#!/bin/bash # Naixi Plugin Manager v3 NAIXI_DIR="/etc/log/naixi" IKPKG_DIR="/tmp/ikpkg" NAIXI_CONF="$NAIXI_DIR/.config" mkdir -p "$NAIXI_DIR" usage() { echo "Naixi Plugin Manager" echo "" local level=$(cat "$NAIXI_CONF/ikuaiyun_level" 2>/dev/null || echo "1") echo "云平台控制: Level $level" if [ -d "$NAIXI_DIR/openwrt-root/bin" ]; then echo "musl兼容层: ✓ 已初始化 ($(du -sh $NAIXI_DIR/openwrt-root 2>/dev/null | cut -f1))" else echo "musl兼容层: ✗ 未安装" fi if which opkg >/dev/null 2>&1; then echo "opkg原生环境: ✓ 已初始化 ($(opkg -v 2>/dev/null | head -1))" else echo "opkg原生环境: ✗ 未安装" fi echo "" echo "插件管理:" echo " naixi list 列出所有插件" echo " naixi install 安装插件(tar.gz)" echo " naixi enable 启用插件" echo " naixi disable 禁用插件" echo " naixi remove 卸载并删除插件" echo " naixi status 查看插件状态" echo " naixi ipv6 [num] 查看/设置IPv6多线数量" echo " naixi ikuaiyun [0|1|2] 云平台控制等级" echo " 0 = 正常(仅防格式化/强制升级)" echo " 1 = 阻断云控/验证,保留DPI(默认)" echo " 2 = 彻底阻断所有ikuai8.com" echo "" echo "OpenWrt兼容层:" echo " naixi opkg install <包名> 安装OpenWrt包(原生运行)" echo " naixi opkg update 更新包列表" echo " naixi opkg list 列出可用包" echo " naixi ipk 安装本地ipk包" if [ -d "$NAIXI_DIR/openwrt-root/bin" ]; then echo " naixi openwrt shell 进入 musl 环境 shell" echo " naixi openwrt clean 清理 chroot 内包 (安全)" echo " naixi openwrt clean --force 同时清 host 侧 opkg 包 (可能影响系统)" echo " naixi openwrt uninit 卸载 musl + opkg 二进制,保留 host 包" echo " naixi openwrt uninit --force 完全卸载(会删 opkg-root,可能弄坟系统)" else echo " naixi openwrt init [] 一键安装兼容层(opkg + musl chroot)" echo " 可传自定义 url 使用镜像源" fi } do_list() { echo "=== 已安装组件 ===" local found=0 # Naixi插件 for dir in $NAIXI_DIR/*/; do [ -d "$dir" ] || continue name=$(basename "$dir") [ "$name" = "lost+found" -o "$name" = ".config" -o "$name" = "openwrt-root" -o "$name" = "opkg-root" -o "$name" = "overlay" -o "$name" = "musl-libs" -o "$name" = "opkg-cache" -o "$name" = "cache" ] && continue found=1 local ver="" [ -f "$dir/version" ] && ver=" v$(cat $dir/version)" if [ -f "$dir/.disabled" ]; then echo " ✗ $name$ver [naixi] 已禁用" elif [ -d "$IKPKG_DIR/$name" ]; then echo " ✓ $name$ver [naixi] 运行中" else echo " - $name$ver [naixi] 未加载"; fi done # PMD插件 for dir in $IKPKG_DIR/*/; do [ -d "$dir" ] || continue name=$(basename "$dir") # 跳过已在naixi中显示的 [ -d "$NAIXI_DIR/$name" ] && continue found=1 local ver="" [ -f "$dir/version" ] && ver=" v$(cat $dir/version)" echo " ✓ $name$ver [pmd] 运行中" done # opkg原生包(跳过opkg自身,它已在[naixi]里) if which opkg >/dev/null 2>&1; then opkg list-installed 2>/dev/null | while read pkg dash ver; do [ "$pkg" = "opkg" ] && continue found=1 local status="已安装" pidof "$pkg" >/dev/null 2>&1 && status="运行中" echo " · $pkg $ver [opkg] $status" done fi # musl兼容层包 if [ -d "$NAIXI_DIR/openwrt-root/bin" ]; then local chroot_count=$(chroot $NAIXI_DIR/openwrt-root /bin/opkg list-installed 2>/dev/null | wc -l) if [ "$chroot_count" -gt 0 ]; then chroot $NAIXI_DIR/openwrt-root /bin/opkg list-installed 2>/dev/null | while read pkg dash ver; do echo " · $pkg $ver [musl] 已安装" done fi fi [ $found -eq 0 ] && echo " (无组件)" } do_install() { local src="$1" [ -z "$src" ] && echo "用法: naixi install " && exit 1 local fname=$(basename "$src") local name="${fname%.tar.gz}" if echo "$src" | grep -qE "^https?://"; then echo "下载: $src" wget -q -O "$NAIXI_DIR/$fname" "$src" || { echo "❌ 下载失败"; exit 1; } elif [ -f "$src" ]; then echo "复制: $src" cp "$src" "$NAIXI_DIR/$fname" else echo "❌ 文件不存在: $src"; exit 1 fi echo "解压: $fname → $name/" mkdir -p "$NAIXI_DIR/$name" tar xzf "$NAIXI_DIR/$fname" -C "$NAIXI_DIR/$name/" 2>/dev/null rm -f "$NAIXI_DIR/$fname" do_enable "$name" } do_enable() { local name="$1" [ -z "$name" ] && echo "用法: naixi enable " && exit 1 local dir="$NAIXI_DIR/$name" [ ! -d "$dir" ] && echo "❌ 插件不存在: $name" && exit 1 [ ! -f "$dir/install.sh" ] && echo "❌ 缺少install.sh: $name" && exit 1 rm -f "$dir/.disabled" export INSTALL_DIR="$IKPKG_DIR/$name" mkdir -p "$INSTALL_DIR" cp -a "$dir"/* "$INSTALL_DIR/" 2>/dev/null echo "启用: $name" cd "$INSTALL_DIR" && bash install.sh # 装完顺手启动 service(跟 boot 脚本一致) if [ -f "$INSTALL_DIR/script/${name}.sh" ]; then bash "$INSTALL_DIR/script/${name}.sh" start 2>/dev/null && echo "已启动服务: $name" fi echo "✅ $name 已启用" } do_disable() { local name="$1" [ -z "$name" ] && echo "用法: naixi disable " && exit 1 local dir="$NAIXI_DIR/$name" [ ! -d "$dir" ] && echo "❌ 插件不存在: $name" && exit 1 [ -f "$IKPKG_DIR/$name/uninstall.sh" ] && { cd "$IKPKG_DIR/$name" && bash uninstall.sh 2>/dev/null } rm -f "/usr/ikuai/www/plugins/$name" rm -f "/usr/ikuai/function/${name}_"* rm -f "/usr/sbin/ik${name}" "/usr/sbin/$name" rm -rf "$IKPKG_DIR/$name" touch "$dir/.disabled" echo "✅ $name 已禁用" } do_remove() { local name="$1" [ -z "$name" ] && echo "用法: naixi remove " && exit 1 local dir="$NAIXI_DIR/$name" [ ! -d "$dir" ] && echo "❌ 插件不存在: $name" && exit 1 do_disable "$name" 2>/dev/null rm -rf "$dir" echo "✅ $name 已彻底删除" } do_status() { local name="$1" [ -z "$name" ] && echo "用法: naixi status " && exit 1 local dir="$NAIXI_DIR/$name" [ ! -d "$dir" ] && echo "❌ 插件不存在: $name" && exit 1 echo "=== $name ===" echo "持久化: $dir" echo "运行时: $IKPKG_DIR/$name" if [ -f "$dir/.disabled" ]; then echo "状态: 已禁用" elif [ -d "$IKPKG_DIR/$name" ]; then echo "状态: 运行中" else echo "状态: 未加载"; fi [ -f "$dir/version" ] && echo "版本: $(cat $dir/version)" } do_ipv6() { local num="$1" if [ -z "$num" ]; then echo "当前IPv6配置:" cat /etc/mnt/.ipv6_multi 2>/dev/null || echo "(未设置)" return fi echo "expires=0 num=$num enterprise=1" > /etc/mnt/.ipv6_multi mkdir -p "$NAIXI_CONF" echo "$num" > "$NAIXI_CONF/ipv6_num" echo "✅ IPv6多线已设为: $num" } # ===== 云平台控制 ===== _apply_level0() { # Hook sysupgrade防远程升级 if ! grep -q "NAIXI_PROTECT" /sbin/sysupgrade 2>/dev/null; then sed -i '2i\# NAIXI_PROTECT\nif [ ! -f /tmp/naixi_upgrade_allow ]; then\n echo "Naixi: 远程升级已阻止。本地升级请先运行: touch /tmp/naixi_upgrade_allow"\n exit 1\nfi' /sbin/sysupgrade fi # Hook wecom.sh reboot/upgrade if ! grep -q "NAIXI_PROTECT" /usr/ikuai/script/wecom.sh 2>/dev/null; then sed -i '/^reboot()$/,/^}$/{/^reboot()/a\# NAIXI_PROTECT\nreturn 0 }' /usr/ikuai/script/wecom.sh sed -i '/^upgrade()$/,/^}$/{/^upgrade()/a\# NAIXI_PROTECT\nreturn 0 }' /usr/ikuai/script/wecom.sh fi echo "[Naixi] Level 0: 防格式化+防远程升级" } _apply_level1() { _apply_level0 sed -i 's/59\.110\.6\.135/127.0.0.1/g' /usr/ikuai/script/client.sh 2>/dev/null mkdir -p /etc/hosts.d cat > /etc/hosts.d/naixi_block << 'HOSTS' 127.0.0.1 genuine.ikuai8.com 127.0.0.1 coll.ikuai8.com 127.0.0.1 iapi.ikuai8.com 127.0.0.1 yun.ikuai8.com 127.0.0.1 302.ikuai8.com 127.0.0.1 youyu.api.ikuai8.com 127.0.0.1 audit.ikuai8.com 127.0.0.1 routers.ikuai8.com HOSTS cat /etc/hosts.d/* > /etc/hosts 2>/dev/null pkill -f "update_hosts.sh" 2>/dev/null rm -rf /tmp/iktmp/ik_hosts/* 2>/dev/null echo "[Naixi] Level 1: 云控阻断,DPI保留" } _apply_level2() { _apply_level1 cat >> /etc/hosts.d/naixi_block << 'HOSTS' 127.0.0.1 dpi.ikuai8.com 127.0.0.1 download.ikuai8.com 127.0.0.1 www.ikuai8.com 127.0.0.1 local.ikuai8.com 127.0.0.1 portal.ikuai8.com HOSTS cat /etc/hosts.d/* > /etc/hosts 2>/dev/null echo "[Naixi] Level 2: 全阻断" } do_ikuaiyun() { local level="$1" mkdir -p "$NAIXI_CONF" if [ -z "$level" ]; then local cur=$(cat "$NAIXI_CONF/ikuaiyun_level" 2>/dev/null || echo "1") echo "当前云平台控制等级: Level $cur" echo " 0 = 正常(仅防格式化/强制升级)" echo " 1 = 阻断云控/验证,保留DPI(默认)" echo " 2 = 彻底阻断所有ikuai8.com" return fi case "$level" in 0) _apply_level0 ;; 1) _apply_level1 ;; 2) _apply_level2 ;; *) echo "❌ 无效等级: $level (0/1/2)"; exit 1 ;; esac echo "$level" > "$NAIXI_CONF/ikuaiyun_level" echo "✅ 云平台控制等级: Level $level" } do_boot_apply() { local level=$(cat "$NAIXI_CONF/ikuaiyun_level" 2>/dev/null || echo "1") case "$level" in 0) _apply_level0 ;; 1) _apply_level1 ;; 2) _apply_level2 ;; esac } # ===== musl兼容层 (v59新增) ===== OWRT_ROOT="$NAIXI_DIR/openwrt-root" _DL_BASE="https://dl.naixi.net/ikuai-plugin" do_openwrt_init() { local force=0 local arg="" for a in "$@"; do case "$a" in --force|-f) force=1 ;; *) arg="$a" ;; esac done if [ "$force" = 0 ] && [ -d "$OWRT_ROOT/bin" ] && which opkg >/dev/null 2>&1; then echo "✅ 兼容层已完整 (musl=$(du -sh $OWRT_ROOT 2>/dev/null | cut -f1) + opkg=$(opkg -v 2>/dev/null | head -1))" echo " 如需重装(升级 install.sh / opkg wrapper)加 --force" return 0 fi # 选源:默认主源,可传 url 覆盖 local combined_url="" case "$arg" in "") combined_url="${_DL_BASE}/naixi-compat-x86_64.tar.gz" ;; http*) combined_url="$arg" ;; *) echo "❌ 未知参数: $arg (用法: naixi openwrt init [] [--force])"; return 1 ;; esac echo "下载 Naixi 兼容层 (opkg + musl)..." echo " $combined_url" if ! wget -q -O /tmp/naixi-compat.tar.gz "$combined_url"; then echo "❌ 下载失败"; return 1 fi local stage=/tmp/naixi-compat-stage rm -rf "$stage" && mkdir -p "$stage" if ! tar xzf /tmp/naixi-compat.tar.gz -C "$stage" 2>/dev/null; then echo "❌ 解压失败"; return 1 fi if [ ! -x "$stage/install.sh" ]; then echo "❌ 包里没有 install.sh"; return 1 fi NAIXI_DIR="$NAIXI_DIR" "$stage/install.sh" || { echo "❌ install.sh 失败"; return 1; } rm -rf "$stage" /tmp/naixi-compat.tar.gz } do_openwrt_clean() { local force=0 [ "${1:-}" = "--force" ] || [ "${1:-}" = "-f" ] && force=1 if [ "$force" = 1 ]; then echo "⚠️ --force 模式:会同时清理 host 侧 opkg 安装包(可能影响宎住系统运行)" else echo "清理 chroot 内的 opkg 包(host 侧保留,需同时清 host 加 --force)" fi if [ -d "$OWRT_ROOT/bin" ]; then _chroot_mount "$OWRT_ROOT" chroot "$OWRT_ROOT" /bin/opkg list-installed 2>/dev/null | awk '{print $1}' | while read pkg; do [ -z "$pkg" ] && continue chroot "$OWRT_ROOT" /bin/opkg --force-depends remove "$pkg" >/dev/null 2>&1 && echo " - $pkg [musl]" done _chroot_umount "$OWRT_ROOT" fi if [ "$force" = 1 ] && which opkg >/dev/null 2>&1; then opkg list-installed 2>/dev/null | awk '{print $1}' | while read pkg; do [ "$pkg" = "opkg" ] && continue [ -z "$pkg" ] && continue opkg --force-depends remove "$pkg" >/dev/null 2>&1 && echo " - $pkg [host]" done rm -f "$NAIXI_DIR/opkg-installed.txt" fi echo "✅ 完成" } do_openwrt_uninit() { local force=0 [ "${1:-}" = "--force" ] || [ "${1:-}" = "-f" ] && force=1 if [ ! -d "$OWRT_ROOT" ] && ! which opkg >/dev/null 2>&1; then echo "兼容层未安装" return 0 fi if [ "$force" = 0 ]; then echo "⚠️ 卸载会删除 musl chroot + opkg 二进制,but 保留 host 已装包 ($NAIXI_DIR/opkg-root)" echo " 如果要连 host 包一起干净卸载,请使用: naixi openwrt uninit --force" echo " ⚠️ --force 可能删掉 ikuai/bash 正在使用的 lib,造成系统不可用" fi # 先 chroot clean(需要 force 才会连 host 包清) if [ "$force" = 1 ]; then do_openwrt_clean --force else do_openwrt_clean fi # 卸 musl chroot if [ -d "$OWRT_ROOT" ]; then _chroot_umount "$OWRT_ROOT" umount "$OWRT_ROOT/dev/pts" 2>/dev/null umount -l "$OWRT_ROOT/dev" 2>/dev/null umount -l "$OWRT_ROOT/tmp" 2>/dev/null umount -l "$OWRT_ROOT/proc" 2>/dev/null umount -l "$OWRT_ROOT/sys" 2>/dev/null rm -rf "$OWRT_ROOT" fi # 卸 opkg 本身 rm -f /usr/bin/opkg /usr/bin/opkg.real /usr/sbin/opkg-check-config /usr/sbin/opkg-key /lib/functions.sh rm -rf /etc/opkg /etc/opkg.conf /var/lock/opkg.lock rm -rf /usr/lib/opkg/info /usr/lib/opkg/lists rm -f /lib/ld-musl-x86_64.so.1 # ld-musl path 处理:重置到 /usr/lib 只让 host 原生生效 echo /usr/lib > /etc/ld-musl-x86_64.path if [ "$force" = 1 ]; then rm -rf "$NAIXI_DIR/opkg-root" echo "✅ 兼容层已完全卸载(musl + opkg + 所有包)" else echo "✅ 兼容层已卸载。host 安装包保留于 $NAIXI_DIR/opkg-root" fi } _chroot_mount() { mount --bind /proc "$1/proc" 2>/dev/null mount --bind /sys "$1/sys" 2>/dev/null mount --bind /dev "$1/dev" 2>/dev/null mount --bind /tmp "$1/tmp" 2>/dev/null cp /etc/resolv.conf "$1/etc/resolv.conf" 2>/dev/null } _chroot_umount() { umount "$1/tmp" "$1/dev" "$1/sys" "$1/proc" 2>/dev/null } do_openwrt_shell() { [ ! -d "$OWRT_ROOT/bin" ] && { echo "请先运行: naixi openwrt init (初始化musl兼容层)"; return 1; } _chroot_mount "$OWRT_ROOT" chroot "$OWRT_ROOT" /bin/ash _chroot_umount "$OWRT_ROOT" } do_opkg() { local action="$1" shift if ! which opkg >/dev/null 2>&1; then echo "❌ opkg未安装,请先: naixi install opkg.tar.gz" return 1 fi case "$action" in install) echo "安装: $@" mkdir -p "$NAIXI_DIR/opkg-root" grep -q "dest naixi" /etc/opkg.conf 2>/dev/null || echo "dest naixi $NAIXI_DIR/opkg-root" >> /etc/opkg.conf opkg install --force-depends --force-space --force-checksum -d naixi "$@" 2>/dev/null || opkg install --force-depends --force-space --force-checksum "$@" # 保存已装列表用于重启恢复 opkg list-installed > "$NAIXI_DIR/opkg-installed.txt" 2>/dev/null echo "✅ 完成" ;; update|list|search|info|remove|upgrade) opkg "$action" "$@" ;; *) echo "用法: naixi opkg [参数]" ;; esac } do_ipk() { local ipk="$1" [ -z "$ipk" ] && echo "用法: naixi ipk " && return 1 local tmpipk="/tmp/naixi_ipk.ipk" if echo "$ipk" | grep -q "^http"; then wget -q -O "$tmpipk" "$ipk" || { echo "❌ 下载失败"; return 1; } elif [ -f "$ipk" ]; then cp "$ipk" "$tmpipk" else echo "❌ 文件不存在: $ipk"; return 1; fi # 检测musl local is_musl=0 local tmpdir="/tmp/naixi_ipk_chk" mkdir -p "$tmpdir" && cd "$tmpdir" ar x "$tmpipk" 2>/dev/null [ -f data.tar.gz ] && tar xzf data.tar.gz 2>/dev/null local bin=$(find . -type f -executable 2>/dev/null | head -1) [ -n "$bin" ] && strings "$bin" 2>/dev/null | grep -q "musl" && is_musl=1 cd /tmp && rm -rf "$tmpdir" if [ "$is_musl" -eq 1 ]; then echo "musl libc → 安装到chroot" [ ! -d "$OWRT_ROOT/bin" ] && do_openwrt_init cp "$tmpipk" "$OWRT_ROOT/tmp/" _chroot_mount "$OWRT_ROOT" chroot "$OWRT_ROOT" /bin/opkg install "/tmp/$(basename $tmpipk)" _chroot_umount "$OWRT_ROOT" else echo "原生兼容 → 手动解压安装" local tmpdir2="/tmp/naixi_ipk_inst" mkdir -p "$tmpdir2" && cd "$tmpdir2" ar x "$tmpipk" 2>/dev/null [ -f data.tar.gz ] && tar xzf data.tar.gz -C / 2>/dev/null cd /tmp && rm -rf "$tmpdir2" fi rm -f "$tmpipk" echo "✅ 安装完成" } case "${1:-}" in list) do_list ;; install) do_install "$2" ;; enable) do_enable "$2" ;; disable) do_disable "$2" ;; remove) do_remove "$2" ;; status) do_status "$2" ;; ipv6) do_ipv6 "$2" ;; ikuaiyun) do_ikuaiyun "$2" ;; _boot) do_boot_apply ;; openwrt) case "${2:-}" in init) shift 2; do_openwrt_init "$@" ;; uninit) do_openwrt_uninit "${3:-}" ;; clean) do_openwrt_clean "${3:-}" ;; shell) do_openwrt_shell ;; *) echo "用法: naixi openwrt init [] [--force]|shell|clean [--force]|uninit [--force]" ;; esac ;; opkg) shift; do_opkg "$@" ;; ipk) do_ipk "$2" ;; *) usage ;; esac