netopeer2: change default ssh key handling

Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
2017-05-23 15:36:47 +02:00 · 2017-05-23 15:36:47 +02:00 · 835c56a4cc
parent 99b8a07b3e
commit 835c56a4cc
4 changed files with 57 additions and 7 deletions
--- a/net/netopeer2/Config_keystored.in
+++ b/net/netopeer2/Config_keystored.in
@ -0,0 +1,7 @@
+if PACKAGE_netopeer2-keystored
+
+config SSH_KEYS
+	bool "Generate default ssh keys"
+	default y
+
+endif
--- a/net/netopeer2/Config_server.in
+++ b/net/netopeer2/Config_server.in
@ -0,0 +1,7 @@
+if PACKAGE_netopeer2-server
+
+config SSH_SERVER
+	bool "Install the default ssh server (openssh-server)"
+	default y
+
+endif
--- a/net/netopeer2/Makefile
+++ b/net/netopeer2/Makefile
@ -34,12 +34,21 @@ CMAKE_INSTALL:=1
 include $(INCLUDE_DIR)/package.mk
 include $(INCLUDE_DIR)/cmake.mk

+define Package/netopeer2-server/config
+  source "$(SOURCE)/Config_server.in"
+endef
+
+define Package/netopeer2-keystored/config
+  source "$(SOURCE)/Config_keystored.in"
+endef
+
 define Package/netopeer2-server
  SECTION:=util
  CATEGORY:=Utilities
  TITLE:=NETCONF server
  URL:=$(PKG_SOURCE_URL)
-  DEPENDS:=+libpthread +libyang +libnetconf2 +netopeer2-keystored +libsysrepo +sysrepocfg +sysrepoctl +sysrepod
+  DEPENDS:=+libpthread +libyang +libnetconf2 +netopeer2-keystored +libsysrepo +sysrepocfg +sysrepoctl +sysrepod +SSH_SERVER:openssh-server
+  MENU:=1
 endef

 define Package/netopeer2-cli
@ -55,7 +64,8 @@ define Package/netopeer2-keystored
  CATEGORY:=Utilities
  TITLE:=Netopeer2 key store management
  URL:=$(PKG_SOURCE_URL)
-  DEPENDS:=+libopenssl +libsysrepo +sysrepo-plugind +sysrepocfg +sysrepoctl
+  DEPENDS:=+libopenssl +libsysrepo +sysrepo-plugind +sysrepocfg +sysrepoctl +SSH_KEYS:openssh-keygen
+  MENU:=1
 endef

 define Package/netopeer2/description
@ -128,15 +138,19 @@ define Package/netopeer2-keystored/install
 	$(INSTALL_DATA) $(PKG_BUILD_ROOT)/modules/ietf-keystore.yang $(1)/etc/sysrepo/yang

 	$(INSTALL_DIR) $(1)/etc/uci-defaults
+
+	$(INSTALL_DIR) $(1)/etc/keystored/keys
+ifeq ($(CONFIG_SSH_KEYS),y)
+	$(INSTALL_BIN) ./files/netopeer2-keystored-keygen.default $(1)/etc/uci-defaults/97_netopeer2-keystored
+else
 	$(INSTALL_BIN) ./files/netopeer2-keystored.default $(1)/etc/uci-defaults/97_netopeer2-keystored
+	#ssh key name is specified in ./files/stock_config.xml file, you will need to provide the ssh keys yourself.
+	$(INSTALL_DATA) ./files/ssh_host_rsa_key.pem $(1)/etc/keystored/keys
+	$(INSTALL_DATA) ./files/ssh_host_rsa_key.pub.pem $(1)/etc/keystored/keys
+endif

 	$(INSTALL_DIR) $(1)/usr/share/netopeer2-keystored
 	$(INSTALL_DATA) $(PKG_BUILD_ROOT)/keystored/stock_key_config.xml $(1)/usr/share/netopeer2-keystored
-
-	$(INSTALL_DIR) $(1)/etc/keystored/keys
-	#$(INSTALL_DATA) ./files/ssh_host_rsa_key.pem $(1)/etc/keystored/keys
-	#$(INSTALL_DATA) ./files/ssh_host_rsa_key.pub.pem $(1)/etc/keystored/keys
-	#ssh key name is specified in stock_key_config.xml file, you will need to provide the ssh keys yourself.
 endef

 $(eval $(call BuildPackage,netopeer2-server))
--- a/net/netopeer2/files/netopeer2-keystored-keygen.default
+++ b/net/netopeer2/files/netopeer2-keystored-keygen.default
@ -0,0 +1,22 @@
+#!/bin/sh
+
+# Warning, problems can occur if the device restarts in the middle of this uci-default script
+
+if [ -x /bin/sysrepoctl ]; then
+	match=$(sysrepoctl -l | grep "ietf-keystore\ ")
+	if [ ! "$match" ]; then
+		sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-keystore.yang -o root:root -p 600
+		if [ -x /bin/sysrepocfg ]; then
+			sysrepocfg -d startup -i /usr/share/netopeer2-keystored/stock_key_config.xml ietf-keystore
+			rm /usr/share/netopeer2-keystored/stock_key_config.xml
+		fi
+
+		#generate ssh keys
+		ssh-keygen -t rsa -f /tmp/ssh_host_rsa_key -N ""
+		openssl rsa -in /tmp/ssh_host_rsa_key -outform pem > /etc/keystored/keys/ssh_host_rsa_key.pem
+		openssl rsa -pubout -in /etc/keystored/keys/ssh_host_rsa_key.pem -out /etc/keystored/keys/ssh_host_rsa_key.pub.pem
+		rm /tmp/ssh_host_rsa_key
+	fi
+fi
+
+exit 0