From 83d41fdd19ede2d664fd2195e36861dc7200021a Mon Sep 17 00:00:00 2001
From: Steven Barth <steven@midlink.org>
Date: Fri, 10 Apr 2015 18:57:25 +0200
Subject: [PATCH] hnetd: update to latest

Signed-off-by: Steven Barth <steven@midlink.org>
---
 hnetd/Makefile          | 55 ++++++++++++++++++++++++++++++++---------
 hnetd/files/hnet.config | 11 +++++++++
 hnetd/files/hnetd.init  | 22 +++++++++++++++++
 3 files changed, 76 insertions(+), 12 deletions(-)

diff --git a/hnetd/Makefile b/hnetd/Makefile
index 9f681bd..a456ff1 100644
--- a/hnetd/Makefile
+++ b/hnetd/Makefile
@@ -7,12 +7,12 @@
 include $(TOPDIR)/rules.mk
 
 PKG_NAME:=hnetd
-PKG_SOURCE_VERSION:=10b22c409f2ecadaaec45e068fd01c74ffe5c772
-PKG_VERSION:=2014-11-25-$(PKG_SOURCE_VERSION)
+PKG_SOURCE_VERSION:=faa2b7a42c33f23fac9e08f8e70a8c7ed59ce812
+PKG_VERSION:=2015-04-10-$(PKG_SOURCE_VERSION)
 PKG_RELEASE:=1
 
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_URL:=git://github.com/sbyx/hnetd.git
+PKG_SOURCE_URL:=https://github.com/sbyx/hnetd.git
 PKG_MAINTAINER:=Steven Barth <cyrus@openwrt.org>
 PKG_LICENSE:=GPL-2.0
 
@@ -28,21 +28,43 @@ CMAKE_OPTIONS += -DL_LEVEL=7
 # OpenWRT target
 CMAKE_OPTIONS += -DBACKEND=openwrt
 
-define Package/hnetd
+ifeq ($(BUILD_VARIANT),openssl)
+CMAKE_OPTIONS += -DDTLS_OPENSSL=1
+endif
+
+define Package/hnetd/Default
   SECTION:=net
   CATEGORY:=Network
-  TITLE:=HNCP Homenet daemon
+  TITLE:=HNCP Homenet daemon - $(2)
   URL:=https://github.com/sbyx/hnetd
-  DEPENDS:=+odhcpd +odhcp6c +netifd
+  DEPENDS:=+odhcpd +odhcp6c +netifd $(3)
   DEPENDS+=+@IPV6
+  VARIANT:=$1
 endef
 
+Package/hnetd-nossl=$(call Package/hnetd/Default,nossl,no authentication)
+Package/hnetd-openssl=$(call Package/hnetd/Default,openssl,authentication via OpenSSL,+libopenssl)
+
 define Package/hnet-full
   SECTION:=net
   CATEGORY:=Network
   TITLE:=HNCP Homenet metapackage
   URL:=https://github.com/sbyx/hnetd
-  DEPENDS:=+hnetd +luci-app-hnet
+  DEPENDS:=+hnetd-nossl +luci-app-hnet
+  # Routing
+  DEPENDS+=+babels
+  # Service discovery
+  DEPENDS+=+ohybridproxy
+  # Distributed PCP support
+  DEPENDS+=+miniupnpd +minimalist-pcproxy
+endef
+
+define Package/hnet-full-secure
+  SECTION:=net
+  CATEGORY:=Network
+  TITLE:=HNCP Homenet metapackage
+  URL:=https://github.com/sbyx/hnetd
+  DEPENDS:=+hnetd-openssl +luci-app-hnet
   # Routing
   DEPENDS+=+babels
   # Service discovery
@@ -56,22 +78,25 @@ define Package/luci-app-hnet
   CATEGORY:=LuCI
   SUBMENU:=3. Applications
   TITLE:=HNCP Homenet configuration and visualization
-  DEPENDS:=+hnetd
+#  DEPENDS:=+hnetd
+# TBD - how to express dependency on 'some' hnetd?
 endef
 
-define Package/hnetd/description
+define Package/hnetd-$(BUILD_VARIANT)/description
 This package provides a daemon which implementats distributed prefix assignment
 and service discovery for a home network consisting of multiple routers
 connected to multiple service providers. It provides a netifd protocol "hnet"
 for use in /etc/config/network.
 endef
 
-define Package/hnetd/install
+define Package/hnetd-$(BUILD_VARIANT)/install
 	$(INSTALL_DIR) $(1)/usr/sbin/
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/hnetd $(1)/usr/sbin/
 	$(INSTALL_DIR) $(1)/lib/netifd/proto
 	$(INSTALL_BIN) $(PKG_BUILD_DIR)/openwrt/hnet.sh $(1)/lib/netifd/proto
 	ln -s hnetd $(1)/usr/sbin/hnet-ifresolve
+	ln -s hnetd $(1)/usr/sbin/hnet-trust
+	ln -s hnetd $(1)/usr/sbin/hnet-dump
 	$(INSTALL_DIR) $(1)/etc/init.d
 	$(INSTALL_BIN) ./files/hnetd.init $(1)/etc/init.d/hnetd
 	$(INSTALL_DIR) $(1)/etc/config
@@ -87,6 +112,10 @@ define Package/hnet-full/install
 	true
 endef
 
+define Package/hnet-full-secure/install
+	true
+endef
+
 define Package/luci-app-hnet/install
 	$(INSTALL_DIR) $(1)/usr/lib/lua/luci
 	$(INSTALL_DIR) $(1)/www
@@ -94,7 +123,7 @@ define Package/luci-app-hnet/install
 	$(CP) -R $(PKG_BUILD_DIR)/openwrt/luci/htdocs/* $(1)/www/
 endef
 
-define Package/hnetd/postinst
+define Package/hnetd-$(BUILD_VARIANT)/postinst
 #!/bin/sh
 [ -n "$${IPKG_INSTROOT}" ] || {
 	(. /etc/uci-defaults/x-hnetd.defaults) && rm -f /etc/uci-defaults/x-hnetd.defaults
@@ -104,6 +133,8 @@ define Package/hnetd/postinst
 }
 endef
 
-$(eval $(call BuildPackage,hnetd))
+$(eval $(call BuildPackage,hnetd-nossl))
+$(eval $(call BuildPackage,hnetd-openssl))
 $(eval $(call BuildPackage,hnet-full))
+$(eval $(call BuildPackage,hnet-full-secure))
 $(eval $(call BuildPackage,luci-app-hnet))
diff --git a/hnetd/files/hnet.config b/hnetd/files/hnet.config
index 462f045..6ac396f 100644
--- a/hnetd/files/hnet.config
+++ b/hnetd/files/hnet.config
@@ -1,3 +1,14 @@
+config security security
+# Simplest security mode:
+#	option password foo
+# Trust consensus and CA-based share these options:
+#	option certificate_file /etc/hnetd-cert.pem
+#	option private_key_file /etc/hnetd-key.pem
+# Then to enable trust consensus:
+#	option trust_store /etc/hnetd-trust.dat
+# Or CA-based authentication:
+#	option trust_certificate_file /etc/ca-cert.pem
+
 config pa pa
 #	option ip4prefix 10.0.0.0/8
 #	option ulaprefix fd12:3456:789A::/48
diff --git a/hnetd/files/hnetd.init b/hnetd/files/hnetd.init
index 3c5505d..6d7d0ec 100644
--- a/hnetd/files/hnetd.init
+++ b/hnetd/files/hnetd.init
@@ -51,6 +51,7 @@ start_service() {
     # Routing script
     procd_append_param command -r /usr/sbin/hnetd-routing
 
+    # Prefix assignment (pa)
     config_get val pa ip4prefix
     [ -n "$val" ] && procd_append_param command --ip4prefix $val
 
@@ -60,15 +61,36 @@ start_service() {
     config_get val pa ulamode
     [ -n "$val" ] && procd_append_param command --ulamode $val
 
+    # Service discovery (sd)
     config_get val sd router_name
     [ -n "$val" ] && procd_append_param command -n $val
 
     config_get val sd domain_name
     [ -n "$val" ] && procd_append_param command -m $val
 
+    # Security (needs security-enabled build)
+    config_get val security password
+    [ -n "$val" ] && procd_append_param command --password $val
+
+    config_get val security certificate_file
+    [ -n "$val" ] && procd_append_param command --certificate $val
+
+    config_get val security private_key_file
+    [ -n "$val" ] && procd_append_param command --privatekey $val
+
+    config_get val security trust_store
+    [ -n "$val" ] && procd_append_param command --trust $val
+
+    config_get val security trust_certificate_file
+    [ -n "$val" ] && procd_append_param command --verify-path $val
+
     # For more verbose logging, uncomment this:
     #procd_append_param command --loglevel 7
 
     procd_set_param respawn
     procd_close_instance
 }
+
+service_triggers() {
+    procd_add_reload_trigger "hnet"
+}
-- 
2.30.2