Merge pull request #915 from Telecominfraproject/release-4.1

Release 4.1

feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery

@@ -33,7 +33,7 @@ let timeouts = {
 	'orphan': 2 * 60 * 60,
 	interval: 10000,
 	expiry_interval: 60 * 60 * 1000,
-	expiry_threshold: 3 * 24 * 60 * 60,
+	expiry_threshold: 1 * 365 * 24 * 60 * 60,
 };
 
 ulog_open(ULOG_SYSLOG | ULOG_STDIO, LOG_DAEMON, "cloud_discover");
@@ -44,14 +44,15 @@ uloop.init();
 
 let cds_server = 'discovery.open-lan.org';
 
-function set_cds_server() {
+function detect_certificate_type() {
 	let pipe = fs.popen(`openssl x509 -in /etc/ucentral/cert.pem -noout -issuer`);
 	let issuer = pipe.read("all");
 	pipe.close();
 
 	if (!match(issuer, /Telecom Infra Project Issuing CA/)) {
 		ulog(LOG_INFO, 'Certificate type is "Demo" \n');
-		est_server = 'openlan.keys.tip.build';
+		cds_server = 'discovery-qa.open-lan.org';
+		timeouts.expiry_threshold = 3 * 24 * 60 * 60;
 	} else {
 		ulog(LOG_INFO, 'Certificate type is "TIP"\n');
 	}
@@ -119,9 +120,10 @@ function gateway_write(data) {
 		if (new[key] != gateway[key])
 			changed = true;
 	}
-	if (changed)
+	if (changed) {
 		fs.writefile('/etc/ucentral/gateway.json', new);
 		system('sync');
+	}
 	return changed;
 }
 
@@ -287,6 +289,36 @@ function interval_handler() {
 	}
 }
 
+function trigger_reenroll() {
+	ulog(LOG_INFO, 'triggering reenroll\n');
+
+	if (system('/usr/bin/est_client reenroll')) {
+		ulog(LOG_INFO, 'reenroll failed\n');
+		return;
+	}
+	
+	ulog(LOG_INFO, 'reenroll succeeded\n');
+	ulog(LOG_INFO, 'stopping client\n');
+	
+	system('/etc/init.d/ucentral stop');
+	set_state(DISCOVER);
+}
+
+function expiry_handler() {
+	let stat = fs.stat('/etc/ucentral/operational.ca');
+	if (!stat)
+		return;
+
+	let ret = system(`openssl x509 -checkend ${timeouts.expiry_threshold} -noout -in /certificates/operational.pem`);
+	if (!ret) {
+		ulog(LOG_INFO, 'checked certificate expiry - all ok\n');
+		return;
+	}
+
+	ulog(LOG_INFO, 'certificate will expire soon\n');
+	trigger_reenroll();
+}
+
 let ubus_methods = {
 	discover: {
 		call: function(req) {
@@ -361,30 +393,16 @@ let ubus_methods = {
 		},
 		args: {},
 	},
+	reenroll: {
+		call: function(req) {
+			trigger_reenroll();
+			return 0;
+		},
+		args: {},
+	},
 };
 
-function expiry_handler() {
-	let stat = fs.stat('/etc/ucentral/operational.ca');
-	if (!stat)
-		return;
-
-	let ret = system(`openssl x509 -checkend ${timeouts.expiry_threshold} -noout -in /certificates/operational.pem`);
-	if (!ret) {
-		ulog(LOG_INFO, 'checked certificate expiry - all ok\n');
-		return;
-	}
-
-	ulog(LOG_INFO, 'certificate will expire soon\n');
-	if (system('/usr/bin/est_client reenroll')) {
-		ulog(LOG_INFO, 'reenroll failed\n');
-		return;
-	}
-	ulog(LOG_INFO, 'reenroll succeeded\n');
-	ulog(LOG_INFO, '(re)starting client\n');
-	system('/etc/init.d/ucentral restart');
-}
-
-set_cds_server();
+detect_certificate_type();
 
 if (gateway_available()) {
 	let status = ubus.call('ucentral', 'status');

patches/0099-elfutils-fix-build-with-GCC11.patch

@@ -0,0 +1,26 @@
+From b82a8514a3f52b91ec84f703ef92740dda19d5d9 Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Thu, 14 Aug 2025 10:29:29 +0200
+Subject: [PATCH] elfutils: fix build with GCC11
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ package/libs/elfutils/Makefile | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/package/libs/elfutils/Makefile b/package/libs/elfutils/Makefile
+index f7364c36be..76112c89ff 100644
+--- a/package/libs/elfutils/Makefile
++++ b/package/libs/elfutils/Makefile
+@@ -87,7 +87,7 @@ TARGET_CFLAGS += \
+ 	-Wno-unused-result \
+ 	-Wno-format-nonliteral
+ 
+-ifneq ($(CONFIG_GCC_USE_VERSION_11),y)
++ifneq ($(CONFIG_GCC_VERSION_11),y)
+ TARGET_CFLAGS += \
+ 	-Wno-error=use-after-free
+ endif
+-- 
+2.34.1
+