Browse Source
Merge pull request #13193 from sartura/sysrepo
Update sysrepo, libyang, libnetconf2 and netopeer2 packages to latest versionslilik-openwrt-22.03
Rosen Penev
4 years ago
committed by
GitHub
GitHub
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
19 changed files with 366 additions and 307 deletions
Split View
Diff Options
-
+3 -3libs/libnetconf2/Makefile
-
+14 -9libs/libnetconf2/patches/001-cmake_not_updated.patch
-
+1 -1libs/libssh/Makefile
-
+41 -0libs/libssh/patches/0004-channels-Avoid-returning-SSH_AGAIN-from-ssh_channel_.patch
-
+8 -8libs/libyang/Makefile
-
+0 -7net/Netopeer2/Config_keystored.in
-
+0 -128net/Netopeer2/Makefile
-
+0 -22net/Netopeer2/files/netopeer2-keystored-keygen.default
-
+0 -16net/Netopeer2/files/netopeer2-keystored.default
-
+0 -59net/Netopeer2/files/netopeer2-server.default
-
+0 -17net/Netopeer2/files/stock_config.xml
-
+0 -11net/Netopeer2/patches/001-openss_1.1_support.patch
-
+0 -22net/Netopeer2/patches/010-gcc10.patch
-
+85 -0net/netopeer2/Makefile
-
+57 -0net/netopeer2/files/netopeer2-server-merge-config.default
-
+47 -0net/netopeer2/files/netopeer2-server-merge-hostkey.default
-
+106 -0net/netopeer2/files/netopeer2-server-setup.default
-
+1 -1net/netopeer2/files/netopeer2-server.init
-
+3 -3net/sysrepo/Makefile
+ 3
- 3
libs/libnetconf2/Makefile
View File
+ 14
- 9
libs/libnetconf2/patches/001-cmake_not_updated.patch
View File
| @ -1,11 +1,16 @@ | |||
| --- a/CMakeLists.txt 2020-05-08 13:29:30.903800624 +0300 | |||
| +++ b/CMakeLists.txt 2020-05-08 13:29:50.943582218 +0300 | |||
| @@ -153,7 +153,7 @@ | |||
| set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -DNC_ENABLED_SSH") | |||
| message(STATUS "LibSSH version ${LibSSH_VERSION} found") | |||
| - if(LibSSH_VERSION VERSION_EQUAL 0.9.3 OR LibSSH_VERSION VERSION_EQUAL 0.9.4) | |||
| + if(LibSSH_VERSION VERSION_EQUAL 0.9.x) | |||
| message(FATAL_ERROR "LibSSH ${LibSSH_VERSION} includes regression bugs and libnetconf2 will NOT work properly, try to use another version") | |||
| diff --git a/CMakeLists.txt b/CMakeLists.txt | |||
| index f21fec9..5b912af 100644 | |||
| --- a/CMakeLists.txt | |||
| +++ b/CMakeLists.txt | |||
| @@ -148,7 +148,7 @@ endif() | |||
| # dependencies - libssh | |||
| if(ENABLE_SSH) | |||
| find_package(LibSSH 0.7.0 REQUIRED) | |||
| - if(LIBSSH_VERSION VERSION_EQUAL 0.9.3 OR LIBSSH_VERSION VERSION_EQUAL 0.9.4) | |||
| + if(LIBSSH_VERSION VERSION_EQUAL 0.9.x) | |||
| message(FATAL_ERROR "LibSSH ${LIBSSH_VERSION} includes regression bugs and libnetconf2 will NOT work properly, try to use another version") | |||
| endif() | |||
| -- | |||
| 2.26.2 | |||
+ 1
- 1
libs/libssh/Makefile
View File
+ 41
- 0
libs/libssh/patches/0004-channels-Avoid-returning-SSH_AGAIN-from-ssh_channel_.patch
View File
| @ -0,0 +1,41 @@ | |||
| From 6417f5a3cac8537ac6f6ff7fc1642dfaa0917fb4 Mon Sep 17 00:00:00 2001 | |||
| From: Jakub Jelen <jjelen@redhat.com> | |||
| Date: Thu, 16 Apr 2020 11:13:34 +0200 | |||
| Subject: [PATCH] channels: Avoid returning SSH_AGAIN from | |||
| ssh_channel_poll_timeout() | |||
| This addresses a regression introduced in 3bad0607, partially fixed in 022409e9, | |||
| but the function was still able to return SSH_AGAIN, which was not expected by | |||
| callers. | |||
| Based on discussion in [1] and [2] | |||
| [1] https://gitlab.com/libssh/libssh-mirror/-/merge_requests/101 | |||
| [2] https://www.libssh.org/archive/libssh/2020-03/0000029.html | |||
| Signed-off-by: Jakub Jelen <jjelen@redhat.com> | |||
| Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | |||
| --- | |||
| src/channels.c | 6 ++++++ | |||
| 1 file changed, 6 insertions(+) | |||
| diff --git a/src/channels.c b/src/channels.c | |||
| index bcc1c207..9fe309d0 100644 | |||
| --- a/src/channels.c | |||
| +++ b/src/channels.c | |||
| @@ -3116,6 +3116,12 @@ int ssh_channel_poll_timeout(ssh_channel channel, int timeout, int is_stderr) | |||
| session->session_state == SSH_SESSION_STATE_ERROR) { | |||
| rc = SSH_ERROR; | |||
| goto out; | |||
| + } else if (rc == SSH_AGAIN) { | |||
| + /* If the above timeout expired, it is ok and we do not need to | |||
| + * attempt to check the read buffer. The calling functions do not | |||
| + * expect us to return SSH_AGAIN either here. */ | |||
| + rc = SSH_OK; | |||
| + goto out; | |||
| } | |||
| len = ssh_buffer_get_len(stdbuf); | |||
| if (len > 0) { | |||
| -- | |||
| 2.26.2 | |||
+ 8
- 8
libs/libyang/Makefile
View File
+ 0
- 7
net/Netopeer2/Config_keystored.in
View File
| @ -1,7 +0,0 @@ | |||
| if PACKAGE_netopeer2-keystored | |||
| config SSH_KEYS | |||
| bool "Generate default ssh keys" | |||
| default y | |||
| endif | |||
+ 0
- 128
net/Netopeer2/Makefile
View File
| @ -1,128 +0,0 @@ | |||
| # | |||
| # Copyright (C) 2017 OpenWrt.org | |||
| # | |||
| # This is free software, licensed under the GNU General Public License v2. | |||
| # See /LICENSE for more information. | |||
| # | |||
| # Warning by default OpenWrt does not have a root password which is necessery for NETCONF server. | |||
| include $(TOPDIR)/rules.mk | |||
| PKG_NAME:=Netopeer2 | |||
| PKG_VERSION:=1.1.27 | |||
| PKG_RELEASE:=2 | |||
| PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz | |||
| PKG_SOURCE_URL:=https://codeload.github.com/CESNET/Netopeer2/tar.gz/v$(PKG_VERSION)? | |||
| PKG_HASH:=e3914aae78d19f445a37ef37408f7ce209ebf0b05deb412b1bc56a021448885f | |||
| PKG_MAINTAINER:=Mislav Novakovic <mislav.novakovic@sartura.hr> | |||
| PKG_LICENSE:=BSD-3-Clause | |||
| PKG_LICENSE_FILES:=LICENSE | |||
| CMAKE_INSTALL:=1 | |||
| PKG_BUILD_PARALLEL:=1 | |||
| include $(INCLUDE_DIR)/package.mk | |||
| include $(INCLUDE_DIR)/cmake.mk | |||
| define Package/netopeer2-keystored/config | |||
| source "$(SOURCE)/Config_keystored.in" | |||
| endef | |||
| define Package/netopeer2-server | |||
| SECTION:=utils | |||
| CATEGORY:=Utilities | |||
| TITLE:=NETCONF server | |||
| URL:=https://github.com/CESNET/Netopeer2 | |||
| DEPENDS:=+libcurl +libpthread +libyang +libnetconf2 +netopeer2-keystored +libsysrepo +sysrepocfg +sysrepoctl +sysrepo | |||
| MENU:=1 | |||
| endef | |||
| define Package/netopeer2-cli | |||
| SECTION:=utils | |||
| CATEGORY:=Utilities | |||
| TITLE:=Netopeer2 cli tool | |||
| URL:=https://github.com/CESNET/Netopeer2 | |||
| DEPENDS:=+libpthread +libyang +libnetconf2 +libopenssl | |||
| endef | |||
| define Package/netopeer2-keystored | |||
| SECTION:=utils | |||
| CATEGORY:=Utilities | |||
| TITLE:=Netopeer2 key store management | |||
| URL:=https://github.com/CESNET/Netopeer2 | |||
| DEPENDS:=+libopenssl +libsysrepo +sysrepo +sysrepocfg +sysrepoctl +SSH_KEYS:openssh-keygen | |||
| MENU:=1 | |||
| endef | |||
| define Package/netopeer2/description | |||
| Netopeer2 is a set of tools implementing network configuration tools based on the NETCONF | |||
| Protocol. This is the second generation of the toolset, originally available as the Netopeer | |||
| project. Netopeer2 is based on the new generation of the NETCONF and YANG libraries - | |||
| libyang and libnetconf2. The Netopeer server uses sysrepo as a NETCONF datastore implementation. | |||
| endef | |||
| CMAKE_OPTIONS += \ | |||
| -DGENERATE_HOSTKEY:BOOL=OFF \ | |||
| -DINSTALL_MODULES:BOOL=OFF \ | |||
| -DCMAKE_BUILD_TYPE=release | |||
| #-DKEYSTORED_KEYS_DIR:STRING=/etc/keystored/keys \ | |||
| define Package/netopeer2-server/install | |||
| $(INSTALL_DIR) $(1)/usr/bin | |||
| $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/netopeer2-server $(1)/usr/bin/ | |||
| $(INSTALL_DIR) $(1)/etc/sysrepo/yang | |||
| $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-ssh-server@2019-07-02.yang $(1)/etc/sysrepo/yang/ | |||
| $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-tls-server@2019-07-02.yang $(1)/etc/sysrepo/yang/ | |||
| $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/iana-crypt-hash@2014-08-06.yang $(1)/etc/sysrepo/yang/ | |||
| $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-x509-cert-to-name@2014-12-10.yang $(1)/etc/sysrepo/yang/ | |||
| $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-netconf-server@2019-07-02.yang $(1)/etc/sysrepo/yang/ | |||
| $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-netconf-monitoring@2010-10-04.yang $(1)/etc/sysrepo/yang/ | |||
| $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-netconf-acm@2018-02-14.yang $(1)/etc/sysrepo/yang/ | |||
| $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-netconf-nmda@2019-01-07.yang $(1)/etc/sysrepo/yang/ | |||
| $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-netconf@2013-09-29.yang $(1)/etc/sysrepo/yang/ | |||
| $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-datastores@2017-08-17.yang $(1)/etc/sysrepo/yang/ | |||
| $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-crypto-types@2019-07-02.yang $(1)/etc/sysrepo/yang/ | |||
| $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/iana-crypt-hash@2014-08-06.yang $(1)/etc/sysrepo/yang/ | |||
| $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-tcp-server@2019-07-02.yang $(1)/etc/sysrepo/yang/ | |||
| $(INSTALL_DIR) $(1)/etc/uci-defaults | |||
| $(INSTALL_BIN) ./files/netopeer2-server.default $(1)/etc/uci-defaults/98_netopeer2-server | |||
| $(INSTALL_DIR) $(1)/etc/init.d/ | |||
| $(INSTALL_BIN) ./files/netopeer2-server.init $(1)/etc/init.d/netopeer2-server | |||
| $(INSTALL_DIR) $(1)/usr/share/netopeer2-server | |||
| $(INSTALL_DATA) ./files/stock_config.xml $(1)/usr/share/netopeer2-server | |||
| endef | |||
| define Package/netopeer2-cli/install | |||
| $(INSTALL_DIR) $(1)/usr/bin | |||
| $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/netopeer2-cli $(1)/usr/bin/ | |||
| endef | |||
| define Package/netopeer2-keystored/install | |||
| $(INSTALL_DIR) $(1)/etc/sysrepo/yang | |||
| $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/ietf-keystore@2019-07-02.yang $(1)/etc/sysrepo/yang/ | |||
| $(INSTALL_DIR) $(1)/etc/uci-defaults | |||
| $(INSTALL_DIR) $(1)/etc/keystored/keys | |||
| ifeq ($(CONFIG_SSH_KEYS),y) | |||
| $(INSTALL_BIN) ./files/netopeer2-keystored-keygen.default $(1)/etc/uci-defaults/97_netopeer2-keystored | |||
| else | |||
| $(INSTALL_BIN) ./files/netopeer2-keystored.default $(1)/etc/uci-defaults/97_netopeer2-keystored | |||
| #ssh key name is specified in ./files/stock_config.xml file, you will need to provide the ssh keys yourself. | |||
| $(INSTALL_DATA) ./files/ssh_host_rsa_key.pem $(1)/etc/keystored/keys | |||
| $(INSTALL_DATA) ./files/ssh_host_rsa_key.pub.pem $(1)/etc/keystored/keys | |||
| endif | |||
| endef | |||
| $(eval $(call BuildPackage,netopeer2-server)) | |||
| $(eval $(call BuildPackage,netopeer2-cli)) | |||
| $(eval $(call BuildPackage,netopeer2-keystored)) | |||
+ 0
- 22
net/Netopeer2/files/netopeer2-keystored-keygen.default
View File
| @ -1,22 +0,0 @@ | |||
| #!/bin/sh | |||
| # Warning, problems can occur if the device restarts in the middle of this uci-default script | |||
| if [ -x /bin/sysrepoctl ]; then | |||
| match=$(sysrepoctl -l | grep "ietf-keystore ") | |||
| if [ ! "$match" ]; then | |||
| sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-keystore@2019-07-02.yang -o root:root -p 600 | |||
| if [ -x /bin/sysrepocfg ]; then | |||
| sysrepocfg -f xml -d startup -i /usr/share/netopeer2-keystored/stock_key_config.xml ietf-keystore | |||
| rm /usr/share/netopeer2-keystored/stock_key_config.xml | |||
| fi | |||
| #generate ssh keys | |||
| if [ ! -f "/etc/keystored/keys/ssh_host_rsa_key.pem" ]; then | |||
| ssh-keygen -m pem -t rsa -q -N "" -f /etc/keystored/keys/ssh_host_rsa_key.pem | |||
| chmod go-rw /etc/keystored/keys/ssh_host_rsa_key.pem | |||
| fi | |||
| fi | |||
| fi | |||
| exit 0 | |||
+ 0
- 16
net/Netopeer2/files/netopeer2-keystored.default
View File
| @ -1,16 +0,0 @@ | |||
| #!/bin/sh | |||
| # Warning, problems can occur if the device restarts in the middle of this uci-default script | |||
| if [ -x /bin/sysrepoctl ]; then | |||
| match=$(sysrepoctl -l | grep "ietf-keystore ") | |||
| if [ ! "$match" ]; then | |||
| sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-keystore@2019-07-02.yang -o root:root -p 600 | |||
| if [ -x /bin/sysrepocfg ]; then | |||
| sysrepocfg -f xml -d startup -i /usr/share/netopeer2-keystored/stock_key_config.xml ietf-keystore | |||
| rm /usr/share/netopeer2-keystored/stock_key_config.xml | |||
| fi | |||
| fi | |||
| fi | |||
| exit 0 | |||
+ 0
- 59
net/Netopeer2/files/netopeer2-server.default
View File
| @ -1,59 +0,0 @@ | |||
| #!/bin/sh | |||
| # Warning, problems can occur if the device restarts in the middle of this uci-default script | |||
| if [ -x /bin/sysrepoctl ]; then | |||
| match=$(sysrepoctl -l | grep "ietf-ssh-server ") | |||
| if [ ! "$match" ]; then | |||
| sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-ssh-server@2019-07-02.yang -p 600 | |||
| fi | |||
| match=$(sysrepoctl -l | grep "ietf-tls-server ") | |||
| if [ ! "$match" ]; then | |||
| sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-tls-server@2019-07-02.yang -p 600 | |||
| fi | |||
| match=$(sysrepoctl -l | grep "iana-crypt-hash ") | |||
| if [ ! "$match" ]; then | |||
| sysrepoctl --install --yang=/etc/sysrepo/yang/iana-crypt-hash@2014-08-06.yang -p 600 | |||
| fi | |||
| match=$(sysrepoctl -l | grep "ietf-x509-cert-to-name ") | |||
| if [ ! "$match" ]; then | |||
| sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-x509-cert-to-name@2014-12-10.yang -p 600 | |||
| fi | |||
| match=$(sysrepoctl -l | grep "ietf-netconf-server ") | |||
| if [ ! "$match" ]; then | |||
| sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-netconf-server@2019-07-02.yang -o root:root -p 600 | |||
| sysrepoctl -m ietf-netconf-server -e listen | |||
| sysrepoctl -m ietf-netconf-server -e ssh-listen | |||
| sysrepoctl -m ietf-netconf-server -e tls-listen | |||
| sysrepoctl -m ietf-netconf-server -e call-home | |||
| sysrepoctl -m ietf-netconf-server -e ssh-call-home | |||
| sysrepoctl -m ietf-netconf-server -e tls-call-home | |||
| sysrepoctl -m ietf-netconf -e url | |||
| if [ -x /bin/sysrepocfg ]; then | |||
| sysrepocfg -f xml -d startup -i /usr/share/netopeer2-server/stock_config.xml ietf-netconf-server | |||
| rm /usr/share/netopeer2-server/stock_config.xml | |||
| fi | |||
| fi | |||
| match=$(sysrepoctl -l | grep "ietf-netconf-monitoring ") | |||
| if [ ! "$match" ]; then | |||
| sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-netconf-monitoring@2010-10-04.yang -o root:root -p 600 | |||
| fi | |||
| match=$(sysrepoctl -l | grep "ietf-netconf-with-defaults ") | |||
| if [ ! "$match" ]; then | |||
| sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-netconf@2013-09-29.yang -o root:root -p 600 | |||
| fi | |||
| match=$(sysrepoctl -l | grep "ietf-datastores ") | |||
| if [ ! "$match" ]; then | |||
| sysrepoctl --install --yang=/etc/sysrepo/yang/ietf-datastores@2017-08-17.yang -o root:root -p 600 | |||
| fi | |||
| fi | |||
| exit 0 | |||
+ 0
- 17
net/Netopeer2/files/stock_config.xml
View File
| @ -1,17 +0,0 @@ | |||
| <netconf-server xmlns="urn:ietf:params:xml:ns:yang:ietf-netconf-server"> | |||
| <listen> | |||
| <endpoint> | |||
| <name>test_ssh_listen_endpt</name> | |||
| <ssh> | |||
| <address>::</address> | |||
| <port>830</port> | |||
| <host-keys> | |||
| <host-key> | |||
| <name>test_ssh_listen_key</name> | |||
| <public-key>ssh_host_rsa_key</public-key> | |||
| </host-key> | |||
| </host-keys> | |||
| </ssh> | |||
| </endpoint> | |||
| </listen> | |||
| </netconf-server> | |||
+ 0
- 11
net/Netopeer2/patches/001-openss_1.1_support.patch
View File
| @ -1,11 +0,0 @@ | |||
| --- a/cli/commands.c 2020-05-08 16:29:28.284509842 +0300 | |||
| +++ b/cli/commands.c 2020-05-08 16:29:38.856397844 +0300 | |||
| @@ -1727,7 +1727,7 @@ | |||
| BIO_printf(bio_out, "\n"); | |||
| BIO_printf(bio_out, "Valid until: "); | |||
| - ASN1_TIME_print(bio_out, X509_get_notAfter(cert)); | |||
| + ASN1_TIME_print(bio_out, X509_get0_notAfter(cert)); | |||
| BIO_printf(bio_out, "\n"); | |||
| has_san = 0; | |||
+ 0
- 22
net/Netopeer2/patches/010-gcc10.patch
View File
| @ -1,22 +0,0 @@ | |||
| --- a/cli/commands.h | |||
| +++ b/cli/commands.h | |||
| @@ -17,7 +17,7 @@ | |||
| #include "cli_version.h" | |||
| -char some_msg[4096]; | |||
| +static char some_msg[4096]; | |||
| #define INSTRUCTION(format,args...) {snprintf(some_msg,4095,format,##args);printf("\n %s",some_msg);} | |||
| #define ERROR(function,format,args...) {snprintf(some_msg,4095,format,##args);fprintf(stderr,"%s: %s\n",function,some_msg);} | |||
| --- a/src/log.h | |||
| +++ b/src/log.h | |||
| @@ -36,7 +36,7 @@ extern uint8_t np2_sr_verbose_level; | |||
| /** | |||
| * @brief netopeer2 flag whether to print messages to stderr (only if not daemon). | |||
| */ | |||
| -uint8_t np2_stderr_log; | |||
| +extern uint8_t np2_stderr_log; | |||
| /** | |||
| * @brief internal printing function, follows the levels from libnetconf2 | |||
+ 85
- 0
net/netopeer2/Makefile
View File
| @ -0,0 +1,85 @@ | |||
| # | |||
| # Copyright (C) 2017 OpenWrt.org | |||
| # | |||
| # This is free software, licensed under the GNU General Public License v2. | |||
| # See /LICENSE for more information. | |||
| # | |||
| # Warning by default OpenWrt does not have a root password which is necessery for NETCONF server. | |||
| include $(TOPDIR)/rules.mk | |||
| PKG_NAME:=netopeer2 | |||
| PKG_VERSION:=1.1.39 | |||
| PKG_RELEASE:=1 | |||
| PKG_LICENSE:=BSD-3-Clause | |||
| PKG_MAINTAINER:=Jakov Smolic <jakov.smolic@sartura.hr> | |||
| PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz | |||
| PKG_SOURCE_URL:=https://codeload.github.com/CESNET/Netopeer2/tar.gz/v$(PKG_VERSION)? | |||
| PKG_HASH:=e983683eda68792fedd73af54a5c7997496091489aa921f2a9e0dd27f2f6e19a | |||
| CMAKE_INSTALL:=1 | |||
| PKG_BUILD_PARALLEL:=1 | |||
| PKG_INSTALL:=1 | |||
| include $(INCLUDE_DIR)/package.mk | |||
| include $(INCLUDE_DIR)/cmake.mk | |||
| define Package/netopeer2-server | |||
| SECTION:=utils | |||
| CATEGORY:=Utilities | |||
| TITLE:=NETCONF server | |||
| URL:=https://github.com/CESNET/Netopeer2 | |||
| DEPENDS:=+libcurl +libpthread +libyang +libnetconf2 +libsysrepo +sysrepocfg +sysrepoctl +sysrepo | |||
| MENU:=1 | |||
| endef | |||
| define Package/netopeer2-cli | |||
| SECTION:=utils | |||
| CATEGORY:=Utilities | |||
| TITLE:=Netopeer2 cli tool | |||
| URL:=https://github.com/CESNET/Netopeer2 | |||
| DEPENDS:=+libpthread +libyang +libnetconf2 +libopenssl | |||
| endef | |||
| define Package/netopeer2/description | |||
| Netopeer2 is a set of tools implementing network configuration tools based on the NETCONF | |||
| Protocol. This is the second generation of the toolset, originally available as the Netopeer | |||
| project. Netopeer2 is based on the new generation of the NETCONF and YANG libraries - | |||
| libyang and libnetconf2. The Netopeer server uses sysrepo as a NETCONF datastore implementation. | |||
| endef | |||
| CMAKE_OPTIONS += \ | |||
| -DCMAKE_INSTALL_PREFIX:PATH=/usr \ | |||
| -DCMAKE_BUILD_TYPE:STRING=Release \ | |||
| -DGENERATE_HOSTKEY:BOOL=OFF \ | |||
| -DINSTALL_MODULES:BOOL=OFF \ | |||
| -DMERGE_LISTEN_CONFIG:BOOL=OFF | |||
| define Package/netopeer2-server/install | |||
| $(INSTALL_DIR) $(1)/usr/bin | |||
| $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/netopeer2-server $(1)/usr/bin/ | |||
| $(INSTALL_DIR) $(1)/etc/sysrepo/yang | |||
| $(INSTALL_DIR) $(1)/etc/netopeer2/modules | |||
| $(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/* $(1)/etc/netopeer2/modules/ | |||
| $(INSTALL_DIR) $(1)/etc/uci-defaults | |||
| $(INSTALL_BIN) ./files/netopeer2-server-setup.default $(1)/etc/uci-defaults/97_netopeer2-server | |||
| $(INSTALL_BIN) ./files/netopeer2-server-merge-hostkey.default $(1)/etc/uci-defaults/98_netopeer2-server | |||
| $(INSTALL_BIN) ./files/netopeer2-server-merge-config.default $(1)/etc/uci-defaults/99_netopeer2-server | |||
| $(INSTALL_DIR) $(1)/etc/init.d/ | |||
| $(INSTALL_BIN) ./files/netopeer2-server.init $(1)/etc/init.d/netopeer2-server | |||
| endef | |||
| define Package/netopeer2-cli/install | |||
| $(INSTALL_DIR) $(1)/usr/bin | |||
| $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/netopeer2-cli $(1)/usr/bin/ | |||
| endef | |||
| $(eval $(call BuildPackage,netopeer2-server)) | |||
| $(eval $(call BuildPackage,netopeer2-cli)) | |||
+ 57
- 0
net/netopeer2/files/netopeer2-server-merge-config.default
View File
| @ -0,0 +1,57 @@ | |||
| #!/bin/sh | |||
| set -e | |||
| # avoid problems with sudo path | |||
| SYSREPOCFG=`which sysrepocfg` | |||
| KS_KEY_NAME=genkey | |||
| # check that there is no listen/Call Home configuration yet | |||
| SERVER_CONFIG=`$SYSREPOCFG -X -x "/ietf-netconf-server:netconf-server/listen/endpoint[1]/name | /ietf-netconf-server:netconf-server/call-home/netconf-client[1]/name"` | |||
| if [ -z "$SERVER_CONFIG" ]; then | |||
| # import default config | |||
| CONFIG="<netconf-server xmlns=\"urn:ietf:params:xml:ns:yang:ietf-netconf-server\"> | |||
| <listen> | |||
| <endpoint> | |||
| <name>default-ssh</name> | |||
| <ssh> | |||
| <tcp-server-parameters> | |||
| <local-address>0.0.0.0</local-address> | |||
| <keepalives> | |||
| <idle-time>1</idle-time> | |||
| <max-probes>10</max-probes> | |||
| <probe-interval>5</probe-interval> | |||
| </keepalives> | |||
| </tcp-server-parameters> | |||
| <ssh-server-parameters> | |||
| <server-identity> | |||
| <host-key> | |||
| <name>default-key</name> | |||
| <public-key> | |||
| <keystore-reference>$KS_KEY_NAME</keystore-reference> | |||
| </public-key> | |||
| </host-key> | |||
| </server-identity> | |||
| <client-authentication> | |||
| <supported-authentication-methods> | |||
| <publickey/> | |||
| <passsword/> | |||
| <other>interactive</other> | |||
| </supported-authentication-methods> | |||
| <users/> | |||
| </client-authentication> | |||
| </ssh-server-parameters> | |||
| </ssh> | |||
| </endpoint> | |||
| </listen> | |||
| </netconf-server>" | |||
| TMPFILE=`mktemp -u` | |||
| printf -- "$CONFIG" > $TMPFILE | |||
| # apply it to startup and running | |||
| $SYSREPOCFG --edit=$TMPFILE -d startup -f xml -m ietf-netconf-server -v2 | |||
| $SYSREPOCFG -C startup -m ietf-netconf-server -v2 | |||
| # remove the tmp file | |||
| rm $TMPFILE | |||
| fi | |||
+ 47
- 0
net/netopeer2/files/netopeer2-server-merge-hostkey.default
View File
| @ -0,0 +1,47 @@ | |||
| #!/bin/sh | |||
| set -e | |||
| # avoid problems with sudo path | |||
| SYSREPOCFG=`which sysrepocfg` | |||
| OPENSSL=`which openssl` | |||
| # check that there is no SSH key with this name yet | |||
| KEYSTORE_KEY=`$SYSREPOCFG -X -x "/ietf-keystore:keystore/asymmetric-keys/asymmetric-key[name='genkey']/name"` | |||
| if [ -z "$KEYSTORE_KEY" ]; then | |||
| # generate a new key | |||
| PRIVPEM=`$OPENSSL genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -outform PEM 2>/dev/null` | |||
| # remove header/footer | |||
| PRIVKEY=`grep -v -- "-----" - <<STDIN | |||
| $PRIVPEM | |||
| STDIN` | |||
| # get public key | |||
| PUBPEM=`$OPENSSL rsa -pubout 2>/dev/null <<STDIN | |||
| $PRIVPEM | |||
| STDIN` | |||
| # remove header/footer | |||
| PUBKEY=`grep -v -- "-----" - <<STDIN | |||
| $PUBPEM | |||
| STDIN` | |||
| # generate edit config | |||
| CONFIG="<keystore xmlns=\"urn:ietf:params:xml:ns:yang:ietf-keystore\"> | |||
| <asymmetric-keys> | |||
| <asymmetric-key> | |||
| <name>genkey</name> | |||
| <algorithm>rsa2048</algorithm> | |||
| <public-key>$PUBKEY</public-key> | |||
| <private-key>$PRIVKEY</private-key> | |||
| </asymmetric-key> | |||
| </asymmetric-keys> | |||
| </keystore>" | |||
| TMPFILE=`mktemp -u` | |||
| printf -- "$CONFIG" > $TMPFILE | |||
| # apply it to startup and running | |||
| $SYSREPOCFG --edit=$TMPFILE -d startup -f xml -m ietf-keystore -v2 | |||
| $SYSREPOCFG -C startup -m ietf-keystore -v2 | |||
| # remove the tmp file | |||
| rm $TMPFILE | |||
| fi | |||
+ 106
- 0
net/netopeer2/files/netopeer2-server-setup.default
View File
| @ -0,0 +1,106 @@ | |||
| #!/bin/sh | |||
| # Warning, problems can occur if the device restarts in the middle of this uci-default script | |||
| # install YANG modules | |||
| SYSREPOCTL=`which sysrepoctl` | |||
| MODDIR="/etc/netopeer2/modules" | |||
| PERMS=600 | |||
| OWNER=root | |||
| GROUP=root | |||
| # array of modules to install | |||
| MODULES="\ | |||
| ietf-netconf-acm@2018-02-14.yang | |||
| ietf-netconf@2013-09-29.yang -e writable-running -e candidate -e rollback-on-error -e validate -e startup -e url -e xpath | |||
| ietf-netconf-monitoring@2010-10-04.yang | |||
| ietf-netconf-nmda@2019-01-07.yang -e origin -e with-defaults | |||
| nc-notifications@2008-07-14.yang | |||
| notifications@2008-07-14.yang | |||
| ietf-x509-cert-to-name@2014-12-10.yang | |||
| ietf-crypto-types@2019-07-02.yang | |||
| ietf-keystore@2019-07-02.yang -e keystore-supported | |||
| ietf-truststore@2019-07-02.yang -e truststore-supported -e x509-certificates | |||
| ietf-tcp-common@2019-07-02.yang -e keepalives-supported | |||
| ietf-ssh-server@2019-07-02.yang -e local-client-auth-supported | |||
| ietf-tls-server@2019-07-02.yang -e local-client-auth-supported | |||
| ietf-netconf-server@2019-07-02.yang -e ssh-listen -e tls-listen -e ssh-call-home -e tls-call-home" | |||
| # functions | |||
| INSTALL_MODULE() { | |||
| local module=`echo "$1" | sed 's/\s.*$//'` | |||
| $SYSREPOCTL -a -i $MODDIR/$module -s $MODDIR -p $PERMS -o $OWNER -g $GROUP -v2 | |||
| local rc=$? | |||
| if [ $rc -ne 0 ]; then | |||
| exit $rc | |||
| fi | |||
| } | |||
| UPDATE_MODULE() { | |||
| $SYSREPOCTL -a -U $MODDIR/$1 -s $MODDIR -p $PERMS -o $OWNER -g $GROUP -v2 | |||
| local rc=$? | |||
| if [ $rc -ne 0 ]; then | |||
| exit $rc | |||
| fi | |||
| } | |||
| ENABLE_FEATURE() { | |||
| $SYSREPOCTL -a -c $1 -e $2 -v2 | |||
| local rc=$? | |||
| if [ $rc -ne 0 ]; then | |||
| exit $rc | |||
| fi | |||
| } | |||
| ENABLE_FEATURES() { | |||
| # parse sysrepoctl features and add extra space at the end for easier matching | |||
| local sctl_features="`echo "$SCTL_MODULE" | sed 's/\([^|]*|\)\{6\}\(.*\)/\2/'` " | |||
| # parse features we want to enable | |||
| local features=`echo "$1" | sed 's/[^ ]* \(.*\)/\1/'` | |||
| while [ "${features:0:3}" = "-e " ]; do | |||
| # skip "-e " | |||
| features=${features:3} | |||
| # parse feature | |||
| local feature=`echo "$features" | sed 's/\([^[:space:]]*\).*/\1/'` | |||
| # enable feature if not already | |||
| sctl_feature=`echo "$sctl_features" | grep " ${feature} "` | |||
| if [ -z "$sctl_feature" ]; then | |||
| # enable feature | |||
| ENABLE_FEATURE $name $feature | |||
| fi | |||
| # next iteration, skip this feature | |||
| features=`echo "$features" | sed 's/[^[:space:]]* \(.*\)/\1/'` | |||
| done | |||
| } | |||
| # get current modules | |||
| SCTL_MODULES=`$SYSREPOCTL -l` | |||
| IFS=$'\n' | |||
| for i in $MODULES; do | |||
| name=`echo "$i" | sed 's/\([^@]*\).*/\1/'` | |||
| SCTL_MODULE=`echo "$SCTL_MODULES" | grep "^$name \+|[^|]*| I"` | |||
| if [ -z "$SCTL_MODULE" ]; then | |||
| # install module | |||
| INSTALL_MODULE "$i" | |||
| ENABLE_FEATURES "$i" | |||
| continue | |||
| fi | |||
| sctl_revision=`echo "$SCTL_MODULE" | sed 's/[^|]*| \([^ ]*\).*/\1/'` | |||
| revision=`echo "$i" | sed 's/[^@]*@\([^\.]*\).*/\1/'` | |||
| if [ "$sctl_revision" \< "$revision" ]; then | |||
| # update module without any features | |||
| file=`echo "$i" | cut -d' ' -f 1` | |||
| UPDATE_MODULE $file | |||
| fi | |||
| ENABLE_FEATURES "$i" | |||
| done | |||
| unset IFS | |||
| exit 0 | |||