diff options
author | Karel Kočí <cynerd@email.cz> | 2020-09-23 11:42:19 +0200 |
---|---|---|
committer | Karel Kočí <cynerd@email.cz> | 2020-09-23 11:43:02 +0200 |
commit | 5fee4bd515d55cb1ded1bed0c34fb89c22e01a87 (patch) | |
tree | 0718445739237630d35330ac3ac5c3cc11979daa | |
parent | bf24e13ee81a77aa39e2af11f4a778c7bef39f0b (diff) | |
download | openwrt-personal-pkgs-5fee4bd515d55cb1ded1bed0c34fb89c22e01a87.tar.gz openwrt-personal-pkgs-5fee4bd515d55cb1ded1bed0c34fb89c22e01a87.tar.bz2 openwrt-personal-pkgs-5fee4bd515d55cb1ded1bed0c34fb89c22e01a87.zip |
sentinel-proxy: try newer version
-rw-r--r-- | sentinel-proxy/Makefile | 89 | ||||
-rw-r--r-- | sentinel-proxy/files/ca.pem | 38 | ||||
-rwxr-xr-x | sentinel-proxy/files/init | 30 | ||||
-rw-r--r-- | sentinel-proxy/files/renew.cron | 5 | ||||
-rwxr-xr-x | sentinel-proxy/files/restart-proxy-hook.sh | 3 | ||||
-rwxr-xr-x | sentinel-proxy/files/sentinel-reload.sh | 15 | ||||
-rwxr-xr-x | sentinel-proxy/files/sentinel.sh | 47 | ||||
-rw-r--r-- | sentinel-proxy/files/uci | 2 | ||||
-rwxr-xr-x | sentinel-proxy/files/uci-defaults | 9 |
9 files changed, 238 insertions, 0 deletions
diff --git a/sentinel-proxy/Makefile b/sentinel-proxy/Makefile new file mode 100644 index 0000000..d02ab42 --- /dev/null +++ b/sentinel-proxy/Makefile @@ -0,0 +1,89 @@ +# +## Copyright (C) 2018-2020 CZ.NIC z.s.p.o. (http://www.nic.cz/) +# +## This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# # +# +include $(TOPDIR)/rules.mk + +PKG_NAME:=sentinel-proxy +#PKG_VERSION:=1.3 +#PKG_RELEASE:=7 + +#PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=https://gitlab.nic.cz/turris/sentinel/proxy.git +PKG_SOURCE_BRANCH:=hotfix/mqtt +#PKG_SOURCE_VERSION:=v$(PKG_VERSION) + +PKG_MAINTAINER:=CZ.NIC <packaging@turris.cz> +PKG_LICENSE:=GPL-3.0-or-later + +PKG_FIXUP:=autoreconf + +PKG_BUILD_DEPENDS:=argp-standalone + +include $(INCLUDE_DIR)/autopkg-branch.mk +include $(INCLUDE_DIR)/package.mk + +define Package/sentinel-proxy + SECTION:=collect + CATEGORY:=Collect + SUBMENU:=Sentinel + TITLE:=Proxy + URL:=https://gitlab.nic.cz/turris/sentinel/proxy + DEPENDS:= \ + +czmq \ + +libpaho-mqtt-c \ + +zlib \ + +libopenssl \ + +libconfig \ + +sentinel-certgen \ + +sentinel-eula +endef + +define Package/sentinel-proxy/description + Central daemon proxying all Sentinel trafic on router to Turris servers. +endef + +define Package/sentinel-proxy/install + $(INSTALL_DIR) $(1)/lib/functions/ + $(INSTALL_CONF) ./files/sentinel.sh $(1)/lib/functions/sentinel.sh + + $(INSTALL_DIR) $(1)/etc/sentinel + $(INSTALL_DATA) ./files/ca.pem $(1)/etc/sentinel/ca.pem + + $(INSTALL_DIR) $(1)/usr/lib/ + $(INSTALL_BIN) $(PKG_BUILD_DIR)/.libs/libsentinel-device-token.so.1.0.0 $(1)/usr/lib/libsentinel-device-token.so.1 + + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_BUILD_DIR)/.libs/sentinel-proxy $(1)/usr/bin/sentinel-proxy + + $(INSTALL_BIN) $(PKG_BUILD_DIR)/.libs/sentinel-device-token $(1)/usr/bin/sentinel-device-token + + $(INSTALL_DIR) $(1)/etc/init.d + $(INSTALL_BIN) ./files/init $(1)/etc/init.d/sentinel-proxy + + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_BIN) ./files/uci $(1)/etc/config/sentinel + + $(INSTALL_DIR) $(1)/etc/uci-defaults + $(INSTALL_BIN) ./files/uci-defaults $(1)/etc/uci-defaults/99-sentinel-main + + $(INSTALL_BIN) ./files/sentinel-reload.sh $(1)/usr/bin/sentinel-reload + + $(INSTALL_DIR) $(1)/usr/libexec/sentinel/renew_hooks.d + $(INSTALL_BIN) ./files/restart-proxy-hook.sh $(1)/usr/libexec/sentinel/renew_hooks.d/50_proxy_restart.sh + + $(INSTALL_DIR) $(1)/usr/libexec/sentinel/reload_hooks.d + $(INSTALL_BIN) ./files/restart-proxy-hook.sh $(1)/usr/libexec/sentinel/reload_hooks.d/50_proxy.sh + + $(INSTALL_DIR) $(1)/etc/cron.d + $(INSTALL_DATA) ./files/renew.cron $(1)/etc/cron.d/certgen-certs-renew +endef + +define Package/sentinel-proxy/conffiles +/etc/config/sentinel +endef + +$(eval $(call BuildPackage,sentinel-proxy)) diff --git a/sentinel-proxy/files/ca.pem b/sentinel-proxy/files/ca.pem new file mode 100644 index 0000000..91094e1 --- /dev/null +++ b/sentinel-proxy/files/ca.pem @@ -0,0 +1,38 @@ +-----BEGIN CERTIFICATE----- +MIIGsDCCBJigAwIBAgIJAM3oziL/qM4GMA0GCSqGSIb3DQEBCwUAMIGWMQswCQYD +VQQGEwJDWjELMAkGA1UECBMCQ1oxDzANBgNVBAcTBlByYWd1ZTEPMA0GA1UEChMG +Q1ouTklDMQ8wDQYDVQQLEwZUdXJyaXMxFDASBgNVBAMTC1NlbnRpbmVsIENBMREw +DwYDVQQpEwhTZW50aW5lbDEeMBwGCSqGSIb3DQEJARYPYWRtaW5AdHVycmlzLmN6 +MB4XDTE4MDEyNjA4MzMzOVoXDTI4MDEyNDA4MzMzOVowgZYxCzAJBgNVBAYTAkNa +MQswCQYDVQQIEwJDWjEPMA0GA1UEBxMGUHJhZ3VlMQ8wDQYDVQQKEwZDWi5OSUMx +DzANBgNVBAsTBlR1cnJpczEUMBIGA1UEAxMLU2VudGluZWwgQ0ExETAPBgNVBCkT +CFNlbnRpbmVsMR4wHAYJKoZIhvcNAQkBFg9hZG1pbkB0dXJyaXMuY3owggIiMA0G +CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDAwpqRmGRX8qg4lJNJNzXWwj1nVMTm +vc2W5vjpfwr93YoSqOz4rKlO7fQs3Zbe4LleXwAZncV5lAU1EkOD24Tjb5nKeGjM +JDvkKL0QGCuSUC1VYdbaqlhZRDNkdB6GiR/MJTHx/op1RcKqi/muc4ywbjFdf1yp +OJ6pOoifRqEuQkumWXT3dHdE5HuSHdxFLqL4Xre7fa0fs0YXb487VWIgJq/ASQrR +Zcj1z3oMJaQYrEnHL64NcdKUer0hzExhOdUk9/SWTtDMUWiFeDV/Kh45a781lUd8 +zI/TkG14mkOuc72y0dyoi9gOjtiJHSaKkVle47rEk+VhNA/3TsBLcQ2pA335iK96 +aFdeos3wQQaKouADye/9HsHofK2AE8aRkHPC4dK2mufqOhw36v74jAbRm3xsosDn +TpADgVOroOV3JtNJROGCoDqOWNSnjv3Nw46acOVt7JS8Ry/7ubXAEtDYv0CPyK0z +M7/9ztfN+ub2/fsbjJixwWcoEijDnmU1wq5zEeP64XxT49R56/ChMT0xhKXmnnlw +ijV/EGX35xNPGRd3Wi9Z9F+zJePccVNOtobq6CQ00EuHKkFytqMNMqfe7+XxkZug +h70eTGwSYd3iLiKsbsE/2+Eynv9Jqj7rEbzlvRYEImZjHlvSuXRDyYd7mMzbQzek +F+APPvY9YlmEGQIDAQABo4H+MIH7MB0GA1UdDgQWBBS75bhWkQWeTeGGlxwRcO4d +uRywjTCBywYDVR0jBIHDMIHAgBS75bhWkQWeTeGGlxwRcO4duRywjaGBnKSBmTCB +ljELMAkGA1UEBhMCQ1oxCzAJBgNVBAgTAkNaMQ8wDQYDVQQHEwZQcmFndWUxDzAN +BgNVBAoTBkNaLk5JQzEPMA0GA1UECxMGVHVycmlzMRQwEgYDVQQDEwtTZW50aW5l +bCBDQTERMA8GA1UEKRMIU2VudGluZWwxHjAcBgkqhkiG9w0BCQEWD2FkbWluQHR1 +cnJpcy5jeoIJAM3oziL/qM4GMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQAD +ggIBAIGfkxSiYMO54JUqJmRPJeFml1qs++YQP0j4bhEToOP85j7ZoxIGfFYdakr7 +RXJ5JmVceNw+MQ7JLWL0ydBvKaEYpUXVyqMYMeICxIZcB8jrgAwATxMzv5Ku5EXx ++7ee/aswCtkc5WO9c8BNLuqewCwHhplTBMSpR7BJ7zfCQnk3o1BBeXY41TcDj6/C +oY5rDv0Zput9m9f5w0+/ukUm6O2TnUh6L622Jv8EQlEeeP1xvKLKeNQOzjEYlguI +fXqqVXsjxToRRjY6XfOWbuxZDkEp5TXDqIqLIo2PhS4b/phXJw/S0v//oRh1YOKo +VEu4vBpTL2pKYFdaPGGLRR0ajXUKJagkQPyy+3I4TWvqE2c1LIkpJF/PlRuets3u +LxldSbBHLV380ubGa288ywDXI65PE4jdjaa/V1dcJ+kkgwc4BMIfFkU0LenQ8ucL +Mh6iFfeT0iXTyU7Jm9gfn+nqHoZY4i6i3g/2Byt1Dn36RAcjGXxAO2G19roCux9d +S42NowRqdbAVOFKjkQ2Ojk4i5FsqVkX+Ykf5jEfD/LnGZSKcHNjRIKU60Lc0r2+H +EzKOPyTHDcUioPfuXGcl112WfqU+/HWt4nW0QEpNKCNpZ6Opsl0alpESWOBSBN6j ++SZimokYV8q+L9XhyY6Y7Q7d9Szdm269J6FrPqih15AvpnTf +-----END CERTIFICATE----- diff --git a/sentinel-proxy/files/init b/sentinel-proxy/files/init new file mode 100755 index 0000000..d8df253 --- /dev/null +++ b/sentinel-proxy/files/init @@ -0,0 +1,30 @@ +#!/bin/sh /etc/rc.common + +USE_PROCD=1 +START=95 +STOP=10 + +start_service() { + source /lib/functions/sentinel.sh + agreed_with_eula || return 1 + + config_load sentinel + local device_token + config_get device_token main device_token "" + if ! sentinel-device-token --validate "${device_token}" --quite; then + device_token="$(sentinel-device-token --create --quite)"; + uci -q set sentinel.main.device_token="${device_token}"; + uci -q commit sentinel.main; + echo "New device token created" >&2; + fi + + cat > "/tmp/etc/sentinel-proxy.cfg" <<-EOF + device_token = "${device_token}" +EOF + + procd_open_instance + procd_set_param command /bin/sh -c 'sentinel-certgen certs --skip-renew && exec sentinel-proxy' + procd_set_param respawn 600 5 5 + procd_set_param file /etc/config/sentinel + procd_close_instance +} diff --git a/sentinel-proxy/files/renew.cron b/sentinel-proxy/files/renew.cron new file mode 100644 index 0000000..839208f --- /dev/null +++ b/sentinel-proxy/files/renew.cron @@ -0,0 +1,5 @@ +## crontab +# + +# Periodically check and renew Sentinel:Proxy certificate +42 */12 * * * root sentinel-certgen certs --hooks-dir /usr/libexec/sentinel/renew_hooks.d diff --git a/sentinel-proxy/files/restart-proxy-hook.sh b/sentinel-proxy/files/restart-proxy-hook.sh new file mode 100755 index 0000000..faec14d --- /dev/null +++ b/sentinel-proxy/files/restart-proxy-hook.sh @@ -0,0 +1,3 @@ +#!/bin/sh +# restart Sentinel:Proxy service +/etc/init.d/sentinel-proxy restart diff --git a/sentinel-proxy/files/sentinel-reload.sh b/sentinel-proxy/files/sentinel-reload.sh new file mode 100755 index 0000000..f21eceb --- /dev/null +++ b/sentinel-proxy/files/sentinel-reload.sh @@ -0,0 +1,15 @@ +#!/bin/sh +# Reload all sentinel components to apply the newest configuration. +# The reload is done by running scripts located in HOOKS_DIR + +HOOKS_DIR="/usr/libexec/sentinel/reload_hooks.d/" + +if ! [ -d "${HOOKS_DIR}" ]; then + echo "Failed to reload Sentinel: hooks dir does not exist" >&2 + return 1 +fi + +for reload_script in "${HOOKS_DIR}"/*; do + [ -x "${reload_script}" ] || continue + "${reload_script}" +done diff --git a/sentinel-proxy/files/sentinel.sh b/sentinel-proxy/files/sentinel.sh new file mode 100755 index 0000000..044832a --- /dev/null +++ b/sentinel-proxy/files/sentinel.sh @@ -0,0 +1,47 @@ +#!/bin/sh +## sentinel.sh +# +# set of common functions intended to be sourced and reused in +# sentinel-related scripts + +# source OpenWrt functions if not sourced yet +command -v config_load > /dev/null || . /lib/functions.sh + + +allowed_to_run() { + local component_name="$1"; + agreed_with_eula "${component_name}" && component_enabled "${component_name}" +} + +component_enabled() ( + local component_name="$1"; + config_load sentinel + + local enabled + config_get_bool enabled "${component_name}" enabled "1" + [ "$enabled" = "1" ] || { + echo "Sentinel ${component_name} not enabled" >&2 + return 1 + } +) + +agreed_with_eula() ( + local component_name="$1"; + config_load sentinel + + local agreed_eula_version + config_get agreed_eula_version main agreed_with_eula_version "0" + [ "$agreed_eula_version" -le "0" ] || return 0 + + cat >&2 <<EOF +Not agreed with EULA. + +EULA could be found at /usr/share/sentinel-eula/ and you can +agree with it either in ReForis data collect tab or using +uci config: +uci set sentinel.main.agreed_with_eula_version=1 && uci commit + +EULA version may increase in time. See documentation for more details. +EOF + return 1 +) diff --git a/sentinel-proxy/files/uci b/sentinel-proxy/files/uci new file mode 100644 index 0000000..139597f --- /dev/null +++ b/sentinel-proxy/files/uci @@ -0,0 +1,2 @@ + + diff --git a/sentinel-proxy/files/uci-defaults b/sentinel-proxy/files/uci-defaults new file mode 100755 index 0000000..d144db5 --- /dev/null +++ b/sentinel-proxy/files/uci-defaults @@ -0,0 +1,9 @@ +#!/bin/sh + +if [ "$(uci -q get sentinel.main)" != "main" ]; then + uci -q batch <<EOT + delete sentinel.main + set sentinel.main='main' + commit sentinel.main +EOT +fi |