ucentral: development update

* enhance maverick stability
* add persistent certificate storage
* update schema
* add channel stats to telemetry messages
* make rtty cmd handler work
* add support for recovery images

Signed-off-by: John Crispin <john@phrozen.org>

feeds/tip/certificates/Makefile

@@ -1,6 +1,6 @@
 include $(TOPDIR)/rules.mk
 
-PKG_NAME:=ucentral-defaults
+PKG_NAME:=certificates
 PKG_RELEASE:=1
 
 PKG_LICENSE:=BSD-3-Clause
@@ -8,14 +8,10 @@ PKG_MAINTAINER:=John Crispin <john@phrozen.org>
 
 include $(INCLUDE_DIR)/package.mk
 
-define Package/ucentral-defaults
+define Package/certificates
   SECTION:=ucentral
   CATEGORY:=uCentral
-  TITLE:=ucentral-defaults
-endef
-
-define Package/ucentral-defaults/description
- The default configuration of the AP.
+  TITLE:=TIP DigiCer certificate store
 endef
 
 define Build/Prepare
@@ -27,8 +23,8 @@ define Build/Compile/Default
 endef
 Build/Compile = $(Build/Compile/Default)
 
-define Package/ucentral-defaults/install
+define Package/certificates/install
 	$(CP) ./files/* $(1)
 endef
 
-$(eval $(call BuildPackage,ucentral-defaults))
+$(eval $(call BuildPackage,certificates))

feeds/tip/certificates/files/etc/init.d/certificates

@@ -0,0 +1,16 @@
+#!/bin/sh /etc/rc.common
+
+START=80
+
+boot() {
+	[ -f /etc/ucentral/dev-id ] && return
+	. /lib/functions.sh
+	mkdir -p /certificates /etc/ucentral/
+	local mtd=$(find_mtd_index certificates)
+	[ -n "$mtd" -a -f /sys/class/mtd/mtd15/oobsize ] && ubiattach -p /dev/mtd$mtd
+	[ -n "$(ubinfo -a | grep certificates)" ] && {
+		mount -t ubifs ubi0:certificates /certificates
+		mount -t ubifs ubi1:certificates /certificates
+	}
+	[ -f /certificates/dev-id ] && cp /certificates/* /etc/ucentral/
+}

feeds/tip/firstcontact/Makefile

@@ -13,7 +13,7 @@ define Package/firstcontact
   SECTION:=ucentral
   CATEGORY:=uCentral
   TITLE:=TIP DigiCert firstcontact
-  DEPENDS:=+libubox +libcurl +libopenssl
+  DEPENDS:=+libubox +libcurl +libopenssl +certificates
 endef
 
 define Package/firstcontact/install

feeds/tip/firstcontact/files/etc/init.d/firstcontact

@@ -7,6 +7,7 @@ PROG=/usr/bin/ucode
 
 start_service() {
 	[ -f /etc/ucentral/capabilities.json ] || {
+		mkdir -p /etc/ucentral/
 		ucode -m ubus -E board=/etc/board.json /usr/share/ucentral/capabilities.uc > /etc/ucentral/capabilities.json 
 	}
 
@@ -15,10 +16,3 @@ start_service() {
 	procd_set_param respawn 1 10 0
 	procd_close_instance
 }
-
-boot() {
-	mkdir /digicert
-	mount -t ubifs ubi:tip_data /digicert
-	[ $? -eq 0 ] && cp /digicert/* /etc/ucentral/
-	start
-}

feeds/tip/maverick/src/maverick.c

@@ -13,7 +13,7 @@ maverick_cb(struct uloop_timeout *delay)
 {
 	char link[PATH_MAX] = { };
 
-	if (!readlink("/etc/ucentral/ucentral.active", link, PATH_MAX) &&
+	if (readlink("/etc/ucentral/ucentral.active", link, PATH_MAX) != -1 &&
 	    strcmp(link, "/etc/ucentral/ucentral.cfg.0000000001")) {
 		ULOG_INFO("found an active symlink\n");
 		uloop_end();

feeds/ucentral/rtty/files/rtty.init

@@ -16,7 +16,7 @@ validate_rtty_section() {
 		'token:maxlength(32)' \
 		'verbose:bool:0' \
 		'enable:bool:0' \
-		'interval:uinteger:0'
+		'timeout:uinteger:0'
 }
 
 start_rtty() {
@@ -54,8 +54,8 @@ start_rtty() {
 	[ "$ssl" = "1" ] && procd_append_param command -s
 	[ -n "$token" ] && procd_append_param command -t "$token"
 	[ "$verbose" = "1" ] && procd_append_param command -v
-	[ "$interval" -eq "0" ] || procd_append_param command -e $interval
-	[ "$interval" -eq "0" ] && procd_set_param respawn
+	[ "$timeout" -eq "0" ] || procd_append_param command -e $timeout
+	[ "$timeout" -eq "0" ] && procd_set_param respawn
 	procd_close_instance
 }
 

feeds/ucentral/rtty/patches/100-max_timeout.patch

@@ -2,30 +2,32 @@ Index: rtty-7.1.4/src/main.c
 ===================================================================
 --- rtty-7.1.4.orig/src/main.c
 +++ rtty-7.1.4/src/main.c
-@@ -37,6 +37,8 @@ enum {
+@@ -37,6 +37,9 @@ enum {
      LONG_OPT_HELP = 1
  };
  
-+static int force_exit;
++int force_exit = 0;
++int connected = 0;
 +
  static void signal_cb(struct ev_loop *loop, ev_signal *w, int revents)
  {
      if (w->signum == SIGINT) {
-@@ -53,6 +55,7 @@ static struct option long_options[] = {
+@@ -53,6 +56,7 @@ static struct option long_options[] = {
      {"token",       required_argument, NULL, 't'},
      {"verbose",     no_argument,       NULL, 'v'},
      {"version",     no_argument,       NULL, 'V'},
-+    {"exit",        required_argument, NULL, 'V'},
++    {"exit",        required_argument, NULL, 'e'},
      {"help",        no_argument,       NULL, LONG_OPT_HELP},
      {0, 0, 0, 0}
  };
-@@ -79,10 +82,16 @@ static void usage(const char *prog)
+@@ -79,10 +83,17 @@ static void usage(const char *prog)
      exit(1);
  }
  
 +static void timeout_cb(EV_P_ ev_timer *w, int revents)
 +{
-+    exit(1);
++    if (!connected)
++	    exit(1);
 +}
 +
  int main(int argc, char **argv)
@@ -36,7 +38,7 @@ Index: rtty-7.1.4/src/main.c
      bool background = false;
      bool verbose = false;
      struct rtty rtty = {
-@@ -95,7 +104,7 @@ int main(int argc, char **argv)
+@@ -95,7 +106,7 @@ int main(int argc, char **argv)
      int c;
  
      while (true) {
@@ -45,7 +47,7 @@ Index: rtty-7.1.4/src/main.c
          if (c == -1)
              break;
  
-@@ -146,6 +155,9 @@ int main(int argc, char **argv)
+@@ -146,6 +157,9 @@ int main(int argc, char **argv)
          case LONG_OPT_HELP:
              usage(argv[0]);
              break;
@@ -55,7 +57,7 @@ Index: rtty-7.1.4/src/main.c
          default: /* '?' */
              usage(argv[0]);
              break;
-@@ -167,6 +179,10 @@ int main(int argc, char **argv)
+@@ -167,6 +181,10 @@ int main(int argc, char **argv)
  
      ev_signal_init(&signal_watcher, signal_cb, SIGINT);
      ev_signal_start(loop, &signal_watcher);
@@ -66,3 +68,51 @@ Index: rtty-7.1.4/src/main.c
  
      if (rtty_start(&rtty) < 0)
          return -1;
+Index: rtty-7.1.4/src/rtty.c
+===================================================================
+--- rtty-7.1.4.orig/src/rtty.c
++++ rtty-7.1.4/src/rtty.c
+@@ -36,6 +36,9 @@
+ #include "utils.h"
+ #include "command.h"
+ 
++extern int force_exit;
++extern int connected;
++
+ static char login_path[128];       /* /bin/login */
+ 
+ static void del_tty(struct tty *tty)
+@@ -57,6 +60,8 @@ static void del_tty(struct tty *tty)
+     log_info("delete tty: %d\n", tty->sid);
+ 
+     free(tty);
++    if (force_exit)
++	    exit(0);
+ }
+ 
+ static inline struct tty *find_tty(struct rtty *rtty, int sid)
+@@ -69,6 +74,7 @@ static inline struct tty *find_tty(struc
+ static inline void tty_logout(struct rtty *rtty, int sid)
+ {
+     struct tty *tty = find_tty(rtty, sid);
++
+     if (tty)
+         del_tty(tty);
+ }
+@@ -136,6 +142,8 @@ static void pty_on_exit(struct ev_loop *
+     ev_io_start(loop, &rtty->iow);
+ 
+     del_tty(tty);
++    if (force_exit)
++	    exit(0);
+ }
+ 
+ static void tty_login(struct rtty *rtty)
+@@ -188,6 +196,7 @@ static void tty_login(struct rtty *rtty)
+     buffer_put_u8(&rtty->wb, sid);
+     ev_io_start(rtty->loop, &rtty->iow);
+ 
++    connected = 1;
+     log_info("new tty: %d\n", sid);
+ }
+ 

feeds/ucentral/ucentral-client/Makefile

@@ -6,7 +6,7 @@ PKG_RELEASE:=1
 PKG_SOURCE_URL=https://github.com/blogic/ucentral-client.git
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_DATE:=2021-02-15
-PKG_SOURCE_VERSION:=d58e7ed0424e98a9dcc4e07d3b8ace83aae8fb5f
+PKG_SOURCE_VERSION:=746239b4ccaed373f946f472b47184cd937d6551
 
 PKG_LICENSE:=BSD-3-Clause
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>
@@ -18,8 +18,7 @@ define Package/ucentral-client
   SECTION:=ucentral
   CATEGORY:=uCentral
   TITLE:=OpenWrt uCentral websocket client
-  DEPENDS:=+ucentral-schema \
-  	   +ucode +ucode-mod-fs +ucode-mod-ubus +ucode-mod-uci +ucode-mod-math \
+  DEPENDS:=+ucode +ucode-mod-fs +ucode-mod-ubus +ucode-mod-uci +ucode-mod-math \
 	   +libubox +libwebsockets-openssl +libblobmsg-json +libubus
 endef
 

feeds/ucentral/ucentral-client/files/etc/init.d/ucentral

@@ -18,6 +18,8 @@ start_service() {
 	
 	[ -f /tmp/ucentral.version ] || cat /etc/openwrt_release | grep DISTRIB_REVISION= | cut -d\' -f2 > /tmp/ucentral.version
 	
+	ucode -m fs -i /usr/share/ucentral/crashlog.uc
+	
 	. /lib/functions.sh
 	cp /etc/config-shadow/ucentral /etc/config/
 	config_load 'ucentral'
@@ -37,12 +39,8 @@ start_service() {
 	[ "$debug" -eq 0 ] || procd_append_param command -d
 	[ "$insecure" -eq 0 ] || procd_append_param command -i
 	[ -z "$interval" ] || procd_append_param command -H $interval
+	[ -z "$(mount | grep 'tmpfs on / type tmpfs')" ] || procd_append_param command -r
 	procd_append_param command -f "$(cat /tmp/ucentral.version)"
 	procd_set_param respawn 3600 5 0
 	procd_close_instance
 }
-
-boot() {
-	ucode -m fs -i /usr/share/ucentral/crashlog.uc
-	start
-}

feeds/ucentral/ucentral-schema/Makefile

@@ -6,7 +6,7 @@ PKG_RELEASE:=1
 PKG_SOURCE_URL=https://github.com/blogic/ucentral-schema.git
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_DATE:=2021-02-15
-PKG_SOURCE_VERSION:=dc2a7d17842c44a0d3150bf3f6ab47c80baa3ce1
+PKG_SOURCE_VERSION:=50693a71ead9a5a2907b25a3ef13b5d235b32dbc
 
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>
 PKG_LICENSE:=BSD-3-Clause
@@ -19,6 +19,12 @@ define Package/ucentral-schema
   TITLE:=OpenWrt uCentral schema
 endef
 
+define Package/ucentral-recovery
+  SECTION:=ucentral
+  CATEGORY:=uCentral
+  TITLE:=OpenWrt uCentral recovery tooling
+endef
+
 define Build/Compile
 
 endef
@@ -29,6 +35,15 @@ define Package/ucentral-schema/install
 	$(CP) $(PKG_BUILD_DIR)/renderer/* $(1)/usr/share/ucentral
 	$(CP) $(PKG_BUILD_DIR)/command/*.uc $(1)/usr/share/ucentral
 	$(CP) $(PKG_BUILD_DIR)/system/*.uc $(1)/usr/share/ucentral
+	$(CP) ./files/* $(1)
 endef
 
+define Package/ucentral-recovery/install
+	$(INSTALL_DIR) $(1)/usr/share/ucentral $(1)/etc/uci-defaults/
+	$(CP) $(PKG_BUILD_DIR)/command/*.uc $(1)/usr/share/ucentral
+	$(CP) $(PKG_BUILD_DIR)/system/{capabilities,crashlog}.uc $(1)/usr/share/ucentral
+	$(CP) ./files/etc/uci-defaults/99-ucentral-hostname $(1)/etc/uci-defaults/
+endef
+
+$(eval $(call BuildPackage,ucentral-recovery))
 $(eval $(call BuildPackage,ucentral-schema))

feeds/ucentral/ucentral-schema/files/etc/ucentral/examples/radius-proxy.json

@@ -0,0 +1,108 @@
+{
+	"uuid": 1,
+	"radios": [
+		{
+			"band": "5G",
+			"country": "CA",
+			"channel-mode": "HE",
+			"channel-width": 80,
+			"channel": 32
+		}
+	],
+
+	"interfaces": [
+		{
+			"name": "WAN",
+			"role": "upstream",
+			"ethernet": [
+				{
+					"select-ports": [
+						"WAN*"
+					]
+				}
+			],
+			"ipv4": {
+				"addressing": "dynamic"
+			},
+			"ssids": [
+				{
+					"name": "OpenWifi",
+					"wifi-bands": [
+						"5G"
+					],
+					"bss-mode": "ap",
+					"encryption": {
+						"proto": "wpa2",
+						"ieee80211w": "optional"
+					},
+					"radius": {
+						"authentication": {
+							"host": "localhost",
+							"port": 1812,
+							"secret": "secret"
+						},
+						"accounting": {
+							"host": "localhost",
+							"port": 1813,
+							"secret": "secret"
+						}
+					}
+				}
+			]
+		},
+		{
+			"name": "LAN",
+			"role": "downstream",
+			"services": [ "ssh" ],
+			"ethernet": [
+				{
+					"select-ports": [
+						"LAN*"
+					]
+				}
+			],
+			"ipv4": {
+				"addressing": "static",
+				"subnet": "192.168.1.1/24",
+				"dhcp": {
+					"lease-first": 10,
+					"lease-count": 100,
+					"lease-time": "6h"
+				}
+			},
+			"ssids": [
+				{
+					"name": "OpenWifi",
+					"wifi-bands": [
+						"5G"
+					],
+					"bss-mode": "ap",
+					"encryption": {
+						"proto": "psk2",
+						"key": "OpenWifi",
+						"ieee80211w": "optional"
+					}
+				}
+			]
+
+		}
+	],
+	"metrics": {
+		"statistics": {
+			"interval": 120,
+			"types": [ "ssids", "lldp", "clients" ]
+		},
+		"health": {
+			"interval": 120
+		}
+	},
+	"services": {
+		"ssh": {
+			"port": 22
+		},
+		"radius-proxy": {
+			"host": "192.168.1.10",
+			"secret": "secret"
+		}
+	}
+}

feeds/ucentral/ucentral-schema/files/etc/uci-defaults/99-ucentral-network

@@ -21,3 +21,6 @@ config_foreach section_del forwarding firewall
 
 config_load igmpproxy
 config_foreach section_del phyint igmpproxy
+
+config_load radsecproxy
+config_foreach section_del options radsecproxy

feeds/ucentral/ucentral-wifi/Makefile

@@ -6,7 +6,7 @@ PKG_RELEASE:=1
 PKG_SOURCE_URL=https://github.com/blogic/ucentral-wifi.git
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_DATE:=2021-04-13
-PKG_SOURCE_VERSION:=a710d2f318caa8a41ad9833078c492539eb29106
+PKG_SOURCE_VERSION:=6b9129154507559edcb298680a84c9c0c6fa1449
 
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>
 PKG_LICENSE:=BSD-3-Clause

patches/0003-pending-scripts-add-gen_config.py.patch

@@ -1,22 +1,22 @@
-From 79dadbe5f9d74b3bca49e50a51f1a62be71b17a5 Mon Sep 17 00:00:00 2001
+From 585f94ec3a6ec51348b72c99740c41c635e30876 Mon Sep 17 00:00:00 2001
 From: John Crispin <john@phrozen.org>
 Date: Fri, 19 Jun 2020 10:45:22 +0200
-Subject: [PATCH 01/31] pending: scripts: add gen_config.py
+Subject: [PATCH 01/35] pending: scripts: add gen_config.py
 
 This script is used to setup the tree based on the profiles/.
 
 Signed-off-by: John Crispin <john@phrozen.org>
 ---
- scripts/gen_config.py | 193 ++++++++++++++++++++++++++++++++++++++++++
- 1 file changed, 193 insertions(+)
+ scripts/gen_config.py | 196 ++++++++++++++++++++++++++++++++++++++++++
+ 1 file changed, 196 insertions(+)
  create mode 100755 scripts/gen_config.py
 
 diff --git a/scripts/gen_config.py b/scripts/gen_config.py
 new file mode 100755
-index 0000000000..124dfd596a
+index 0000000000..260abeef8f
 --- /dev/null
 +++ b/scripts/gen_config.py
-@@ -0,0 +1,193 @@
+@@ -0,0 +1,196 @@
 +#!/usr/bin/env python3
 +
 +from os import getenv
@@ -97,11 +97,11 @@ index 0000000000..124dfd596a
 +        Path("./.config").unlink()
 +
 +
-+def merge_profiles(profiles):
++def merge_profiles(profiles, include=True):
 +    profile = {"packages": [], "description": [], "diffconfig": "", "feeds": {}}
 +
 +    for p in profiles:
-+        profile = load_yaml(p, profile)
++        profile = load_yaml(p, profile, include)
 +
 +    return profile
 +
@@ -196,7 +196,10 @@ index 0000000000..124dfd596a
 +        print("Tree is now clean")
 +        quit(0)
 +
-+    profile = merge_profiles(sys.argv[1:])
++    if "recovery" in sys.argv:
++        profile = merge_profiles([ "ucentral-recovery", sys.argv[1] ], False)
++    else:
++        profile = merge_profiles(sys.argv[1:])
 +
 +    print("Using the following profiles:")
 +    for d in profile.get("description"):

patches/0036-certificates-add-ability-to-persistently-store-certi.patch

@@ -0,0 +1,56 @@
+From 33334a615a88591e3b1f8954ba5a1122c5a9111d Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Sun, 23 May 2021 09:59:53 +0200
+Subject: [PATCH] certificates: add ability to persistently store certificates
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ package/base-files/files/lib/upgrade/nand.sh             | 9 +++++++++
+ .../files/arch/arm/boot/dts/qcom-ipq4019-xx8300.dtsi     | 3 +--
+ 2 files changed, 10 insertions(+), 2 deletions(-)
+
+diff --git a/package/base-files/files/lib/upgrade/nand.sh b/package/base-files/files/lib/upgrade/nand.sh
+index ab3db4cdf2..36977244bc 100644
+--- a/package/base-files/files/lib/upgrade/nand.sh
++++ b/package/base-files/files/lib/upgrade/nand.sh
+@@ -157,6 +157,8 @@ nand_upgrade_prepare_ubi() {
+ 	local kern_ubivol="$( nand_find_volume $ubidev $CI_KERNPART )"
+ 	local root_ubivol="$( nand_find_volume $ubidev $CI_ROOTPART )"
+ 	local data_ubivol="$( nand_find_volume $ubidev rootfs_data )"
++	local cert_ubivol="$( nand_find_volume $ubidev certificates )"
++	local cert_mtd="$(find_mtd_index certificates)"
+ 
+ 	local ubiblk ubiblkvol
+ 	for ubiblk in /dev/ubiblock*_? ; do
+@@ -196,6 +198,13 @@ nand_upgrade_prepare_ubi() {
+ 		fi
+ 	fi
+ 
++	if [ -z "$cert_ubivol" -a ! "$cert_mtd" ]; then
++		if ! ubimkvol /dev/$ubidev -N certificates -s 2MiB; then
++			echo "cannot create certificates volume"
++			return 1;
++		fi
++	fi
++
+ 	# create rootfs_data for non-ubifs rootfs
+ 	if [ "$rootfs_type" != "ubifs" ]; then
+ 		local availeb=$(cat /sys/devices/virtual/ubi/$ubidev/avail_eraseblocks)
+diff --git a/target/linux/ipq40xx/files/arch/arm/boot/dts/qcom-ipq4019-xx8300.dtsi b/target/linux/ipq40xx/files/arch/arm/boot/dts/qcom-ipq4019-xx8300.dtsi
+index 8f971e505c..0f1f083a5b 100644
+--- a/target/linux/ipq40xx/files/arch/arm/boot/dts/qcom-ipq4019-xx8300.dtsi
++++ b/target/linux/ipq40xx/files/arch/arm/boot/dts/qcom-ipq4019-xx8300.dtsi
+@@ -229,9 +229,8 @@
+ 			};
+ 
+ 			partition@b880000 {
+-				label = "syscfg";
++				label = "certificates";
+ 				reg = <0xb880000 0x4680000>;
+-				read-only;
+ 			};
+ 		};
+ 	};
+-- 
+2.25.1
+

profiles/linksys_e8450-ubi.yml

@@ -8,3 +8,4 @@ include:
   - ucentral-ap
 diffconfig: |
   CONFIG_TESTING_KERNEL=y
+  CONFIG_TARGET_ROOTFS_INITRAMFS=y

profiles/ucentral-ap-light.yml

@@ -22,7 +22,6 @@ packages:
   - ucentral-event
   - ucentral-schema
   - ucentral-wifi
-  - ucentral-defaults
   - ucentral-tools
   - ucode
   - udhcpsnoop

profiles/ucentral-ap.yml

@@ -33,7 +33,6 @@ packages:
   - ucentral-event
   - ucentral-schema
   - ucentral-wifi
-  - ucentral-defaults
   - ucentral-tools
   - ucode
   - udhcpsnoop

profiles/ucentral-recovery.yml

@@ -0,0 +1,19 @@
+---
+description: Add the ucentral recovery dependencies
+feeds:
+  - name: ucentral
+    path: ../../feeds/ucentral
+  - name: tip
+    path: ../../feeds/tip
+
+packages:
+  - firstcontact
+  - tip-defaults
+  - ucentral-client
+  - ucentral-recovery
+  - ucode
+diffconfig: |
+  CONFIG_IMAGEOPT=y
+  CONFIG_PREINITOPT=y
+  CONFIG_TARGET_PREINIT_SUPPRESS_STDERR=y
+  CONFIG_TARGET_PREINIT_DISABLE_FAILSAFE=y

profiles/ucentral-switch.yml

@@ -15,7 +15,6 @@ packages:
   - maverick
   - ucentral-client
   - ucentral-schema
-  - ucentral-defaults
   - ucode
   - rtty-openssl
   - tcpdump