Hi Folks,
I managed to mount a "Cloud drive" (WebDAV partition) onto my OpenWrt-powered TP-Link TL-WR703N router.
What it means is that now I have virtually unlimited storage space on my cheap $22 small (57 x 57 x 18 mm or 1.25 x 1.25 x 0.7 "), 4MB Flash, 32MB RAM, Wifi/+Ethernet-enabled pocket router!
Of course, this opens up a whole bunch of new possibilities...
The first thing I am thinking of is to mount this webshare partition as "/overlay", so all the packages are installed on it rather than on the limited-size Flash. I may need to use an intermediate loopback file (i.e. a file containing a file system), because the WebDAV protocol doesn't support symbolic links, so I am not sure if I will be able to install packages on it as is.
Then, the flashed firmware becomes a "bootstrap" for the device, fetching all its packages from the Cloud. Moreover, you can imagine all your routers sharing the same Cloud drive, so you actually provision the same up-to-date firmware to all of them
But I a m sure you already have your own idea of what to do with it!
The "Cloud drive" can be any provider supporting the WebDAV protocol, like "4Shared.com", "Box.com" or "Google Drive" (I used "4Shared.com"), but it can also be your own private Cloud if you install ownCloud either on your machine or on a hosted server.
Although it requires to build your own firmware, the steps involved are not very difficult. They are not platform dependent, so they should work on all OpenWrt-supported devices. They are also not version dependent, as I tested the modification both using the "Barrier Breaker" trunk (r34243) and the Attitude Adjustment Beta 2 branch (rr34185).
As it may certainly be useful to others, I wanted to share it here!
Install
I suppose that you start from a (fresh) SVN checkout of OpenWrt, or maybe an existing one that you already have.
You only need to download the openwrt_webdav.tar.gz archive and uncompress it anywhere you like. It will create a directory "openwrt_webdav" containing:
openwrt_webdav
├── 001-secrets-permissions.patch
├── 002-write-chain.patch
└── davfs2
├── Makefile
└── patches
├── 010-bootstrap_configure.patch
├── 020-fstab-argz.patch
├── 025-install-hook.patch
├── 030-syslog-uclibc.patch
├── 040-cache-fix.patch
├── 070-change-type-to-off64.patch
├── 090-rpmatch-fix.patch
├── 095-include-add.patch
├── 096-write-certs.patch
└── 100-gnulib-big.patch
All these files are provided under the GPL v2 license, unless otherwise specified.
The "davfs2" directory is an OpenWrt package providing the WebDaV filesystem: it is a modified version of the package provided by the Entware Team in their "rtndev" feed.
I just added the "025-install-hook.patch" patch to correct a small automake bug, the "096-write-certs.patch" to provide an SSL certificate dump capability, and adjusted the path to match the ones used by OpenWrt.
You have first to declare a new local "feed" by adding a line in the "feeds.conf.default" or "feeds.conf" file at the OpenWrt root:
echo "src-link openwrt_webdav your_unpack_dir/openwrt_webdav" >> feeds.conf.default
As this package also depends on the "libneon" from the OpenWrt additional "packages" feed, I suggest that you update and install all the feeds by typing:
./script/feeds update -a
./script/feeds install -a
We now need to apply the "001-secrets-permissions.patch" patch that adds the image "/etc/davfs2/secrets" files to the list of files to keep with unmodified access rights (it needs to be owner-rw only), by typing in the main OpenWrt directory:
patch -p 0 < your_unpack_dir/openwrt_webdav/001-secrets-permissions.patch
Then, we need to copy the file "002-write-chain.patch" that gives the libneon the capability to dump the whole SSL certificate chain rather than the server certificate only. Still in the same OpwenWrt root directory:
cp your_unpack_dir/openwrt_webdav/002-write-chain.patch feeds/packages/libs/neon/patches/
Configuration / Compilation
You just use the standard configuration command:
make menuconfig
If not already done, you need first to select your target device, then navigate to the "Network > Filesystem" sub-menu to select the "davfs2" entry by typing "Y". Save and exit, then launch the compilation using:
make -j n
Where "n" is your number of host CPU + 1.
After a variable amount of time (that may be hours if it is the initial compilation that also builds the whole toolchain), you should obtain the firmware files in the "bin/architecture" directory.
Usage
Install the appropriate firmware file onto your device, then proceed to the usual configuration of the root password to get SSH access, then configure the network to have access to your WebDAV server. I cannot go into too much details here, as this is very specific to each individual device/installation.
Once the network configuration set up, we will perform the WebDAV-specific setup. We have to:
add your WebDAV authentication information to the "/etc/davfs2/secrets" file
(optional) say we don't use locks, as this is the case, at least with the 4Shared.com provider
specify where to get the server certificate file
root@OpenWrt:/etc/davfs2# echo "/mnt your_login your_password" >> secrets
root@OpenWrt:/etc/davfs2# echo "use_locks 0" >> davfs2.conf
root@OpenWrt:/etc/davfs2# echo "servercert /etc/davfs2/certs/server.cert" >> davfs2.conf
We need to create a cache directory:
root@OpenWrt:/etc/davfs2# mkdir -p /var/cache
Now, unless you already got the server certificate key chain by some other means, we have to get it and save it for all of our future connections to the server:
root@OpenWrt:/etc/davfs2# mount.davfs https://webdav.4shared.com/ /mnt
mount.davfs: the server certificate is not trusted
issuer: 07969287, http://certificates.godaddy.com/repository, GoDaddy.com, Inc., Scottsdale, Arizona, US
subject: Domain Control Validated, *.4shared.com
identity: *.4shared.com
fingerprint: 71:66:87:80:27:c4:5e:12:e7:c2:b5:5f:96:5e:17:92:93:a6:82:d4
You only should accept this certificate, if you can
verify the fingerprint! The server might be faked
or there might be a man-in-the-middle-attack.
Accept certificate for this session? [y,N,w]
This is where I added the "w" option that allows to save the server certificate key chain into a file
Enter "w" and specify the file as follows:
...
Accept certificate for this session? [y,N,w] w
Server certificate file name: /tmp/server.cert
mount.davfs: Mounting failed.
Server certificate verification failed: issuer is not trusted
As a precaution, the mount failed, but you have the server certificate! We must copy it to its final destination (this can't be done from the "mount.davfs" command, as it drops its privileges once launched):
root@OpenWrt:/etc/davfs2# cp /tmp/server.cert /etc/davfs2/certs/
Now, you should be able to mount your Cloud drive:
root@OpenWrt:/etc/davfs2# mount.davfs https://webdav.4shared.com/ /mnt
Let's verify:
root@OpenWrt:/etc/davfs2# mount
rootfs on / type rootfs (rw)
/dev/root on /rom type squashfs (ro,relatime)
proc on /proc type proc (rw,noatime)
sysfs on /sys type sysfs (rw,noatime)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,noatime,size=14684k)
tmpfs on /dev type tmpfs (rw,noatime,size=512k,mode=755)
devpts on /dev/pts type devpts (rw,noatime,mode=600)
root on /tmp/root type tmpfs (rw,noatime,mode=755)
overlayfs:/tmp/root on /tmp/root type overlayfs (ro,noatime,lowerdir=/,upperdir=/tmp/root)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
none on /proc/bus/usb type usbfs (rw,relatime)
/dev/mtdblock3 on /overlay type jffs2 (rw,noatime)
overlayfs:/overlay on / type overlayfs (rw,noatime,lowerdir=/,upperdir=/overlay)
https://webdav.4shared.com/ on /mnt type fuse (rw,nosuid,nodev,relatime,user_id=0,group_id=0,allow_other,max_read=16384)
root@OpenWrt:/etc/davfs2# df
Filesystem 1K-blocks Used Available Use% Mounted on
rootfs 832 220 612 26% /
/dev/root 2304 2304 0 100% /rom
tmpfs 14684 100 14584 1% /tmp
tmpfs 512 0 512 0% /dev
root 14680 28 14652 0% /tmp/root
overlayfs:/tmp/root 14680 28 14652 0% /tmp/root
/dev/mtdblock3 832 220 612 26% /overlay
overlayfs:/overlay 832 220 612 26% /
root@OpenWrt:/etc/davfs2# cd /mnt/
root@OpenWrt:/mnt# ls
TL-WR703N.txt hello.txt lost+found webdav_commands.txt
You may see that "df" doesn't report the Cloud drive capacity for a (yet) unknown reason, but everything else is working!
Now, each time you want to mount your Cloud drive, all you have to do is:
mkdir -p /var/cache
mount.davfs https://webdav.4shared.com/ /mnt
This can be automated in many ways, but placing these commands into the "/etc/rc.local" file is probably the most convenient one.
Enjoy