atlas-sw-probe: improve key creation

- Exit start if a probe_key is not present - Add create_key command to generate a private_key based on the provided username in the atlas config. - Add registration instruction in /etc/atlas - Rework script to save probe_key on sysupgrade (the key are now adviced to be placed in the /etc/atlas dir and a link is used to make them accessible in the atlas-sw-scripts etc dir) Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com>
2021-04-23 01:58:41 +02:00 · 2021-04-23 01:58:41 +02:00 · 0afe371bab
commit 0afe371bab
parent c597f12bb6
4 changed files with 80 additions and 3 deletions
--- a/net/atlas-sw-probe/Makefile
+++ b/net/atlas-sw-probe/Makefile
@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
 PKG_NAME:=atlas-sw-probe
 PKG_VERSION:=5020
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/RIPE-NCC/ripe-atlas-software-probe.git
@ -30,7 +30,7 @@ define Package/atlas-sw-probe
  CATEGORY:=Network
  TITLE:=RIPE Atlas software probe
  URL:=https://atlas.ripe.net/about/probes/
-  DEPENDS:=+atlas-probe
+  DEPENDS:=+atlas-probe +PACKAGE_dropbear:dropbearconvert
 endef
 define Package/atlas-sw-probe/description
@ -68,6 +68,7 @@ exit 0
 endef
 define Package/atlas-sw-probe/conffiles
 /etc/atlas/
 /etc/config/atlas
 /usr/libexec/atlas-probe-scripts/state/config.txt
 endef
@ -104,6 +105,10 @@ define Package/atlas-sw-probe/install
 	# Fix permision
 	chmod 755 $(1)/$(SCRIPTS_DIR)/bin
 	# Add registration instruction
 	$(INSTALL_DIR) $(1)/etc/atlas/
 	$(CP) ./files/atlas.readme $(1)/etc/atlas/
 	# Create softlinks for writable dirs
 	$(LN) $(TMP_BASE_DIR)/crons $(1)/$(SCRIPTS_DIR)/crons
 	$(LN) $(TMP_BASE_DIR)/data $(1)/$(SCRIPTS_DIR)/data
--- a/net/atlas-sw-probe/files/atlas.conf
+++ b/net/atlas-sw-probe/files/atlas.conf
@ -2,3 +2,4 @@ config atlas 'common'
 	option log_stderr '1'
 	option log_stdout '0'
 	option rxtxrpt '1'
 	option username ''
--- a/net/atlas-sw-probe/files/atlas.init
+++ b/net/atlas-sw-probe/files/atlas.init
@ -2,12 +2,13 @@
 USE_PROCD=1
 START=30
-EXTRA_COMMANDS="get_key probeid log create_backup load_backup"
+EXTRA_COMMANDS="get_key probeid log create_backup load_backup create_key"
 EXTRA_HELP="	get_key	print probe public key (used for probe registration)
 	probeid	print probe id
 	log	print probe status log
 	create_backup 	backup ssh key to tar.gz
 	load_backup 'backup.tar.gz' 	load backup ssh key from tar.gz
 	create_key create probe priv/pub key 
 "
 SCRIPTS_DIR="/usr/libexec/atlas-probe-scripts"
@ -57,6 +58,58 @@ create_backup() {
 	fi
 }
 create_key() {
 	local username
 	local probe_key=/etc/atlas/probe_key
 	local probe_pub_key=/etc/atlas/probe_key.pub
 	config_load atlas
 	config_get username "common" username
 	if [ -f "$PRIV_KEY_FILE" ]; then
 		if [ ! -f $probe_key ]; then
 			print_msg "Missing probe_key in /etc/atlas"
 			print_msg "The key will be lost on sysupgrade. Cosider moving the keys in /etc/atlas and create a link in the $SCRIPTS_DIR/etc/ dir."
 		fi
 		print_msg "probe_key already present. Exiting..."
 		exit 1
 	fi
 	if [ -z "$username" ]; then
 		print_msg "Username not set in atlas config file. Enter your ripe-atlas username."
 		exit 1
 	fi
 	if [ -n "$(which ssh-keygen)" ]; then
 		ssh-keygen -t rsa -b 2048 -f $probe_key -N ""
 		sed -i "s/ \S*$/ "$username"/" $probe_pub_key
 	elif [ -n "$(which dropbearkey)" ] && [ -n "$(which dropbearconvert)" ]; then
 		local public_key
 		public_key="$(dropbearkey -t rsa -f /etc/atlas/probe_key_dropbear -s 2048 | sed -n 2p)"
 		public_key="$(echo "$public_key" | sed "s/ \S*$/ "$username"/")"
 		echo $public_key > $probe_pub_key
 		dropbearconvert dropbear openssh /etc/atlas/probe_key_dropbear $probe_key
 		rm /etc/atlas/probe_key_dropbear
 	else
 		print_msg "Can't find a way to generate key."
 		exit 1
 	fi
 	#Link priv/pub key
 	[ -f $PRIV_KEY_FILE ] || ln -s $probe_key $PRIV_KEY_FILE
 	[ -f $PRIV_KEY_FILE ] || ln -s $probe_pub_key $PUB_KEY_FILE
 	#Fix permission
 	chown atlas $probe_key $probe_pub_key
 	chgrp atlas $probe_key $probe_pub_key
 	chmod 644 $probe_key $probe_pub_key
 	print_msg "Key generated successfully. Use the get_key command to show the public key and get instruction on how to register your probe."
 }
 log() {
 	if [ -f "$LOG_FILE" ];then
 		tail "$LOG_FILE"
@ -155,6 +208,12 @@ start_service() {
 	local rxtxrpt
 	local test_setting
 	if [ ! -f $PRIV_KEY_FILE ]; then
 		print_msg "Missing probe_key. To init the key follow instruction in /etc/atlas/atlas.readme"
 		print_msg "Assuming atlas-sw-probe not init. Exiting..."
 		exit 1
 	fi
 	create_tmp_dirs
 	config_load atlas
--- a/net/atlas-sw-probe/files/atlas.readme
+++ b/net/atlas-sw-probe/files/atlas.readme
@ -0,0 +1,12 @@
 # Atlas probe setup instruction
 The atlas probe software requires a rsa 2048-4096 key for registration.
 Follow these steps to register your probe on the ripe-atlas systems.
 1. Insert your username in the atlas config file (/etc/config/atlas)
 2. Use the command '/etc/init.d/atlas create_key' to create a priv/pub key.
 3. The priv/pub key will be stored on the directory /etc/atlas/
 4. Use the command '/etc/init.d/atlas get_key' to get the public key used for probe registration.
   Make sure to copy the entire key and that the last value is the correct username
 5. Follow the instruction from the past command or go to 'https://atlas.ripe.net/apply/swprobe/'
   and register your probe.