diff options
| author | Jakov Smolic <jakov.smolic@sartura.hr> | 2020-08-22 16:17:58 +0200 |
|---|---|---|
| committer | Jakov Smolic <jakov.smolic@sartura.hr> | 2020-08-22 18:26:04 +0200 |
| commit | f8ffabaf08784229016b46108d86d038333b45c8 (patch) | |
| tree | fbc68c0855ed37cd2912739b5ad831f0881bfbb6 | |
| parent | 03ab03ad06875a89a085a867ceefd0b360aa0b4f (diff) | |
netopeer2: update to 1.1.39
Signed-off-by: Jakov Smolic <jakov.smolic@sartura.hr>
| -rw-r--r-- | net/Netopeer2/Config_keystored.in | 7 | ||||
| -rw-r--r-- | net/Netopeer2/Makefile | 128 | ||||
| -rw-r--r-- | net/Netopeer2/files/netopeer2-keystored-keygen.default | 22 | ||||
| -rw-r--r-- | net/Netopeer2/files/netopeer2-keystored.default | 16 | ||||
| -rw-r--r-- | net/Netopeer2/files/netopeer2-server.default | 59 | ||||
| -rw-r--r-- | net/Netopeer2/files/stock_config.xml | 17 | ||||
| -rw-r--r-- | net/Netopeer2/patches/001-openss_1.1_support.patch | 11 | ||||
| -rw-r--r-- | net/Netopeer2/patches/010-gcc10.patch | 22 | ||||
| -rw-r--r-- | net/netopeer2/Makefile | 85 | ||||
| -rw-r--r-- | net/netopeer2/files/netopeer2-server-merge-config.default | 57 | ||||
| -rw-r--r-- | net/netopeer2/files/netopeer2-server-merge-hostkey.default | 47 | ||||
| -rw-r--r-- | net/netopeer2/files/netopeer2-server-setup.default | 106 | ||||
| -rw-r--r-- | net/netopeer2/files/netopeer2-server.init (renamed from net/Netopeer2/files/netopeer2-server.init) | 2 |
13 files changed, 296 insertions, 283 deletions
diff --git a/net/Netopeer2/Config_keystored.in b/net/Netopeer2/Config_keystored.in deleted file mode 100644 index 73252507e..000000000 --- a/net/Netopeer2/Config_keystored.in +++ /dev/null @@ -1,7 +0,0 @@ -if PACKAGE_netopeer2-keystored - -config SSH_KEYS - bool "Generate default ssh keys" - default y - -endif diff --git a/net/Netopeer2/Makefile b/net/Netopeer2/Makefile deleted file mode 100644 index 76767f42f..000000000 --- a/net/Netopeer2/Makefile +++ /dev/null @@ -1,128 +0,0 @@ -# -# Copyright (C) 2017 OpenWrt.org -# -# This is free software, licensed under the GNU General Public License v2. -# See /LICENSE for more information. -# - -# Warning by default OpenWrt does not have a root password which is necessery for NETCONF server. - -include $(TOPDIR)/rules.mk - -PKG_NAME:=Netopeer2 -PKG_VERSION:=1.1.27 -PKG_RELEASE:=2 - -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz -PKG_SOURCE_URL:=https://codeload.github.com/CESNET/Netopeer2/tar.gz/v$(PKG_VERSION)? -PKG_HASH:=e3914aae78d19f445a37ef37408f7ce209ebf0b05deb412b1bc56a021448885f - -PKG_MAINTAINER:=Mislav Novakovic <mislav.novakovic@sartura.hr> -PKG_LICENSE:=BSD-3-Clause -PKG_LICENSE_FILES:=LICENSE - -CMAKE_INSTALL:=1 -PKG_BUILD_PARALLEL:=1 - -include $(INCLUDE_DIR)/package.mk -include $(INCLUDE_DIR)/cmake.mk - -define Package/netopeer2-keystored/config - source "$(SOURCE)/Config_keystored.in" -endef - -define Package/netopeer2-server - SECTION:=utils - CATEGORY:=Utilities - TITLE:=NETCONF server - URL:=https://github.com/CESNET/Netopeer2 - DEPENDS:=+libcurl +libpthread +libyang +libnetconf2 +netopeer2-keystored +libsysrepo +sysrepocfg +sysrepoctl +sysrepo - MENU:=1 -endef - -define Package/netopeer2-cli - SECTION:=utils - CATEGORY:=Utilities - TITLE:=Netopeer2 cli tool - URL:=https://github.com/CESNET/Netopeer2 - DEPENDS:=+libpthread +libyang +libnetconf2 +libopenssl -endef - -define Package/netopeer2-keystored - SECTION:=utils - CATEGORY:=Utilities - TITLE:=Netopeer2 key store management - URL:=https://github.com/CESNET/Netopeer2 - DEPENDS:=+libopenssl +libsysrepo +sysrepo +sysrepocfg +sysrepoctl +SSH_KEYS:openssh-keygen - MENU:=1 -endef - -define Package/netopeer2/description - Netopeer2 is a set of tools implementing network configuration tools based on the NETCONF - Protocol. This is the second generation of the toolset, originally available as the Netopeer - project. Netopeer2 is based on the new generation of the NETCONF and YANG libraries - - libyang and libnetconf2. The Netopeer server uses sysrepo as a NETCONF datastore implementation. -endef - -CMAKE_OPTIONS += \ - -DGENERATE_HOSTKEY:BOOL=OFF \ - -DINSTALL_MODULES:BOOL=OFF \ - -DCMAKE_BUILD_TYPE=release - -#-DKEYSTORED_KEYS_DIR:STRING=/etc/keystored/keys \ - -define Package/netopeer2-server/install - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/netopeer2-server $(1)/usr/bin/ - - $(INSTALL_DIR) $(1)/etc/sysrepo/yang - $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-ssh-server@2019-07-02.yang $(1)/etc/sysrepo/yang/ - $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-tls-server@2019-07-02.yang $(1)/etc/sysrepo/yang/ - $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/iana-crypt-hash@2014-08-06.yang $(1)/etc/sysrepo/yang/ - $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-x509-cert-to-name@2014-12-10.yang $(1)/etc/sysrepo/yang/ - $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-netconf-server@2019-07-02.yang $(1)/etc/sysrepo/yang/ - $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-netconf-monitoring@2010-10-04.yang $(1)/etc/sysrepo/yang/ - $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-netconf-acm@2018-02-14.yang $(1)/etc/sysrepo/yang/ - $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-netconf-nmda@2019-01-07.yang $(1)/etc/sysrepo/yang/ - $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-netconf@2013-09-29.yang $(1)/etc/sysrepo/yang/ - $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-datastores@2017-08-17.yang $(1)/etc/sysrepo/yang/ - $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-crypto-types@2019-07-02.yang $(1)/etc/sysrepo/yang/ - $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/iana-crypt-hash@2014-08-06.yang $(1)/etc/sysrepo/yang/ - $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-tcp-server@2019-07-02.yang $(1)/etc/sysrepo/yang/ - - $(INSTALL_DIR) $(1)/etc/uci-defaults - $(INSTALL_BIN) ./files/netopeer2-server.default $(1)/etc/uci-defaults/98_netopeer2-server - - $(INSTALL_DIR) $(1)/etc/init.d/ - $(INSTALL_BIN) ./files/netopeer2-server.init $(1)/etc/init.d/netopeer2-server - - $(INSTALL_DIR) $(1)/usr/share/netopeer2-server - $(INSTALL_DATA) ./files/stock_config.xml $(1)/usr/share/netopeer2-server -endef - -define Package/netopeer2-cli/install - $(INSTALL_DIR) $(1)/usr/bin - $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/netopeer2-cli $(1)/usr/bin/ -endef - -define Package/netopeer2-keystored/install - $(INSTALL_DIR) $(1)/etc/sysrepo/yang - $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-keystore@2019-07-02.yang $(1)/etc/sysrepo/yang/ - - $(INSTALL_DIR) $(1)/etc/uci-defaults - - $(INSTALL_DIR) $(1)/etc/keystored/keys -ifeq ($(CONFIG_SSH_KEYS),y) - $(INSTALL_BIN) ./files/netopeer2-keystored-keygen.default $(1)/etc/uci-defaults/97_netopeer2-keystored -else - $(INSTALL_BIN) ./files/netopeer2-keystored.default $(1)/etc/uci-defaults/97_netopeer2-keystored - #ssh key name is specified in ./files/stock_config.xml file, you will need to provide the ssh keys yourself. - $(INSTALL_DATA) ./files/ssh_host_rsa_key.pem $(1)/etc/keystored/keys - $(INSTALL_DATA) ./files/ssh_host_rsa_key.pub.pem $(1)/etc/keystored/keys -endif - -endef - -$(eval $(call BuildPackage,netopeer2-server)) -$(eval $(call BuildPackage,netopeer2-cli)) -$(eval $(call BuildPackage,netopeer2-keystored)) diff --git a/net/Netopeer2/files/netopeer2-keystored-keygen.default b/net/Netopeer2/files/netopeer2-keystored-keygen.default deleted file mode 100644 index aa8bb9931..000000000 --- a/net/Netopeer2/files/netopeer2-keystored-keygen.default +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/sh - -# Warning, problems can occur if the device restarts in the middle of this uci-default script - -if [ -x /bin/sysrepoctl ]; then - match=$(sysrepoctl -l | grep "ietf-keystore ") - if [ ! "$match" ]; then - sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-keystore@2019-07-02.yang -o root:root -p 600 - if [ -x /bin/sysrepocfg ]; then - sysrepocfg -f xml -d startup -i /usr/share/netopeer2-keystored/stock_key_config.xml ietf-keystore - rm /usr/share/netopeer2-keystored/stock_key_config.xml - fi - - #generate ssh keys - if [ ! -f "/etc/keystored/keys/ssh_host_rsa_key.pem" ]; then - ssh-keygen -m pem -t rsa -q -N "" -f /etc/keystored/keys/ssh_host_rsa_key.pem - chmod go-rw /etc/keystored/keys/ssh_host_rsa_key.pem - fi - fi -fi - -exit 0 diff --git a/net/Netopeer2/files/netopeer2-keystored.default b/net/Netopeer2/files/netopeer2-keystored.default deleted file mode 100644 index 4ec74e929..000000000 --- a/net/Netopeer2/files/netopeer2-keystored.default +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -# Warning, problems can occur if the device restarts in the middle of this uci-default script - -if [ -x /bin/sysrepoctl ]; then - match=$(sysrepoctl -l | grep "ietf-keystore ") - if [ ! "$match" ]; then - sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-keystore@2019-07-02.yang -o root:root -p 600 - if [ -x /bin/sysrepocfg ]; then - sysrepocfg -f xml -d startup -i /usr/share/netopeer2-keystored/stock_key_config.xml ietf-keystore - rm /usr/share/netopeer2-keystored/stock_key_config.xml - fi - fi -fi - -exit 0 diff --git a/net/Netopeer2/files/netopeer2-server.default b/net/Netopeer2/files/netopeer2-server.default deleted file mode 100644 index ec91d2042..000000000 --- a/net/Netopeer2/files/netopeer2-server.default +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/sh - -# Warning, problems can occur if the device restarts in the middle of this uci-default script - -if [ -x /bin/sysrepoctl ]; then - match=$(sysrepoctl -l | grep "ietf-ssh-server ") - if [ ! "$match" ]; then - sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-ssh-server@2019-07-02.yang -p 600 - fi - - match=$(sysrepoctl -l | grep "ietf-tls-server ") - if [ ! "$match" ]; then - sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-tls-server@2019-07-02.yang -p 600 - fi - - match=$(sysrepoctl -l | grep "iana-crypt-hash ") - if [ ! "$match" ]; then - sysrepoctl --install --yang=/etc/sysrepo/yang/iana-crypt-hash@2014-08-06.yang -p 600 - fi - - match=$(sysrepoctl -l | grep "ietf-x509-cert-to-name ") - if [ ! "$match" ]; then - sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-x509-cert-to-name@2014-12-10.yang -p 600 - fi - - match=$(sysrepoctl -l | grep "ietf-netconf-server ") - if [ ! "$match" ]; then - sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-netconf-server@2019-07-02.yang -o root:root -p 600 - sysrepoctl -m ietf-netconf-server -e listen - sysrepoctl -m ietf-netconf-server -e ssh-listen - sysrepoctl -m ietf-netconf-server -e tls-listen - sysrepoctl -m ietf-netconf-server -e call-home - sysrepoctl -m ietf-netconf-server -e ssh-call-home - sysrepoctl -m ietf-netconf-server -e tls-call-home - sysrepoctl -m ietf-netconf -e url - if [ -x /bin/sysrepocfg ]; then - sysrepocfg -f xml -d startup -i /usr/share/netopeer2-server/stock_config.xml ietf-netconf-server - rm /usr/share/netopeer2-server/stock_config.xml - fi - fi - - match=$(sysrepoctl -l | grep "ietf-netconf-monitoring ") - if [ ! "$match" ]; then - sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-netconf-monitoring@2010-10-04.yang -o root:root -p 600 - fi - - match=$(sysrepoctl -l | grep "ietf-netconf-with-defaults ") - if [ ! "$match" ]; then - sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-netconf@2013-09-29.yang -o root:root -p 600 - fi - - match=$(sysrepoctl -l | grep "ietf-datastores ") - if [ ! "$match" ]; then - sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-datastores@2017-08-17.yang -o root:root -p 600 - fi - -fi - -exit 0 diff --git a/net/Netopeer2/files/stock_config.xml b/net/Netopeer2/files/stock_config.xml deleted file mode 100644 index 45766846a..000000000 --- a/net/Netopeer2/files/stock_config.xml +++ /dev/null @@ -1,17 +0,0 @@ -<netconf-server xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-server"> - <listen> - <endpoint> - <name>test_ssh_listen_endpt</name> - <ssh> - <address>::</address> - <port>830</port> - <host-keys> - <host-key> - <name>test_ssh_listen_key</name> - <public-key>ssh_host_rsa_key</public-key> - </host-key> - </host-keys> - </ssh> - </endpoint> - </listen> -</netconf-server> diff --git a/net/Netopeer2/patches/001-openss_1.1_support.patch b/net/Netopeer2/patches/001-openss_1.1_support.patch deleted file mode 100644 index 5069ef9bf..000000000 --- a/net/Netopeer2/patches/001-openss_1.1_support.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- a/cli/commands.c 2020-05-08 16:29:28.284509842 +0300 -+++ b/cli/commands.c 2020-05-08 16:29:38.856397844 +0300 -@@ -1727,7 +1727,7 @@ - BIO_printf(bio_out, "\n"); - - BIO_printf(bio_out, "Valid until: "); -- ASN1_TIME_print(bio_out, X509_get_notAfter(cert)); -+ ASN1_TIME_print(bio_out, X509_get0_notAfter(cert)); - BIO_printf(bio_out, "\n"); - - has_san = 0; diff --git a/net/Netopeer2/patches/010-gcc10.patch b/net/Netopeer2/patches/010-gcc10.patch deleted file mode 100644 index 608628983..000000000 --- a/net/Netopeer2/patches/010-gcc10.patch +++ /dev/null @@ -1,22 +0,0 @@ ---- a/cli/commands.h -+++ b/cli/commands.h -@@ -17,7 +17,7 @@ - - #include "cli_version.h" - --char some_msg[4096]; -+static char some_msg[4096]; - #define INSTRUCTION(format,args...) {snprintf(some_msg,4095,format,##args);printf("\n %s",some_msg);} - #define ERROR(function,format,args...) {snprintf(some_msg,4095,format,##args);fprintf(stderr,"%s: %s\n",function,some_msg);} - ---- a/src/log.h -+++ b/src/log.h -@@ -36,7 +36,7 @@ extern uint8_t np2_sr_verbose_level; - /** - * @brief netopeer2 flag whether to print messages to stderr (only if not daemon). - */ --uint8_t np2_stderr_log; -+extern uint8_t np2_stderr_log; - - /** - * @brief internal printing function, follows the levels from libnetconf2 diff --git a/net/netopeer2/Makefile b/net/netopeer2/Makefile new file mode 100644 index 000000000..641814073 --- /dev/null +++ b/net/netopeer2/Makefile @@ -0,0 +1,85 @@ +# +# Copyright (C) 2017 OpenWrt.org +# +# This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# + +# Warning by default OpenWrt does not have a root password which is necessery for NETCONF server. + +include $(TOPDIR)/rules.mk + +PKG_NAME:=netopeer2 +PKG_VERSION:=1.1.39 +PKG_RELEASE:=1 + +PKG_LICENSE:=BSD-3-Clause +PKG_MAINTAINER:=Jakov Smolic <jakov.smolic@sartura.hr> + +PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE_URL:=https://codeload.github.com/CESNET/Netopeer2/tar.gz/v$(PKG_VERSION)? +PKG_HASH:=e983683eda68792fedd73af54a5c7997496091489aa921f2a9e0dd27f2f6e19a + +CMAKE_INSTALL:=1 + +PKG_BUILD_PARALLEL:=1 +PKG_INSTALL:=1 + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/cmake.mk + +define Package/netopeer2-server + SECTION:=utils + CATEGORY:=Utilities + TITLE:=NETCONF server + URL:=https://github.com/CESNET/Netopeer2 + DEPENDS:=+libcurl +libpthread +libyang +libnetconf2 +libsysrepo +sysrepocfg +sysrepoctl +sysrepo + MENU:=1 +endef + +define Package/netopeer2-cli + SECTION:=utils + CATEGORY:=Utilities + TITLE:=Netopeer2 cli tool + URL:=https://github.com/CESNET/Netopeer2 + DEPENDS:=+libpthread +libyang +libnetconf2 +libopenssl +endef + +define Package/netopeer2/description + Netopeer2 is a set of tools implementing network configuration tools based on the NETCONF + Protocol. This is the second generation of the toolset, originally available as the Netopeer + project. Netopeer2 is based on the new generation of the NETCONF and YANG libraries - + libyang and libnetconf2. The Netopeer server uses sysrepo as a NETCONF datastore implementation. +endef + +CMAKE_OPTIONS += \ + -DCMAKE_INSTALL_PREFIX:PATH=/usr \ + -DCMAKE_BUILD_TYPE:STRING=Release \ + -DGENERATE_HOSTKEY:BOOL=OFF \ + -DINSTALL_MODULES:BOOL=OFF \ + -DMERGE_LISTEN_CONFIG:BOOL=OFF + +define Package/netopeer2-server/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/netopeer2-server $(1)/usr/bin/ + + $(INSTALL_DIR) $(1)/etc/sysrepo/yang + $(INSTALL_DIR) $(1)/etc/netopeer2/modules + $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/* $(1)/etc/netopeer2/modules/ + + $(INSTALL_DIR) $(1)/etc/uci-defaults + $(INSTALL_BIN) ./files/netopeer2-server-setup.default $(1)/etc/uci-defaults/97_netopeer2-server + $(INSTALL_BIN) ./files/netopeer2-server-merge-hostkey.default $(1)/etc/uci-defaults/98_netopeer2-server + $(INSTALL_BIN) ./files/netopeer2-server-merge-config.default $(1)/etc/uci-defaults/99_netopeer2-server + + $(INSTALL_DIR) $(1)/etc/init.d/ + $(INSTALL_BIN) ./files/netopeer2-server.init $(1)/etc/init.d/netopeer2-server +endef + +define Package/netopeer2-cli/install + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/netopeer2-cli $(1)/usr/bin/ +endef + +$(eval $(call BuildPackage,netopeer2-server)) +$(eval $(call BuildPackage,netopeer2-cli)) diff --git a/net/netopeer2/files/netopeer2-server-merge-config.default b/net/netopeer2/files/netopeer2-server-merge-config.default new file mode 100644 index 000000000..3c140e690 --- /dev/null +++ b/net/netopeer2/files/netopeer2-server-merge-config.default @@ -0,0 +1,57 @@ +#!/bin/sh + +set -e + +# avoid problems with sudo path +SYSREPOCFG=`which sysrepocfg` +KS_KEY_NAME=genkey + +# check that there is no listen/Call Home configuration yet +SERVER_CONFIG=`$SYSREPOCFG -X -x "/ietf-netconf-server:netconf-server/listen/endpoint[1]/name | /ietf-netconf-server:netconf-server/call-home/netconf-client[1]/name"` +if [ -z "$SERVER_CONFIG" ]; then + +# import default config +CONFIG="<netconf-server xmlns=\"urn:ietf:params:xml:ns:yang:ietf-netconf-server\"> + <listen> + <endpoint> + <name>default-ssh</name> + <ssh> + <tcp-server-parameters> + <local-address>0.0.0.0</local-address> + <keepalives> + <idle-time>1</idle-time> + <max-probes>10</max-probes> + <probe-interval>5</probe-interval> + </keepalives> + </tcp-server-parameters> + <ssh-server-parameters> + <server-identity> + <host-key> + <name>default-key</name> + <public-key> + <keystore-reference>$KS_KEY_NAME</keystore-reference> + </public-key> + </host-key> + </server-identity> + <client-authentication> + <supported-authentication-methods> + <publickey/> + <passsword/> + <other>interactive</other> + </supported-authentication-methods> + <users/> + </client-authentication> + </ssh-server-parameters> + </ssh> + </endpoint> + </listen> +</netconf-server>" +TMPFILE=`mktemp -u` +printf -- "$CONFIG" > $TMPFILE +# apply it to startup and running +$SYSREPOCFG --edit=$TMPFILE -d startup -f xml -m ietf-netconf-server -v2 +$SYSREPOCFG -C startup -m ietf-netconf-server -v2 +# remove the tmp file +rm $TMPFILE + +fi diff --git a/net/netopeer2/files/netopeer2-server-merge-hostkey.default b/net/netopeer2/files/netopeer2-server-merge-hostkey.default new file mode 100644 index 000000000..6da824039 --- /dev/null +++ b/net/netopeer2/files/netopeer2-server-merge-hostkey.default @@ -0,0 +1,47 @@ +#!/bin/sh + +set -e + +# avoid problems with sudo path +SYSREPOCFG=`which sysrepocfg` +OPENSSL=`which openssl` + +# check that there is no SSH key with this name yet +KEYSTORE_KEY=`$SYSREPOCFG -X -x "/ietf-keystore:keystore/asymmetric-keys/asymmetric-key[name='genkey']/name"` +if [ -z "$KEYSTORE_KEY" ]; then + +# generate a new key +PRIVPEM=`$OPENSSL genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -outform PEM 2>/dev/null` +# remove header/footer +PRIVKEY=`grep -v -- "-----" - <<STDIN +$PRIVPEM +STDIN` +# get public key +PUBPEM=`$OPENSSL rsa -pubout 2>/dev/null <<STDIN +$PRIVPEM +STDIN` +# remove header/footer +PUBKEY=`grep -v -- "-----" - <<STDIN +$PUBPEM +STDIN` + +# generate edit config +CONFIG="<keystore xmlns=\"urn:ietf:params:xml:ns:yang:ietf-keystore\"> + <asymmetric-keys> + <asymmetric-key> + <name>genkey</name> + <algorithm>rsa2048</algorithm> + <public-key>$PUBKEY</public-key> + <private-key>$PRIVKEY</private-key> + </asymmetric-key> + </asymmetric-keys> +</keystore>" +TMPFILE=`mktemp -u` +printf -- "$CONFIG" > $TMPFILE +# apply it to startup and running +$SYSREPOCFG --edit=$TMPFILE -d startup -f xml -m ietf-keystore -v2 +$SYSREPOCFG -C startup -m ietf-keystore -v2 +# remove the tmp file +rm $TMPFILE + +fi diff --git a/net/netopeer2/files/netopeer2-server-setup.default b/net/netopeer2/files/netopeer2-server-setup.default new file mode 100644 index 000000000..759b35f74 --- /dev/null +++ b/net/netopeer2/files/netopeer2-server-setup.default @@ -0,0 +1,106 @@ +#!/bin/sh + +# Warning, problems can occur if the device restarts in the middle of this uci-default script + +# install YANG modules +SYSREPOCTL=`which sysrepoctl` +MODDIR="/etc/netopeer2/modules" +PERMS=600 +OWNER=root +GROUP=root + +# array of modules to install +MODULES="\ +ietf-netconf-acm@2018-02-14.yang +ietf-netconf@2013-09-29.yang -e writable-running -e candidate -e rollback-on-error -e validate -e startup -e url -e xpath +ietf-netconf-monitoring@2010-10-04.yang +ietf-netconf-nmda@2019-01-07.yang -e origin -e with-defaults +nc-notifications@2008-07-14.yang +notifications@2008-07-14.yang +ietf-x509-cert-to-name@2014-12-10.yang +ietf-crypto-types@2019-07-02.yang +ietf-keystore@2019-07-02.yang -e keystore-supported +ietf-truststore@2019-07-02.yang -e truststore-supported -e x509-certificates +ietf-tcp-common@2019-07-02.yang -e keepalives-supported +ietf-ssh-server@2019-07-02.yang -e local-client-auth-supported +ietf-tls-server@2019-07-02.yang -e local-client-auth-supported +ietf-netconf-server@2019-07-02.yang -e ssh-listen -e tls-listen -e ssh-call-home -e tls-call-home" + +# functions +INSTALL_MODULE() { + local module=`echo "$1" | sed 's/\s.*$//'` + $SYSREPOCTL -a -i $MODDIR/$module -s $MODDIR -p $PERMS -o $OWNER -g $GROUP -v2 + local rc=$? + if [ $rc -ne 0 ]; then + exit $rc + fi +} + +UPDATE_MODULE() { + $SYSREPOCTL -a -U $MODDIR/$1 -s $MODDIR -p $PERMS -o $OWNER -g $GROUP -v2 + local rc=$? + if [ $rc -ne 0 ]; then + exit $rc + fi +} + +ENABLE_FEATURE() { + $SYSREPOCTL -a -c $1 -e $2 -v2 + local rc=$? + if [ $rc -ne 0 ]; then + exit $rc + fi +} + +ENABLE_FEATURES() { + # parse sysrepoctl features and add extra space at the end for easier matching + local sctl_features="`echo "$SCTL_MODULE" | sed 's/\([^|]*|\)\{6\}\(.*\)/\2/'` " + # parse features we want to enable + local features=`echo "$1" | sed 's/[^ ]* \(.*\)/\1/'` + while [ "${features:0:3}" = "-e " ]; do + # skip "-e " + features=${features:3} + # parse feature + local feature=`echo "$features" | sed 's/\([^[:space:]]*\).*/\1/'` + + # enable feature if not already + sctl_feature=`echo "$sctl_features" | grep " ${feature} "` + if [ -z "$sctl_feature" ]; then + # enable feature + ENABLE_FEATURE $name $feature + fi + + # next iteration, skip this feature + features=`echo "$features" | sed 's/[^[:space:]]* \(.*\)/\1/'` + done +} + +# get current modules +SCTL_MODULES=`$SYSREPOCTL -l` + +IFS=$'\n' +for i in $MODULES; do + name=`echo "$i" | sed 's/\([^@]*\).*/\1/'` + + SCTL_MODULE=`echo "$SCTL_MODULES" | grep "^$name \+|[^|]*| I"` + if [ -z "$SCTL_MODULE" ]; then + # install module + INSTALL_MODULE "$i" + ENABLE_FEATURES "$i" + continue + fi + + sctl_revision=`echo "$SCTL_MODULE" | sed 's/[^|]*| \([^ ]*\).*/\1/'` + revision=`echo "$i" | sed 's/[^@]*@\([^\.]*\).*/\1/'` + if [ "$sctl_revision" \< "$revision" ]; then + # update module without any features + file=`echo "$i" | cut -d' ' -f 1` + UPDATE_MODULE $file + fi + + ENABLE_FEATURES "$i" +done + +unset IFS + +exit 0 diff --git a/net/Netopeer2/files/netopeer2-server.init b/net/netopeer2/files/netopeer2-server.init index 6b2c133b3..97dadae9a 100644 --- a/net/Netopeer2/files/netopeer2-server.init +++ b/net/netopeer2/files/netopeer2-server.init @@ -4,7 +4,7 @@ START=99 STOP=11 USE_PROCD=1 -PROG=/bin/netopeer2-server +PROG=/usr/bin/netopeer2-server start_service() { procd_open_instance |