nixio: Autogenerate private key on installation if we have axtls
authorSteven Barth <steven@midlink.org>
Wed, 4 Mar 2009 17:17:30 +0000 (17:17 +0000)
committerSteven Barth <steven@midlink.org>
Wed, 4 Mar 2009 17:17:30 +0000 (17:17 +0000)
support, make the TLS provider configurable in the build menu

contrib/package/luci/Makefile
libs/nixio/Makefile
libs/nixio/axtls-root/etc/uci-defaults/nixio [new file with mode: 0755]
libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey [new file with mode: 0755]
libs/nixio/ipkg/postinst [new file with mode: 0755]

index e915d03709518380f0de080c97d6a1739f9a27dc..6dad6d486478c62999f197ec4303a7704476795f 100644 (file)
@@ -213,15 +213,39 @@ define Package/luci-json/install
 endef
 
 
+
+NIXIO_TLS:=axtls
+
 define Package/luci-nixio
   $(call Package/luci/libtemplate)
   TITLE:=NIXIO Socket Library
+  DEPENDS:=
 endef
 
 define Package/luci-nixio/install
        $(call Package/luci/install/template,$(1),libs/nixio)
 endef
 
+define Package/luci-nixio/config
+       choice
+               prompt "TLS Provider"
+               default PACKAGE_luci-nixio_axtls
+
+               config PACKAGE_luci-nixio_axtls
+                       bool "Builtin (axTLS)"
+                       select PACKAGE_dropbear
+                       select PACKAGE_dropbearconvert
+
+               config PACKAGE_luci-nixio_openssl
+                       bool "OpenSSL"
+                       select PACKAGE_libopenssl
+       endchoice
+endef
+
+ifneq ($(CONFIG_PACKAGE_luci-nixio_openssl),)
+  NIXIO_TLS:=openssl
+endif
+
 
 define Package/luci-sys
   $(call Package/luci/libtemplate)
@@ -951,7 +975,7 @@ MAKE_FLAGS += \
        LUA_SHLIBS="-llua -lm -ldl -lcrypt" \
        CFLAGS="$(TARGET_CFLAGS) -I$(STAGING_DIR)/usr/include" \
        LDFLAGS="$(TARGET_LDFLAGS) -L$(STAGING_DIR)/usr/lib" \
-       OS="Linux"
+       NIXIO_TLS="$(NIXIO_TLS)" OS="Linux"
 
 
 $(eval $(call BuildPackage,luci-core))
index d58162fcd79e9fa509d425687ca76edfd4a37b32..df63dc1838f31939348aec10bc7ee45415b00dec 100644 (file)
@@ -39,6 +39,8 @@ src/tls-socket.o: $(TLS_DEPENDS) src/tls-socket.c
        
 src/openssl-compat.o: src/libaxtls.a src/openssl-compat.c
        $(COMPILE) $(NIXIO_CFLAGS) $(LUA_CFLAGS) $(FPIC) $(TLS_CFLAGS) -c -o $@ src/openssl-compat.c
+       mkdir -p dist
+       cp -pR axtls-root/* dist/
        
 
 compile: $(NIXIO_OBJ)
diff --git a/libs/nixio/axtls-root/etc/uci-defaults/nixio b/libs/nixio/axtls-root/etc/uci-defaults/nixio
new file mode 100755 (executable)
index 0000000..4f34262
--- /dev/null
@@ -0,0 +1,2 @@
+#!/bin/sh
+nixio-axtls-checkkey
diff --git a/libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey b/libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey
new file mode 100755 (executable)
index 0000000..994f24e
--- /dev/null
@@ -0,0 +1,20 @@
+#!/usr/bin/lua
+local nixio = require "nixio"
+local posix
+local defkey = nixio.meta_tls_context.tls_defaultkey
+if not defkey or io.open(defkey) then
+       os.exit(0)
+end
+
+if os.execute("which openssl") then
+       io.stderr:write("Warning: OpenSSL detected "..
+       "but it looks like nixio was linked against axtls\n")
+       os.execute("umask 0077;openssl genrsa -out '" .. defkey .. "' 2048")
+elseif os.execute("which dropbearkey && which dropbearconvert") then
+       os.execute("dropbearkey -t rsa -s 2048 -f /tmp/dbkey.rsa")
+       os.execute("umask 0077;dropbearconvert dropbear openssh /tmp/dbkey.rsa '"..defkey.."'")
+       os.remove("/tmp/dbkey.rsa")
+else
+       io.stderr:write("No key generators available! Giving up.")
+       os.exit(1)
+end
diff --git a/libs/nixio/ipkg/postinst b/libs/nixio/ipkg/postinst
new file mode 100755 (executable)
index 0000000..0863c22
--- /dev/null
@@ -0,0 +1,4 @@
+#!/bin/sh
+[ -n "${IPKG_INSTROOT}" -a -f "/etc/uci-defaults/nixio" ] || {
+       ( . /etc/uci-defaults/nixio ) && rm -f /etc/uci-defaults/nixio
+}