WIFI-2427 Preserve certs/redirector over factory-reset (minor fix)

Signed-off-by: Rick Sommerville <rick.sommerville@netexperience.com>

feeds/wlan-ap/opensync/files/bin/wlan_ap_factory_reset.sh

@@ -0,0 +1,4 @@
+#!/bin/sh
+
+tar czf /sysupgrade.tgz /usr/opensync/certs/
+jffs2reset -r -y -k

feeds/wlan-ap/opensync/files/bin/wlan_ap_redirector.sh

@@ -1,12 +1,47 @@
 #!/bin/sh
 
-if [ $# -ne 1 ] ; then
+AP_PRIVATE_KEY_FILE="/usr/opensync/certs/client_dec.key"
-	echo "Usage: $0 <redirector address>" >&2
+AP_CERTIFICATE_FILE="/usr/opensync/certs/client.pem"
-	exit 1
+AP_DEVICE_ID_FILE="/usr/opensync/certs/client_deviceid.txt"
+DIGICERT_API_URI="clientauth.one.digicert.com"
+
+if [ "$1" = "-h" ]; then
+  echo "Usage: $0 [redirector address]" >&2
+  exit 1
 fi
 
-redirector_addr=$1
+# Query DigiCert's API if redirector wasn't specified
+if [ -z "$1" ]; then
+  if [ ! -f "$AP_DEVICE_ID_FILE" ]; then
+      echo "Device ID file $AP_DEVICE_ID_FILE does not exist. Make sure to create it or specify the redirector address manually."
+      exit 1
+  fi
 
+  digicert_device_id=`cat ${AP_DEVICE_ID_FILE}`
+  device_data=`curl -s \
+    --retry 5 \
+    --show-error \
+    --key "${AP_PRIVATE_KEY_FILE}" \
+    --cert "${AP_CERTIFICATE_FILE}" \
+    "https://${DIGICERT_API_URI}/iot/api/v2/device/${digicert_device_id}"`
+
+  controller_url=`echo ${device_data} | jsonfilter -e '@.fields[@.name="Redirector"].value'`
+  if [ -z "$controller_url" ]; then
+    echo "No redirector found for this device"
+    exit 1
+  fi
+  controller_port=`echo ${controller_url} | cut -s -d ":" -f2)`
+  if [ -z "$controller_port" ]; then
+    redirector_addr="ssl:${controller_url}:6643"
+  else
+    redirector_addr="ssl:${controller_url}"
+  fi
+else
+  redirector_addr=$1
+fi
+
+echo "${redirector_addr}" > /usr/opensync/certs/redirector.txt
 uci set system.tip.redirector="${redirector_addr}"
+uci set system.tip.deployed=0
 uci commit system
 /etc/init.d/opensync restart

feeds/wlan-ap/opensync/src/platform/openwrt/rootfs/common/etc/init.d/opensync

@@ -37,6 +37,20 @@ start_service() {
     echo "Setting certificates"
     mkdir -p ${CERTS_DEST_PATH}
     cp ${CERTS_SRC_PATH}/* ${CERTS_DEST_PATH}/
+    echo "Checking Redirector"
+    redirector=$(uci get system.tip.redirector)
+    if [ -z "$redirector" ]; then
+        [[ -f /usr/opensync/certs/redirector.txt ]] && redirector=$(cat /usr/opensync/certs/redirector.txt | tr -d '\r\n')
+        if [ -z "$redirector" ]; then
+            logger -t opensync "Contacting DigiCert for redirector address"
+            wlan_ap_redirector.sh
+        else
+            logger -t opensync "Restoring redirector ${redirector} after factory reset"
+            wlan_ap_redirector.sh ${redirector}
+        fi
+    fi
+    [[ -f /usr/opensync/certs/redirector.txt ]] || echo "${redirector}" > /usr/opensync/certs/redirector.txt
+ 
     echo "Starting OpenSync"
     procd_set_param command ${PROG}
     procd_close_instance

feeds/wlan-ap/opensync/src/platform/openwrt/src/lib/target/src/sysupgrade.c

@@ -291,7 +291,7 @@ static void cb_osp_start_factory_reboot(EV_P_ ev_timer *w, int events)
 	if (!strcmp(upg_url, "reboot"))
 		system("reboot");
 	else
-		system("jffs2reset -y -r");
+		system("wlan_ap_factory_reset.sh");
 
 	upg_running = false;
 

patches/0036-Preserve-certs-and-redirector-over-factory-reboot.patch

@@ -0,0 +1,81 @@
+From 1f9978564420818d4ce4bdbb08fce2eca7c13d8e Mon Sep 17 00:00:00 2001
+From: Rick Sommerville <rick.sommerville@netexperience.com>
+Date: Sun, 23 May 2021 14:36:03 -0400
+Subject: [PATCH] Preserve certificates and redirector over factory-reset
+
+---
+ package/base-files/files/etc/rc.button/reset  |  2 +-
+ .../patches/001-jffs2reset-keep-option        | 48 +++++++++++++++++++
+ 2 files changed, 49 insertions(+), 1 deletion(-)
+ create mode 100644 package/system/fstools/patches/001-jffs2reset-keep-option
+
+diff --git a/package/base-files/files/etc/rc.button/reset b/package/base-files/files/etc/rc.button/reset
+index 2403122ad2..56c0548ec9 100755
+--- a/package/base-files/files/etc/rc.button/reset
++++ b/package/base-files/files/etc/rc.button/reset
+@@ -23,7 +23,7 @@ released)
+ 	elif [ "$SEEN" -ge 5 -a -n "$OVERLAY" ]
+ 	then
+ 		echo "FACTORY RESET" > /dev/console
+-		jffs2reset -y && reboot &
++		wlan_ap_factory_reset.sh
+ 	fi
+ ;;
+ esac
+diff --git a/package/system/fstools/patches/001-jffs2reset-keep-option b/package/system/fstools/patches/001-jffs2reset-keep-option
+new file mode 100644
+index 0000000000..50209ea276
+--- /dev/null
++++ b/package/system/fstools/patches/001-jffs2reset-keep-option
+@@ -0,0 +1,48 @@
++--- a/jffs2reset.c
+++++ b/jffs2reset.c
++@@ -40,7 +40,7 @@ ask_user(void)
++ 	return 0;
++ }
++ 
++-static int jffs2_reset(struct volume *v, int reset)
+++static int jffs2_reset(struct volume *v, int reset, int keep)
++ {
++ 	char *mp;
++ 
++@@ -48,7 +48,7 @@ static int jffs2_reset(struct volume *v,
++ 	if (mp) {
++ 		ULOG_INFO("%s is mounted as %s, only erasing files\n", v->blk, mp);
++ 		fs_state_set("/overlay", FS_STATE_PENDING);
++-		overlay_delete(mp, false);
+++		overlay_delete(mp, keep);
++ 		mount(mp, "/", NULL, MS_REMOUNT, 0);
++ 	} else {
++ 		ULOG_INFO("%s is not mounted\n", v->blk);
++@@ -93,8 +93,8 @@ static int jffs2_mark(struct volume *v)
++ int main(int argc, char **argv)
++ {
++ 	struct volume *v;
++-	int ch, yes = 0, reset = 0;
++-	while ((ch = getopt(argc, argv, "yr")) != -1) {
+++	int ch, yes = 0, reset = 0, keep = 0;
+++	while ((ch = getopt(argc, argv, "yrk")) != -1) {
++ 		switch(ch) {
++ 		case 'y':
++ 			yes = 1;
++@@ -102,6 +102,9 @@ int main(int argc, char **argv)
++ 		case 'r':
++ 			reset = 1;
++ 			break;
+++                case 'k':
+++                        keep = 1;
+++                        break;
++ 		}
++ 
++ 	}
++@@ -128,5 +131,5 @@ int main(int argc, char **argv)
++ 	volume_init(v);
++ 	if (!strcmp(*argv, "jffs2mark"))
++ 		return jffs2_mark(v);
++-	return jffs2_reset(v, reset);
+++	return jffs2_reset(v, reset, keep);
++ }
+-- 
+2.17.1
+