cloud_discovery: Track and persist discovery method

Adds support for recording the method used to discover the cloud controller (e.g. DHCP, FLASH, OpenLAN). The selected method records the current date and time along with the discovery method into "/etc/ucentral/discovery.state.json". The date is stored in epoch format. Fixed: WIFI-14966 Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>
wireless-regdb: disable channel 14 in JP
2025-11-01 19:07:47 +00:00 · 2025-08-08 18:57:08 +02:00 · 2025-08-07 14:51:33 +02:00 · 2025-08-06 16:23:57 +02:00 · 2025-08-06 11:03:59 +02:00 · 2025-08-06 10:54:55 +02:00
15 changed files with 199 additions and 23 deletions
--- a/feeds/ipq807x_v5.4/ipq50xx/base-files/lib/upgrade/platform.sh
+++ b/feeds/ipq807x_v5.4/ipq50xx/base-files/lib/upgrade/platform.sh
@@ -107,29 +107,42 @@ platform_do_upgrade() {

 	board=$(board_name)
 	case $board in
-	glinet,b3000|\
 	edgecore,oap101|\
 	edgecore,oap101-6e|\
 	edgecore,oap101e|\
 	edgecore,oap101e-6e|\
 	edgecore,eap104)
+		if [ "$(find_mtd_chardev rootfs)" ]; then
+			CI_UBIPART="rootfs"
+		else
+			if grep -q rootfs1 /proc/cmdline; then
+				CI_UBIPART="rootfs2"
+				CI_FWSETENV="active 2"
+			else
+				CI_UBIPART="rootfs1"
+				CI_FWSETENV="active 1"
+			fi
+		fi
+		nand_upgrade_tar "$1"
+		;;
+	glinet,b3000)
 		CI_UBIPART="rootfs1"
 		[ "$(find_mtd_chardev rootfs)" ] && CI_UBIPART="rootfs"
 		nand_upgrade_tar "$1"
 		;;
-        hfcl,ion4x_w|\
+	hfcl,ion4x_w|\
 	hfcl,ion4xi_w)
-                wp_part=$(fw_printenv primary | cut  -d = -f2)
-                echo "Current Primary is $wp_part"
-                if [[ $wp_part == 1 ]]; then
-                        CI_UBIPART="rootfs"
-                        CI_FWSETENV="primary 0"
-                else
-                        CI_UBIPART="rootfs_1"
-                        CI_FWSETENV="primary 1"
-                fi
-                nand_upgrade_tar "$1"
-                ;;
+		wp_part=$(fw_printenv primary | cut  -d = -f2)
+		echo "Current Primary is $wp_part"
+		if [[ $wp_part == 1 ]]; then
+				CI_UBIPART="rootfs"
+				CI_FWSETENV="primary 0"
+		else
+				CI_UBIPART="rootfs_1"
+				CI_FWSETENV="primary 1"
+		fi
+		nand_upgrade_tar "$1"
+		;;
 	cig,wf186w|\
 	cig,wf186h|\
 	emplus,wap385c|\
--- a/feeds/mediatek-sdk/mediatek/mt7981/base-files/etc/hotplug.d/iface/99-mtk-sr-scene-cond
+++ b/feeds/mediatek-sdk/mediatek/mt7981/base-files/etc/hotplug.d/iface/99-mtk-sr-scene-cond
@@ -34,13 +34,11 @@ case "$board" in

        if [ -f "$phy0_file" ]; then
            check_phy0=$(cat $phy0_file)
-            echo "check_phy0 = $check_phy0"
            [ "$check_phy0" == 0 ] && echo 1 > $phy0_file
        fi

        if [ -f "$phy1_file" ]; then
            check_phy1=$(cat $phy1_file)
-            echo "check_phy1 = $check_phy1"
            [ "$check_phy1" == 0 ] && echo 1 > $phy1_file
        fi

--- a/feeds/qca-wifi-7/ipq53xx/dts/ipq5332-sonicfi-rap7110c-341x.dts
+++ b/feeds/qca-wifi-7/ipq53xx/dts/ipq5332-sonicfi-rap7110c-341x.dts
@@ -31,6 +31,20 @@
 		stdout-path = "serial0";
 	};

+	reserved-memory {
+		#address-cells = <2>;
+		#size-cells = <2>;
+		ranges;
+
+		ramoops@49c00000 {
+			compatible = "ramoops";
+			reg = <0x0 0x49c00000 0x0 0x100000>;
+			record-size = <0x20000>;
+			console-size = <0x20000>;
+			pmsg-size = <0x20000>;
+		};
+	};
+
 	soc@0 {
 		mdio:mdio@90000 {
 			pinctrl-0 = <&mdio1_pins>;
--- a/feeds/qca-wifi-7/ipq53xx/dts/ipq5332-sonicfi-rap750e-h.dts
+++ b/feeds/qca-wifi-7/ipq53xx/dts/ipq5332-sonicfi-rap750e-h.dts
@@ -190,6 +190,14 @@
 		/delete-node/ wcnss@4a900000;
 		/delete-node/ q6_caldb_region@4ce00000;

+		ramoops@49c00000 {
+			compatible = "ramoops";
+			reg = <0x0 0x49c00000 0x0 0x100000>;
+			record-size = <0x20000>;
+			console-size = <0x20000>;
+			pmsg-size = <0x20000>;
+		};
+
 		q6_mem_regions: q6_mem_regions@4A900000  {
 		        no-map;
 		        reg = <0x0 0x4A900000 0x0 0x5100000>;
--- a/feeds/qca-wifi-7/ipq53xx/dts/ipq5332-sonicfi-rap750e-s.dts
+++ b/feeds/qca-wifi-7/ipq53xx/dts/ipq5332-sonicfi-rap750e-s.dts
@@ -190,6 +190,14 @@
 		/delete-node/ wcnss@4a900000;
 		/delete-node/ q6_caldb_region@4ce00000;

+		ramoops@49c00000 {
+			compatible = "ramoops";
+			reg = <0x0 0x49c00000 0x0 0x100000>;
+			record-size = <0x20000>;
+			console-size = <0x20000>;
+			pmsg-size = <0x20000>;
+		};
+
 		q6_mem_regions: q6_mem_regions@4A900000  {
 		        no-map;
 		        reg = <0x0 0x4A900000 0x0 0x5100000>;
--- a/feeds/qca-wifi-7/ipq53xx/dts/ipq5332-sonicfi-rap750w-311a.dts
+++ b/feeds/qca-wifi-7/ipq53xx/dts/ipq5332-sonicfi-rap750w-311a.dts
@@ -190,6 +190,14 @@
 		/delete-node/ wcnss@4a900000;
 		/delete-node/ q6_caldb_region@4ce00000;

+		ramoops@49c00000 {
+			compatible = "ramoops";
+			reg = <0x0 0x49c00000 0x0 0x100000>;
+			record-size = <0x20000>;
+			console-size = <0x20000>;
+			pmsg-size = <0x20000>;
+		};
+
 		q6_mem_regions: q6_mem_regions@4A900000  {
 		        no-map;
 		        reg = <0x0 0x4A900000 0x0 0x5100000>;
--- a/feeds/tip/certificates/files/usr/bin/mount_certs
+++ b/feeds/tip/certificates/files/usr/bin/mount_certs
@@ -45,7 +45,8 @@ sonicfi,rap7*)
 		fi
 	fi
 	;;
-udaya,a5-id2)
+udaya,a5-id2|\
+yuncore,ax820)
 	mtd=$(find_mtd_index certificates)
 	if [ "$(head -c 4 /dev/mtd$mtd)" == "hsqs" ]; then
 		mount -t squashfs /dev/mtdblock$mtd /mnt
@@ -65,7 +66,7 @@ sonicfi,rap6*)
 		cp /mnt/* /certificates
 		umount /mnt
 	fi
-	part=$(tar_part_lookup "0:BOOTCONFIG" "0:BOOTCONFIG1")
+	part=$(tar_part_lookup "devinfo" "certificates")
 	if [ -n "$part" ]; then
 		mtd=$(find_mtd_index $part)
 		[ -n "$mtd" ] && tar xf /dev/mtdblock$mtd -C /certificates
--- a/feeds/tip/certificates/files/usr/bin/store_certs
+++ b/feeds/tip/certificates/files/usr/bin/store_certs
@@ -21,7 +21,8 @@ sonicfi,rap7110c-341x)
 	mmc_dev=$(echo $(find_mmc_part $part) | sed 's/^.\{5\}//')
 	dd if=/tmp/certs.tar of=/dev/$mmc_dev
 	;;
-udaya,a5-id2)
+udaya,a5-id2|\
+yuncore,ax820)
 	cd /certificates
 	tar cf /tmp/certs.tar .
 	part=$(tar_part_lookup "insta1" "insta2")
@@ -32,7 +33,7 @@ sonicfi,rap6*)
 	if [ "$(fw_printenv -n store_certs_disabled)" != "1" ]; then
 		cd /certificates
 		tar cf /tmp/certs.tar .
-		part=$(tar_part_lookup "0:BOOTCONFIG" "0:BOOTCONFIG1")
+		part=$(tar_part_lookup "devinfo" "certificates")
 		mtd=$(find_mtd_index $part)
 		block_size=$(cat /sys/class/mtd/mtd$mtd/size)
 		dd if=/tmp/certs.tar of=/tmp/certs_pad.tar bs=$block_size conv=sync
--- a/feeds/tip/cloud_discovery/files/etc/init.d/cloud_discover
+++ b/feeds/tip/cloud_discovery/files/etc/init.d/cloud_discover
@@ -22,6 +22,19 @@ start_service() {
 	[ "$valid" == "true" ] || 
 		/usr/share/ucentral/ucentral.uc /etc/ucentral/ucentral.cfg.0000000001 > /dev/null

+	est_client check
+	[ $? -eq 1 ] && {
+		logger ERROR
+		logger ERROR
+		logger ERROR
+		logger The certificate used has a CN that does not match the serial of the device
+		echo The certificate used has a CN that does not match the serial of the device
+		logger ERROR
+		logger ERROR
+		logger ERROR
+		return
+	}
+
 	procd_open_instance
 	procd_set_param command "$PROG"
 	procd_set_param respawn
--- a/feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery
+++ b/feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery
@@ -15,9 +15,14 @@ const ONLINE = 2;
 const OFFLINE = 3;
 const ORPHAN = 4;

+const DISCOVER_DHCP = "DHCP";
+const DISCOVER_FLASH = "FLASH";
+const DISCOVER_LOOKUP = "OpenLAN";
+
 let ubus = libubus.connect();
 let uci = libuci.cursor();
 let state = DISCOVER;
+let discovery_method = "";
 let validate_time;
 let offline_time;
 let orphan_time;
@@ -78,6 +83,14 @@ function gateway_load() {
 	return readjsonfile('/etc/ucentral/gateway.json');
 }

+function discovery_state_write() {
+	let discovery_state = {
+		"type": discovery_method,
+		"updated": time()
+	};
+	fs.writefile('/etc/ucentral/discovery.state.json', discovery_state);
+}
+
 function gateway_write(data) {
 	let gateway = gateway_load();
 	gateway ??= {};
@@ -130,6 +143,7 @@ function set_state(set) {
 		if (prev == VALIDATING) {
 			ulog(LOG_INFO, 'Setting cloud controller to validated\n');
 			gateway_write({ valid: true });
+			discovery_state_write();
 		}
 		break;

@@ -227,15 +241,18 @@ function interval_handler() {
 		if (!time_is_valid())
 			return;

+		discovery_method = DISCOVER_DHCP;
 		if (discover_dhcp())
 			return;

 		if (system('/usr/bin/est_client enroll'))
 			return;

+		discovery_method = DISCOVER_FLASH;
 		if (!discover_flash())
 			return;

+		discovery_method = DISCOVER_LOOKUP;
 		redirector_lookup();
 		break;

--- a/feeds/tip/cloud_discovery/files/usr/bin/est_client
+++ b/feeds/tip/cloud_discovery/files/usr/bin/est_client
@@ -4,6 +4,7 @@

 import { ulog_open, ulog, ULOG_SYSLOG, ULOG_STDIO, LOG_DAEMON, LOG_INFO } from 'log';
 import * as fs from 'fs';
+import * as libuci from 'uci';

 let store_operational_pem = false;
 let store_operational_ca = false;
@@ -139,6 +140,9 @@ function load_operational_ca() {
 }

 function fwtool() {
+	if (!fs.stat('/etc/ucentral/cert.pem'))
+		return 0;
+
 	let pipe = fs.popen(`openssl x509 -in /etc/ucentral/cert.pem -noout -issuer`);
 	let issuer = pipe.read("all");
 	pipe.close();
@@ -163,6 +167,20 @@ function fwtool() {
 	return 0;
 }

+function check_cert() {
+	if (!fs.stat('/etc/ucentral/cert.pem'))
+		return 0;
+	let pipe = fs.popen("openssl x509 -in /etc/ucentral/cert.pem  -noout -subject -nameopt multiline | grep commonName | awk '{ print $3 }'");
+	let cn = pipe.read("all");
+	pipe.close();
+	if (!cn)
+		return 0;
+	cn = lc(trim(cn));
+	let uci = libuci.cursor();
+	let serial = uci.get('ucentral', 'config', 'serial');
+	return cn != serial;
+}
+
 switch(ARGV[0]) {
 case 'enroll':
 	let ret = simpleenroll();
@@ -184,4 +202,7 @@ case 'reenroll':

 case 'fwtool':
 	exit(fwtool());
+
+case 'check':
+	exit(check_cert());
 }
--- a/feeds/ucentral/rtty/files/rtty.init
+++ b/feeds/ucentral/rtty/files/rtty.init
@@ -51,7 +51,7 @@ start_rtty() {
 	procd_set_param command $BIN -h $host -I "$id" -a
 	[ -n "$port" ] && procd_append_param command -p "$port"
 	[ -n "$description" ] && procd_append_param command -d "$description"
-	[ "$ssl" = "1" ] && procd_append_param command -s -c /etc/ucentral/opertional.pem -k /etc/ucentral/key.pem
+	[ "$ssl" = "1" ] && procd_append_param command -s -c /etc/ucentral/operational.pem -k /etc/ucentral/key.pem
 	[ -n "$token" ] && procd_append_param command -t "$token"
 	[ "$verbose" = "1" ] && procd_append_param command -v
 	[ "$timeout" -eq "0" ] || procd_append_param command -e $timeout
--- a/feeds/ucentral/ucentral-schema/Makefile
+++ b/feeds/ucentral/ucentral-schema/Makefile
@@ -4,10 +4,9 @@ PKG_NAME:=ucentral-schema
 PKG_RELEASE:=1

 PKG_SOURCE_URL=https://github.com/Telecominfraproject/wlan-ucentral-schema.git
-PKG_MIRROR_HASH:=45575f1f345368d109f74dc5ae3c8648dadbebef37e2d8eadc95b4fca2fbf43f
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2025-07-30
-PKG_SOURCE_VERSION:=30c73745c104d56f58d4f457956fe7ebac6e0f86
+PKG_SOURCE_DATE:=2025-08-04
+PKG_SOURCE_VERSION:=1c6b3095cb9e398fcbfcb2bf995365066eb76b21
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>
 PKG_LICENSE:=BSD-3-Clause

--- a/patches/0097-yuncore_ax820-add-insta1-2-partitions.patch
+++ b/patches/0097-yuncore_ax820-add-insta1-2-partitions.patch
@@ -0,0 +1,36 @@
+From 3ceb72aaffa13375c049d161702e9d9f55da38c8 Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Mon, 4 Aug 2025 08:34:50 +0200
+Subject: [PATCH] yuncore_ax820: add insta1/2 partitions
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ target/linux/ramips/dts/mt7621_yuncore_ax820.dts | 12 +++++++++++-
+ 1 file changed, 11 insertions(+), 1 deletion(-)
+
+diff --git a/target/linux/ramips/dts/mt7621_yuncore_ax820.dts b/target/linux/ramips/dts/mt7621_yuncore_ax820.dts
+index b2f55b9be0..cc1b59340b 100644
+--- a/target/linux/ramips/dts/mt7621_yuncore_ax820.dts
+++ b/target/linux/ramips/dts/mt7621_yuncore_ax820.dts
+@@ -120,7 +120,17 @@
+ 			partition@90000 {
+ 				compatible = "denx,uimage";
+ 				label = "firmware";
+-				reg = <0x90000 0xf60000>;
+				reg = <0x90000 0xf40000>;
+			};
+
+			partition@fd0000 {
+				label = "insta1";
+				reg = <0xfd0000 0x10000>;
+			};
+
+			partition@fe0000 {
+				label = "insta2";
+				reg = <0xfe0000 0x10000>;
+ 			};
+ 
+ 			partition@ff0000 {
+-- 
+2.34.1
+
--- a/patches/0099-wireless-regdb-fix-channel-14-in-JP.patch
+++ b/patches/0099-wireless-regdb-fix-channel-14-in-JP.patch
@@ -0,0 +1,39 @@
+From d0a0f0304f292a40f2fcdd20b320089627b0f05f Mon Sep 17 00:00:00 2001
+From: John Crispin <john@phrozen.org>
+Date: Thu, 7 Aug 2025 14:50:51 +0200
+Subject: [PATCH] wireless-regdb: fix channel 14 in JP
+
+Signed-off-by: John Crispin <john@phrozen.org>
+---
+ .../patches/200-jp-no-channel-14.patch        | 19 +++++++++++++++++++
+ 1 file changed, 19 insertions(+)
+ create mode 100644 package/firmware/wireless-regdb/patches/200-jp-no-channel-14.patch
+
+diff --git a/package/firmware/wireless-regdb/patches/200-jp-no-channel-14.patch b/package/firmware/wireless-regdb/patches/200-jp-no-channel-14.patch
+new file mode 100644
+index 0000000000..ea1411cfdd
+--- /dev/null
+++ b/package/firmware/wireless-regdb/patches/200-jp-no-channel-14.patch
+@@ -0,0 +1,19 @@
+--- a/db.txt
++++ b/db.txt
+@@ -16,8 +16,6 @@ country 00:
+ 	(2402 - 2472 @ 40), (20)
+ 	# Channel 12 - 13.
+ 	(2457 - 2482 @ 20), (20), NO-IR, AUTO-BW
+-	# Channel 14. Only JP enables this and for 802.11b only
+-	(2474 - 2494 @ 20), (20), NO-IR, NO-OFDM
+ 	# Channel 36 - 48
+ 	(5170 - 5250 @ 80), (20), AUTO-BW
+ 	# Channel 52 - 64
+@@ -945,7 +943,6 @@ country JO: DFS-JP
+ # https://www.soumu.go.jp/main_content/000833682.pdf
+ country JP: DFS-JP
+ 	(2402 - 2482 @ 40), (20)
+-	(2474 - 2494 @ 20), (20), NO-OFDM
+ 	(4910 - 4990 @ 40), (23)
+ 	(5170 - 5250 @ 80), (20), AUTO-BW
+ 	(5250 - 5330 @ 80), (20), DFS, AUTO-BW
+-- 
+2.34.1
+
Author	SHA1	Message	Date
Marek Kwaczynski	ff398c7b28	cloud_discovery: Track and persist discovery method Adds support for recording the method used to discover the cloud controller (e.g. DHCP, FLASH, OpenLAN). The selected method records the current date and time along with the discovery method into "/etc/ucentral/discovery.state.json". The date is stored in epoch format. Fixed: WIFI-14966 Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>	2025-08-08 18:57:08 +02:00
John Crispin	68dfd58303	wireless-regdb: disable channel 14 in JP Fixes: WIFI-14962 Signed-off-by: John Crispin <john@phrozen.org>	2025-08-07 14:51:33 +02:00
John Crispin	6ba26cba2b	est_client: add a function to validate that the CN is correct cloud_discovery will not start if the CN does not match the devices serial. an error will be written to syslog --- Wed Aug 6 14:23:23 2025 user.notice root: ERROR Wed Aug 6 14:23:23 2025 user.notice root: ERROR Wed Aug 6 14:23:23 2025 user.notice root: ERROR Wed Aug 6 14:23:23 2025 user.notice root: The certificate used has a CN that does not match the serial of the device Wed Aug 6 14:23:23 2025 user.notice root: ERROR Wed Aug 6 14:23:23 2025 user.notice root: ERROR Wed Aug 6 14:23:23 2025 user.notice root: ERROR --- Signed-off-by: John Crispin <john@phrozen.org>	2025-08-06 16:23:57 +02:00
John Crispin	b5b276bfcc	est_client: check if a cert is present inside the fwtool helper This was causing devices without a birt cert being present from doing a sysupgrade. Signed-off-by: John Crispin <john@phrozen.org>	2025-08-06 11:03:59 +02:00
Tanya Singh	de7dc7e01a	ipq50xx: Fix bootbank switching when firmware upgrade is triggered for Edgecore EAP104 and OAP101 series Fixes: WIFI-14957 Signed-off-by: Tanya Singh <tanya_singh@accton.com>	2025-08-06 10:54:55 +02:00
jackcybertan	a967d67af3	qca-wifi-7: Added ramoops support for SonicFi IPQ5332 devices Fixes: WIFI-14869 Signed-off-by: jackcybertan <jack.tsai@cybertan.com.tw>	2025-08-06 10:53:52 +02:00
John Crispin	8a68073f4f	ucentral-schema: update to latest HEAD remove a patch that was accidentally merged Signed-off-by: John Crispin <john@phrozen.org>	2025-08-04 16:33:15 +02:00
John Crispin	efd804987e	rtty: there was an error in the operationalpem passed to the client Signed-off-by: John Crispin <john@phrozen.org>	2025-08-04 15:44:21 +02:00
jackcybertan	b036ba37e3	certificates: Store-PKI2.0-key-for-RAP6x-production Fixes: WIFI-14951 Signed-off-by: jackcybertan <jack.tsai@cybertan.com.tw>	2025-08-04 08:39:53 +02:00
John Crispin	7352de2421	update to latest HEAD e27ecb4 ssid: decouple batman tunnel from meshpoint interfaces Signed-off-by: John Crispin <john@phrozen.org>	2025-08-04 08:36:13 +02:00
John Crispin	8c11eb23a3	mt7621: add insta1/2 partitions for yuncore ax820 Signed-off-by: John Crispin <john@phrozen.org>	2025-08-04 08:35:42 +02:00
Tanya Singh	83874b75f3	mediatek-sdk: Remove extra lines (for logging) from 99-mtk-sr-scene-cond Signed-off-by: Tanya Singh <tanya_singh@accton.com>	2025-08-04 08:08:24 +02:00