Browse Source

netopeer2: change default ssh key handling

Signed-off-by: Mislav Novakovic <mislav.novakovic@sartura.hr>
lilik-openwrt-22.03
Mislav Novakovic 8 years ago
parent
commit
835c56a4cc
4 changed files with 57 additions and 7 deletions
  1. +7
    -0
      net/netopeer2/Config_keystored.in
  2. +7
    -0
      net/netopeer2/Config_server.in
  3. +21
    -7
      net/netopeer2/Makefile
  4. +22
    -0
      net/netopeer2/files/netopeer2-keystored-keygen.default

+ 7
- 0
net/netopeer2/Config_keystored.in View File

@ -0,0 +1,7 @@
if PACKAGE_netopeer2-keystored
config SSH_KEYS
bool "Generate default ssh keys"
default y
endif

+ 7
- 0
net/netopeer2/Config_server.in View File

@ -0,0 +1,7 @@
if PACKAGE_netopeer2-server
config SSH_SERVER
bool "Install the default ssh server (openssh-server)"
default y
endif

+ 21
- 7
net/netopeer2/Makefile View File

@ -34,12 +34,21 @@ CMAKE_INSTALL:=1
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/cmake.mk
define Package/netopeer2-server/config
source "$(SOURCE)/Config_server.in"
endef
define Package/netopeer2-keystored/config
source "$(SOURCE)/Config_keystored.in"
endef
define Package/netopeer2-server
SECTION:=util
CATEGORY:=Utilities
TITLE:=NETCONF server
URL:=$(PKG_SOURCE_URL)
DEPENDS:=+libpthread +libyang +libnetconf2 +netopeer2-keystored +libsysrepo +sysrepocfg +sysrepoctl +sysrepod
DEPENDS:=+libpthread +libyang +libnetconf2 +netopeer2-keystored +libsysrepo +sysrepocfg +sysrepoctl +sysrepod +SSH_SERVER:openssh-server
MENU:=1
endef
define Package/netopeer2-cli
@ -55,7 +64,8 @@ define Package/netopeer2-keystored
CATEGORY:=Utilities
TITLE:=Netopeer2 key store management
URL:=$(PKG_SOURCE_URL)
DEPENDS:=+libopenssl +libsysrepo +sysrepo-plugind +sysrepocfg +sysrepoctl
DEPENDS:=+libopenssl +libsysrepo +sysrepo-plugind +sysrepocfg +sysrepoctl +SSH_KEYS:openssh-keygen
MENU:=1
endef
define Package/netopeer2/description
@ -128,15 +138,19 @@ define Package/netopeer2-keystored/install
$(INSTALL_DATA) $(PKG_BUILD_ROOT)/modules/ietf-keystore.yang $(1)/etc/sysrepo/yang
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_DIR) $(1)/etc/keystored/keys
ifeq ($(CONFIG_SSH_KEYS),y)
$(INSTALL_BIN) ./files/netopeer2-keystored-keygen.default $(1)/etc/uci-defaults/97_netopeer2-keystored
else
$(INSTALL_BIN) ./files/netopeer2-keystored.default $(1)/etc/uci-defaults/97_netopeer2-keystored
#ssh key name is specified in ./files/stock_config.xml file, you will need to provide the ssh keys yourself.
$(INSTALL_DATA) ./files/ssh_host_rsa_key.pem $(1)/etc/keystored/keys
$(INSTALL_DATA) ./files/ssh_host_rsa_key.pub.pem $(1)/etc/keystored/keys
endif
$(INSTALL_DIR) $(1)/usr/share/netopeer2-keystored
$(INSTALL_DATA) $(PKG_BUILD_ROOT)/keystored/stock_key_config.xml $(1)/usr/share/netopeer2-keystored
$(INSTALL_DIR) $(1)/etc/keystored/keys
#$(INSTALL_DATA) ./files/ssh_host_rsa_key.pem $(1)/etc/keystored/keys
#$(INSTALL_DATA) ./files/ssh_host_rsa_key.pub.pem $(1)/etc/keystored/keys
#ssh key name is specified in stock_key_config.xml file, you will need to provide the ssh keys yourself.
endef
$(eval $(call BuildPackage,netopeer2-server))


+ 22
- 0
net/netopeer2/files/netopeer2-keystored-keygen.default View File

@ -0,0 +1,22 @@
#!/bin/sh
# Warning, problems can occur if the device restarts in the middle of this uci-default script
if [ -x /bin/sysrepoctl ]; then
match=$(sysrepoctl -l | grep "ietf-keystore\ ")
if [ ! "$match" ]; then
sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-keystore.yang -o root:root -p 600
if [ -x /bin/sysrepocfg ]; then
sysrepocfg -d startup -i /usr/share/netopeer2-keystored/stock_key_config.xml ietf-keystore
rm /usr/share/netopeer2-keystored/stock_key_config.xml
fi
#generate ssh keys
ssh-keygen -t rsa -f /tmp/ssh_host_rsa_key -N ""
openssl rsa -in /tmp/ssh_host_rsa_key -outform pem > /etc/keystored/keys/ssh_host_rsa_key.pem
openssl rsa -pubout -in /etc/keystored/keys/ssh_host_rsa_key.pem -out /etc/keystored/keys/ssh_host_rsa_key.pub.pem
rm /tmp/ssh_host_rsa_key
fi
fi
exit 0

Loading…
Cancel
Save