Commit 7f3049a7 authored by Martin Petráček's avatar Martin Petráček Committed by Michal Hrusecky

add sentinel-proxy, sentinel-minipot and their dependencies

parent a946cdda
#
# Copyright (C) 2017 CZ.NIC, z. s. p. o. (https://www.nic.cz/)
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=sentinel-certgen
PKG_VERSION:=1
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://gitlab.labs.nic.cz/turris/sentinel/certgen.git
PKG_SOURCE:=$(PKG_NAME).tar.gz
PKG_SOURCE_VERSION:=77d0191d4c9360343651ebd5a6ba2790cfd26d0b
PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
PKG_SOURCE_SUBDIR:=$(PKG_NAME)
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
PKG_MAINTAINER:=Martin Petracek <martin.petracek@nic.cz>
PKG_LICENSE:=GPL-3.0
PKG_INSTALL:=0
include $(INCLUDE_DIR)/package.mk
define Package/sentinel-certgen
SECTION:=net
CATEGORY:=Network
SUBMENU:=Client application of our LE-like automated certification authority.
TITLE:=sentinel-certgen
DEPENDS:=+python3-light +python3-six +libatsha204 +python3-cryptography
endef
define Package/$(PKG_NAME)/description
Client application to get Turris::Sentinel certificates
endef
define Build/Compile
true
endef
define Build/Install
true
endef
define Package/$(PKG_NAME)/install
$(INSTALL_DIR) $(1)/etc/sentinel
$(INSTALL_BIN) ./files/ca.pem $(1)/etc/sentinel/ca.pem
$(INSTALL_DIR) $(1)/usr/libexec
$(INSTALL_BIN) $(PKG_BUILD_DIR)/certgen.py $(1)/usr/libexec/sentinel_certgen.py
endef
$(eval $(call BuildPackage,$(PKG_NAME)))
-----BEGIN CERTIFICATE-----
MIIGsDCCBJigAwIBAgIJAM3oziL/qM4GMA0GCSqGSIb3DQEBCwUAMIGWMQswCQYD
VQQGEwJDWjELMAkGA1UECBMCQ1oxDzANBgNVBAcTBlByYWd1ZTEPMA0GA1UEChMG
Q1ouTklDMQ8wDQYDVQQLEwZUdXJyaXMxFDASBgNVBAMTC1NlbnRpbmVsIENBMREw
DwYDVQQpEwhTZW50aW5lbDEeMBwGCSqGSIb3DQEJARYPYWRtaW5AdHVycmlzLmN6
MB4XDTE4MDEyNjA4MzMzOVoXDTI4MDEyNDA4MzMzOVowgZYxCzAJBgNVBAYTAkNa
MQswCQYDVQQIEwJDWjEPMA0GA1UEBxMGUHJhZ3VlMQ8wDQYDVQQKEwZDWi5OSUMx
DzANBgNVBAsTBlR1cnJpczEUMBIGA1UEAxMLU2VudGluZWwgQ0ExETAPBgNVBCkT
CFNlbnRpbmVsMR4wHAYJKoZIhvcNAQkBFg9hZG1pbkB0dXJyaXMuY3owggIiMA0G
CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDAwpqRmGRX8qg4lJNJNzXWwj1nVMTm
vc2W5vjpfwr93YoSqOz4rKlO7fQs3Zbe4LleXwAZncV5lAU1EkOD24Tjb5nKeGjM
JDvkKL0QGCuSUC1VYdbaqlhZRDNkdB6GiR/MJTHx/op1RcKqi/muc4ywbjFdf1yp
OJ6pOoifRqEuQkumWXT3dHdE5HuSHdxFLqL4Xre7fa0fs0YXb487VWIgJq/ASQrR
Zcj1z3oMJaQYrEnHL64NcdKUer0hzExhOdUk9/SWTtDMUWiFeDV/Kh45a781lUd8
zI/TkG14mkOuc72y0dyoi9gOjtiJHSaKkVle47rEk+VhNA/3TsBLcQ2pA335iK96
aFdeos3wQQaKouADye/9HsHofK2AE8aRkHPC4dK2mufqOhw36v74jAbRm3xsosDn
TpADgVOroOV3JtNJROGCoDqOWNSnjv3Nw46acOVt7JS8Ry/7ubXAEtDYv0CPyK0z
M7/9ztfN+ub2/fsbjJixwWcoEijDnmU1wq5zEeP64XxT49R56/ChMT0xhKXmnnlw
ijV/EGX35xNPGRd3Wi9Z9F+zJePccVNOtobq6CQ00EuHKkFytqMNMqfe7+XxkZug
h70eTGwSYd3iLiKsbsE/2+Eynv9Jqj7rEbzlvRYEImZjHlvSuXRDyYd7mMzbQzek
F+APPvY9YlmEGQIDAQABo4H+MIH7MB0GA1UdDgQWBBS75bhWkQWeTeGGlxwRcO4d
uRywjTCBywYDVR0jBIHDMIHAgBS75bhWkQWeTeGGlxwRcO4duRywjaGBnKSBmTCB
ljELMAkGA1UEBhMCQ1oxCzAJBgNVBAgTAkNaMQ8wDQYDVQQHEwZQcmFndWUxDzAN
BgNVBAoTBkNaLk5JQzEPMA0GA1UECxMGVHVycmlzMRQwEgYDVQQDEwtTZW50aW5l
bCBDQTERMA8GA1UEKRMIU2VudGluZWwxHjAcBgkqhkiG9w0BCQEWD2FkbWluQHR1
cnJpcy5jeoIJAM3oziL/qM4GMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
ggIBAIGfkxSiYMO54JUqJmRPJeFml1qs++YQP0j4bhEToOP85j7ZoxIGfFYdakr7
RXJ5JmVceNw+MQ7JLWL0ydBvKaEYpUXVyqMYMeICxIZcB8jrgAwATxMzv5Ku5EXx
+7ee/aswCtkc5WO9c8BNLuqewCwHhplTBMSpR7BJ7zfCQnk3o1BBeXY41TcDj6/C
oY5rDv0Zput9m9f5w0+/ukUm6O2TnUh6L622Jv8EQlEeeP1xvKLKeNQOzjEYlguI
fXqqVXsjxToRRjY6XfOWbuxZDkEp5TXDqIqLIo2PhS4b/phXJw/S0v//oRh1YOKo
VEu4vBpTL2pKYFdaPGGLRR0ajXUKJagkQPyy+3I4TWvqE2c1LIkpJF/PlRuets3u
LxldSbBHLV380ubGa288ywDXI65PE4jdjaa/V1dcJ+kkgwc4BMIfFkU0LenQ8ucL
Mh6iFfeT0iXTyU7Jm9gfn+nqHoZY4i6i3g/2Byt1Dn36RAcjGXxAO2G19roCux9d
S42NowRqdbAVOFKjkQ2Ojk4i5FsqVkX+Ykf5jEfD/LnGZSKcHNjRIKU60Lc0r2+H
EzKOPyTHDcUioPfuXGcl112WfqU+/HWt4nW0QEpNKCNpZ6Opsl0alpESWOBSBN6j
+SZimokYV8q+L9XhyY6Y7Q7d9Szdm269J6FrPqih15AvpnTf
-----END CERTIFICATE-----
#
## Copyright (C) 2018 CZ.NIC z.s.p.o. (http://www.nic.cz/)
#
## This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
# #
#
include $(TOPDIR)/rules.mk
PKG_NAME:=sentinel-minipot
PKG_VERSION:=1
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://gitlab.labs.nic.cz/turris/sentinel/minipot.git
PKG_SOURCE_VERSION:=92fe831e424eb38ce4f3a015e0aebb7ec25bdaf1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
PKG_SOURCE_SUBDIR:=$(PKG_NAME)
PKG_MAINTAINER:=Martin Petracek <martin.petracek@nic.cz>
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
PKG_FIXUP:=autoreconf
include $(INCLUDE_DIR)/package.mk
define Package/$(PKG_NAME)
TITLE:=$(PKG_NAME)
DEPENDS:=+czmq +libevent2 +msgpack-c +sentinel-proxy
endef
define Build/Compile
$(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR) $(MAKE_FLAGS)
endef
define Package/$(PKG_NAME)/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/sentinel_minipot $(1)/usr/bin/sentinel-minipot
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) ./files/init $(1)/etc/init.d/sentinel-minipot
$(INSTALL_DIR) $(1)/etc/config
$(INSTALL_BIN) ./files/config $(1)/etc/config/sentinel
$(INSTALL_DIR) $(1)/etc/firewall.d
$(INSTALL_DIR) $(1)/etc/firewall.d/with_reload
$(INSTALL_BIN) ./files/fw_reload $(1)/etc/firewall.d/with_reload/99_sentinel_minipot.fw
endef
$(eval $(call BuildPackage,$(PKG_NAME)))
config sn 'minipot'
option telnet_port '2333'
option setup_fw '1'
#!/bin/sh
/etc/init.d/sentinel-minipot enabled && /etc/init.d/sentinel-minipot check_fw
#!/bin/sh /etc/rc.common
USE_PROCD=1
START=99
STOP=10
EXTRA_COMMANDS="check_fw"
iptables_ensure(){
iptables -C $@ 2>/dev/null || iptables -I $@
}
check_fw() {
FW_SETUP="`uci -q get sentinel.minipot.setup_fw | egrep -i '(1|yes|true|enabled|on)'`"
PORT="`uci -q get sentinel.minipot.telnet_port`"
WAN_IP="`ubus call network.interface.wan status | sed -n 's|.*address":[[:blank:]]*"\([0-9.]*\)".*|\1|p'`"
if [ "$FW_SETUP" -a "$PORT" -a "$WAN_IP" ]; then
iptables_ensure zone_wan_prerouting -t nat -p tcp -m tcp --dport 23 -m comment --comment "sentinel" -j DNAT --to-destination $WAN_IP:$PORT
iptables_ensure zone_wan_prerouting -t nat -p tcp -m tcp --dport 23 -j MARK --set-mark 0x10
echo "iptables -t nat -D zone_wan_prerouting -p tcp -m tcp --dport 23 -m comment --comment \"sentinel\" -j DNAT --to-destination $WAN_IP:$PORT" > /tmp/sentinel-remove-iptables
echo "iptables -t nat -D zone_wan_prerouting -p tcp -m tcp --dport 23 -j MARK --set-mark 0x10" >> /tmp/sentinel-remove-iptables
fi
}
start_service() {
TELNET_PORT="`uci -q get sentinel.minipot.telnet_port`"
check_fw
procd_open_instance
procd_set_param command /usr/bin/sentinel-minipot -T $TELNET_PORT
procd_set_param respawn ${respawn_threshold:-3600} ${respawn_timeout:-5} ${respawn_retry:-5}
procd_set_param file /etc/config/sentinel
procd_close_instance
}
stop_service() {
FW_SETUP="`uci -q get sentinel.minipot.setup_fw | egrep -i '(1|yes|true|enabled|on)'`"
if [ "$FW_SETUP" ] && [ -f /tmp/sentinel-remove-iptables ]; then
sh /tmp/sentinel-remove-iptables
rm -f /tmp/sentinel-remove-iptables
fi
}
#
## Copyright (C) 2018 CZ.NIC z.s.p.o. (http://www.nic.cz/)
#
## This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
# #
#
include $(TOPDIR)/rules.mk
PKG_NAME:=sentinel-proxy
PKG_VERSION:=1
PKG_RELEASE:=1
PKG_SOURCE_PROTO:=git
PKG_SOURCE_URL:=https://gitlab.labs.nic.cz/turris/sentinel/proxy.git
PKG_SOURCE_VERSION:=578d86aa4e0377c407a9656f77caef712611e083
PKG_SOURCE:=$(PKG_NAME)-$(PKG_SOURCE_VERSION).tar.gz
PKG_SOURCE_SUBDIR:=$(PKG_NAME)
PKG_MAINTAINER:=Martin Petracek <martin.petracek@nic.cz>
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
PKG_FIXUP:=autoreconf
include $(INCLUDE_DIR)/package.mk
define Package/$(PKG_NAME)
TITLE:=$(PKG_NAME)
DEPENDS:=+czmq +libpaho-mqtt-c +zlib +libopenssl +sentinel-certgen
endef
define Build/Compile
$(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR) $(MAKE_FLAGS)
endef
define Package/$(PKG_NAME)/install
$(INSTALL_DIR) $(1)/usr/bin
$(INSTALL_BIN) $(PKG_BUILD_DIR)/sentinel_proxy $(1)/usr/bin/sentinel-proxy
$(INSTALL_DIR) $(1)/etc/init.d
$(INSTALL_BIN) files/init $(1)/etc/init.d/sentinel-proxy
endef
$(eval $(call BuildPackage,$(PKG_NAME)))
#!/bin/sh /etc/rc.common
USE_PROCD=1
START=95
STOP=10
get_cert() {
/usr/bin/python3 /usr/libexec/sentinel_certgen.py --certdir /etc/sentinel/ -H sentinel.turris.cz -p 443
}
start_service() {
[ ! -f /etc/sentinel/router.crt ] && get_cert
procd_open_instance
procd_set_param command /usr/bin/sentinel-proxy --cert /etc/sentinel/router.pem --key /etc/sentinel/router.key --ca /etc/sentinel/ca.pem
procd_set_param respawn ${respawn_threshold:-600} ${respawn_timeout:-5} ${respawn_retry:-5}
procd_close_instance
}
# Copyright (C) 2018 CZ.NIC, z.s.p.o.
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=libpaho-mqtt-c
PKG_VERSION:=1.2.0
PKG_RELEASE=1
PKG_SOURCE:=v$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/eclipse/paho.mqtt.c/archive/
PKG_BUILD_DIR:=$(BUILD_DIR)/paho.mqtt.c-$(PKG_VERSION)
PKG_MD5SUM:=6897eea98dc0a0e6fd6bed4dd3a4bbe5
PKG_MAINTAINER:=CZ.NIC <packaging@turris.cz>
PKG_INSTALL:=1
PKG_FIXUP:=autoreconf
PKG_BUILD_PARALLEL:=1
PKG_LICENSE:=EPL-1.0
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/host-build.mk
include $(INCLUDE_DIR)/cmake.mk
CMAKE_OPTIONS += -DPAHO_WITH_SSL=TRUE -DPAHO_BUILD_DOCUMENTATION=FALSE -DPAHO_BUILD_SAMPLES=FALSE
define Package/libpaho-mqtt-c
SECTION:=libs
CATEGORY:=Libraries
TITLE:=Eclipse Paho MQTT C library
DEPENDS:=+libopenssl
endef
define Build/Compile
$(MAKE) -C $(PKG_BUILD_DIR) CFLAGS="$(TARGET_CFLAGS) $(EXTRA_CFLAGS) $(TARGET_CPPFLAGS) $(EXTRA_CPPFLAGS)"
endef
define Build/InstallDev
$(CP) $(PKG_INSTALL_DIR)/* $(1)/
endef
define Package/libpaho-mqtt-c/install
$(INSTALL_DIR) $(1)/usr/lib
$(CP) $(PKG_INSTALL_DIR)/usr/lib/libpaho-*.so* $(1)/usr/lib/
endef
$(eval $(call BuildPackage,libpaho-mqtt-c))
# Copyright (C) 2018 CZ.NIC, z.s.p.o.
#
# This is free software, licensed under the GNU General Public License v2.
# See /LICENSE for more information.
#
include $(TOPDIR)/rules.mk
PKG_NAME:=msgpack-c
PKG_VERSION:=2.1.5
PKG_RELEASE=1
PKG_SOURCE:=cpp-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=https://github.com/msgpack/msgpack-c/archive
PKG_BUILD_DIR:=$(BUILD_DIR)/msgpack-c-cpp-$(PKG_VERSION)
PKG_MD5SUM:=6536e2072a1006e2004e2963081692a2
PKG_MAINTAINER:=CZ.NIC <packaging@turris.cz>
PKG_INSTALL:=1
PKG_FIXUP:=autoreconf
PKG_BUILD_PARALLEL:=1
PKG_LICENSE:=Boost Software Licence
include $(INCLUDE_DIR)/package.mk
include $(INCLUDE_DIR)/host-build.mk
include $(INCLUDE_DIR)/cmake.mk
define Package/msgpack-c
SECTION:=libs
CATEGORY:=Libraries
TITLE:=Msgpack C/C++ library
DEPENDS:=
endef
define Build/Compile
$(MAKE) -C $(PKG_BUILD_DIR) CFLAGS="$(TARGET_CFLAGS) $(EXTRA_CFLAGS) $(TARGET_CPPFLAGS) $(EXTRA_CPPFLAGS)"
endef
define Build/InstallDev
$(CP) $(PKG_INSTALL_DIR)/* $(1)/
endef
define Package/msgpack-c/install
true
#$(INSTALL_DIR) $(1)/usr/lib
#$(CP) $(PKG_INSTALL_DIR)/usr/lib/libpaho-*.so* $(1)/usr/lib/
endef
$(eval $(call BuildPackage,msgpack-c))
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment