Browse Source

Merge pull request #13193 from sartura/sysrepo

Update sysrepo, libyang, libnetconf2 and netopeer2 packages to latest versions
lilik-openwrt-22.03
Rosen Penev 4 years ago
committed by GitHub
parent
commit
8f3642e4bb
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
19 changed files with 366 additions and 307 deletions
  1. +3
    -3
      libs/libnetconf2/Makefile
  2. +14
    -9
      libs/libnetconf2/patches/001-cmake_not_updated.patch
  3. +1
    -1
      libs/libssh/Makefile
  4. +41
    -0
      libs/libssh/patches/0004-channels-Avoid-returning-SSH_AGAIN-from-ssh_channel_.patch
  5. +8
    -8
      libs/libyang/Makefile
  6. +0
    -7
      net/Netopeer2/Config_keystored.in
  7. +0
    -128
      net/Netopeer2/Makefile
  8. +0
    -22
      net/Netopeer2/files/netopeer2-keystored-keygen.default
  9. +0
    -16
      net/Netopeer2/files/netopeer2-keystored.default
  10. +0
    -59
      net/Netopeer2/files/netopeer2-server.default
  11. +0
    -17
      net/Netopeer2/files/stock_config.xml
  12. +0
    -11
      net/Netopeer2/patches/001-openss_1.1_support.patch
  13. +0
    -22
      net/Netopeer2/patches/010-gcc10.patch
  14. +85
    -0
      net/netopeer2/Makefile
  15. +57
    -0
      net/netopeer2/files/netopeer2-server-merge-config.default
  16. +47
    -0
      net/netopeer2/files/netopeer2-server-merge-hostkey.default
  17. +106
    -0
      net/netopeer2/files/netopeer2-server-setup.default
  18. +1
    -1
      net/netopeer2/files/netopeer2-server.init
  19. +3
    -3
      net/sysrepo/Makefile

+ 3
- 3
libs/libnetconf2/Makefile View File

@ -8,14 +8,14 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=libnetconf2
PKG_VERSION:=1.1.24
PKG_VERSION:=1.1.26
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/CESNET/libnetconf2/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=1a69db028bf970f0dab15ed508b58e0cf0806a7e4492828404b75c97ec8ab306
PKG_HASH:=2ce2b819f3544fd46a3a4c8ba6dd0a3798cab2a63aa347bc1eb5275a2c89b7bd
PKG_MAINTAINER:=Mislav Novakovic <mislav.novakovic@sartura.hr>
PKG_MAINTAINER:=Jakov Smolic <jakov.smolic@sartura.hr>
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE


+ 14
- 9
libs/libnetconf2/patches/001-cmake_not_updated.patch View File

@ -1,11 +1,16 @@
--- a/CMakeLists.txt 2020-05-08 13:29:30.903800624 +0300
+++ b/CMakeLists.txt 2020-05-08 13:29:50.943582218 +0300
@@ -153,7 +153,7 @@
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DNC_ENABLED_SSH")
message(STATUS "LibSSH version ${LibSSH_VERSION} found")
- if(LibSSH_VERSION VERSION_EQUAL 0.9.3 OR LibSSH_VERSION VERSION_EQUAL 0.9.4)
+ if(LibSSH_VERSION VERSION_EQUAL 0.9.x)
message(FATAL_ERROR "LibSSH ${LibSSH_VERSION} includes regression bugs and libnetconf2 will NOT work properly, try to use another version")
diff --git a/CMakeLists.txt b/CMakeLists.txt
index f21fec9..5b912af 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -148,7 +148,7 @@ endif()
# dependencies - libssh
if(ENABLE_SSH)
find_package(LibSSH 0.7.0 REQUIRED)
- if(LIBSSH_VERSION VERSION_EQUAL 0.9.3 OR LIBSSH_VERSION VERSION_EQUAL 0.9.4)
+ if(LIBSSH_VERSION VERSION_EQUAL 0.9.x)
message(FATAL_ERROR "LibSSH ${LIBSSH_VERSION} includes regression bugs and libnetconf2 will NOT work properly, try to use another version")
endif()
--
2.26.2

+ 1
- 1
libs/libssh/Makefile View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=libssh
PKG_VERSION:=0.9.4
PKG_RELEASE:=2
PKG_RELEASE:=3
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://www.libssh.org/files/0.9/


+ 41
- 0
libs/libssh/patches/0004-channels-Avoid-returning-SSH_AGAIN-from-ssh_channel_.patch View File

@ -0,0 +1,41 @@
From 6417f5a3cac8537ac6f6ff7fc1642dfaa0917fb4 Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Thu, 16 Apr 2020 11:13:34 +0200
Subject: [PATCH] channels: Avoid returning SSH_AGAIN from
ssh_channel_poll_timeout()
This addresses a regression introduced in 3bad0607, partially fixed in 022409e9,
but the function was still able to return SSH_AGAIN, which was not expected by
callers.
Based on discussion in [1] and [2]
[1] https://gitlab.com/libssh/libssh-mirror/-/merge_requests/101
[2] https://www.libssh.org/archive/libssh/2020-03/0000029.html
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
---
src/channels.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/src/channels.c b/src/channels.c
index bcc1c207..9fe309d0 100644
--- a/src/channels.c
+++ b/src/channels.c
@@ -3116,6 +3116,12 @@ int ssh_channel_poll_timeout(ssh_channel channel, int timeout, int is_stderr)
session->session_state == SSH_SESSION_STATE_ERROR) {
rc = SSH_ERROR;
goto out;
+ } else if (rc == SSH_AGAIN) {
+ /* If the above timeout expired, it is ok and we do not need to
+ * attempt to check the read buffer. The calling functions do not
+ * expect us to return SSH_AGAIN either here. */
+ rc = SSH_OK;
+ goto out;
}
len = ssh_buffer_get_len(stdbuf);
if (len > 0) {
--
2.26.2

+ 8
- 8
libs/libyang/Makefile View File

@ -8,14 +8,14 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=libyang
PKG_VERSION:=1.0.167
PKG_VERSION:=1.0.184
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/CESNET/libyang/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=2431fa5c7cfbe6a6f2c0873547b976f018438967adfe268726911dd3d95eaa31
PKG_HASH:=1a5637451b73c4c5683837eb4c51371bb084795f653bc1a5fc20fed5541b58bc
PKG_MAINTAINER:=Mislav Novakovic <mislav.novakovic@sartura.hr>
PKG_MAINTAINER:=Jakov Smolic <jakov.smolic@sartura.hr>
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE
@ -66,11 +66,11 @@ define Package/libyang/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libyang.so* $(1)/usr/lib/
$(INSTALL_DIR) $(1)/usr/lib/libyang
$(INSTALL_DIR) $(1)/usr/lib/libyang/extensions
$(INSTALL_DIR) $(1)/usr/lib/libyang/user_types
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/libyang/extensions/* $(1)/usr/lib/libyang/extensions
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/libyang/user_types/* $(1)/usr/lib/libyang/user_types
$(INSTALL_DIR) $(1)/usr/lib/libyang1
$(INSTALL_DIR) $(1)/usr/lib/libyang1/extensions
$(INSTALL_DIR) $(1)/usr/lib/libyang1/user_types
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/libyang1/extensions/* $(1)/usr/lib/libyang1/extensions
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/libyang1/user_types/* $(1)/usr/lib/libyang1/user_types
endef
define Package/libyang-cpp/install


+ 0
- 7
net/Netopeer2/Config_keystored.in View File

@ -1,7 +0,0 @@
if PACKAGE_netopeer2-keystored
config SSH_KEYS
bool "Generate default ssh keys"
default y
endif

+ 0
- 128
net/Netopeer2/Makefile View File

@ -1,128 +0,0 @@
#
# Copyright (C) 2017 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
# Warning by default OpenWrt does not have a root password which is necessery for NETCONF server.
include $(TOPDIR)/rules.mk
PKG_NAME:=Netopeer2
PKG_VERSION:=1.1.27
PKG_RELEASE:=2
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/CESNET/Netopeer2/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=e3914aae78d19f445a37ef37408f7ce209ebf0b05deb412b1bc56a021448885f
PKG_MAINTAINER:=Mislav Novakovic <mislav.novakovic@sartura.hr>
PKG_LICENSE:=BSD-3-Clause
PKG_LICENSE_FILES:=LICENSE
CMAKE_INSTALL:=1
PKG_BUILD_PARALLEL:=1
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/cmake.mk
define Package/netopeer2-keystored/config
source "$(SOURCE)/Config_keystored.in"
endef
define Package/netopeer2-server
SECTION:=utils
CATEGORY:=Utilities
TITLE:=NETCONF server
URL:=https://github.com/CESNET/Netopeer2
DEPENDS:=+libcurl +libpthread +libyang +libnetconf2 +netopeer2-keystored +libsysrepo +sysrepocfg +sysrepoctl +sysrepo
MENU:=1
endef
define Package/netopeer2-cli
SECTION:=utils
CATEGORY:=Utilities
TITLE:=Netopeer2 cli tool
URL:=https://github.com/CESNET/Netopeer2
DEPENDS:=+libpthread +libyang +libnetconf2 +libopenssl
endef
define Package/netopeer2-keystored
SECTION:=utils
CATEGORY:=Utilities
TITLE:=Netopeer2 key store management
URL:=https://github.com/CESNET/Netopeer2
DEPENDS:=+libopenssl +libsysrepo +sysrepo +sysrepocfg +sysrepoctl +SSH_KEYS:openssh-keygen
MENU:=1
endef
define Package/netopeer2/description
Netopeer2 is a set of tools implementing network configuration tools based on the NETCONF
Protocol. This is the second generation of the toolset, originally available as the Netopeer
project. Netopeer2 is based on the new generation of the NETCONF and YANG libraries -
libyang and libnetconf2. The Netopeer server uses sysrepo as a NETCONF datastore implementation.
endef
CMAKE_OPTIONS += \
-DGENERATE_HOSTKEY:BOOL=OFF \
-DINSTALL_MODULES:BOOL=OFF \
-DCMAKE_BUILD_TYPE=release
#-DKEYSTORED_KEYS_DIR:STRING=/etc/keystored/keys \
define Package/netopeer2-server/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/netopeer2-server $(1)/usr/bin/
$(INSTALL_DIR) $(1)/etc/sysrepo/yang
$(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-ssh-server@2019-07-02.yang $(1)/etc/sysrepo/yang/
$(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-tls-server@2019-07-02.yang $(1)/etc/sysrepo/yang/
$(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/iana-crypt-hash@2014-08-06.yang $(1)/etc/sysrepo/yang/
$(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-x509-cert-to-name@2014-12-10.yang $(1)/etc/sysrepo/yang/
$(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-netconf-server@2019-07-02.yang $(1)/etc/sysrepo/yang/
$(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-netconf-monitoring@2010-10-04.yang $(1)/etc/sysrepo/yang/
$(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-netconf-acm@2018-02-14.yang $(1)/etc/sysrepo/yang/
$(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-netconf-nmda@2019-01-07.yang $(1)/etc/sysrepo/yang/
$(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-netconf@2013-09-29.yang $(1)/etc/sysrepo/yang/
$(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-datastores@2017-08-17.yang $(1)/etc/sysrepo/yang/
$(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-crypto-types@2019-07-02.yang $(1)/etc/sysrepo/yang/
$(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/iana-crypt-hash@2014-08-06.yang $(1)/etc/sysrepo/yang/
$(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-tcp-server@2019-07-02.yang $(1)/etc/sysrepo/yang/
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_BIN) ./files/netopeer2-server.default $(1)/etc/uci-defaults/98_netopeer2-server
$(INSTALL_DIR) $(1)/etc/init.d/
$(INSTALL_BIN) ./files/netopeer2-server.init $(1)/etc/init.d/netopeer2-server
$(INSTALL_DIR) $(1)/usr/share/netopeer2-server
$(INSTALL_DATA) ./files/stock_config.xml $(1)/usr/share/netopeer2-server
endef
define Package/netopeer2-cli/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/netopeer2-cli $(1)/usr/bin/
endef
define Package/netopeer2-keystored/install
$(INSTALL_DIR) $(1)/etc/sysrepo/yang
$(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-keystore@2019-07-02.yang $(1)/etc/sysrepo/yang/
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_DIR) $(1)/etc/keystored/keys
ifeq ($(CONFIG_SSH_KEYS),y)
$(INSTALL_BIN) ./files/netopeer2-keystored-keygen.default $(1)/etc/uci-defaults/97_netopeer2-keystored
else
$(INSTALL_BIN) ./files/netopeer2-keystored.default $(1)/etc/uci-defaults/97_netopeer2-keystored
#ssh key name is specified in ./files/stock_config.xml file, you will need to provide the ssh keys yourself.
$(INSTALL_DATA) ./files/ssh_host_rsa_key.pem $(1)/etc/keystored/keys
$(INSTALL_DATA) ./files/ssh_host_rsa_key.pub.pem $(1)/etc/keystored/keys
endif
endef
$(eval $(call BuildPackage,netopeer2-server))
$(eval $(call BuildPackage,netopeer2-cli))
$(eval $(call BuildPackage,netopeer2-keystored))

+ 0
- 22
net/Netopeer2/files/netopeer2-keystored-keygen.default View File

@ -1,22 +0,0 @@
#!/bin/sh
# Warning, problems can occur if the device restarts in the middle of this uci-default script
if [ -x /bin/sysrepoctl ]; then
match=$(sysrepoctl -l | grep "ietf-keystore ")
if [ ! "$match" ]; then
sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-keystore@2019-07-02.yang -o root:root -p 600
if [ -x /bin/sysrepocfg ]; then
sysrepocfg -f xml -d startup -i /usr/share/netopeer2-keystored/stock_key_config.xml ietf-keystore
rm /usr/share/netopeer2-keystored/stock_key_config.xml
fi
#generate ssh keys
if [ ! -f "/etc/keystored/keys/ssh_host_rsa_key.pem" ]; then
ssh-keygen -m pem -t rsa -q -N "" -f /etc/keystored/keys/ssh_host_rsa_key.pem
chmod go-rw /etc/keystored/keys/ssh_host_rsa_key.pem
fi
fi
fi
exit 0

+ 0
- 16
net/Netopeer2/files/netopeer2-keystored.default View File

@ -1,16 +0,0 @@
#!/bin/sh
# Warning, problems can occur if the device restarts in the middle of this uci-default script
if [ -x /bin/sysrepoctl ]; then
match=$(sysrepoctl -l | grep "ietf-keystore ")
if [ ! "$match" ]; then
sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-keystore@2019-07-02.yang -o root:root -p 600
if [ -x /bin/sysrepocfg ]; then
sysrepocfg -f xml -d startup -i /usr/share/netopeer2-keystored/stock_key_config.xml ietf-keystore
rm /usr/share/netopeer2-keystored/stock_key_config.xml
fi
fi
fi
exit 0

+ 0
- 59
net/Netopeer2/files/netopeer2-server.default View File

@ -1,59 +0,0 @@
#!/bin/sh
# Warning, problems can occur if the device restarts in the middle of this uci-default script
if [ -x /bin/sysrepoctl ]; then
match=$(sysrepoctl -l | grep "ietf-ssh-server ")
if [ ! "$match" ]; then
sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-ssh-server@2019-07-02.yang -p 600
fi
match=$(sysrepoctl -l | grep "ietf-tls-server ")
if [ ! "$match" ]; then
sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-tls-server@2019-07-02.yang -p 600
fi
match=$(sysrepoctl -l | grep "iana-crypt-hash ")
if [ ! "$match" ]; then
sysrepoctl --install --yang=/etc/sysrepo/yang/iana-crypt-hash@2014-08-06.yang -p 600
fi
match=$(sysrepoctl -l | grep "ietf-x509-cert-to-name ")
if [ ! "$match" ]; then
sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-x509-cert-to-name@2014-12-10.yang -p 600
fi
match=$(sysrepoctl -l | grep "ietf-netconf-server ")
if [ ! "$match" ]; then
sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-netconf-server@2019-07-02.yang -o root:root -p 600
sysrepoctl -m ietf-netconf-server -e listen
sysrepoctl -m ietf-netconf-server -e ssh-listen
sysrepoctl -m ietf-netconf-server -e tls-listen
sysrepoctl -m ietf-netconf-server -e call-home
sysrepoctl -m ietf-netconf-server -e ssh-call-home
sysrepoctl -m ietf-netconf-server -e tls-call-home
sysrepoctl -m ietf-netconf -e url
if [ -x /bin/sysrepocfg ]; then
sysrepocfg -f xml -d startup -i /usr/share/netopeer2-server/stock_config.xml ietf-netconf-server
rm /usr/share/netopeer2-server/stock_config.xml
fi
fi
match=$(sysrepoctl -l | grep "ietf-netconf-monitoring ")
if [ ! "$match" ]; then
sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-netconf-monitoring@2010-10-04.yang -o root:root -p 600
fi
match=$(sysrepoctl -l | grep "ietf-netconf-with-defaults ")
if [ ! "$match" ]; then
sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-netconf@2013-09-29.yang -o root:root -p 600
fi
match=$(sysrepoctl -l | grep "ietf-datastores ")
if [ ! "$match" ]; then
sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-datastores@2017-08-17.yang -o root:root -p 600
fi
fi
exit 0

+ 0
- 17
net/Netopeer2/files/stock_config.xml View File

@ -1,17 +0,0 @@
<netconf-server xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-server">
<listen>
<endpoint>
<name>test_ssh_listen_endpt</name>
<ssh>
<address>::</address>
<port>830</port>
<host-keys>
<host-key>
<name>test_ssh_listen_key</name>
<public-key>ssh_host_rsa_key</public-key>
</host-key>
</host-keys>
</ssh>
</endpoint>
</listen>
</netconf-server>

+ 0
- 11
net/Netopeer2/patches/001-openss_1.1_support.patch View File

@ -1,11 +0,0 @@
--- a/cli/commands.c 2020-05-08 16:29:28.284509842 +0300
+++ b/cli/commands.c 2020-05-08 16:29:38.856397844 +0300
@@ -1727,7 +1727,7 @@
BIO_printf(bio_out, "\n");
BIO_printf(bio_out, "Valid until: ");
- ASN1_TIME_print(bio_out, X509_get_notAfter(cert));
+ ASN1_TIME_print(bio_out, X509_get0_notAfter(cert));
BIO_printf(bio_out, "\n");
has_san = 0;

+ 0
- 22
net/Netopeer2/patches/010-gcc10.patch View File

@ -1,22 +0,0 @@
--- a/cli/commands.h
+++ b/cli/commands.h
@@ -17,7 +17,7 @@
#include "cli_version.h"
-char some_msg[4096];
+static char some_msg[4096];
#define INSTRUCTION(format,args...) {snprintf(some_msg,4095,format,##args);printf("\n %s",some_msg);}
#define ERROR(function,format,args...) {snprintf(some_msg,4095,format,##args);fprintf(stderr,"%s: %s\n",function,some_msg);}
--- a/src/log.h
+++ b/src/log.h
@@ -36,7 +36,7 @@ extern uint8_t np2_sr_verbose_level;
/**
* @brief netopeer2 flag whether to print messages to stderr (only if not daemon).
*/
-uint8_t np2_stderr_log;
+extern uint8_t np2_stderr_log;
/**
* @brief internal printing function, follows the levels from libnetconf2

+ 85
- 0
net/netopeer2/Makefile View File

@ -0,0 +1,85 @@
#
# Copyright (C) 2017 OpenWrt.org
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
# Warning by default OpenWrt does not have a root password which is necessery for NETCONF server.
include $(TOPDIR)/rules.mk
PKG_NAME:=netopeer2
PKG_VERSION:=1.1.39
PKG_RELEASE:=1
PKG_LICENSE:=BSD-3-Clause
PKG_MAINTAINER:=Jakov Smolic <jakov.smolic@sartura.hr>
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/CESNET/Netopeer2/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=e983683eda68792fedd73af54a5c7997496091489aa921f2a9e0dd27f2f6e19a
CMAKE_INSTALL:=1
PKG_BUILD_PARALLEL:=1
PKG_INSTALL:=1
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/cmake.mk
define Package/netopeer2-server
SECTION:=utils
CATEGORY:=Utilities
TITLE:=NETCONF server
URL:=https://github.com/CESNET/Netopeer2
DEPENDS:=+libcurl +libpthread +libyang +libnetconf2 +libsysrepo +sysrepocfg +sysrepoctl +sysrepo
MENU:=1
endef
define Package/netopeer2-cli
SECTION:=utils
CATEGORY:=Utilities
TITLE:=Netopeer2 cli tool
URL:=https://github.com/CESNET/Netopeer2
DEPENDS:=+libpthread +libyang +libnetconf2 +libopenssl
endef
define Package/netopeer2/description
Netopeer2 is a set of tools implementing network configuration tools based on the NETCONF
Protocol. This is the second generation of the toolset, originally available as the Netopeer
project. Netopeer2 is based on the new generation of the NETCONF and YANG libraries -
libyang and libnetconf2. The Netopeer server uses sysrepo as a NETCONF datastore implementation.
endef
CMAKE_OPTIONS += \
-DCMAKE_INSTALL_PREFIX:PATH=/usr \
-DCMAKE_BUILD_TYPE:STRING=Release \
-DGENERATE_HOSTKEY:BOOL=OFF \
-DINSTALL_MODULES:BOOL=OFF \
-DMERGE_LISTEN_CONFIG:BOOL=OFF
define Package/netopeer2-server/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/netopeer2-server $(1)/usr/bin/
$(INSTALL_DIR) $(1)/etc/sysrepo/yang
$(INSTALL_DIR) $(1)/etc/netopeer2/modules
$(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/* $(1)/etc/netopeer2/modules/
$(INSTALL_DIR) $(1)/etc/uci-defaults
$(INSTALL_BIN) ./files/netopeer2-server-setup.default $(1)/etc/uci-defaults/97_netopeer2-server
$(INSTALL_BIN) ./files/netopeer2-server-merge-hostkey.default $(1)/etc/uci-defaults/98_netopeer2-server
$(INSTALL_BIN) ./files/netopeer2-server-merge-config.default $(1)/etc/uci-defaults/99_netopeer2-server
$(INSTALL_DIR) $(1)/etc/init.d/
$(INSTALL_BIN) ./files/netopeer2-server.init $(1)/etc/init.d/netopeer2-server
endef
define Package/netopeer2-cli/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/netopeer2-cli $(1)/usr/bin/
endef
$(eval $(call BuildPackage,netopeer2-server))
$(eval $(call BuildPackage,netopeer2-cli))

+ 57
- 0
net/netopeer2/files/netopeer2-server-merge-config.default View File

@ -0,0 +1,57 @@
#!/bin/sh
set -e
# avoid problems with sudo path
SYSREPOCFG=`which sysrepocfg`
KS_KEY_NAME=genkey
# check that there is no listen/Call Home configuration yet
SERVER_CONFIG=`$SYSREPOCFG -X -x "/ietf-netconf-server:netconf-server/listen/endpoint[1]/name | /ietf-netconf-server:netconf-server/call-home/netconf-client[1]/name"`
if [ -z "$SERVER_CONFIG" ]; then
# import default config
CONFIG="<netconf-server xmlns=\"urn:ietf:params:xml:ns:yang:ietf-netconf-server\">
<listen>
<endpoint>
<name>default-ssh</name>
<ssh>
<tcp-server-parameters>
<local-address>0.0.0.0</local-address>
<keepalives>
<idle-time>1</idle-time>
<max-probes>10</max-probes>
<probe-interval>5</probe-interval>
</keepalives>
</tcp-server-parameters>
<ssh-server-parameters>
<server-identity>
<host-key>
<name>default-key</name>
<public-key>
<keystore-reference>$KS_KEY_NAME</keystore-reference>
</public-key>
</host-key>
</server-identity>
<client-authentication>
<supported-authentication-methods>
<publickey/>
<passsword/>
<other>interactive</other>
</supported-authentication-methods>
<users/>
</client-authentication>
</ssh-server-parameters>
</ssh>
</endpoint>
</listen>
</netconf-server>"
TMPFILE=`mktemp -u`
printf -- "$CONFIG" > $TMPFILE
# apply it to startup and running
$SYSREPOCFG --edit=$TMPFILE -d startup -f xml -m ietf-netconf-server -v2
$SYSREPOCFG -C startup -m ietf-netconf-server -v2
# remove the tmp file
rm $TMPFILE
fi

+ 47
- 0
net/netopeer2/files/netopeer2-server-merge-hostkey.default View File

@ -0,0 +1,47 @@
#!/bin/sh
set -e
# avoid problems with sudo path
SYSREPOCFG=`which sysrepocfg`
OPENSSL=`which openssl`
# check that there is no SSH key with this name yet
KEYSTORE_KEY=`$SYSREPOCFG -X -x "/ietf-keystore:keystore/asymmetric-keys/asymmetric-key[name='genkey']/name"`
if [ -z "$KEYSTORE_KEY" ]; then
# generate a new key
PRIVPEM=`$OPENSSL genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -outform PEM 2>/dev/null`
# remove header/footer
PRIVKEY=`grep -v -- "-----" - <<STDIN
$PRIVPEM
STDIN`
# get public key
PUBPEM=`$OPENSSL rsa -pubout 2>/dev/null <<STDIN
$PRIVPEM
STDIN`
# remove header/footer
PUBKEY=`grep -v -- "-----" - <<STDIN
$PUBPEM
STDIN`
# generate edit config
CONFIG="<keystore xmlns=\"urn:ietf:params:xml:ns:yang:ietf-keystore\">
<asymmetric-keys>
<asymmetric-key>
<name>genkey</name>
<algorithm>rsa2048</algorithm>
<public-key>$PUBKEY</public-key>
<private-key>$PRIVKEY</private-key>
</asymmetric-key>
</asymmetric-keys>
</keystore>"
TMPFILE=`mktemp -u`
printf -- "$CONFIG" > $TMPFILE
# apply it to startup and running
$SYSREPOCFG --edit=$TMPFILE -d startup -f xml -m ietf-keystore -v2
$SYSREPOCFG -C startup -m ietf-keystore -v2
# remove the tmp file
rm $TMPFILE
fi

+ 106
- 0
net/netopeer2/files/netopeer2-server-setup.default View File

@ -0,0 +1,106 @@
#!/bin/sh
# Warning, problems can occur if the device restarts in the middle of this uci-default script
# install YANG modules
SYSREPOCTL=`which sysrepoctl`
MODDIR="/etc/netopeer2/modules"
PERMS=600
OWNER=root
GROUP=root
# array of modules to install
MODULES="\
ietf-netconf-acm@2018-02-14.yang
ietf-netconf@2013-09-29.yang -e writable-running -e candidate -e rollback-on-error -e validate -e startup -e url -e xpath
ietf-netconf-monitoring@2010-10-04.yang
ietf-netconf-nmda@2019-01-07.yang -e origin -e with-defaults
nc-notifications@2008-07-14.yang
notifications@2008-07-14.yang
ietf-x509-cert-to-name@2014-12-10.yang
ietf-crypto-types@2019-07-02.yang
ietf-keystore@2019-07-02.yang -e keystore-supported
ietf-truststore@2019-07-02.yang -e truststore-supported -e x509-certificates
ietf-tcp-common@2019-07-02.yang -e keepalives-supported
ietf-ssh-server@2019-07-02.yang -e local-client-auth-supported
ietf-tls-server@2019-07-02.yang -e local-client-auth-supported
ietf-netconf-server@2019-07-02.yang -e ssh-listen -e tls-listen -e ssh-call-home -e tls-call-home"
# functions
INSTALL_MODULE() {
local module=`echo "$1" | sed 's/\s.*$//'`
$SYSREPOCTL -a -i $MODDIR/$module -s $MODDIR -p $PERMS -o $OWNER -g $GROUP -v2
local rc=$?
if [ $rc -ne 0 ]; then
exit $rc
fi
}
UPDATE_MODULE() {
$SYSREPOCTL -a -U $MODDIR/$1 -s $MODDIR -p $PERMS -o $OWNER -g $GROUP -v2
local rc=$?
if [ $rc -ne 0 ]; then
exit $rc
fi
}
ENABLE_FEATURE() {
$SYSREPOCTL -a -c $1 -e $2 -v2
local rc=$?
if [ $rc -ne 0 ]; then
exit $rc
fi
}
ENABLE_FEATURES() {
# parse sysrepoctl features and add extra space at the end for easier matching
local sctl_features="`echo "$SCTL_MODULE" | sed 's/\([^|]*|\)\{6\}\(.*\)/\2/'` "
# parse features we want to enable
local features=`echo "$1" | sed 's/[^ ]* \(.*\)/\1/'`
while [ "${features:0:3}" = "-e " ]; do
# skip "-e "
features=${features:3}
# parse feature
local feature=`echo "$features" | sed 's/\([^[:space:]]*\).*/\1/'`
# enable feature if not already
sctl_feature=`echo "$sctl_features" | grep " ${feature} "`
if [ -z "$sctl_feature" ]; then
# enable feature
ENABLE_FEATURE $name $feature
fi
# next iteration, skip this feature
features=`echo "$features" | sed 's/[^[:space:]]* \(.*\)/\1/'`
done
}
# get current modules
SCTL_MODULES=`$SYSREPOCTL -l`
IFS=$'\n'
for i in $MODULES; do
name=`echo "$i" | sed 's/\([^@]*\).*/\1/'`
SCTL_MODULE=`echo "$SCTL_MODULES" | grep "^$name \+|[^|]*| I"`
if [ -z "$SCTL_MODULE" ]; then
# install module
INSTALL_MODULE "$i"
ENABLE_FEATURES "$i"
continue
fi
sctl_revision=`echo "$SCTL_MODULE" | sed 's/[^|]*| \([^ ]*\).*/\1/'`
revision=`echo "$i" | sed 's/[^@]*@\([^\.]*\).*/\1/'`
if [ "$sctl_revision" \< "$revision" ]; then
# update module without any features
file=`echo "$i" | cut -d' ' -f 1`
UPDATE_MODULE $file
fi
ENABLE_FEATURES "$i"
done
unset IFS
exit 0

net/Netopeer2/files/netopeer2-server.init → net/netopeer2/files/netopeer2-server.init View File


+ 3
- 3
net/sysrepo/Makefile View File

@ -8,14 +8,14 @@
include $(TOPDIR)/rules.mk
PKG_NAME:=sysrepo
PKG_VERSION:=1.4.58
PKG_VERSION:=1.4.70
PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://codeload.github.com/sysrepo/sysrepo/tar.gz/v$(PKG_VERSION)?
PKG_HASH:=9c134658a5b812cd86b9113c30fc01be5a094616f473e747032ccf614af9e4dd
PKG_HASH:=f0f894d4ed98ce9d20fda219378b844731d796e95115c07f4c067d853e20ca36
PKG_MAINTAINER:=Mislav Novakovic <mislav.novakovic@sartura.hr>
PKG_MAINTAINER:=Jakov Smolic <jakov.smolic@sartura.hr>
PKG_LICENSE:=Apache-2.0
PKG_LICENSE_FILES:=LICENSE


Loading…
Cancel
Save