diff --git a/net/netopeer2/Config_keystored.in b/net/netopeer2/Config_keystored.in new file mode 100644 index 000000000..73252507e --- /dev/null +++ b/net/netopeer2/Config_keystored.in @@ -0,0 +1,7 @@ +if PACKAGE_netopeer2-keystored + +config SSH_KEYS + bool "Generate default ssh keys" + default y + +endif diff --git a/net/netopeer2/Config_server.in b/net/netopeer2/Config_server.in new file mode 100644 index 000000000..112da769b --- /dev/null +++ b/net/netopeer2/Config_server.in @@ -0,0 +1,7 @@ +if PACKAGE_netopeer2-server + +config SSH_SERVER + bool "Install the default ssh server (openssh-server)" + default y + +endif diff --git a/net/netopeer2/Makefile b/net/netopeer2/Makefile index c0a1cdcbe..9f24e123e 100644 --- a/net/netopeer2/Makefile +++ b/net/netopeer2/Makefile @@ -34,12 +34,21 @@ CMAKE_INSTALL:=1 include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/cmake.mk +define Package/netopeer2-server/config + source "$(SOURCE)/Config_server.in" +endef + +define Package/netopeer2-keystored/config + source "$(SOURCE)/Config_keystored.in" +endef + define Package/netopeer2-server SECTION:=util CATEGORY:=Utilities TITLE:=NETCONF server URL:=$(PKG_SOURCE_URL) - DEPENDS:=+libpthread +libyang +libnetconf2 +netopeer2-keystored +libsysrepo +sysrepocfg +sysrepoctl +sysrepod + DEPENDS:=+libpthread +libyang +libnetconf2 +netopeer2-keystored +libsysrepo +sysrepocfg +sysrepoctl +sysrepod +SSH_SERVER:openssh-server + MENU:=1 endef define Package/netopeer2-cli @@ -55,7 +64,8 @@ define Package/netopeer2-keystored CATEGORY:=Utilities TITLE:=Netopeer2 key store management URL:=$(PKG_SOURCE_URL) - DEPENDS:=+libopenssl +libsysrepo +sysrepo-plugind +sysrepocfg +sysrepoctl + DEPENDS:=+libopenssl +libsysrepo +sysrepo-plugind +sysrepocfg +sysrepoctl +SSH_KEYS:openssh-keygen + MENU:=1 endef define Package/netopeer2/description @@ -128,15 +138,19 @@ define Package/netopeer2-keystored/install $(INSTALL_DATA) $(PKG_BUILD_ROOT)/modules/ietf-keystore.yang $(1)/etc/sysrepo/yang $(INSTALL_DIR) $(1)/etc/uci-defaults + + $(INSTALL_DIR) $(1)/etc/keystored/keys +ifeq ($(CONFIG_SSH_KEYS),y) + $(INSTALL_BIN) ./files/netopeer2-keystored-keygen.default $(1)/etc/uci-defaults/97_netopeer2-keystored +else $(INSTALL_BIN) ./files/netopeer2-keystored.default $(1)/etc/uci-defaults/97_netopeer2-keystored + #ssh key name is specified in ./files/stock_config.xml file, you will need to provide the ssh keys yourself. + $(INSTALL_DATA) ./files/ssh_host_rsa_key.pem $(1)/etc/keystored/keys + $(INSTALL_DATA) ./files/ssh_host_rsa_key.pub.pem $(1)/etc/keystored/keys +endif $(INSTALL_DIR) $(1)/usr/share/netopeer2-keystored $(INSTALL_DATA) $(PKG_BUILD_ROOT)/keystored/stock_key_config.xml $(1)/usr/share/netopeer2-keystored - - $(INSTALL_DIR) $(1)/etc/keystored/keys - #$(INSTALL_DATA) ./files/ssh_host_rsa_key.pem $(1)/etc/keystored/keys - #$(INSTALL_DATA) ./files/ssh_host_rsa_key.pub.pem $(1)/etc/keystored/keys - #ssh key name is specified in stock_key_config.xml file, you will need to provide the ssh keys yourself. endef $(eval $(call BuildPackage,netopeer2-server)) diff --git a/net/netopeer2/files/netopeer2-keystored-keygen.default b/net/netopeer2/files/netopeer2-keystored-keygen.default new file mode 100644 index 000000000..6c9c10559 --- /dev/null +++ b/net/netopeer2/files/netopeer2-keystored-keygen.default @@ -0,0 +1,22 @@ +#!/bin/sh + +# Warning, problems can occur if the device restarts in the middle of this uci-default script + +if [ -x /bin/sysrepoctl ]; then + match=$(sysrepoctl -l | grep "ietf-keystore\ ") + if [ ! "$match" ]; then + sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-keystore.yang -o root:root -p 600 + if [ -x /bin/sysrepocfg ]; then + sysrepocfg -d startup -i /usr/share/netopeer2-keystored/stock_key_config.xml ietf-keystore + rm /usr/share/netopeer2-keystored/stock_key_config.xml + fi + + #generate ssh keys + ssh-keygen -t rsa -f /tmp/ssh_host_rsa_key -N "" + openssl rsa -in /tmp/ssh_host_rsa_key -outform pem > /etc/keystored/keys/ssh_host_rsa_key.pem + openssl rsa -pubout -in /etc/keystored/keys/ssh_host_rsa_key.pem -out /etc/keystored/keys/ssh_host_rsa_key.pub.pem + rm /tmp/ssh_host_rsa_key + fi +fi + +exit 0