cloud_discovery: Track and persist discovery method

Adds support for recording the method used to discover the cloud
controller (e.g. DHCP, FLASH, OpenLAN).
The selected method  records the current date and time along
with the discovery method into "/etc/ucentral/discovery.state.json".
The date is stored in epoch format.

Fixed: WIFI-14966

Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>

feeds/ipq807x_v5.4/qca-ssdk/patches/500-define-mib-loop-cnt-to-gobal.patch

@@ -1,61 +0,0 @@
---- a/include/init/ssdk_plat.h
-+++ b/include/init/ssdk_plat.h
-@@ -330,6 +330,7 @@ struct qca_phy_priv {
- 	struct mii_bus *miibus;
- /*qca808x_end*/
- 	u64 *mib_counters;
-+	a_uint32_t mib_loop_cnt;
- 	/* dump buf */
- 	a_uint8_t  buf[2048];
- 	a_uint32_t link_polling_required;
---- a/src/ref/ref_mib.c
-+++ b/src/ref/ref_mib.c
-@@ -479,39 +479,37 @@ qca_ar8327_sw_get_port_mib(struct switch
- #endif
-
- int
--_qca_ar8327_sw_capture_port_tx_counter(struct qca_phy_priv *priv, int port)
-+_qca_ar8327_sw_capture_port_tx_counter(a_uint32_t dev_id, int port)
- {
-     fal_mib_info_t  mib_Info;
-
-     memset(&mib_Info, 0, sizeof(fal_mib_info_t));
--    fal_get_tx_mib_info(priv->device_id, port, &mib_Info);
-+    fal_get_tx_mib_info(dev_id, port, &mib_Info);
-
-     return 0;
- }
-
- int
--_qca_ar8327_sw_capture_port_rx_counter(struct qca_phy_priv *priv, int port)
-+_qca_ar8327_sw_capture_port_rx_counter(a_uint32_t dev_id, int port)
- {
-     fal_mib_info_t  mib_Info;
-
-     memset(&mib_Info, 0, sizeof(fal_mib_info_t));
--    fal_get_rx_mib_info(priv->device_id, port, &mib_Info);
-+    fal_get_rx_mib_info(dev_id, port, &mib_Info);
-     return 0;
- }
-
- void
- qca_ar8327_sw_mib_task(struct qca_phy_priv *priv)
- {
--	static int loop = 0;
--
- 	mutex_lock(&priv->reg_mutex);
--	if ((loop % 2) == 0)
--		_qca_ar8327_sw_capture_port_rx_counter(priv, loop/2);
-+	if ((priv->mib_loop_cnt % 2) == 0)
-+		_qca_ar8327_sw_capture_port_rx_counter(priv->device_id, priv->mib_loop_cnt/2);
- 	else
--		_qca_ar8327_sw_capture_port_tx_counter(priv, loop/2);
-+		_qca_ar8327_sw_capture_port_tx_counter(priv->device_id, priv->mib_loop_cnt/2);
-
--	if(++loop == (2 * (priv->ports))) {
--		loop = 0;
-+	if(++priv->mib_loop_cnt == (2 * (priv->ports))) {
-+		priv->mib_loop_cnt = 0;
- 	}
-
- 	mutex_unlock(&priv->reg_mutex);

feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery

@@ -33,7 +33,7 @@ let timeouts = {
 	'orphan': 2 * 60 * 60,
 	interval: 10000,
 	expiry_interval: 60 * 60 * 1000,
-	expiry_threshold: 1 * 365 * 24 * 60 * 60,
+	expiry_threshold: 3 * 24 * 60 * 60,
 };
 
 ulog_open(ULOG_SYSLOG | ULOG_STDIO, LOG_DAEMON, "cloud_discover");
@@ -42,22 +42,6 @@ ulog(LOG_INFO, 'Start\n');
 
 uloop.init();
 
-let cds_server = 'discovery.open-lan.org';
-
-function detect_certificate_type() {
-	let pipe = fs.popen(`openssl x509 -in /etc/ucentral/cert.pem -noout -issuer`);
-	let issuer = pipe.read("all");
-	pipe.close();
-
-	if (!match(issuer, /Telecom Infra Project Issuing CA/)) {
-		ulog(LOG_INFO, 'Certificate type is "Demo" \n');
-		cds_server = 'discovery-qa.open-lan.org';
-		timeouts.expiry_threshold = 3 * 24 * 60 * 60;
-	} else {
-		ulog(LOG_INFO, 'Certificate type is "TIP"\n');
-	}
-}
-
 function readjsonfile(path) {
 	let file = fs.readfile(path);
 	if (file)
@@ -120,10 +104,9 @@ function gateway_write(data) {
 		if (new[key] != gateway[key])
 			changed = true;
 	}
-	if (changed) {
+	if (changed)
 		fs.writefile('/etc/ucentral/gateway.json', new);
 		system('sync');
-	}
 	return changed;
 }
 
@@ -195,7 +178,7 @@ function redirector_lookup() {
 	let serial = uci.get('system', '@system[-1]', 'mac');
 
 	fs.unlink(path);
-	system(`curl -k --cert /etc/ucentral/operational.pem --key /etc/ucentral/key.pem --cacert /etc/ucentral/operational.ca https://${cds_server}/v1/devices/${serial} --output /tmp/ucentral.redirector`);
+	system(`curl -k --cert /etc/ucentral/operational.pem --key /etc/ucentral/key.pem --cacert /etc/ucentral/operational.ca https://openlan.keys.tip.build/v1/devices/${serial} --output /tmp/ucentral.redirector`);
 	if (!fs.stat(path))
 		return;
 	let redir = readjsonfile(path);
@@ -289,36 +272,6 @@ function interval_handler() {
 	}
 }
 
-function trigger_reenroll() {
-	ulog(LOG_INFO, 'triggering reenroll\n');
-
-	if (system('/usr/bin/est_client reenroll')) {
-		ulog(LOG_INFO, 'reenroll failed\n');
-		return;
-	}
-	
-	ulog(LOG_INFO, 'reenroll succeeded\n');
-	ulog(LOG_INFO, 'stopping client\n');
-	
-	system('/etc/init.d/ucentral stop');
-	set_state(DISCOVER);
-}
-
-function expiry_handler() {
-	let stat = fs.stat('/etc/ucentral/operational.ca');
-	if (!stat)
-		return;
-
-	let ret = system(`openssl x509 -checkend ${timeouts.expiry_threshold} -noout -in /certificates/operational.pem`);
-	if (!ret) {
-		ulog(LOG_INFO, 'checked certificate expiry - all ok\n');
-		return;
-	}
-
-	ulog(LOG_INFO, 'certificate will expire soon\n');
-	trigger_reenroll();
-}
-
 let ubus_methods = {
 	discover: {
 		call: function(req) {
@@ -393,16 +346,28 @@ let ubus_methods = {
 		},
 		args: {},
 	},
-	reenroll: {
-		call: function(req) {
-			trigger_reenroll();
-			return 0;
-		},
-		args: {},
-	},
 };
 
-detect_certificate_type();
+function expiry_handler() {
+	let stat = fs.stat('/etc/ucentral/operational.ca');
+	if (!stat)
+		return;
+
+	let ret = system(`openssl x509 -checkend ${timeouts.expiry_threshold} -noout -in /certificates/operational.pem`);
+	if (!ret) {
+		ulog(LOG_INFO, 'checked certificate expiry - all ok\n');
+		return;
+	}
+
+	ulog(LOG_INFO, 'certificate will expire soon\n');
+	if (system('/usr/bin/est_client reenroll')) {
+		ulog(LOG_INFO, 'reenroll failed\n');
+		return;
+	}
+	ulog(LOG_INFO, 'reenroll succeeded\n');
+	ulog(LOG_INFO, '(re)starting client\n');
+	system('/etc/init.d/ucentral restart');
+}
 
 if (gateway_available()) {
 	let status = ubus.call('ucentral', 'status');

feeds/tip/cloud_discovery/files/usr/bin/est_client

@@ -8,22 +8,9 @@ import * as libuci from 'uci';
 
 let store_operational_pem = false;
 let store_operational_ca = false;
-let est_server = 'est.certificates.open-lan.org';
+let est_server = 'qaest.certificates.open-lan.org:8001';
 let cert_prefix = 'operational';
 
-function set_est_server() {
-	let pipe = fs.popen(`openssl x509 -in /etc/ucentral/cert.pem -noout -issuer`);
-	let issuer = pipe.read("all");
-	pipe.close();
-
-	if (!match(issuer, /Telecom Infra Project Issuing CA/)) {
-		ulog(LOG_INFO, 'Certificate type is "Demo" \n');
-		est_server = 'qaest.certificates.open-lan.org:8001';
-	} else {
-		ulog(LOG_INFO, 'Certificate type is "TIP"\n');
-	}
-}
-
 if (getenv('EST_SERVER'))
 	est_server = getenv('EST_SERVER');
 
@@ -92,8 +79,6 @@ function call_est_server(path, cert, target) {
 	if (generate_csr(cert))
 		return 1;
 
-	set_est_server();	
-
 	let ret = system('curl -m 10 -X POST https://' + est_server + '/.well-known/est/' + path + ' -d @/tmp/csr.nohdr.p10 -H "Content-Type: application/pkcs10" --cert ' + cert + ' --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/operational.nohdr.p7');
 	if (ret) {
 		ulog(LOG_INFO, 'Failed to request operational certificate\n');
@@ -141,9 +126,6 @@ function load_operational_ca() {
 		ulog(LOG_INFO, 'Operational CA is present\n');
 		return 0;
 	}
-
-	set_est_server();	
-
 	let ret = system('curl -m 10 -X GET https://' + est_server + '/.well-known/est/cacerts --cert /etc/ucentral/' + cert_prefix + '.pem --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/' + cert_prefix + '.ca.nohdr.p7');
 	if (!ret)
 		ret = p7_too_pem('/tmp/' + cert_prefix + '.ca.nohdr.p7', '/etc/ucentral/' + cert_prefix + '.ca');

feeds/tip/tip-defaults/files/etc/ucentral/insta.pem

@@ -4,6 +4,3 @@ MIIFajCCA1KgAwIBAgICDnowDQYJKoZIhvcNAQELBQAwHzEdMBsGA1UEAwwUT3BlbkxBTiBEZW1vIFJv
 -----BEGIN CERTIFICATE-----
 MIIFIDCCAwigAwIBAgICDnkwDQYJKoZIhvcNAQELBQAwHzEdMBsGA1UEAwwUT3BlbkxBTiBEZW1vIFJvb3QgQ0EwHhcNMjUwMjIxMTUwMDAwWhcNMjYwMjIxMTUwMDAwWjAfMR0wGwYDVQQDDBRPcGVuTEFOIERlbW8gUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMjExylKdJWoJu9mOHPJ6yZFXKe1lE467G65acpS2FKIWnPVFjNCmATMpkMOIFzEFwyFdbQjzOidtiL+73zlE52lOJpXCfOcxDFqDYDJJ8//J1/gQWsBaKpSvgLiHU/0awkQg+yJYZpj8YZa4NkFe+zTjQScSfOsqPPb3rZ7DOQ2BKAhjVShKmVbtNil0iO0zm8vE8DNkktTNMREp2pzb8MbCAgfOkwlrby6T+rV3TvmjThGdFUb5lWDFxWtlF8W0SUII9qj7p5TdGpryeLsO0nZTBtS4HxZNdvmKOHfgcRHmSZIJigB2NzKLNrXF9JBW0WnUSwZJZAG2C1RTx6lADILPueuusyfR/hZ3koKi4PHnSiTwQghzia9K9QjNHq5z9R9ZoCnhBg1VyU4LKmp862L0sIp2vgnOYunEIi9aCYBaDwo+0FuVjZuXyDIatwVuA7TN5IWPHA6XLdOt1mmkeYy1Ldr4XHjdondhtOyeei1UFXmyyLm2+kmRYfTm91TqYmNzRgbRV2NHO50AmsnBknX4Rv3gishGe0+dV5yFcUwZud0z2rSCkuoai5tKrPT+6Y6NqkT9u9HFifIBXnLwEzVUqHRtW6SuWj2DClVQIXIUZtFnhY4GuTuf6DlzgnXO58oDVCZmCW4ULIpbqGeRsvBHR8Sw5JXP/1+TMUYhE8TAgMBAAGjZjBkMB8GA1UdIwQYMBaAFDzIg8eyTI3xc4A2R60f8HanhBZDMB0GA1UdDgQWBBQ8yIPHskyN8XOANketH/B2p4QWQzAOBgNVHQ8BAf8EBAMCAQYwEgYDVR0TAQH/BAgwBgEB/wIBATANBgkqhkiG9w0BAQsFAAOCAgEAkHZ5KR8IOrdfMFy+iOvauvZxfQ84LL6TpB2FQKDjneJUdd7c29UJJFNW/0mp4Gc6jKZab6J8Dx/pNnbH0RqFjGjeRGtJ4Sk0G7gf9zw1S7qut5WJDcisM9l/wXC+zy/KSKKPQmbt0grWOtU7+NNPh1YU76hIrInq/u2sVZyKH8SXQ957fbJk6BX6JTKyNEn05AB6rNSrbOWo8sy2MlcJ7bBsrWYI1t6GcWFh4b36bLu7/dKJWpyFNXXIkKJsgMEDpEQae56+fSSDo0KRNtYB82fNZDIQlGK81rGJWNzAahM+3GD1tgk/3ZVugfaJhcBpoHHKNOGqZAvtirLAIDocno7AzqoeIz974Rh2Olsl2/arApYPyyfi8PMYuFe/d4h+Wie8n+jh5n48lZ2Ve4PK+j+QHD6tTZS4f0bGnPL1puMxzQloltuQWgLDeVfEgrc3snLvjOg8aDzWm/es85lP8XcyW54U4t3JmrNUC2C7v+Uafx7cL7eDeunhs+BRhtGV+IUmjub2IrpqZp3zZqn+LVRdYJIy/qHhjS5+ImckXkFojOmeWhfmEmYSuNP8Oa6cGuXp829qnbxLh9Qzi3TfXV883KLse4kL5Zl7gBA/4hz2hVMyGJ8fY+VvzbaTuOXyvKJ+rGZCTcRSeotBLnIevVMiL7SqOEwN0j4Mfbznfq8=
 -----END CERTIFICATE-----
------BEGIN CERTIFICATE-----
-MIIFFTCCAv2gAwIBAgICAxIwDQYJKoZIhvcNAQELBQAwGjEYMBYGA1UEAwwPT3BlbkxBTiBSb290IENBMCAXDTI1MDUxNDA4NDcxMFoYDzIwNTUwNTE0MDg0NzEwWjAaMRgwFgYDVQQDDA9PcGVuTEFOIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDGibJ04A55kSURTBSKgcBmLnND2I5wws1taKqqU9aaRhB7NtvMHwh2voH9b1brUiulZaZwTN/9kzd4AnXeKQ+0u5tV7Ofk0fzF2MK47n17TS30Yenqc4NuQEKdpKK/pM3VvOEppR/bqtgyLtDmbDnmFOx+zTj/+smTgouwA+Iier0P4s5OohYxn/bjOqwQbHbU79VpGBIWv6/kt55AhH7zvsqqKHkrzTxnsRBv3SBIufrjJr9PIhZBLDrqr56P6KgAi0eoutNt2ToiJbE0WfjU7GI1RSiSN5bGj1zXhjNVzQWs1H9QzRf3c9pl3+haHQZ7FZ1UqiTRewmbNrQ6I9k81au3SttUlb87MyAuDSzatkiq7CjQ8VE1J6te6ZBt2zWpUhHsR/Lg7g3eOw5dL4oZJdK5GgGu/MUajLUXifIqM13Mvg0VTzDhN69VLXLSL0gPcicsQCwJuAza1IC/VqmBGx19fAkyJhOurCXWOgisi0g1+xzPKRphUNwMPUf8vBVOM/Vc6xDIvwVGE3+eWXyhixneFlSpAI03nWWjpwWXihTBoxbfRXO3Y/ilJqrgFN+U4PJcCPA+Wo7ThH0mgX6bOTPcgXMUzT3v3FF6Bx5/PNV3kYrw2yLzribUiS6AGvVGnW4hX2Z6OQvA/aHME8KF+6y6m4pC7FkUjVaRlzWu/wIDAQABo2MwYTAfBgNVHSMEGDAWgBSUaFuoOPk4QLByZP47kj4p1IbCJjAdBgNVHQ4EFgQUlGhbqDj5OECwcmT+O5I+KdSGwiYwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAB+/RUC2X6eVoPsFNMkaXO5Iib/ub0JoWhODQm8j2Mr5dpGXESSpXjfDcqDOLuJbWWoflXBLdr8BsVCBqOA9YgCX0H8Br7dUWmCScixxLW0he592/424EvdwifxcKHZLjv9CKV5Txhqnm2djc5RY/nTH5MYVrIh/If2TNO5ydDP6+vgy9GQ4en04VK7rz+PW17O8l7k9/lOmYptZmHgSDAPj/cT3PlG+McqaI5rMSHeEHlzH+PvgWjtSeEhF4FwFBXroDl4/yb4l2JB8bqAZ3vsOXSkigFcZh5MXPe+zuSSW+G8iLr4xoi0CFsP2DaHEyxgqP4B1FtE9nFPo6cvWbwqTVT7QSzqfH+jPJuQvpFXeRF5UFegNZTFT5/uFFPamihakFslEYxeJey1y+OJdLcP6ef87ruSt8amsq56OAETYpnW4JFowlEh0C+QwLGHGGY6WrOgHY/90hJmPgXBdBVg/IoOhzbvk5A+LqZDvxV2/rLNfClw8Kr3g5e8obcB6dWgMCy2z+us0H79ucnmhzQKsjpxM9T1ncHovAQfiD3jVqfHULY53avh0wIAjosoTGbe8dyx80quHe+16qWan7C9idXeAYYJXbZt5hs6hLw4I8M1LsjTg6vwsqiaHZpsmDyyQLdFjNJldG7aosfS9F+BIpuwijF+1dashL0CPsbIJ
------END CERTIFICATE-----

feeds/ucentral/ucentral-client/Makefile

@@ -4,9 +4,10 @@ PKG_NAME:=ucentral-client
 PKG_RELEASE:=1
 
 PKG_SOURCE_URL=https://github.com/Telecominfraproject/wlan-ucentral-client.git
+PKG_MIRROR_HASH:=34c912efa9c0dcdbc6122296e236993484b24b3bc4de51608356304afc8df1c3
 PKG_SOURCE_PROTO:=git
-PKG_SOURCE_DATE:=2025-08-11
-PKG_SOURCE_VERSION:=549e84e5fea7230c5471d6a3dbddcc7d3152f665
+PKG_SOURCE_DATE:=2025-07-27
+PKG_SOURCE_VERSION:=c536f6957bd96e57301f9d540b75460119d2a69a
 
 PKG_LICENSE:=BSD-3-Clause
 PKG_MAINTAINER:=John Crispin <john@phrozen.org>

patches/0096-base-files-boot-add-sync-after-uci-defaults.patch

@@ -1,33 +0,0 @@
-From 309a419087da906a2f3b0f39763f021e9729dd85 Mon Sep 17 00:00:00 2001
-From: Paul White <paul@shasta.cloud>
-Date: Mon, 4 Aug 2025 04:14:23 +0000
-Subject: [PATCH] base-files: boot: add sync after uci-defaults
-
-A scenario was seen where UCI config was not flushed to disk before
-an AP power-cycle after uci-defaults was completed.  Since these
-scripts are deleted after being ran once, there is no way to recover
-without a factory reset.
-
-Adding this sync operation proved to help avoid this situation from
-happening
-
-Signed-off-by: Paul White <paul@shasta.cloud>
----
- package/base-files/files/etc/init.d/boot | 1 +
- 1 file changed, 1 insertion(+)
-
-diff --git a/package/base-files/files/etc/init.d/boot b/package/base-files/files/etc/init.d/boot
-index 15756669a9..c8a803e32c 100755
---- a/package/base-files/files/etc/init.d/boot
-+++ b/package/base-files/files/etc/init.d/boot
-@@ -15,6 +15,7 @@ uci_apply_defaults() {
- 		( . "./$(basename $file)" ) && rm -f "$file"
- 	done
- 	uci commit
-+	sync
- }
- 
- boot() {
--- 
-2.43.0
-

patches/0099-elfutils-fix-build-with-GCC11.patch

@@ -1,26 +0,0 @@
-From b82a8514a3f52b91ec84f703ef92740dda19d5d9 Mon Sep 17 00:00:00 2001
-From: John Crispin <john@phrozen.org>
-Date: Thu, 14 Aug 2025 10:29:29 +0200
-Subject: [PATCH] elfutils: fix build with GCC11
-
-Signed-off-by: John Crispin <john@phrozen.org>
----
- package/libs/elfutils/Makefile | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/package/libs/elfutils/Makefile b/package/libs/elfutils/Makefile
-index f7364c36be..76112c89ff 100644
---- a/package/libs/elfutils/Makefile
-+++ b/package/libs/elfutils/Makefile
-@@ -87,7 +87,7 @@ TARGET_CFLAGS += \
- 	-Wno-unused-result \
- 	-Wno-format-nonliteral
- 
--ifneq ($(CONFIG_GCC_USE_VERSION_11),y)
-+ifneq ($(CONFIG_GCC_VERSION_11),y)
- TARGET_CFLAGS += \
- 	-Wno-error=use-after-free
- endif
--- 
-2.34.1
-