atlas-sw-probe: improve key creation

- Exit start if a probe_key is not present - Add create_key command to generate a private_key based on the provided username in the atlas config. - Add registration instruction in /etc/atlas - Rework script to save probe_key on sysupgrade (the key are now adviced to be placed in the /etc/atlas dir and a link is used to make them accessible in the atlas-sw-scripts etc dir) Signed-off-by: Ansuel Smith <ansuelsmth@gmail.com> (cherry picked from commit 0afe371bab)
2021-04-23 01:58:41 +02:00 · 2021-04-23 01:58:41 +02:00 · 692b87b44c
commit 692b87b44c
parent 807bd76335
4 changed files with 80 additions and 3 deletions
--- a/net/atlas-sw-probe/Makefile
+++ b/net/atlas-sw-probe/Makefile
@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk

 PKG_NAME:=atlas-sw-probe
 PKG_VERSION:=5020
-PKG_RELEASE:=1
+PKG_RELEASE:=2

 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/RIPE-NCC/ripe-atlas-software-probe.git
@ -30,7 +30,7 @@ define Package/atlas-sw-probe
  CATEGORY:=Network
  TITLE:=RIPE Atlas software probe
  URL:=https://atlas.ripe.net/about/probes/
-  DEPENDS:=+atlas-probe
+  DEPENDS:=+atlas-probe +PACKAGE_dropbear:dropbearconvert
 endef

 define Package/atlas-sw-probe/description
@ -68,6 +68,7 @@ exit 0
 endef

 define Package/atlas-sw-probe/conffiles
+/etc/atlas/
 /etc/config/atlas
 /usr/libexec/atlas-probe-scripts/state/config.txt
 endef
@ -104,6 +105,10 @@ define Package/atlas-sw-probe/install
 	# Fix permision
 	chmod 755 $(1)/$(SCRIPTS_DIR)/bin

+	# Add registration instruction
+	$(INSTALL_DIR) $(1)/etc/atlas/
+	$(CP) ./files/atlas.readme $(1)/etc/atlas/
+
 	# Create softlinks for writable dirs
 	$(LN) $(TMP_BASE_DIR)/crons $(1)/$(SCRIPTS_DIR)/crons
 	$(LN) $(TMP_BASE_DIR)/data $(1)/$(SCRIPTS_DIR)/data
--- a/net/atlas-sw-probe/files/atlas.conf
+++ b/net/atlas-sw-probe/files/atlas.conf
@ -2,3 +2,4 @@ config atlas 'common'
 	option log_stderr '1'
 	option log_stdout '0'
 	option rxtxrpt '1'
+	option username ''
--- a/net/atlas-sw-probe/files/atlas.init
+++ b/net/atlas-sw-probe/files/atlas.init
@ -2,12 +2,13 @@

 USE_PROCD=1
 START=30
-EXTRA_COMMANDS="get_key probeid log create_backup load_backup"
+EXTRA_COMMANDS="get_key probeid log create_backup load_backup create_key"
 EXTRA_HELP="	get_key	print probe public key (used for probe registration)
 	probeid	print probe id
 	log	print probe status log
 	create_backup 	backup ssh key to tar.gz
 	load_backup 'backup.tar.gz' 	load backup ssh key from tar.gz
+	create_key create probe priv/pub key 
 "

 SCRIPTS_DIR="/usr/libexec/atlas-probe-scripts"
@ -57,6 +58,58 @@ create_backup() {
 	fi
 }

+create_key() {
+	local username
+	local probe_key=/etc/atlas/probe_key
+	local probe_pub_key=/etc/atlas/probe_key.pub
+
+	config_load atlas
+
+	config_get username "common" username
+
+	if [ -f "$PRIV_KEY_FILE" ]; then
+		if [ ! -f $probe_key ]; then
+			print_msg "Missing probe_key in /etc/atlas"
+			print_msg "The key will be lost on sysupgrade. Cosider moving the keys in /etc/atlas and create a link in the $SCRIPTS_DIR/etc/ dir."
+		fi
+
+		print_msg "probe_key already present. Exiting..."
+		exit 1
+	fi
+
+	if [ -z "$username" ]; then
+		print_msg "Username not set in atlas config file. Enter your ripe-atlas username."
+		exit 1
+	fi
+
+	if [ -n "$(which ssh-keygen)" ]; then
+		ssh-keygen -t rsa -b 2048 -f $probe_key -N ""
+		sed -i "s/ \S*$/ "$username"/" $probe_pub_key
+	elif [ -n "$(which dropbearkey)" ] && [ -n "$(which dropbearconvert)" ]; then
+		local public_key
+
+		public_key="$(dropbearkey -t rsa -f /etc/atlas/probe_key_dropbear -s 2048 | sed -n 2p)"
+		public_key="$(echo "$public_key" | sed "s/ \S*$/ "$username"/")"
+		echo $public_key > $probe_pub_key
+		dropbearconvert dropbear openssh /etc/atlas/probe_key_dropbear $probe_key
+		rm /etc/atlas/probe_key_dropbear
+	else
+		print_msg "Can't find a way to generate key."
+		exit 1
+	fi
+
+	#Link priv/pub key
+	[ -f $PRIV_KEY_FILE ] || ln -s $probe_key $PRIV_KEY_FILE
+	[ -f $PRIV_KEY_FILE ] || ln -s $probe_pub_key $PUB_KEY_FILE
+
+	#Fix permission
+	chown atlas $probe_key $probe_pub_key
+	chgrp atlas $probe_key $probe_pub_key
+	chmod 644 $probe_key $probe_pub_key
+
+	print_msg "Key generated successfully. Use the get_key command to show the public key and get instruction on how to register your probe."
+}
+
 log() {
 	if [ -f "$LOG_FILE" ];then
 		tail "$LOG_FILE"
@ -155,6 +208,12 @@ start_service() {
 	local rxtxrpt
 	local test_setting

+	if [ ! -f $PRIV_KEY_FILE ]; then
+		print_msg "Missing probe_key. To init the key follow instruction in /etc/atlas/atlas.readme"
+		print_msg "Assuming atlas-sw-probe not init. Exiting..."
+		exit 1
+	fi
+
 	create_tmp_dirs

 	config_load atlas
--- a/net/atlas-sw-probe/files/atlas.readme
+++ b/net/atlas-sw-probe/files/atlas.readme
@ -0,0 +1,12 @@
+# Atlas probe setup instruction
+
+The atlas probe software requires a rsa 2048-4096 key for registration.
+
+Follow these steps to register your probe on the ripe-atlas systems.
+1. Insert your username in the atlas config file (/etc/config/atlas)
+2. Use the command '/etc/init.d/atlas create_key' to create a priv/pub key.
+3. The priv/pub key will be stored on the directory /etc/atlas/
+4. Use the command '/etc/init.d/atlas get_key' to get the public key used for probe registration.
+   Make sure to copy the entire key and that the last value is the correct username
+5. Follow the instruction from the past command or go to 'https://atlas.ripe.net/apply/swprobe/'
+   and register your probe.