atlas-sw-probe: improve key creation

- Exit start if a probe_key is not present - Add create_key command to generate a private_key based on the provided username in the atlas config. - Add registration instruction in /etc/atlas - Rework script to save probe_key on sysupgrade (the key are now adviced to be placed in the /etc/atlas dir and a link is used to make them accessible in the atlas-sw-scripts etc dir) Signed-off-by: Ansuel Smith <[email protected]>
openwrt · Apr 21, 2021 · da5b28b · da5b28b
1 parent c597f12
commit da5b28b
Show file tree

Hide file tree

Showing 4 changed files with 77 additions and 2 deletions.
diff --git a/net/atlas-sw-probe/Makefile b/net/atlas-sw-probe/Makefile
@@ -8,7 +8,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=atlas-sw-probe
 PKG_VERSION:=5020
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://github.com/RIPE-NCC/ripe-atlas-software-probe.git
@@ -68,6 +68,7 @@ exit 0
 endef
 
 define Package/atlas-sw-probe/conffiles
+/etc/atlas/
 /etc/config/atlas
 /usr/libexec/atlas-probe-scripts/state/config.txt
 endef
@@ -104,6 +105,10 @@ define Package/atlas-sw-probe/install
 	# Fix permision
 	chmod 755 $(1)/$(SCRIPTS_DIR)/bin
 
+	# Add registration instruction
+	$(INSTALL_DIR) $(1)/etc/atlas/
+	$(CP) ./files/atlas.readme $(1)/etc/atlas/
+
 	# Create softlinks for writable dirs
 	$(LN) $(TMP_BASE_DIR)/crons $(1)/$(SCRIPTS_DIR)/crons
 	$(LN) $(TMP_BASE_DIR)/data $(1)/$(SCRIPTS_DIR)/data

diff --git a/net/atlas-sw-probe/files/atlas.conf b/net/atlas-sw-probe/files/atlas.conf
@@ -2,3 +2,4 @@ config atlas 'common'
 	option log_stderr '1'
 	option log_stdout '0'
 	option rxtxrpt '1'
+	option username ''
diff --git a/net/atlas-sw-probe/files/atlas.init b/net/atlas-sw-probe/files/atlas.init
@@ -2,12 +2,13 @@
 
 USE_PROCD=1
 START=30
-EXTRA_COMMANDS="get_key probeid log create_backup load_backup"
+EXTRA_COMMANDS="get_key probeid log create_backup load_backup create_key"
 EXTRA_HELP="	get_key	print probe public key (used for probe registration)
 	probeid	print probe id
 	log	print probe status log
 	create_backup 	backup ssh key to tar.gz
 	load_backup 'backup.tar.gz' 	load backup ssh key from tar.gz
+	create_key create probe priv/pub key 
 "
 
 SCRIPTS_DIR="/usr/libexec/atlas-probe-scripts"
@@ -57,6 +58,56 @@ create_backup() {
 	fi
 }
 
+create_key() {
+	local username
+	local probe_key=/etc/atlas/probe_key
+	local probe_pub_key=/etc/atlas/probe_key.pub
+
+	config_load atlas
+
+	config_get username "common" username
+
+	if [ -f "$PRIV_KEY_FILE" ]; then
+		if [ ! -f $probe_key ]; then
+			print_msg "Missing probe_key in /etc/atlas"
+			print_msg "The key will be lost on sysupgrade. Cosider moving the keys in /etc/atlas and create a link in the $SCRIPTS_DIR/etc/ dir."
+		fi
+
+		print_msg "probe_key already present. Exiting..."
+		exit 1
+	fi
+
+	if [ -z "$username" ]; then
+		print_msg "Username not set in atlas config file. Enter your ripe-atlas username."
+		exit 1
+	fi
+
+	if [ -n "$(which ssh-keygen)" ]; then
+		ssh-keygen -t rsa -b 2048 -f $probe_key -N ""
+		sed -i "s/ \S*$/ "$username"/" $probe_pub_key
+	elif [ -n "$(which dropbearkey)" ]; then
+		local public_key
+
+		public_key="$(dropbearkey -t rsa -f $probe_key -s 2048 | sed -n 2p)"
+		public_key="$(echo "$public_key" | sed "s/ \S*$/ "$username"/")"
+		echo $public_key > $probe_pub_key
+	else
+		print_msg "Can't find a way to generate key."
+		exit 1
+	fi
+
+	#Link priv/pub key
+	ln -s $probe_key $PRIV_KEY_FILE
+	ln -s $probe_pub_key $PUB_KEY_FILE
+
+	#Fix permission
+	chown atlas $probe_key $probe_pub_key
+	chgrp atlas $probe_key $probe_pub_key
+	chmod 644 $probe_key $probe_pub_key
+
+	print_msg "Key generated successfully. Use the get_key command to show the public key and get instruction on how to register your probe."
+}
+
 log() {
 	if [ -f "$LOG_FILE" ];then
 		tail "$LOG_FILE"
@@ -155,6 +206,12 @@ start_service() {
 	local rxtxrpt
 	local test_setting
 
+	if [ ! -f $PRIV_KEY_FILE ]; then
+		print_msg "Missing probe_key. To init the key follow instruction in /etc/atlas/atlas.readme"
+		print_msg "Assuming atlas-sw-probe not init. Exiting..."
+		exit 1
+	fi
+
 	create_tmp_dirs
 
 	config_load atlas

diff --git a/net/atlas-sw-probe/files/atlas.readme b/net/atlas-sw-probe/files/atlas.readme
@@ -0,0 +1,12 @@
+# Atlas probe setup instruction
+
+The atlas probe software requires a rsa 2048-4096 key for registration.
+
+Follow these steps to register your probe on the ripe-atlas systems.
+1. Insert your username in the atlas config file (/etc/config/atlas)
+2. Use the command '/etc/init.d/atlas create_key' to create a priv/pub key.
+3. The priv/pub key will be stored on the directory /etc/atlas/
+4. Use the command '/etc/init.d/atlas get_key' to get the public key used for probe registration.
+   Make sure to copy the entire key and that the last value is the correct username
+5. Follow the instruction from the past command or go to 'https://atlas.ripe.net/apply/swprobe/'
+   and register your probe.