[RFC PATCH v4 04/10] Added package fff-hoodsync
Jan Kraus
mayosemmel at googlemail.com
Fr Aug 19 20:45:16 CEST 2016
the package will synchronize and verify hood- and keyfiles
Signed-off-by: Jan Kraus <mayosemmel at gmail.com>
---
.../fff/fff-fastd/files/usr/lib/micron.d/fff-fastd | 1 +
src/packages/fff/fff-hoodsync/Makefile | 39 ++++++++++++++
.../fff/fff-hoodsync/files/usr/lib/verifysigs | 62 ++++++++++++++++++++++
.../fff/fff-hoodsync/files/usr/sbin/syncHoods | 25 +++++++++
.../fff/fff-hoodsync/files/usr/sbin/verifyHoods | 56 +++++++++++++++++++
.../fff/fff-hoodsync/files/usr/sbin/verifyKeys | 56 +++++++++++++++++++
src/packages/fff/fff/Makefile | 3 +-
7 files changed, 241 insertions(+), 1 deletion(-)
create mode 100644 src/packages/fff/fff-fastd/files/usr/lib/micron.d/fff-fastd
create mode 100644 src/packages/fff/fff-hoodsync/Makefile
create mode 100644 src/packages/fff/fff-hoodsync/files/usr/lib/verifysigs
create mode 100755 src/packages/fff/fff-hoodsync/files/usr/sbin/syncHoods
create mode 100755 src/packages/fff/fff-hoodsync/files/usr/sbin/verifyHoods
create mode 100755 src/packages/fff/fff-hoodsync/files/usr/sbin/verifyKeys
diff --git a/src/packages/fff/fff-fastd/files/usr/lib/micron.d/fff-fastd b/src/packages/fff/fff-fastd/files/usr/lib/micron.d/fff-fastd
new file mode 100644
index 0000000..9399c4f
--- /dev/null
+++ b/src/packages/fff/fff-fastd/files/usr/lib/micron.d/fff-fastd
@@ -0,0 +1 @@
+*/10 * * * * sleep $(/usr/bin/random 0 29); sh /usr/sbin/fastdstart
diff --git a/src/packages/fff/fff-hoodsync/Makefile b/src/packages/fff/fff-hoodsync/Makefile
new file mode 100644
index 0000000..ccfc6ee
--- /dev/null
+++ b/src/packages/fff/fff-hoodsync/Makefile
@@ -0,0 +1,39 @@
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=fff-hoodsync
+PKG_VERSION:=0.0.1
+PKG_RELEASE:=1
+
+PKG_BUILD_DIR:=$(BUILD_DIR)/fff-hoodsync
+
+include $(INCLUDE_DIR)/package.mk
+
+define Package/fff-hoodsync
+ SECTION:=base
+ CATEGORY:=Freifunk
+ TITLE:= Freifunk-Franken hoodfile synchronisation
+ URL:=http://www.freifunk-franken.de
+ DEPENDS:=+fff-hoods +libubox +ecdsautils
+endef
+
+define Package/fff-hoodsync/description
+ This package synchronises and verifys hoodfiles and keyfiles
+endef
+
+define Build/Prepare
+ echo "all: " > $(PKG_BUILD_DIR)/Makefile
+endef
+
+define Build/Configure
+ # nothing
+endef
+
+define Build/Compile
+ # nothing
+endef
+
+define Package/fff-hoodsync/install
+ $(CP) ./files/* $(1)/
+endef
+
+$(eval $(call BuildPackage,fff-hoodsync))
diff --git a/src/packages/fff/fff-hoodsync/files/usr/lib/verifysigs b/src/packages/fff/fff-hoodsync/files/usr/lib/verifysigs
new file mode 100644
index 0000000..26718e4
--- /dev/null
+++ b/src/packages/fff/fff-hoodsync/files/usr/lib/verifysigs
@@ -0,0 +1,62 @@
+#!/bin/sh
+
+. /usr/share/libubox/jshn.sh
+
+if [ -z "$TRUSTEDKEYDIR" ]; then
+ TRUSTEDKEYDIR=/etc/hoods/keys
+fi
+
+gettrustedkeys()
+{
+ local trustedkeys=""
+ for keyfile in $TRUSTEDKEYDIR/*.key
+ do
+ json_load "$(cat $keyfile)"
+ json_get_var valid valid
+ if [ "$valid" == "true" ]
+ then
+ json_get_var PubKey PubKey
+ trustedkeys="$trustedkeys,$PubKey"
+ fi
+ done
+ echo "$trustedkeys"
+}
+
+verifysigs()
+{
+ local file="$1"
+ local sigfile="$2"
+ local sigsneeded="$3"
+ local trustedkeys="$(gettrustedkeys)"
+ echo "Check if signatures for $file are valid"
+ echo "Parsing $sigfile"
+ json_load "$(cat $sigfile)"
+ json_select Sigs
+ local Sigs=""
+ local Keys=""
+ local Index="1"
+ while json_select $Index > /dev/null
+ do
+ json_get_var SigPubKey PubKey
+ if echo "$Keys"|grep "$SigPubKey" > /dev/null
+ then
+ echo "$SigPubKey is duplicate"
+ elif echo "$trustedkeys"|grep "$SigPubKey" > /dev/null
+ then
+ Keys="$Keys -p $SigPubKey"
+ json_get_var Sig Sig
+ Sigs="$Sigs -s $Sig"
+ else
+ echo "$SigPubKey is not trusted"
+ fi
+ json_select ".."
+ Index=$((Index+1))
+ done
+ if ecdsaverify -n $sigsneeded $Sigs $Keys $file;then
+ echo "Valid Signatures"
+ return 0
+ else
+ echo "Invalid Signatures"
+ return 1
+ fi
+}
diff --git a/src/packages/fff/fff-hoodsync/files/usr/sbin/syncHoods b/src/packages/fff/fff-hoodsync/files/usr/sbin/syncHoods
new file mode 100755
index 0000000..f32d2a1
--- /dev/null
+++ b/src/packages/fff/fff-hoodsync/files/usr/sbin/syncHoods
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+UPDATELINK="http://[fdff:3::e418:c9ff:fec6:9d7d]/foo/hoods"
+HOODDIR=/tmp/syncedhoods
+KEYDIR=/tmp/syncedkeys
+
+rm -rf "$HOODDIR"
+rm -rf "$KEYDIR"
+mkdir -p "$HOODDIR"
+mkdir -p "$KEYDIR"
+rm -f /tmp/hoods.list
+rm -f /tmp/keys.list
+wget "$UPDATELINK/hoods.list" -O /tmp/hoods.list
+wget "$UPDATELINK/keys/keys.list" -O /tmp/keys.list
+
+while read filename
+do
+ wget "$UPDATELINK/$filename" -O "$HOODDIR/$filename"
+done < /tmp/hoods.list
+
+while read filename
+do
+ wget "$UPDATELINK/keys/$filename" -O "$KEYDIR/$filename"
+done < /tmp/keys.list
+
diff --git a/src/packages/fff/fff-hoodsync/files/usr/sbin/verifyHoods b/src/packages/fff/fff-hoodsync/files/usr/sbin/verifyHoods
new file mode 100755
index 0000000..af06fcc
--- /dev/null
+++ b/src/packages/fff/fff-hoodsync/files/usr/sbin/verifyHoods
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+. /usr/share/libubox/jshn.sh
+. /usr/lib/verifysigs
+
+TRUSTEDHOODDIR=/etc/hoods
+
+if [ -z "$1" ]
+then
+ echo "Setting Hood directory to $1"
+ HOODDIR="$1"
+else
+ echo "Setting Hood directory to $TRUSTEDHOODDIR"
+ HOODDIR="$TRUSTEDHOODDIR"
+fi
+
+for hoodfile in $HOODDIR/*.hood
+do
+ echo "Check if hood-files are valid"
+ echo "Parsing $(basename $hoodfile)"
+ json_load "$(cat $hoodfile)"
+ json_select hood
+ json_get_var newHoodName name
+ json_get_var newTimestamp timestamp
+ if [ -f "$TRUSTEDHOODDIR/$newHoodName.hood" ]
+ then
+ json_load "$(cat $TRUSTEDHOODDIR/$newHoodName.hood)"
+ json_select hood
+ json_get_var oldHoodName name
+ json_get_var oldTimestamp timestamp
+ if [ "$newHoodName" != "$oldHoodName" ]
+ then
+ echo "Hoodnames are not matching"
+ rm -f "$hoodfile"
+ rm -f "$hoodfile".sig
+ fi
+ if [ "$newTimestamp" -le "$oldTimestamp" ]
+ then
+ echo "the synchronized file is older than current"
+ rm -f "$hoodfile"
+ rm -f "$hoodfile".sig
+ fi
+ fi
+ if verifysigs "$hoodfile" "$hoodfile.sig" "2"
+ then
+ echo "There are enough valid Signatures, so hoodfile is now trusted."
+ cp "$hoodfile" "$TRUSTEDHOODDIR/."
+ cp "$hoodfile".sig "$TRUSTEDHOODDIR/."
+ else
+ echo "There aren't enough valid Signatures"
+ echo "$hoodfile will be removed now"
+ rm -f "$hoodfile"
+ rm -f "$hoodfile".sig
+ fi
+ echo
+done
diff --git a/src/packages/fff/fff-hoodsync/files/usr/sbin/verifyKeys b/src/packages/fff/fff-hoodsync/files/usr/sbin/verifyKeys
new file mode 100755
index 0000000..36f2ad5
--- /dev/null
+++ b/src/packages/fff/fff-hoodsync/files/usr/sbin/verifyKeys
@@ -0,0 +1,56 @@
+#!/bin/sh
+
+. /usr/share/libubox/jshn.sh
+. /usr/lib/verifysigs
+
+TRUSTEDKEYDIR=/etc/hoods/keys
+
+if [ -z "$1" ]
+then
+ echo "Setting Key directory to $1"
+ KEYDIR="$1"
+else
+ echo "Setting Key directory to $TRUSTEDKEYDIR"
+ KEYDIR="$TRUSTEDKEYDIR"
+fi
+
+for keyfile in $KEYDIR/*.key
+do
+ echo "Check if key-signatures are valid"
+ echo "Parsing $(basename $keyfile)"
+ json_load "$(cat $keyfile)"
+ json_select key
+ json_get_var newTimestamp timestamp
+ if [ -f "$TRUSTEDKEYDIR/$(basename $keyfile)" ]
+ then
+ json_load "$(cat $TRUSTEDKEYDIR/$(basename $keyfile))"
+ json_select key
+ json_get_var oldTimestamp timestamp
+ if [ "$newTimestamp" -le "$oldTimestamp" ]
+ then
+ echo "the synchronized file is older than current"
+ rm -f "$keyfile"
+ rm -f "$keyfile".sig
+ fi
+ fi
+ if verifysigs "$keyfile" "$keyfile.sig" "2"
+ then
+ cp "$keyfile" "$TRUSTEDKEYDIR/."
+ cp "$keyfile".sig "$TRUSTEDKEYDIR/."
+ json_load "$(cat $TRUSTEDKEYDIR/$(basename $keyfile))"
+ json_select key
+ json_get_var valid valid
+ if [ "$valid" == "true" ]
+ then
+ echo "There are enough valid Signatures, so key is now trusted."
+ else
+ echo "There are enough valid Signatures. The key was revoked."
+ fi
+ else
+ echo "There aren't enough valid Signatures"
+ echo "$keyfile will be removed"
+ rm -f "$keyfile"
+ rm -f "$keyfile".sig
+ fi
+done
+
diff --git a/src/packages/fff/fff/Makefile b/src/packages/fff/fff/Makefile
index 41e53d7..d9253bd 100644
--- a/src/packages/fff/fff/Makefile
+++ b/src/packages/fff/fff/Makefile
@@ -26,7 +26,8 @@ define Package/fff-base
+fff-wireless \
+fff-timeserver \
+fff-vpn-select \
- +fff-hoods
+ +fff-hoods \
+ +fff-hoodsync
endef
define Package/fff-base/description
--
2.1.4
Mehr Informationen über die Mailingliste franken-dev