From: Ansuel Smith Date: Thu, 22 Apr 2021 23:58:41 +0000 (+0200) Subject: atlas-sw-probe: improve key creation X-Git-Url: http://git.lede-project.org./?a=commitdiff_plain;h=refs%2Fpull%2F15488%2Fhead;p=feed%2Fpackages.git atlas-sw-probe: improve key creation - Exit start if a probe_key is not present - Add create_key command to generate a private_key based on the provided username in the atlas config. - Add registration instruction in /etc/atlas - Rework script to save probe_key on sysupgrade (the key are now adviced to be placed in the /etc/atlas dir and a link is used to make them accessible in the atlas-sw-scripts etc dir) Signed-off-by: Ansuel Smith --- diff --git a/net/atlas-sw-probe/Makefile b/net/atlas-sw-probe/Makefile index b4cc2f3183..41043749c5 100644 --- a/net/atlas-sw-probe/Makefile +++ b/net/atlas-sw-probe/Makefile @@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk PKG_NAME:=atlas-sw-probe PKG_VERSION:=5020 -PKG_RELEASE:=1 +PKG_RELEASE:=2 PKG_SOURCE_PROTO:=git PKG_SOURCE_URL:=https://github.com/RIPE-NCC/ripe-atlas-software-probe.git @@ -30,7 +30,7 @@ define Package/atlas-sw-probe CATEGORY:=Network TITLE:=RIPE Atlas software probe URL:=https://atlas.ripe.net/about/probes/ - DEPENDS:=+atlas-probe + DEPENDS:=+atlas-probe +PACKAGE_dropbear:dropbearconvert endef define Package/atlas-sw-probe/description @@ -68,6 +68,7 @@ exit 0 endef define Package/atlas-sw-probe/conffiles +/etc/atlas/ /etc/config/atlas /usr/libexec/atlas-probe-scripts/state/config.txt endef @@ -104,6 +105,10 @@ define Package/atlas-sw-probe/install # Fix permision chmod 755 $(1)/$(SCRIPTS_DIR)/bin + # Add registration instruction + $(INSTALL_DIR) $(1)/etc/atlas/ + $(CP) ./files/atlas.readme $(1)/etc/atlas/ + # Create softlinks for writable dirs $(LN) $(TMP_BASE_DIR)/crons $(1)/$(SCRIPTS_DIR)/crons $(LN) $(TMP_BASE_DIR)/data $(1)/$(SCRIPTS_DIR)/data diff --git a/net/atlas-sw-probe/files/atlas.conf b/net/atlas-sw-probe/files/atlas.conf index d2a12a523f..77a47c0af9 100644 --- a/net/atlas-sw-probe/files/atlas.conf +++ b/net/atlas-sw-probe/files/atlas.conf @@ -2,3 +2,4 @@ config atlas 'common' option log_stderr '1' option log_stdout '0' option rxtxrpt '1' + option username '' diff --git a/net/atlas-sw-probe/files/atlas.init b/net/atlas-sw-probe/files/atlas.init index c5495cd9a2..bc826c0029 100644 --- a/net/atlas-sw-probe/files/atlas.init +++ b/net/atlas-sw-probe/files/atlas.init @@ -2,12 +2,13 @@ USE_PROCD=1 START=30 -EXTRA_COMMANDS="get_key probeid log create_backup load_backup" +EXTRA_COMMANDS="get_key probeid log create_backup load_backup create_key" EXTRA_HELP=" get_key print probe public key (used for probe registration) probeid print probe id log print probe status log create_backup backup ssh key to tar.gz load_backup 'backup.tar.gz' load backup ssh key from tar.gz + create_key create probe priv/pub key " SCRIPTS_DIR="/usr/libexec/atlas-probe-scripts" @@ -57,6 +58,58 @@ create_backup() { fi } +create_key() { + local username + local probe_key=/etc/atlas/probe_key + local probe_pub_key=/etc/atlas/probe_key.pub + + config_load atlas + + config_get username "common" username + + if [ -f "$PRIV_KEY_FILE" ]; then + if [ ! -f $probe_key ]; then + print_msg "Missing probe_key in /etc/atlas" + print_msg "The key will be lost on sysupgrade. Cosider moving the keys in /etc/atlas and create a link in the $SCRIPTS_DIR/etc/ dir." + fi + + print_msg "probe_key already present. Exiting..." + exit 1 + fi + + if [ -z "$username" ]; then + print_msg "Username not set in atlas config file. Enter your ripe-atlas username." + exit 1 + fi + + if [ -n "$(which ssh-keygen)" ]; then + ssh-keygen -t rsa -b 2048 -f $probe_key -N "" + sed -i "s/ \S*$/ "$username"/" $probe_pub_key + elif [ -n "$(which dropbearkey)" ] && [ -n "$(which dropbearconvert)" ]; then + local public_key + + public_key="$(dropbearkey -t rsa -f /etc/atlas/probe_key_dropbear -s 2048 | sed -n 2p)" + public_key="$(echo "$public_key" | sed "s/ \S*$/ "$username"/")" + echo $public_key > $probe_pub_key + dropbearconvert dropbear openssh /etc/atlas/probe_key_dropbear $probe_key + rm /etc/atlas/probe_key_dropbear + else + print_msg "Can't find a way to generate key." + exit 1 + fi + + #Link priv/pub key + [ -f $PRIV_KEY_FILE ] || ln -s $probe_key $PRIV_KEY_FILE + [ -f $PRIV_KEY_FILE ] || ln -s $probe_pub_key $PUB_KEY_FILE + + #Fix permission + chown atlas $probe_key $probe_pub_key + chgrp atlas $probe_key $probe_pub_key + chmod 644 $probe_key $probe_pub_key + + print_msg "Key generated successfully. Use the get_key command to show the public key and get instruction on how to register your probe." +} + log() { if [ -f "$LOG_FILE" ];then tail "$LOG_FILE" @@ -155,6 +208,12 @@ start_service() { local rxtxrpt local test_setting + if [ ! -f $PRIV_KEY_FILE ]; then + print_msg "Missing probe_key. To init the key follow instruction in /etc/atlas/atlas.readme" + print_msg "Assuming atlas-sw-probe not init. Exiting..." + exit 1 + fi + create_tmp_dirs config_load atlas diff --git a/net/atlas-sw-probe/files/atlas.readme b/net/atlas-sw-probe/files/atlas.readme new file mode 100644 index 0000000000..ec446210f7 --- /dev/null +++ b/net/atlas-sw-probe/files/atlas.readme @@ -0,0 +1,12 @@ +# Atlas probe setup instruction + +The atlas probe software requires a rsa 2048-4096 key for registration. + +Follow these steps to register your probe on the ripe-atlas systems. +1. Insert your username in the atlas config file (/etc/config/atlas) +2. Use the command '/etc/init.d/atlas create_key' to create a priv/pub key. +3. The priv/pub key will be stored on the directory /etc/atlas/ +4. Use the command '/etc/init.d/atlas get_key' to get the public key used for probe registration. + Make sure to copy the entire key and that the last value is the correct username +5. Follow the instruction from the past command or go to 'https://atlas.ripe.net/apply/swprobe/' + and register your probe.