netopeer2: update to 1.1.39

Signed-off-by: Jakov Smolic <jakov.smolic@sartura.hr>
2026-04-30 07:28:39 +01:00 · 2020-08-22 16:17:58 +02:00
parent 03ab03ad06
commit f8ffabaf08
13 changed files with 296 additions and 283 deletions
@@ -0,0 +1,85 @@
+#
+# Copyright (C) 2017 OpenWrt.org
+#
+# This is free software, licensed under the GNU General Public License v2.
+# See /LICENSE for more information.
+#
+
+# Warning by default OpenWrt does not have a root password which is necessery for NETCONF server.
+
+include $(TOPDIR)/rules.mk
+
+PKG_NAME:=netopeer2
+PKG_VERSION:=1.1.39
+PKG_RELEASE:=1
+
+PKG_LICENSE:=BSD-3-Clause
+PKG_MAINTAINER:=Jakov Smolic <jakov.smolic@sartura.hr>
+
+PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
+PKG_SOURCE_URL:=https://codeload.github.com/CESNET/Netopeer2/tar.gz/v$(PKG_VERSION)?
+PKG_HASH:=e983683eda68792fedd73af54a5c7997496091489aa921f2a9e0dd27f2f6e19a
+
+CMAKE_INSTALL:=1
+
+PKG_BUILD_PARALLEL:=1
+PKG_INSTALL:=1
+
+include $(INCLUDE_DIR)/package.mk
+include $(INCLUDE_DIR)/cmake.mk
+
+define Package/netopeer2-server
+  SECTION:=utils
+  CATEGORY:=Utilities
+  TITLE:=NETCONF server
+  URL:=https://github.com/CESNET/Netopeer2
+  DEPENDS:=+libcurl +libpthread +libyang +libnetconf2 +libsysrepo +sysrepocfg +sysrepoctl +sysrepo
+  MENU:=1
+endef
+
+define Package/netopeer2-cli
+  SECTION:=utils
+  CATEGORY:=Utilities
+  TITLE:=Netopeer2 cli tool
+  URL:=https://github.com/CESNET/Netopeer2
+  DEPENDS:=+libpthread +libyang +libnetconf2 +libopenssl
+endef
+
+define Package/netopeer2/description
+ Netopeer2 is a set of tools implementing network configuration tools based on the NETCONF
+ Protocol. This is the second generation of the toolset, originally available as the Netopeer
+ project. Netopeer2 is based on the new generation of the NETCONF and YANG libraries -
+ libyang and libnetconf2. The Netopeer server uses sysrepo as a NETCONF datastore implementation.
+endef
+
+CMAKE_OPTIONS += \
+	-DCMAKE_INSTALL_PREFIX:PATH=/usr \
+	-DCMAKE_BUILD_TYPE:STRING=Release \
+	-DGENERATE_HOSTKEY:BOOL=OFF \
+	-DINSTALL_MODULES:BOOL=OFF \
+	-DMERGE_LISTEN_CONFIG:BOOL=OFF
+
+define Package/netopeer2-server/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/netopeer2-server $(1)/usr/bin/
+
+	$(INSTALL_DIR) $(1)/etc/sysrepo/yang
+	$(INSTALL_DIR) $(1)/etc/netopeer2/modules
+	$(INSTALL_DATA) $(PKG_BUILD_DIR)/modules/* $(1)/etc/netopeer2/modules/
+
+	$(INSTALL_DIR) $(1)/etc/uci-defaults
+	$(INSTALL_BIN) ./files/netopeer2-server-setup.default $(1)/etc/uci-defaults/97_netopeer2-server
+	$(INSTALL_BIN) ./files/netopeer2-server-merge-hostkey.default $(1)/etc/uci-defaults/98_netopeer2-server
+	$(INSTALL_BIN) ./files/netopeer2-server-merge-config.default $(1)/etc/uci-defaults/99_netopeer2-server
+
+	$(INSTALL_DIR) $(1)/etc/init.d/
+	$(INSTALL_BIN) ./files/netopeer2-server.init $(1)/etc/init.d/netopeer2-server
+endef
+
+define Package/netopeer2-cli/install
+	$(INSTALL_DIR) $(1)/usr/bin
+	$(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/netopeer2-cli $(1)/usr/bin/
+endef
+
+$(eval $(call BuildPackage,netopeer2-server))
+$(eval $(call BuildPackage,netopeer2-cli))
@@ -0,0 +1,57 @@
+#!/bin/sh
+
+set -e
+
+# avoid problems with sudo path
+SYSREPOCFG=`which sysrepocfg`
+KS_KEY_NAME=genkey
+
+# check that there is no listen/Call Home configuration yet
+SERVER_CONFIG=`$SYSREPOCFG -X -x "/ietf-netconf-server:netconf-server/listen/endpoint[1]/name | /ietf-netconf-server:netconf-server/call-home/netconf-client[1]/name"`
+if [ -z "$SERVER_CONFIG" ]; then
+
+# import default config
+CONFIG="<netconf-server xmlns=\"urn:ietf:params:xml:ns:yang:ietf-netconf-server\">
+    <listen>
+        <endpoint>
+            <name>default-ssh</name>
+            <ssh>
+                <tcp-server-parameters>
+                    <local-address>0.0.0.0</local-address>
+                    <keepalives>
+                        <idle-time>1</idle-time>
+                        <max-probes>10</max-probes>
+                        <probe-interval>5</probe-interval>
+                    </keepalives>
+                </tcp-server-parameters>
+                <ssh-server-parameters>
+                    <server-identity>
+                        <host-key>
+                            <name>default-key</name>
+                            <public-key>
+                                <keystore-reference>$KS_KEY_NAME</keystore-reference>
+                            </public-key>
+                        </host-key>
+                    </server-identity>
+                    <client-authentication>
+                        <supported-authentication-methods>
+                            <publickey/>
+                            <passsword/>
+                            <other>interactive</other>
+                        </supported-authentication-methods>
+                        <users/>
+                    </client-authentication>
+                </ssh-server-parameters>
+            </ssh>
+        </endpoint>
+    </listen>
+</netconf-server>"
+TMPFILE=`mktemp -u`
+printf -- "$CONFIG" > $TMPFILE
+# apply it to startup and running
+$SYSREPOCFG --edit=$TMPFILE -d startup -f xml -m ietf-netconf-server -v2
+$SYSREPOCFG -C startup -m ietf-netconf-server -v2
+# remove the tmp file
+rm $TMPFILE
+
+fi
@@ -0,0 +1,47 @@
+#!/bin/sh
+
+set -e
+
+# avoid problems with sudo path
+SYSREPOCFG=`which sysrepocfg`
+OPENSSL=`which openssl`
+
+# check that there is no SSH key with this name yet
+KEYSTORE_KEY=`$SYSREPOCFG -X -x "/ietf-keystore:keystore/asymmetric-keys/asymmetric-key[name='genkey']/name"`
+if [ -z "$KEYSTORE_KEY" ]; then
+
+# generate a new key
+PRIVPEM=`$OPENSSL genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -outform PEM 2>/dev/null`
+# remove header/footer
+PRIVKEY=`grep -v -- "-----" - <<STDIN
+$PRIVPEM
+STDIN`
+# get public key
+PUBPEM=`$OPENSSL rsa -pubout 2>/dev/null <<STDIN
+$PRIVPEM
+STDIN`
+# remove header/footer
+PUBKEY=`grep -v -- "-----" - <<STDIN
+$PUBPEM
+STDIN`
+
+# generate edit config
+CONFIG="<keystore xmlns=\"urn:ietf:params:xml:ns:yang:ietf-keystore\">
+    <asymmetric-keys>
+        <asymmetric-key>
+            <name>genkey</name>
+            <algorithm>rsa2048</algorithm>
+            <public-key>$PUBKEY</public-key>
+            <private-key>$PRIVKEY</private-key>
+        </asymmetric-key>
+    </asymmetric-keys>
+</keystore>"
+TMPFILE=`mktemp -u`
+printf -- "$CONFIG" > $TMPFILE
+# apply it to startup and running
+$SYSREPOCFG --edit=$TMPFILE -d startup -f xml -m ietf-keystore -v2
+$SYSREPOCFG -C startup -m ietf-keystore -v2
+# remove the tmp file
+rm $TMPFILE
+
+fi
@@ -0,0 +1,106 @@
+#!/bin/sh
+
+# Warning, problems can occur if the device restarts in the middle of this uci-default script
+
+# install YANG modules
+SYSREPOCTL=`which sysrepoctl`
+MODDIR="/etc/netopeer2/modules"
+PERMS=600
+OWNER=root
+GROUP=root
+
+# array of modules to install
+MODULES="\
+ietf-netconf-acm@2018-02-14.yang
+ietf-netconf@2013-09-29.yang -e writable-running -e candidate -e rollback-on-error -e validate -e startup -e url -e xpath
+ietf-netconf-monitoring@2010-10-04.yang
+ietf-netconf-nmda@2019-01-07.yang -e origin -e with-defaults
+nc-notifications@2008-07-14.yang
+notifications@2008-07-14.yang
+ietf-x509-cert-to-name@2014-12-10.yang
+ietf-crypto-types@2019-07-02.yang
+ietf-keystore@2019-07-02.yang -e keystore-supported
+ietf-truststore@2019-07-02.yang -e truststore-supported -e x509-certificates
+ietf-tcp-common@2019-07-02.yang -e keepalives-supported
+ietf-ssh-server@2019-07-02.yang -e local-client-auth-supported
+ietf-tls-server@2019-07-02.yang -e local-client-auth-supported
+ietf-netconf-server@2019-07-02.yang -e ssh-listen -e tls-listen -e ssh-call-home -e tls-call-home"
+
+# functions
+INSTALL_MODULE() {
+    local module=`echo "$1" | sed 's/\s.*$//'`
+    $SYSREPOCTL -a -i $MODDIR/$module -s $MODDIR -p $PERMS -o $OWNER -g $GROUP -v2
+    local rc=$?
+    if [ $rc -ne 0 ]; then
+        exit $rc
+    fi
+}
+
+UPDATE_MODULE() {
+    $SYSREPOCTL -a -U $MODDIR/$1 -s $MODDIR -p $PERMS -o $OWNER -g $GROUP -v2
+    local rc=$?
+    if [ $rc -ne 0 ]; then
+        exit $rc
+    fi
+}
+
+ENABLE_FEATURE() {
+    $SYSREPOCTL -a -c $1 -e $2 -v2
+    local rc=$?
+    if [ $rc -ne 0 ]; then
+        exit $rc
+    fi
+}
+
+ENABLE_FEATURES() {
+    # parse sysrepoctl features and add extra space at the end for easier matching
+    local sctl_features="`echo "$SCTL_MODULE" | sed 's/\([^|]*|\)\{6\}\(.*\)/\2/'` "
+    # parse features we want to enable
+    local features=`echo "$1" | sed 's/[^ ]* \(.*\)/\1/'`
+    while [ "${features:0:3}" = "-e " ]; do
+        # skip "-e "
+        features=${features:3}
+        # parse feature
+        local feature=`echo "$features" | sed 's/\([^[:space:]]*\).*/\1/'`
+
+        # enable feature if not already
+        sctl_feature=`echo "$sctl_features" | grep " ${feature} "`
+        if [ -z "$sctl_feature" ]; then
+            # enable feature
+            ENABLE_FEATURE $name $feature
+        fi
+
+        # next iteration, skip this feature
+        features=`echo "$features" | sed 's/[^[:space:]]* \(.*\)/\1/'`
+    done
+}
+
+# get current modules
+SCTL_MODULES=`$SYSREPOCTL -l`
+
+IFS=$'\n'
+for i in $MODULES; do
+    name=`echo "$i" | sed 's/\([^@]*\).*/\1/'`
+
+    SCTL_MODULE=`echo "$SCTL_MODULES" | grep "^$name \+|[^|]*| I"`
+    if [ -z "$SCTL_MODULE" ]; then
+        # install module
+        INSTALL_MODULE "$i"
+        ENABLE_FEATURES "$i"
+        continue
+    fi
+
+    sctl_revision=`echo "$SCTL_MODULE" | sed 's/[^|]*| \([^ ]*\).*/\1/'`
+    revision=`echo "$i" | sed 's/[^@]*@\([^\.]*\).*/\1/'`
+    if [ "$sctl_revision" \< "$revision" ]; then
+        # update module without any features
+        file=`echo "$i" | cut -d' ' -f 1`
+        UPDATE_MODULE $file
+    fi
+
+    ENABLE_FEATURES "$i"
+done
+
+unset IFS
+
+exit 0
@@ -0,0 +1,21 @@
+#!/bin/sh /etc/rc.common
+
+START=99
+STOP=11
+
+USE_PROCD=1
+PROG=/usr/bin/netopeer2-server
+
+start_service() {
+    procd_open_instance
+    procd_set_param command $PROG
+    procd_append_param command -d -v 0
+    procd_set_param respawn
+    procd_close_instance
+}
+
+stop_service()
+{
+    service_stop ${PROG}
+    rm /var/run/netopeer2-server.pid
+}