade to a more recent version
+          apt-get update
+          apt-get install -y software-properties-common
+          add-apt-repository ppa:git-core/ppa
+          apt-get update
+          apt-get upgrade -y git
+          git --version
+          cd "${IDF_PATH}"
+          git remote set-url origin "https://github.com/openvehicles/esp-idf.git"
+          git fetch --all
+          git reset --hard
+          git clean -fxd
+          git pull origin master
+          git submodule update --init --recursive
+          ./install.sh esp32
+          cd -
+
+      # For older builds (4.4.x), a patch is needed:
+      # - the WHOLE_ARCHIVE statement in CMake components has only been introduced
+      #   in ESP-IDF v5.0. We patch it.
+      - name: 'Use ESP-IDF v4.4.x with WHOLE_ARCHIVE support'
+        if: matrix.patch_esp_idf_whole_archive
+        run: |
+          cd "${IDF_PATH}"
+          git config user.email "[email protected]"
+          git config user.name "Github CI"
+          git config merge.renameLimit 999999
+          git fetch --all
+          git reset --hard
+          git clean -fxd
+          git cherry-pick 273633ee310fbc18b17edfaeae3f3121508e3b8d
+          cd -
+
+      # We're now able to fetch our OVMSv3 firmware repo
+      - name: 'Checkout repo'
+        uses: 'actions/checkout@v3'
+        with:
+          submodules: 'recursive'
+
+      - name: 'fix error message'
+        run: 'git config --global --add safe.directory "$GITHUB_WORKSPACE"'
+
+      # For ESP-IDF v5+ builds, we need to patch our "old" version of mongoose
+      - name: 'Patch mongoose (ESP-IDF v5+)'
+        if: |
+          matrix.patch_mongoose_6_11 &&
+          (matrix.mongoose_ver == '6.11')
+        run: 'git apply --directory="vehicle/OVMS.V3/components/mongoose/mongoose" "vehicle/OVMS.V3/support/mongoose-espv5.patch"'
+
+      # For Mongose >= 7, we checkout this specific version
+      - name: 'Switch mongoose dir'
+        if: |
+          (matrix.mongoose_ver != '6.11')
+        run: |
+          cd "vehicle/OVMS.V3/components/mongoose/mongoose"
+          git remote set-url origin "https://github.com/cesanta/mongoose.git"
+          git fetch --all
+          git reset --hard
+          git clean -fxd
+          git checkout "${{ matrix.mongoose_ver }}"
+          cd -
+
+      # For older builds (3.3.x), we need to switch back to the (official) wolfssl version that
+      # was used in those builds + patch it and update the build system
+      # - name: 'Patch WolfSSL (ESP-IDF v3) with OVMS tweaks'
+      #   if: matrix.force_wolfssl_470
+      #   run: |
+      #     cd "vehicle/OVMS.V3/components/wolfssl/wolfssl"
+      #     git fetch --unshallow
+      #     git checkout "v4.7.0-stable"
+      #     cd -
+      #     cp "vehicle/OVMS.V3/support/wolfssl-4.7.0-esp3/user_settings.h" "vehicle/OVMS.V3/components/wolfssl/port/"
+      #     git apply -p5 --directory="vehicle/OVMS.V3/components/wolfssl/wolfssl" "vehicle/OVMS.V3/support/wolfssl-4.7.0-esp3/wolfssl-4.7.0.patch"
+
+      # For all builds, we have a default sdkconfig file
+      - name: 'Setup configuration'
+        run: 'cp "vehicle/OVMS.V3/support/${{ matrix.sdkconfig }}" "vehicle/OVMS.V3/sdkconfig.defaults"'
+
+      - name: 'Patch configuration for Mongoose 6.11 (SSL cannot compile)'
+        if: |
+          matrix.patch_mongoose_6_11 &&
+          (matrix.mongoose_ver == '6.11')
+        run: 'sed -i -e "s/CONFIG_MG_ENABLE_SSL=y/#CONFIG_MG_ENABLE_SSL=/g" "vehicle/OVMS.V3/sdkconfig.defaults"'
+
+      - name: Cache build dependencies
+        id: esp-idf-build
+        uses: actions/cache@v3
+        with:
+          path: |
+            vehicle/OVMS.V3/build
+            vehicle/OVMS.V3/sdkconfig
+          key: build-${{ runner.os }}-${{ matrix.idf_target }}_esp-idf-${{ matrix.idf_ver }}_mg-${{ matrix.mongoose_ver }}
+
+      # Now, we can build it. Let's not forget to install `dos2unix` first as it is needed.
+      - name: 'Build project with IDF-${{ matrix.idf_ver }} for ${{ matrix.idf_target }}'
+        env:
+          IDF_TARGET: ${{ matrix.idf_target }}
+        shell: bash
+        working-directory: vehicle/OVMS.V3
+        run: |
+          apt-get update
+          apt-get install -y dos2unix
+          . ${IDF_PATH}/export.sh
+          # https://github.com/espressif/idf-component-manager/issues/31#issuecomment-1535984388
+          pip install -U "urllib3<2"
+          git status --untracked-files
+          git ls-files -o --exclude-standard
+          ${{ matrix.build_command }}
+
+      - name: 'Archive build output artifacts'
+        uses: 'actions/upload-artifact@v3'
+        with:
+          name: '${{ matrix.idf_target }}_esp-idf-${{ matrix.idf_ver }}_mongoose-${{ matrix.mongoose_ver }}'
+          path: |
+            vehicle/OVMS.V3/build/bootloader/bootloader.bin
+            vehicle/OVMS.V3/build/partition_table/partition-table.bin
+            vehicle/OVMS.V3/build/*.bin
+            vehicle/OVMS.V3/build/*.elf
+            vehicle/OVMS.V3/build/log/*
+            vehicle/OVMS.V3/build/flasher_args.json
+            vehicle/OVMS.V3/build/config/sdkconfig.h
+            vehicle/OVMS.V3/build/config/sdkconfig.json
+            vehicle/OVMS.V3/sdkconfig
+          if-no-files-found: error

.github/workflows/ci-fallback.yaml

@@ -0,0 +1,17 @@
+---
+name: 'CI Fallback'
+
+on:
+  push:
+    paths-ignore:
+      - 'docs/**'
+  pull_request:
+    paths-ignore:
+      - 'docs/**'
+
+jobs:
+  documentation:
+    runs-on: 'ubuntu-22.04'
+
+    steps:
+      - run: 'echo "No build required"'

.github/workflows/ci.yaml

@@ -0,0 +1,56 @@
+---
+name: 'CI'
+
+on:
+  push:
+    paths-ignore:
+      - 'docs/**'
+  pull_request:
+    paths:
+      - 'docs/**'
+
+jobs:
+  documentation:
+    runs-on: 'ubuntu-22.04'
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set up Python
+        id: setup-python
+        uses: actions/setup-python@v4
+        with:
+          python-version: 3
+          cache: 'pip'
+          cache-dependency-path: 'docs/source/requirements.txt'
+
+      - name: Upgrade pip
+        run: |
+          sudo apt update
+          sudo apt install -y graphviz
+          python -m pip install --upgrade pip
+
+      - name: Cache doc dependencies
+        id: sphinx
+        uses: actions/cache@v3
+        with:
+          path: |
+            docs/build
+          key: sphinx-docs-${{ runner.os }}-${{ steps.setup-python.outputs.python-version }}-${{ hashFiles('docs/source/conf.py','docs/source/Makefile') }}
+
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade -r docs/source/requirements.txt sphinx sphinx_rtd_theme
+
+      - name: Render the documentation
+        run: |
+          cd docs
+          make SPHINXOPTS=-W html
+
+      - name: 'Archive build output artifacts'
+        uses: 'actions/upload-artifact@v3'
+        with:
+          name: 'documentation'
+          path: |
+            docs/build/html
+          if-no-files-found: error

.gitignore

@@ -65,3 +65,8 @@ docs/build/
 .vscode/
 vehicle/OVMS.V3/components/ovms_webserver/assets/charts.js.gz
 *.gz
+vehicle/OVMS.V3/sdkconfig.defaults
+
+# Funny, but the component manager seems to always run during builds,
+# thus overwriting this file. No reason to manage it ourselves...
+vehicle/OVMS.V3/dependencies.lock

.gitmodules

@@ -13,3 +13,6 @@
 [submodule "vehicle/OVMS.V3/components/wolfssl/wolfssl"]
 	path = vehicle/OVMS.V3/components/wolfssl/wolfssl
 	url = https://github.com/openvehicles/wolfssl.git
+[submodule "vehicle/OVMS.V3/components/esp_wireguard"]
+	path = vehicle/OVMS.V3/components/esp_wireguard
+	url = https://github.com/trombik/esp_wireguard.git

README.md

@@ -1,3 +1,59 @@
+# **Warning**  
+> This branch is a Work-In-Progress to add compatibility with ESP-IDF v4.x and v5.x.  
+> Not suitable for production use - only for dev / tests.  
+> As of now, it (kind-of) works on ESP-IDF v5.0 with the following caveats:
+> * the crash handler (`xt_set_error_handler_callback` and `esp_task_wdt_get_trigger_tasknames`) is disabled for the moment, we need to decide whether we "fork" ESP-IDF again to port it ; or if the new APIs are enough to (partially ?) reimplement it (see commit: "**WIP WIP WIP : comment out ESP-IDF specifics of our fork**")
+> * There is a crash in `OvmsConsole::Poll` which is not analysed (yet) and which is worked around by declaring a variable static (see commit: "**WIP WIP WIP : prevent a crash at boot (to be analysed)**")
+> * Our (previously) local copies of `wolfssh` and `wolfssl` are now in submodules (and moved one level below in terms of directories) - mainly to be able to have a CMakeLists.txt different from the upstream one. In the process, one of our previous patches is now lost : https://github.com/openvehicles/Open-Vehicle-Monitoring-System-3/commit/51444539047daef7bd2accb23ef40d1bc14fdb20 and we need to decide how to handle this.
+> * A lot of dependencies are now explicitly (hard-)coded in the CMakeLists.txt - which may, or may not be a good thing. Let's discuss it.
+> * The set of defines (in ovms_webserver) have been transformed into a header generation because it was not known how to implement those in a satisfying manner in cmake.
+> * There are still some warnings during compilation (mainly ADC which needs conversion + some others)
+> * Mongoose is not (yet) ready to compile with TLS enabled.
+> * wolfSSL can't be (yet) compiled with OPENSSL defines (see wolfSSL/wolfssl#6028)
+> * wolfSSL has been updated to tag `v5.3.0-stable` (Note: later versions causing stack overflow during SSH session, to investigate)
+> * wolfSSH has been updated to tag `v1.4.6-stable`
+> * mongoose has not been updated but needs patching (see below for the patch)
+> * Some commits (identified by "WIP WIP WIP") needs to be addressed
+> * No real-world test has been done
+> * We wanted to stay compatible with our 3.3.4 branch, and tried as much as we could to keep that compatibility. In case something is broken, please report and we will fix it.
+> * This branch has mainly been tested using `cmake` build system / `idf.py`, not Makefiles (which have disappeared in v5.x)
+
+## Patch for mongoose
+```diff
+diff --git a/mongoose.c b/mongoose.c
+index b12cff18..60a7f62e 100644
+--- a/mongoose.c
++++ b/mongoose.c
+@@ -9160,7 +9160,7 @@ static void mg_send_file_data(struct mg_connection *nc, FILE *fp) {
+ static void mg_do_ssi_include(struct mg_connection *nc, struct http_message *hm,
+                               const char *ssi, char *tag, int include_level,
+                               const struct mg_serve_http_opts *opts) {
+-  char file_name[MG_MAX_PATH], path[MG_MAX_PATH], *p;
++  char file_name[MG_MAX_PATH], path[MG_MAX_PATH+2], *p;
+   FILE *fp;
+
+   /*
+diff --git a/mongoose.h b/mongoose.h
+index 3bcf8147..5649e1a7 100644
+--- a/mongoose.h
++++ b/mongoose.h
+@@ -1768,7 +1768,7 @@ typedef struct {
+
+ void cs_md5_init(cs_md5_ctx *c);
+ void cs_md5_update(cs_md5_ctx *c, const unsigned char *data, size_t len);
+-void cs_md5_final(unsigned char *md, cs_md5_ctx *c);
++void cs_md5_final(unsigned char md[16], cs_md5_ctx *c);
+
+ #ifdef __cplusplus
+ }
+```
+
+Instructions for ESP-IDF v5.0:
+* Setup ESP-IDF where you want and ensure it works, [following the instructions here](https://docs.espressif.com/projects/esp-idf/en/v5.0/esp32/get-started/index.html).
+* Build as usual (`idf.py build`, etc...)
+
+---
+
 # Open-Vehicle-Monitoring-System-3 (OVMS3)
 
 ![OVMS3 module](docs/source/userguide/ovms-intro.jpg)

docs/source/userguide/index.rst

@@ -14,6 +14,7 @@ User Guide
    logging
    configuration
    wifi
+   vpn
    vfs
    metrics
    ota