From: Steven Barth Date: Wed, 4 Mar 2009 17:17:30 +0000 (+0000) Subject: nixio: Autogenerate private key on installation if we have axtls X-Git-Tag: 0.9.0~637 X-Git-Url: https://git.archive.openwrt.org/?p=project%2Fluci.git;a=commitdiff_plain;h=b92e6532a0237b7b13e29c6c0c55943fc1cd7d77;ds=sidebyside nixio: Autogenerate private key on installation if we have axtls support, make the TLS provider configurable in the build menu --- diff --git a/contrib/package/luci/Makefile b/contrib/package/luci/Makefile index e915d0370..6dad6d486 100644 --- a/contrib/package/luci/Makefile +++ b/contrib/package/luci/Makefile @@ -213,15 +213,39 @@ define Package/luci-json/install endef + +NIXIO_TLS:=axtls + define Package/luci-nixio $(call Package/luci/libtemplate) TITLE:=NIXIO Socket Library + DEPENDS:= endef define Package/luci-nixio/install $(call Package/luci/install/template,$(1),libs/nixio) endef +define Package/luci-nixio/config + choice + prompt "TLS Provider" + default PACKAGE_luci-nixio_axtls + + config PACKAGE_luci-nixio_axtls + bool "Builtin (axTLS)" + select PACKAGE_dropbear + select PACKAGE_dropbearconvert + + config PACKAGE_luci-nixio_openssl + bool "OpenSSL" + select PACKAGE_libopenssl + endchoice +endef + +ifneq ($(CONFIG_PACKAGE_luci-nixio_openssl),) + NIXIO_TLS:=openssl +endif + define Package/luci-sys $(call Package/luci/libtemplate) @@ -951,7 +975,7 @@ MAKE_FLAGS += \ LUA_SHLIBS="-llua -lm -ldl -lcrypt" \ CFLAGS="$(TARGET_CFLAGS) -I$(STAGING_DIR)/usr/include" \ LDFLAGS="$(TARGET_LDFLAGS) -L$(STAGING_DIR)/usr/lib" \ - OS="Linux" + NIXIO_TLS="$(NIXIO_TLS)" OS="Linux" $(eval $(call BuildPackage,luci-core)) diff --git a/libs/nixio/Makefile b/libs/nixio/Makefile index d58162fcd..df63dc183 100644 --- a/libs/nixio/Makefile +++ b/libs/nixio/Makefile @@ -39,6 +39,8 @@ src/tls-socket.o: $(TLS_DEPENDS) src/tls-socket.c src/openssl-compat.o: src/libaxtls.a src/openssl-compat.c $(COMPILE) $(NIXIO_CFLAGS) $(LUA_CFLAGS) $(FPIC) $(TLS_CFLAGS) -c -o $@ src/openssl-compat.c + mkdir -p dist + cp -pR axtls-root/* dist/ compile: $(NIXIO_OBJ) diff --git a/libs/nixio/axtls-root/etc/uci-defaults/nixio b/libs/nixio/axtls-root/etc/uci-defaults/nixio new file mode 100755 index 000000000..4f342628a --- /dev/null +++ b/libs/nixio/axtls-root/etc/uci-defaults/nixio @@ -0,0 +1,2 @@ +#!/bin/sh +nixio-axtls-checkkey diff --git a/libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey b/libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey new file mode 100755 index 000000000..994f24e7b --- /dev/null +++ b/libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey @@ -0,0 +1,20 @@ +#!/usr/bin/lua +local nixio = require "nixio" +local posix +local defkey = nixio.meta_tls_context.tls_defaultkey +if not defkey or io.open(defkey) then + os.exit(0) +end + +if os.execute("which openssl") then + io.stderr:write("Warning: OpenSSL detected ".. + "but it looks like nixio was linked against axtls\n") + os.execute("umask 0077;openssl genrsa -out '" .. defkey .. "' 2048") +elseif os.execute("which dropbearkey && which dropbearconvert") then + os.execute("dropbearkey -t rsa -s 2048 -f /tmp/dbkey.rsa") + os.execute("umask 0077;dropbearconvert dropbear openssh /tmp/dbkey.rsa '"..defkey.."'") + os.remove("/tmp/dbkey.rsa") +else + io.stderr:write("No key generators available! Giving up.") + os.exit(1) +end diff --git a/libs/nixio/ipkg/postinst b/libs/nixio/ipkg/postinst new file mode 100755 index 000000000..0863c22a3 --- /dev/null +++ b/libs/nixio/ipkg/postinst @@ -0,0 +1,4 @@ +#!/bin/sh +[ -n "${IPKG_INSTROOT}" -a -f "/etc/uci-defaults/nixio" ] || { + ( . /etc/uci-defaults/nixio ) && rm -f /etc/uci-defaults/nixio +}