scottk/wlan-ap
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-ap.git synced 2025-11-02 19:37:51 +00:00
Code Issues Packages Projects Releases 10 Wiki Activity

certificates: add support for tar file based certificate storage

Browse Source 
Fixes: WIFI-14694
Signed-off-by: John Crispin <john@phrozen.org>
This commit is contained in:
John Crispin
2025-06-18 13:26:42 +02:00
parent 721fb4cc4d
commit aa78f40843
3 changed files with 57 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
feeds/tip/certificates/files/usr/bin/mount_certs
View File

@@ -6,20 +6,17 @@ check_certificates() {
check_certificates check_certificates
bootconfig_lookup() {
case "$(fw_printenv -n cert_part)" in
0) echo "0:BOOTCONFIG"
;;
1) echo "0:BOOTCONFIG1"
;;
esac
}
. /lib/functions.sh . /lib/functions.sh
mkdir -p /certificates /etc/ucentral/ mkdir -p /certificates /etc/ucentral/
mtd=$(find_mtd_index certificates)
if [ "$(head -c 4 /dev/mtd$mtd)" == "hsqs" ]; then
mount -t squashfs /dev/mtdblock$mtd /certificates
else
[ -n "$mtd" -a -f /sys/class/mtd/mtd$mtd/oobsize ] && ubiattach -p /dev/mtd$mtd
if [ -n "$(ubinfo -a | grep certificates)" ]; then
[ -e /dev/ubi0 ] && mount -t ubifs ubi0:certificates /certificates
[ -e /dev/ubi1 ] && mount -t ubifs ubi1:certificates /certificates
fi
fi
case "$(board_name)" in case "$(board_name)" in
cig,wf660a) cig,wf660a)
mmc_dev=$(echo $(find_mmc_part "0:ETHPHYFW") | sed 's/^.\{5\}//') mmc_dev=$(echo $(find_mmc_part "0:ETHPHYFW") | sed 's/^.\{5\}//')
@@ -31,8 +28,28 @@ cig,wf672)
;; ;;
sonicfi,rap7110c-341x) sonicfi,rap7110c-341x)
mmc_dev=$(echo $(find_mmc_part "certificates") | sed 's/^.\{5\}//') mmc_dev=$(echo $(find_mmc_part "certificates") | sed 's/^.\{5\}//')
[ -n "$mmc_dev" ] && mount -t squashfs /dev/$mmc_dev /certificates [ -n "$mmc_dev" ] && mount -t squashfs /dev/$mmc_dev /mnt
bootconfig=$(bootconfig_lookup)
if [ -n "$bootconfig" ]; then
mmc_dev=$(echo $(find_mmc_part "$bootconfig") | sed 's/^.\{5\}//')
[ -n "$mmc_dev" ] && tar xf /dev/$mmc_dev -C /certificates
else
cp /mnt/* /certificates/
umount /mnt
fi
;; ;;
*)
mtd=$(find_mtd_index certificates)
if [ "$(head -c 4 /dev/mtd$mtd)" == "hsqs" ]; then
mount -t squashfs /dev/mtdblock$mtd /certificates
else
[ -n "$mtd" -a -f /sys/class/mtd/mtd$mtd/oobsize ] && ubiattach -p /dev/mtd$mtd
if [ -n "$(ubinfo -a | grep certificates)" ]; then
[ -e /dev/ubi0 ] && mount -t ubifs ubi0:certificates /certificates
[ -e /dev/ubi1 ] && mount -t ubifs ubi1:certificates /certificates
fi
fi
esac esac
check_certificates check_certificates

25
feeds/tip/certificates/files/usr/bin/store_certs Executable file
View File

@@ -0,0 +1,25 @@
#!/bin/sh
bootconfig_lookup() {
bootconfig="$(fw_printenv -n cert_part)"
case "$(fw_printenv -n cert_part)" in
0) echo "0:BOOTCONFIG1"
bootconfig=1
;;
*) echo "0:BOOTCONFIG"
bootconfig=0
;;
esac
fw_setenv cert_part $bootconfig
}
. /lib/functions.sh
case "$(board_name)" in
sonicfi,rap7110c-341x)
cd /certificates
tar cf /tmp/certs.tar
bootconfig=$(bootconfig_lookup)
mmc_dev=$(echo $(find_mmc_part $bootconfig) | sed 's/^.\{5\}//')
dd if=/tmp/certs.tar of=/dev/$bootconfig
;;
esac

1
feeds/tip/cloud_discovery/files/usr/bin/est_client
View File

@@ -42,6 +42,7 @@ function generate_csr(cert) {
function store_operational_cert(path, target) { function store_operational_cert(path, target) {
system('mount_certs'); system('mount_certs');
system(`cp ${path} /certificates/${target}`); system(`cp ${path} /certificates/${target}`);
system('store_certs');
ulog(LOG_INFO, `Persistently stored ${target}\n`); ulog(LOG_INFO, `Persistently stored ${target}\n`);
} }