summaryrefslogtreecommitdiff
path: root/sentinel-proxy
diff options
context:
space:
mode:
Diffstat (limited to 'sentinel-proxy')
-rw-r--r--sentinel-proxy/Makefile89
-rw-r--r--sentinel-proxy/files/ca.pem38
-rwxr-xr-xsentinel-proxy/files/init30
-rw-r--r--sentinel-proxy/files/renew.cron5
-rwxr-xr-xsentinel-proxy/files/restart-proxy-hook.sh3
-rwxr-xr-xsentinel-proxy/files/sentinel-reload.sh15
-rwxr-xr-xsentinel-proxy/files/sentinel.sh47
-rw-r--r--sentinel-proxy/files/uci2
-rwxr-xr-xsentinel-proxy/files/uci-defaults9
9 files changed, 238 insertions, 0 deletions
diff --git a/sentinel-proxy/Makefile b/sentinel-proxy/Makefile
new file mode 100644
index 0000000..d02ab42
--- /dev/null
+++ b/sentinel-proxy/Makefile
@@ -0,0 +1,89 @@
+#
+## Copyright (C) 2018-2020 CZ.NIC z.s.p.o. (http://www.nic.cz/)
+#
+## This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+# #
+#
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=sentinel-proxy
+#PKG_VERSION:=1.3
+#PKG_RELEASE:=7
+
+#PKG_SOURCE_PROTO:=git
+PKG_SOURCE_URL:=https://gitlab.nic.cz/turris/sentinel/proxy.git
+PKG_SOURCE_BRANCH:=hotfix/mqtt
+#PKG_SOURCE_VERSION:=v$(PKG_VERSION)
+
+PKG_MAINTAINER:=CZ.NIC <packaging@turris.cz>
+PKG_LICENSE:=GPL-3.0-or-later
+
+PKG_FIXUP:=autoreconf
+
+PKG_BUILD_DEPENDS:=argp-standalone
+
+include $(INCLUDE_DIR)/autopkg-branch.mk
+include $(INCLUDE_DIR)/package.mk
+
+define Package/sentinel-proxy
+ SECTION:=collect
+ CATEGORY:=Collect
+ SUBMENU:=Sentinel
+ TITLE:=Proxy
+ URL:=https://gitlab.nic.cz/turris/sentinel/proxy
+ DEPENDS:= \
+ +czmq \
+ +libpaho-mqtt-c \
+ +zlib \
+ +libopenssl \
+ +libconfig \
+ +sentinel-certgen \
+ +sentinel-eula
+endef
+
+define Package/sentinel-proxy/description
+ Central daemon proxying all Sentinel trafic on router to Turris servers.
+endef
+
+define Package/sentinel-proxy/install
+ $(INSTALL_DIR) $(1)/lib/functions/
+ $(INSTALL_CONF) ./files/sentinel.sh $(1)/lib/functions/sentinel.sh
+
+ $(INSTALL_DIR) $(1)/etc/sentinel
+ $(INSTALL_DATA) ./files/ca.pem $(1)/etc/sentinel/ca.pem
+
+ $(INSTALL_DIR) $(1)/usr/lib/
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/.libs/libsentinel-device-token.so.1.0.0 $(1)/usr/lib/libsentinel-device-token.so.1
+
+ $(INSTALL_DIR) $(1)/usr/bin
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/.libs/sentinel-proxy $(1)/usr/bin/sentinel-proxy
+
+ $(INSTALL_BIN) $(PKG_BUILD_DIR)/.libs/sentinel-device-token $(1)/usr/bin/sentinel-device-token
+
+ $(INSTALL_DIR) $(1)/etc/init.d
+ $(INSTALL_BIN) ./files/init $(1)/etc/init.d/sentinel-proxy
+
+ $(INSTALL_DIR) $(1)/etc/config
+ $(INSTALL_BIN) ./files/uci $(1)/etc/config/sentinel
+
+ $(INSTALL_DIR) $(1)/etc/uci-defaults
+ $(INSTALL_BIN) ./files/uci-defaults $(1)/etc/uci-defaults/99-sentinel-main
+
+ $(INSTALL_BIN) ./files/sentinel-reload.sh $(1)/usr/bin/sentinel-reload
+
+ $(INSTALL_DIR) $(1)/usr/libexec/sentinel/renew_hooks.d
+ $(INSTALL_BIN) ./files/restart-proxy-hook.sh $(1)/usr/libexec/sentinel/renew_hooks.d/50_proxy_restart.sh
+
+ $(INSTALL_DIR) $(1)/usr/libexec/sentinel/reload_hooks.d
+ $(INSTALL_BIN) ./files/restart-proxy-hook.sh $(1)/usr/libexec/sentinel/reload_hooks.d/50_proxy.sh
+
+ $(INSTALL_DIR) $(1)/etc/cron.d
+ $(INSTALL_DATA) ./files/renew.cron $(1)/etc/cron.d/certgen-certs-renew
+endef
+
+define Package/sentinel-proxy/conffiles
+/etc/config/sentinel
+endef
+
+$(eval $(call BuildPackage,sentinel-proxy))
diff --git a/sentinel-proxy/files/ca.pem b/sentinel-proxy/files/ca.pem
new file mode 100644
index 0000000..91094e1
--- /dev/null
+++ b/sentinel-proxy/files/ca.pem
@@ -0,0 +1,38 @@
+-----BEGIN CERTIFICATE-----
+MIIGsDCCBJigAwIBAgIJAM3oziL/qM4GMA0GCSqGSIb3DQEBCwUAMIGWMQswCQYD
+VQQGEwJDWjELMAkGA1UECBMCQ1oxDzANBgNVBAcTBlByYWd1ZTEPMA0GA1UEChMG
+Q1ouTklDMQ8wDQYDVQQLEwZUdXJyaXMxFDASBgNVBAMTC1NlbnRpbmVsIENBMREw
+DwYDVQQpEwhTZW50aW5lbDEeMBwGCSqGSIb3DQEJARYPYWRtaW5AdHVycmlzLmN6
+MB4XDTE4MDEyNjA4MzMzOVoXDTI4MDEyNDA4MzMzOVowgZYxCzAJBgNVBAYTAkNa
+MQswCQYDVQQIEwJDWjEPMA0GA1UEBxMGUHJhZ3VlMQ8wDQYDVQQKEwZDWi5OSUMx
+DzANBgNVBAsTBlR1cnJpczEUMBIGA1UEAxMLU2VudGluZWwgQ0ExETAPBgNVBCkT
+CFNlbnRpbmVsMR4wHAYJKoZIhvcNAQkBFg9hZG1pbkB0dXJyaXMuY3owggIiMA0G
+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDAwpqRmGRX8qg4lJNJNzXWwj1nVMTm
+vc2W5vjpfwr93YoSqOz4rKlO7fQs3Zbe4LleXwAZncV5lAU1EkOD24Tjb5nKeGjM
+JDvkKL0QGCuSUC1VYdbaqlhZRDNkdB6GiR/MJTHx/op1RcKqi/muc4ywbjFdf1yp
+OJ6pOoifRqEuQkumWXT3dHdE5HuSHdxFLqL4Xre7fa0fs0YXb487VWIgJq/ASQrR
+Zcj1z3oMJaQYrEnHL64NcdKUer0hzExhOdUk9/SWTtDMUWiFeDV/Kh45a781lUd8
+zI/TkG14mkOuc72y0dyoi9gOjtiJHSaKkVle47rEk+VhNA/3TsBLcQ2pA335iK96
+aFdeos3wQQaKouADye/9HsHofK2AE8aRkHPC4dK2mufqOhw36v74jAbRm3xsosDn
+TpADgVOroOV3JtNJROGCoDqOWNSnjv3Nw46acOVt7JS8Ry/7ubXAEtDYv0CPyK0z
+M7/9ztfN+ub2/fsbjJixwWcoEijDnmU1wq5zEeP64XxT49R56/ChMT0xhKXmnnlw
+ijV/EGX35xNPGRd3Wi9Z9F+zJePccVNOtobq6CQ00EuHKkFytqMNMqfe7+XxkZug
+h70eTGwSYd3iLiKsbsE/2+Eynv9Jqj7rEbzlvRYEImZjHlvSuXRDyYd7mMzbQzek
+F+APPvY9YlmEGQIDAQABo4H+MIH7MB0GA1UdDgQWBBS75bhWkQWeTeGGlxwRcO4d
+uRywjTCBywYDVR0jBIHDMIHAgBS75bhWkQWeTeGGlxwRcO4duRywjaGBnKSBmTCB
+ljELMAkGA1UEBhMCQ1oxCzAJBgNVBAgTAkNaMQ8wDQYDVQQHEwZQcmFndWUxDzAN
+BgNVBAoTBkNaLk5JQzEPMA0GA1UECxMGVHVycmlzMRQwEgYDVQQDEwtTZW50aW5l
+bCBDQTERMA8GA1UEKRMIU2VudGluZWwxHjAcBgkqhkiG9w0BCQEWD2FkbWluQHR1
+cnJpcy5jeoIJAM3oziL/qM4GMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
+ggIBAIGfkxSiYMO54JUqJmRPJeFml1qs++YQP0j4bhEToOP85j7ZoxIGfFYdakr7
+RXJ5JmVceNw+MQ7JLWL0ydBvKaEYpUXVyqMYMeICxIZcB8jrgAwATxMzv5Ku5EXx
++7ee/aswCtkc5WO9c8BNLuqewCwHhplTBMSpR7BJ7zfCQnk3o1BBeXY41TcDj6/C
+oY5rDv0Zput9m9f5w0+/ukUm6O2TnUh6L622Jv8EQlEeeP1xvKLKeNQOzjEYlguI
+fXqqVXsjxToRRjY6XfOWbuxZDkEp5TXDqIqLIo2PhS4b/phXJw/S0v//oRh1YOKo
+VEu4vBpTL2pKYFdaPGGLRR0ajXUKJagkQPyy+3I4TWvqE2c1LIkpJF/PlRuets3u
+LxldSbBHLV380ubGa288ywDXI65PE4jdjaa/V1dcJ+kkgwc4BMIfFkU0LenQ8ucL
+Mh6iFfeT0iXTyU7Jm9gfn+nqHoZY4i6i3g/2Byt1Dn36RAcjGXxAO2G19roCux9d
+S42NowRqdbAVOFKjkQ2Ojk4i5FsqVkX+Ykf5jEfD/LnGZSKcHNjRIKU60Lc0r2+H
+EzKOPyTHDcUioPfuXGcl112WfqU+/HWt4nW0QEpNKCNpZ6Opsl0alpESWOBSBN6j
++SZimokYV8q+L9XhyY6Y7Q7d9Szdm269J6FrPqih15AvpnTf
+-----END CERTIFICATE-----
diff --git a/sentinel-proxy/files/init b/sentinel-proxy/files/init
new file mode 100755
index 0000000..d8df253
--- /dev/null
+++ b/sentinel-proxy/files/init
@@ -0,0 +1,30 @@
+#!/bin/sh /etc/rc.common
+
+USE_PROCD=1
+START=95
+STOP=10
+
+start_service() {
+ source /lib/functions/sentinel.sh
+ agreed_with_eula || return 1
+
+ config_load sentinel
+ local device_token
+ config_get device_token main device_token ""
+ if ! sentinel-device-token --validate "${device_token}" --quite; then
+ device_token="$(sentinel-device-token --create --quite)";
+ uci -q set sentinel.main.device_token="${device_token}";
+ uci -q commit sentinel.main;
+ echo "New device token created" >&2;
+ fi
+
+ cat > "/tmp/etc/sentinel-proxy.cfg" <<-EOF
+ device_token = "${device_token}"
+EOF
+
+ procd_open_instance
+ procd_set_param command /bin/sh -c 'sentinel-certgen certs --skip-renew && exec sentinel-proxy'
+ procd_set_param respawn 600 5 5
+ procd_set_param file /etc/config/sentinel
+ procd_close_instance
+}
diff --git a/sentinel-proxy/files/renew.cron b/sentinel-proxy/files/renew.cron
new file mode 100644
index 0000000..839208f
--- /dev/null
+++ b/sentinel-proxy/files/renew.cron
@@ -0,0 +1,5 @@
+## crontab
+#
+
+# Periodically check and renew Sentinel:Proxy certificate
+42 */12 * * * root sentinel-certgen certs --hooks-dir /usr/libexec/sentinel/renew_hooks.d
diff --git a/sentinel-proxy/files/restart-proxy-hook.sh b/sentinel-proxy/files/restart-proxy-hook.sh
new file mode 100755
index 0000000..faec14d
--- /dev/null
+++ b/sentinel-proxy/files/restart-proxy-hook.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+# restart Sentinel:Proxy service
+/etc/init.d/sentinel-proxy restart
diff --git a/sentinel-proxy/files/sentinel-reload.sh b/sentinel-proxy/files/sentinel-reload.sh
new file mode 100755
index 0000000..f21eceb
--- /dev/null
+++ b/sentinel-proxy/files/sentinel-reload.sh
@@ -0,0 +1,15 @@
+#!/bin/sh
+# Reload all sentinel components to apply the newest configuration.
+# The reload is done by running scripts located in HOOKS_DIR
+
+HOOKS_DIR="/usr/libexec/sentinel/reload_hooks.d/"
+
+if ! [ -d "${HOOKS_DIR}" ]; then
+ echo "Failed to reload Sentinel: hooks dir does not exist" >&2
+ return 1
+fi
+
+for reload_script in "${HOOKS_DIR}"/*; do
+ [ -x "${reload_script}" ] || continue
+ "${reload_script}"
+done
diff --git a/sentinel-proxy/files/sentinel.sh b/sentinel-proxy/files/sentinel.sh
new file mode 100755
index 0000000..044832a
--- /dev/null
+++ b/sentinel-proxy/files/sentinel.sh
@@ -0,0 +1,47 @@
+#!/bin/sh
+## sentinel.sh
+#
+# set of common functions intended to be sourced and reused in
+# sentinel-related scripts
+
+# source OpenWrt functions if not sourced yet
+command -v config_load > /dev/null || . /lib/functions.sh
+
+
+allowed_to_run() {
+ local component_name="$1";
+ agreed_with_eula "${component_name}" && component_enabled "${component_name}"
+}
+
+component_enabled() (
+ local component_name="$1";
+ config_load sentinel
+
+ local enabled
+ config_get_bool enabled "${component_name}" enabled "1"
+ [ "$enabled" = "1" ] || {
+ echo "Sentinel ${component_name} not enabled" >&2
+ return 1
+ }
+)
+
+agreed_with_eula() (
+ local component_name="$1";
+ config_load sentinel
+
+ local agreed_eula_version
+ config_get agreed_eula_version main agreed_with_eula_version "0"
+ [ "$agreed_eula_version" -le "0" ] || return 0
+
+ cat >&2 <<EOF
+Not agreed with EULA.
+
+EULA could be found at /usr/share/sentinel-eula/ and you can
+agree with it either in ReForis data collect tab or using
+uci config:
+uci set sentinel.main.agreed_with_eula_version=1 && uci commit
+
+EULA version may increase in time. See documentation for more details.
+EOF
+ return 1
+)
diff --git a/sentinel-proxy/files/uci b/sentinel-proxy/files/uci
new file mode 100644
index 0000000..139597f
--- /dev/null
+++ b/sentinel-proxy/files/uci
@@ -0,0 +1,2 @@
+
+
diff --git a/sentinel-proxy/files/uci-defaults b/sentinel-proxy/files/uci-defaults
new file mode 100755
index 0000000..d144db5
--- /dev/null
+++ b/sentinel-proxy/files/uci-defaults
@@ -0,0 +1,9 @@
+#!/bin/sh
+
+if [ "$(uci -q get sentinel.main)" != "main" ]; then
+ uci -q batch <<EOT
+ delete sentinel.main
+ set sentinel.main='main'
+ commit sentinel.main
+EOT
+fi