Message ID | 1462310457-9633-8-git-send-email-mayosemmel@gmail.com |
---|---|
State | Superseded, archived |
Headers | show |
diff --git a/src/packages/fff/fff-hoods/files/etc/hoods/fuerth.hood b/src/packages/fff/fff-hoods/files/etc/hoods/fuerth.hood index fd5c9ea..2f2a75f 100644 --- a/src/packages/fff/fff-hoods/files/etc/hoods/fuerth.hood +++ b/src/packages/fff/fff-hoods/files/etc/hoods/fuerth.hood @@ -11,6 +11,7 @@ "mode5": "ht40+", "type5": "adhoc", "location": { "lat": 49.478330, "lon": 10.990270 }, + "timestamp": "1462211188", }, "network": { "ula_prefix": "fdff:2::/64" diff --git a/src/packages/fff/fff-hoods/files/etc/hoods/fuerth.hood.sig b/src/packages/fff/fff-hoods/files/etc/hoods/fuerth.hood.sig new file mode 100644 index 0000000..92caa68 --- /dev/null +++ b/src/packages/fff/fff-hoods/files/etc/hoods/fuerth.hood.sig @@ -0,0 +1,13 @@ +{ + "Sigs": + [ + { + "PubKey": "e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4", + "Sig": "a5955fb8ab054b60b8084cae0a6d8d7393a079955c2272acd80bd4b702ae2e0cd40535a3580a23b158b4bbb6dcebc117e0102e65dce586cbde981729f8073b03" + }, + { + "PubKey": "8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e", + "Sig": "9f91af084c06ace9e4722fac09b6cbfc6822cdc6f5b7a1502237b3f75589c002a053f0a8625005d9ff6c2ce83d3d7be5c277e65c7bef789e721a60049eacb802" + } + ] +} diff --git a/src/packages/fff/fff-hoods/files/etc/hoods/nuernberg.hood b/src/packages/fff/fff-hoods/files/etc/hoods/nuernberg.hood index 6c26ab3..91c82c3 100644 --- a/src/packages/fff/fff-hoods/files/etc/hoods/nuernberg.hood +++ b/src/packages/fff/fff-hoods/files/etc/hoods/nuernberg.hood @@ -6,13 +6,30 @@ "protocol": "batman-adv-v14", "channel2": 1, "mode2": "HT20", - "type": "adhoc", + "type2": "adhoc", "channel5": 40, "mode5": "HT40+", - "type": "adhoc", + "type5": "adhoc", "location": { "lat": 49.448856, "lon": 11.082108 }, + "timestamp": "1462205682" }, "network": { "ula_prefix": "fdff:3::/64" - } + }, + "vpn": [ + { + "name": "FFF-GW-M1.nuernberg", + "protocol": "fastd", + "address": "37.120.190.92", + "port": "10004", + "key": "b68f96ff2e1c5866494432ddee960ec61ec6832ade06a0d05890c7802d7c14b7" + }, + { + "name": "fff-bbg.nuernberg", + "protocol": "fastd", + "address": "78.46.181.112", + "port": "10004", + "key": "2686395242eb871fec1103abead2893d21b0b54a078f0246747eb3b03859f67a" + } + ] } diff --git a/src/packages/fff/fff-hoods/files/etc/hoods/nuernberg.hood.sig b/src/packages/fff/fff-hoods/files/etc/hoods/nuernberg.hood.sig new file mode 100644 index 0000000..8d292d7 --- /dev/null +++ b/src/packages/fff/fff-hoods/files/etc/hoods/nuernberg.hood.sig @@ -0,0 +1,13 @@ +{ + "Sigs": + [ + { + "PubKey": "e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4", + "Sig": "0ca1a62ba4a5ae7a49f9451eae721ab4a37fbaf89073ff00651e87f03df72d0dc8f1def364f609727e9080d87bda742b5e0ffd25bd75aa678fc13204b7c3ac01" + }, + { + "PubKey": "8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e", + "Sig": "1a2443056ef5768ffcade7c63676fe6b3103a2c2703610b35390fdf200004e044402fe4cc1da2493e5429a0a90e89310d18ec524585804e5376a77652f9f630a" + } + ] +} diff --git a/src/packages/fff/fff-hoods/files/etc/hoods/test.hood b/src/packages/fff/fff-hoods/files/etc/hoods/test.hood index 18a93f1..aee0e7e 100644 --- a/src/packages/fff/fff-hoods/files/etc/hoods/test.hood +++ b/src/packages/fff/fff-hoods/files/etc/hoods/test.hood @@ -11,6 +11,7 @@ "mode5": "ht40+", "type5": "adhoc", "location": { "lat": 49.46654, "lon": 10.992 }, + "timestamp": "1462211188", }, "network": { "ula_prefix": "fdff:ff::/64" diff --git a/src/packages/fff/fff-hoods/files/etc/hoods/test.hood.sig b/src/packages/fff/fff-hoods/files/etc/hoods/test.hood.sig new file mode 100644 index 0000000..33b64a8 --- /dev/null +++ b/src/packages/fff/fff-hoods/files/etc/hoods/test.hood.sig @@ -0,0 +1,13 @@ +{ + "Sigs": + [ + { + "PubKey": "e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4", + "Sig": "5085e78610c1d51e9f5677a1ab1f0219155ea6b2e2029cfddc99dd65898d1c099e1bd6c193265d6a760e244d060bbb464539e449bd4193b07706c270b53f3c01" + }, + { + "PubKey": "8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e", + "Sig": "2da699c0487bb7cb9063f96e826a7d10f9bc1f29dbc82c66dc19080b36445b058b3a661006f4d39de49d604a1f6deb2f12471d40b537210fab87896b5d271303" + } + ] +} diff --git a/src/packages/fff/fff-hoods/files/etc/hoods/trainstation.hood b/src/packages/fff/fff-hoods/files/etc/hoods/trainstation.hood index 41ac75e..cc1fcc4 100644 --- a/src/packages/fff/fff-hoods/files/etc/hoods/trainstation.hood +++ b/src/packages/fff/fff-hoods/files/etc/hoods/trainstation.hood @@ -10,6 +10,7 @@ "channel5": 40, "mode5": "ht40+", "type5": "adhoc", + "timestamp": "1462211188", }, "network": { "ula_prefix": "fdff:0::/64" diff --git a/src/packages/fff/fff-hoods/files/etc/hoods/trainstation.hood.sig b/src/packages/fff/fff-hoods/files/etc/hoods/trainstation.hood.sig new file mode 100644 index 0000000..0adda1d --- /dev/null +++ b/src/packages/fff/fff-hoods/files/etc/hoods/trainstation.hood.sig @@ -0,0 +1,13 @@ +{ + "Sigs": + [ + { + "PubKey": "e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4", + "Sig": "e83099ff7e1a529b136a916e2af95d08d8794eae62d71c0c858d1a9c6fd1ee09a127fd225637188f257c612138efc0808ef3a613afd181ee059cfb74c3087906" + }, + { + "PubKey": "8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e", + "Sig": "8f664d6a3a318131426e8d83dc30518aeeb01de04b47cd1e0bd4869eed14b1098a521a125d6209a40ae8ef247053a14ac32466b81c041c26be15b36b8ee0ab0d" + } + ] +} diff --git a/src/packages/fff/fff-hoodsync/Makefile b/src/packages/fff/fff-hoodsync/Makefile new file mode 100644 index 0000000..6242f54 --- /dev/null +++ b/src/packages/fff/fff-hoodsync/Makefile @@ -0,0 +1,39 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=fff-hoodsync +PKG_VERSION:=0.0.1 +PKG_RELEASE:=1 + +PKG_BUILD_DIR:=$(BUILD_DIR)/fff-hoodsync + +include $(INCLUDE_DIR)/package.mk + +define Package/fff-hoodsync + SECTION:=base + CATEGORY:=Freifunk + TITLE:= Freifunk-Franken hoodfile synchronisation + URL:=http://www.freifunk-franken.de + DEPENDS:=+fff-hoods +libubox +endef + +define Package/fff-hoodsync/description + This package synchronises and verifys hoodfiles and keyfiles +endef + +define Build/Prepare + echo "all: " > $(PKG_BUILD_DIR)/Makefile +endef + +define Build/Configure + # nothing +endef + +define Build/Compile + # nothing +endef + +define Package/fff-hoodsync/install + $(CP) ./files/* $(1)/ +endef + +$(eval $(call BuildPackage,fff-hoodsync)) diff --git a/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/120e50e60f05b80f5e6900fd7c342494754949d338f77a84ac1a74a6c56077fb.key b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/120e50e60f05b80f5e6900fd7c342494754949d338f77a84ac1a74a6c56077fb.key new file mode 100644 index 0000000..0cce1ca --- /dev/null +++ b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/120e50e60f05b80f5e6900fd7c342494754949d338f77a84ac1a74a6c56077fb.key @@ -0,0 +1,16 @@ +{ + "PubKey": "120e50e60f05b80f5e6900fd7c342494754949d338f77a84ac1a74a6c56077fb", + "Owner": "TestUser0.2", + "IsMaster": false, + "Sigs": + [ + { + "PubKey": "8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e", + "Sig": "3033dd3d91645bf063dc74b30020d18d208ceb14beafcb8872843ce6cff58f0f9b61fbc64d6a307c98da560f60aff590c62617ab39a89215c0383dbf9b99a20c" + }, + { + "PubKey": "2ec61ddc4d3b6c9d0b479e81b5bd76ab7888240b26fed03f7f0b4a0b74ad4b6e", + "Sig": "56dfb602887d1db913200470d90256fb1935742f226ee84575df1e03cfab2e0611a0f353dbb6cec1291bc8098a61940510aef2c8fca44c375824c24059feea0a" + } + ] +} diff --git a/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/2ec61ddc4d3b6c9d0b479e81b5bd76ab7888240b26fed03f7f0b4a0b74ad4b6e.key b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/2ec61ddc4d3b6c9d0b479e81b5bd76ab7888240b26fed03f7f0b4a0b74ad4b6e.key new file mode 100644 index 0000000..f3e20e4 --- /dev/null +++ b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/2ec61ddc4d3b6c9d0b479e81b5bd76ab7888240b26fed03f7f0b4a0b74ad4b6e.key @@ -0,0 +1,16 @@ +{ + "PubKey": "2ec61ddc4d3b6c9d0b479e81b5bd76ab7888240b26fed03f7f0b4a0b74ad4b6e", + "Owner": "TestUser3", + "IsMaster": true, + "Sigs": + [ + { + "PubKey": "e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4", + "Sig": "760e1e9f36b543842d32c8f85fa7df64f993a25da3ad3d0e868fe20d18a93b0b364cc675991e8934a5368c3e22c3bf4f5376dae89188c59fdb3937c50f28ca08" + }, + { + "PubKey": "8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e", + "Sig": "07f6aad96f3eb6373244f7a8f6dbf25f8c630d8e4d1c53eb75dd0615ad4e000c4f50580413b1cad89eafb6a0c70e672d8a10a066cd28d21d7ed8dee84d897209" + } + ] +} diff --git a/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e.key b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e.key new file mode 100644 index 0000000..aeb480f --- /dev/null +++ b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e.key @@ -0,0 +1,16 @@ +{ + "PubKey": "8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e", + "Owner": "TestUser2", + "IsMaster": true, + "Sigs": + [ + { + "PubKey": "e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4", + "Sig": "00aa58032c1fd014401eb1a5bc730904c1ed91fde13c05ff29d203b82a88fe0f8aa9698c662dc21b8e4f8b24d3a0e6f9d123f0be4607b642b3f670cbe37b8607" + }, + { + "PubKey": "2ec61ddc4d3b6c9d0b479e81b5bd76ab7888240b26fed03f7f0b4a0b74ad4b6e", + "Sig": "1337c7f4106aa79d5f5d8f76256d76155137536da35048c7e49608cbf1699e0e1527f52cba4342428772124cff00980e7354cdf495dccdae26e8ccd7c15bb606" + } + ] +} diff --git a/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/c572b7e4908f1cbf9786c06ddf7b03a79fccfd8f0edf4ac07bff72f0f33bc021.key b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/c572b7e4908f1cbf9786c06ddf7b03a79fccfd8f0edf4ac07bff72f0f33bc021.key new file mode 100644 index 0000000..17f0333 --- /dev/null +++ b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/c572b7e4908f1cbf9786c06ddf7b03a79fccfd8f0edf4ac07bff72f0f33bc021.key @@ -0,0 +1,16 @@ +{ + "PubKey": "c572b7e4908f1cbf9786c06ddf7b03a79fccfd8f0edf4ac07bff72f0f33bc021", + "Owner": "TestUser0.1", + "IsMaster": false, + "Sigs": + [ + { + "PubKey": "e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4", + "Sig": "6356b1984020b4d6fd9ce425dc9a454d0b52be0cd0db418d662df4bfa5211f00565a36c019553e7d4982509b0e0a8d245ed232b0c6b5d97fd6df1648dce8f30f" + }, + { + "PubKey": "8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e", + "Sig": "c6d5c9f68e89063a235ec80a81d6b825d6b75f0e635218f52d921c7cfee00e0794097391feaf1d2a7f4b32cd8c784fe7fe3b5e6b420506be20ed7aa4a4db6d04" + } + ] +} diff --git a/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4.key b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4.key new file mode 100644 index 0000000..3211b30 --- /dev/null +++ b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4.key @@ -0,0 +1,16 @@ +{ + "PubKey": "e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4", + "Owner": "TestUser1", + "IsMaster": true, + "Sigs": + [ + { + "PubKey": "8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e", + "Sig": "ad8f982ebb9e26676fd717787dcb42ab3093b5b1a3b37dc98b89cfb0eed24e0b286399287506a694a8731c05087be943eec97e6ebe9955905d5346d240042703" + }, + { + "PubKey": "2ec61ddc4d3b6c9d0b479e81b5bd76ab7888240b26fed03f7f0b4a0b74ad4b6e", + "Sig": "f441100c255f784a8a448d0108eebce42c44a1b5ec5eaea819704e6b020c1c0b55b4a50147900ae63073c97d42ea547d95b42074c6ecfd99a4582f9e1bc8a90a" + } + ] +} diff --git a/src/packages/fff/fff-hoodsync/files/usr/sbin/synchronize b/src/packages/fff/fff-hoodsync/files/usr/sbin/synchronize new file mode 100755 index 0000000..b5a9250 --- /dev/null +++ b/src/packages/fff/fff-hoodsync/files/usr/sbin/synchronize @@ -0,0 +1,27 @@ +#!/bin/sh + +UPDATELINK="http://[fdff:3::e418:c9ff:fec6:9d7d]/foo/hoods" +HOODDIR=/tmp/syncedhoods +KEYDIR=/tmp/syncedkeys + +rm -rf "$HOODDIR" +rm -rf "$KEYDIR" +mkdir -p "$HOODDIR" +mkdir -p "$KEYDIR" +rm -f /tmp/hoods.list +rm -f /tmp/keys.list +wget "$UPDATELINK/hoods.list" -O /tmp/hoods.list +wget "$UPDATELINK/keys/keys.list" -O /tmp/keys.list + +while read filename +do + wget "$UPDATELINK/$filename" -O "$HOODDIR/$filename" +done < /tmp/hoods.list + +while read filename +do + wget "$UPDATELINK/keys/$filename" -O "$KEYDIR/$filename" +done < /tmp/keys.list + +. /usr/sbin/verifyhoods + diff --git a/src/packages/fff/fff-hoodsync/files/usr/sbin/verifyhoods b/src/packages/fff/fff-hoodsync/files/usr/sbin/verifyhoods new file mode 100755 index 0000000..cdc5b43 --- /dev/null +++ b/src/packages/fff/fff-hoodsync/files/usr/sbin/verifyhoods @@ -0,0 +1,70 @@ +#!/bin/sh + +. /usr/share/libubox/jshn.sh + +TRUSTEDHOODDIR=/etc/hoods + +if [ -z "$HOODDIR" ]; then + HOODDIR="$TRUSTEDHOODDIR" +fi + +. /usr/sbin/verifykeys + +for hoodfile in $HOODDIR/*.hood +do + echo -e "Check if hood-files are valid" + echo "Parsing $hoodfile" + json_load "$(cat $hoodfile)" + json_select hood + json_get_var newHoodName name + json_get_var newTimestamp timestamp + if [ -f "$TRUSTEDHOODDIR/$newHoodName.hood" ] + then + json_load "$(cat $TRUSTEDHOODDIR/$newHoodName.hood)" + json_select hood + json_get_var oldHoodName name + json_get_var oldTimestamp timestamp + if [ "$newHoodName" != "$oldHoodName" ] + then + echo "Hoodnames are not matching" + continue + fi + if [ "$newTimestamp" -le "$oldTimestamp" ] + then + echo "the synchronized file is older than current" + continue + fi + fi + json_load "$(cat $hoodfile.sig)" + json_select Sigs + SigCount="0" + local Index="1" + while json_select $Index > /dev/null + do + json_get_var SigPubKey PubKey + json_get_var Sig Sig + if grep "$SigPubKey" "/tmp/trustedkeys" ; then + if ecdsaverify -s "$Sig" -p "$SigPubKey" "$hoodfile" ;then + echo "Valid Signature of $SigPubKey" + SigCount=$((SigCount+1)) + else + echo "Invalid Signature of $SigPubKey" + fi + else + echo "$SigPubKey is not trusted. So signature is worthless." + fi + json_select ".." + Index=$((Index+1)) + done + if [ "$SigCount" -gt 1 ];then + echo "There are enough valid Signatures, so hoodfile is now trusted." + cp "$hoodfile"* "$TRUSTEDHOODDIR/." + else + echo "There aren't enough valid Signatures" + echo "$hoodfile will be removed" + rm -f "$hoodfile"* + fi + echo +done + +. /usr/sbin/configurehood diff --git a/src/packages/fff/fff-hoodsync/files/usr/sbin/verifykeys b/src/packages/fff/fff-hoodsync/files/usr/sbin/verifykeys new file mode 100755 index 0000000..57f9446 --- /dev/null +++ b/src/packages/fff/fff-hoodsync/files/usr/sbin/verifykeys @@ -0,0 +1,59 @@ +#!/bin/sh + +. /usr/share/libubox/jshn.sh + +TRUSTEDKEYDIR=/etc/hoods/keys + +if [ -z "$KEYDIR" ]; then + KEYDIR="$TRUSTEDKEYDIR" +fi + +rm -f /tmp/trustedkeys +for keyfile in $TRUSTEDKEYDIR/*.key +do + echo "Parsing trusted $keyfile" + json_load "$(cat $keyfile)" + json_get_var PubKey PubKey + echo "$PubKey" >> /tmp/trustedkeys +done + +for keyfile in $KEYDIR/*.key +do + echo "Check if key-signatures are valid" + echo "Parsing $keyfile" + json_load "$(cat $keyfile)" + json_get_var PubKey PubKey + echo "$PubKey" > "/tmp/$PubKey" + SigCount="0" + json_select Sigs + local Index="1" + while json_select $Index > /dev/null + do + json_get_var SigPubKey PubKey + json_get_var Sig Sig + if grep "$SigPubKey" "/tmp/trustedkeys" ; then + if ecdsaverify -s "$Sig" -p "$SigPubKey" "/tmp/$PubKey" ;then + echo "Valid Signature of $SigPubKey" + SigCount=$((SigCount+1)) + else + echo "Invalid Signature of $SigPubKey" + fi + else + echo "$SigPubKey is not trusted. So signature is worthless." + fi + json_select ".." + Index=$((Index+1)) + done + json_select ".." + if [ "$SigCount" -gt 1 ];then + echo "There are enough valid Signatures, so key is now trusted." + cp "$keyfile" "$TRUSTEDKEYDIR/$PubKey.key" + else + echo "There aren't enough valid Signatures" + echo "$keyfile will be removed" + rm -f "$keyfile" + fi + rm -f "/tmp/$PubKey" + echo +done + diff --git a/src/packages/fff/fff/Makefile b/src/packages/fff/fff/Makefile index 45f034e..14d2af5 100644 --- a/src/packages/fff/fff/Makefile +++ b/src/packages/fff/fff/Makefile @@ -22,7 +22,8 @@ define Package/fff-base +fff-fastd \ +fff-firewall \ +fff-network \ - +fff-hoods + +fff-hoods \ + +fff-hoodsync endef define Package/fff-base/description
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi Ich weiss noch nicht, ob die Aufteilung zwischen fff-hoods und fff-hoodsync so gut ist. Vllt muss da nochmal genauer diskutieren, was wo rein sollte. Am 3. Mai 2016 23:20:56 MESZ, schrieb Jan Kraus <mayosemmel@googlemail.com>: >the package will synchronize and verify hood- and keyfiles > >Signed-off-by: Jan Kraus <mayosemmel@gmail.com> >--- > .../fff/fff-hoods/files/etc/hoods/fuerth.hood | 1 + > .../fff/fff-hoods/files/etc/hoods/fuerth.hood.sig | 13 ++++ > .../fff/fff-hoods/files/etc/hoods/nuernberg.hood | 23 ++++++- > .../fff-hoods/files/etc/hoods/nuernberg.hood.sig | 13 ++++ > .../fff/fff-hoods/files/etc/hoods/test.hood | 1 + > .../fff/fff-hoods/files/etc/hoods/test.hood.sig | 13 ++++ > .../fff-hoods/files/etc/hoods/trainstation.hood | 1 + > .../files/etc/hoods/trainstation.hood.sig | 13 ++++ > src/packages/fff/fff-hoodsync/Makefile | 39 ++++++++++++ > ...0fd7c342494754949d338f77a84ac1a74a6c56077fb.key | 16 +++++ > ...e81b5bd76ab7888240b26fed03f7f0b4a0b74ad4b6e.key | 16 +++++ > ...e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e.key | 16 +++++ > ...06ddf7b03a79fccfd8f0edf4ac07bff72f0f33bc021.key | 16 +++++ > ...834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4.key | 16 +++++ > .../fff/fff-hoodsync/files/usr/sbin/synchronize | 27 +++++++++ >.../fff/fff-hoodsync/files/usr/sbin/verifyhoods | 70 >++++++++++++++++++++++ >.../fff/fff-hoodsync/files/usr/sbin/verifykeys | 59 >++++++++++++++++++ > src/packages/fff/fff/Makefile | 3 +- > 18 files changed, 352 insertions(+), 4 deletions(-) >create mode 100644 >src/packages/fff/fff-hoods/files/etc/hoods/fuerth.hood.sig >create mode 100644 >src/packages/fff/fff-hoods/files/etc/hoods/nuernberg.hood.sig >create mode 100644 >src/packages/fff/fff-hoods/files/etc/hoods/test.hood.sig >create mode 100644 >src/packages/fff/fff-hoods/files/etc/hoods/trainstation.hood.sig > create mode 100644 src/packages/fff/fff-hoodsync/Makefile >create mode 100644 >src/packages/fff/fff-hoodsync/files/etc/hoods/keys/120e50e60f05b80f5e6900fd7c342494754949d338f77a84ac1a74a6c56077fb.key >create mode 100644 >src/packages/fff/fff-hoodsync/files/etc/hoods/keys/2ec61ddc4d3b6c9d0b479e81b5bd76ab7888240b26fed03f7f0b4a0b74ad4b6e.key >create mode 100644 >src/packages/fff/fff-hoodsync/files/etc/hoods/keys/8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e.key >create mode 100644 >src/packages/fff/fff-hoodsync/files/etc/hoods/keys/c572b7e4908f1cbf9786c06ddf7b03a79fccfd8f0edf4ac07bff72f0f33bc021.key >create mode 100644 >src/packages/fff/fff-hoodsync/files/etc/hoods/keys/e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4.key >create mode 100755 >src/packages/fff/fff-hoodsync/files/usr/sbin/synchronize >create mode 100755 >src/packages/fff/fff-hoodsync/files/usr/sbin/verifyhoods >create mode 100755 >src/packages/fff/fff-hoodsync/files/usr/sbin/verifykeys > >diff --git a/src/packages/fff/fff-hoods/files/etc/hoods/fuerth.hood >b/src/packages/fff/fff-hoods/files/etc/hoods/fuerth.hood >index fd5c9ea..2f2a75f 100644 >--- a/src/packages/fff/fff-hoods/files/etc/hoods/fuerth.hood >+++ b/src/packages/fff/fff-hoods/files/etc/hoods/fuerth.hood >@@ -11,6 +11,7 @@ > "mode5": "ht40+", > "type5": "adhoc", > "location": { "lat": 49.478330, "lon": 10.990270 }, >+ "timestamp": "1462211188", > }, > "network": { > "ula_prefix": "fdff:2::/64" >diff --git a/src/packages/fff/fff-hoods/files/etc/hoods/fuerth.hood.sig >b/src/packages/fff/fff-hoods/files/etc/hoods/fuerth.hood.sig >new file mode 100644 >index 0000000..92caa68 >--- /dev/null >+++ b/src/packages/fff/fff-hoods/files/etc/hoods/fuerth.hood.sig >@@ -0,0 +1,13 @@ >+{ >+ "Sigs": >+ [ >+ { >+ "PubKey": >"e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4", ich nehme an das ist hier nur wie ein Name zu sehen. >+ "Sig": >"a5955fb8ab054b60b8084cae0a6d8d7393a079955c2272acd80bd4b702ae2e0cd40535a3580a23b158b4bbb6dcebc117e0102e65dce586cbde981729f8073b03" >+ }, >+ { >+ "PubKey": >"8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e", >+ "Sig": >"9f91af084c06ace9e4722fac09b6cbfc6822cdc6f5b7a1502237b3f75589c002a053f0a8625005d9ff6c2ce83d3d7be5c277e65c7bef789e721a60049eacb802" >+ } >+ ] >+} >diff --git a/src/packages/fff/fff-hoods/files/etc/hoods/nuernberg.hood >b/src/packages/fff/fff-hoods/files/etc/hoods/nuernberg.hood >index 6c26ab3..91c82c3 100644 >--- a/src/packages/fff/fff-hoods/files/etc/hoods/nuernberg.hood >+++ b/src/packages/fff/fff-hoods/files/etc/hoods/nuernberg.hood >@@ -6,13 +6,30 @@ > "protocol": "batman-adv-v14", > "channel2": 1, > "mode2": "HT20", >- "type": "adhoc", >+ "type2": "adhoc", > "channel5": 40, > "mode5": "HT40+", >- "type": "adhoc", >+ "type5": "adhoc", > "location": { "lat": 49.448856, "lon": 11.082108 }, >+ "timestamp": "1462205682" > }, > "network": { > "ula_prefix": "fdff:3::/64" >- } >+ }, >+ "vpn": [ >+ { >+ "name": "FFF-GW-M1.nuernberg", >+ "protocol": "fastd", >+ "address": "37.120.190.92", >+ "port": "10004", >+ "key": >"b68f96ff2e1c5866494432ddee960ec61ec6832ade06a0d05890c7802d7c14b7" >+ }, >+ { >+ "name": "fff-bbg.nuernberg", >+ "protocol": "fastd", >+ "address": "78.46.181.112", >+ "port": "10004", >+ "key": >"2686395242eb871fec1103abead2893d21b0b54a078f0246747eb3b03859f67a" >+ } >+ ] > } >diff --git >a/src/packages/fff/fff-hoods/files/etc/hoods/nuernberg.hood.sig >b/src/packages/fff/fff-hoods/files/etc/hoods/nuernberg.hood.sig >new file mode 100644 >index 0000000..8d292d7 >--- /dev/null >+++ b/src/packages/fff/fff-hoods/files/etc/hoods/nuernberg.hood.sig >@@ -0,0 +1,13 @@ >+{ >+ "Sigs": >+ [ >+ { >+ "PubKey": >"e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4", >+ "Sig": >"0ca1a62ba4a5ae7a49f9451eae721ab4a37fbaf89073ff00651e87f03df72d0dc8f1def364f609727e9080d87bda742b5e0ffd25bd75aa678fc13204b7c3ac01" >+ }, >+ { >+ "PubKey": >"8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e", >+ "Sig": >"1a2443056ef5768ffcade7c63676fe6b3103a2c2703610b35390fdf200004e044402fe4cc1da2493e5429a0a90e89310d18ec524585804e5376a77652f9f630a" >+ } >+ ] >+} >diff --git a/src/packages/fff/fff-hoods/files/etc/hoods/test.hood >b/src/packages/fff/fff-hoods/files/etc/hoods/test.hood >index 18a93f1..aee0e7e 100644 >--- a/src/packages/fff/fff-hoods/files/etc/hoods/test.hood >+++ b/src/packages/fff/fff-hoods/files/etc/hoods/test.hood >@@ -11,6 +11,7 @@ > "mode5": "ht40+", > "type5": "adhoc", > "location": { "lat": 49.46654, "lon": 10.992 }, >+ "timestamp": "1462211188", > }, > "network": { > "ula_prefix": "fdff:ff::/64" >diff --git a/src/packages/fff/fff-hoods/files/etc/hoods/test.hood.sig >b/src/packages/fff/fff-hoods/files/etc/hoods/test.hood.sig >new file mode 100644 >index 0000000..33b64a8 >--- /dev/null >+++ b/src/packages/fff/fff-hoods/files/etc/hoods/test.hood.sig >@@ -0,0 +1,13 @@ >+{ >+ "Sigs": >+ [ >+ { >+ "PubKey": >"e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4", >+ "Sig": >"5085e78610c1d51e9f5677a1ab1f0219155ea6b2e2029cfddc99dd65898d1c099e1bd6c193265d6a760e244d060bbb464539e449bd4193b07706c270b53f3c01" >+ }, >+ { >+ "PubKey": >"8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e", >+ "Sig": >"2da699c0487bb7cb9063f96e826a7d10f9bc1f29dbc82c66dc19080b36445b058b3a661006f4d39de49d604a1f6deb2f12471d40b537210fab87896b5d271303" >+ } >+ ] >+} >diff --git >a/src/packages/fff/fff-hoods/files/etc/hoods/trainstation.hood >b/src/packages/fff/fff-hoods/files/etc/hoods/trainstation.hood >index 41ac75e..cc1fcc4 100644 >--- a/src/packages/fff/fff-hoods/files/etc/hoods/trainstation.hood >+++ b/src/packages/fff/fff-hoods/files/etc/hoods/trainstation.hood >@@ -10,6 +10,7 @@ > "channel5": 40, > "mode5": "ht40+", > "type5": "adhoc", >+ "timestamp": "1462211188", > }, > "network": { > "ula_prefix": "fdff:0::/64" >diff --git >a/src/packages/fff/fff-hoods/files/etc/hoods/trainstation.hood.sig >b/src/packages/fff/fff-hoods/files/etc/hoods/trainstation.hood.sig >new file mode 100644 >index 0000000..0adda1d >--- /dev/null >+++ b/src/packages/fff/fff-hoods/files/etc/hoods/trainstation.hood.sig >@@ -0,0 +1,13 @@ >+{ >+ "Sigs": >+ [ >+ { >+ "PubKey": >"e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4", >+ "Sig": >"e83099ff7e1a529b136a916e2af95d08d8794eae62d71c0c858d1a9c6fd1ee09a127fd225637188f257c612138efc0808ef3a613afd181ee059cfb74c3087906" >+ }, >+ { >+ "PubKey": >"8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e", >+ "Sig": >"8f664d6a3a318131426e8d83dc30518aeeb01de04b47cd1e0bd4869eed14b1098a521a125d6209a40ae8ef247053a14ac32466b81c041c26be15b36b8ee0ab0d" >+ } >+ ] >+} >diff --git a/src/packages/fff/fff-hoodsync/Makefile >b/src/packages/fff/fff-hoodsync/Makefile >new file mode 100644 >index 0000000..6242f54 >--- /dev/null >+++ b/src/packages/fff/fff-hoodsync/Makefile >@@ -0,0 +1,39 @@ >+include $(TOPDIR)/rules.mk >+ >+PKG_NAME:=fff-hoodsync >+PKG_VERSION:=0.0.1 >+PKG_RELEASE:=1 >+ >+PKG_BUILD_DIR:=$(BUILD_DIR)/fff-hoodsync >+ >+include $(INCLUDE_DIR)/package.mk >+ >+define Package/fff-hoodsync >+ SECTION:=base >+ CATEGORY:=Freifunk >+ TITLE:= Freifunk-Franken hoodfile synchronisation >+ URL:=http://www.freifunk-franken.de >+ DEPENDS:=+fff-hoods +libubox >+endef >+ >+define Package/fff-hoodsync/description >+ This package synchronises and verifys hoodfiles and keyfiles >+endef >+ >+define Build/Prepare >+ echo "all: " > $(PKG_BUILD_DIR)/Makefile >+endef >+ >+define Build/Configure >+ # nothing >+endef >+ >+define Build/Compile >+ # nothing >+endef >+ >+define Package/fff-hoodsync/install >+ $(CP) ./files/* $(1)/ >+endef >+ >+$(eval $(call BuildPackage,fff-hoodsync)) >diff --git >a/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/120e50e60f05b80f5e6900fd7c342494754949d338f77a84ac1a74a6c56077fb.key >b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/120e50e60f05b80f5e6900fd7c342494754949d338f77a84ac1a74a6c56077fb.key >new file mode 100644 >index 0000000..0cce1ca >--- /dev/null >+++ >b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/120e50e60f05b80f5e6900fd7c342494754949d338f77a84ac1a74a6c56077fb.key >@@ -0,0 +1,16 @@ >+{ >+ "PubKey": >"120e50e60f05b80f5e6900fd7c342494754949d338f77a84ac1a74a6c56077fb", >+ "Owner": "TestUser0.2", >+ "IsMaster": false, was soll ismaster sein? >+ "Sigs": >+ [ >+ { >+ "PubKey": >"8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e", >+ "Sig": >"3033dd3d91645bf063dc74b30020d18d208ceb14beafcb8872843ce6cff58f0f9b61fbc64d6a307c98da560f60aff590c62617ab39a89215c0383dbf9b99a20c" >+ }, >+ { >+ "PubKey": >"2ec61ddc4d3b6c9d0b479e81b5bd76ab7888240b26fed03f7f0b4a0b74ad4b6e", >+ "Sig": >"56dfb602887d1db913200470d90256fb1935742f226ee84575df1e03cfab2e0611a0f353dbb6cec1291bc8098a61940510aef2c8fca44c375824c24059feea0a" >+ } >+ ] >+} >diff --git >a/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/2ec61ddc4d3b6c9d0b479e81b5bd76ab7888240b26fed03f7f0b4a0b74ad4b6e.key >b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/2ec61ddc4d3b6c9d0b479e81b5bd76ab7888240b26fed03f7f0b4a0b74ad4b6e.key >new file mode 100644 >index 0000000..f3e20e4 >--- /dev/null >+++ >b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/2ec61ddc4d3b6c9d0b479e81b5bd76ab7888240b26fed03f7f0b4a0b74ad4b6e.key >@@ -0,0 +1,16 @@ >+{ >+ "PubKey": >"2ec61ddc4d3b6c9d0b479e81b5bd76ab7888240b26fed03f7f0b4a0b74ad4b6e", >+ "Owner": "TestUser3", >+ "IsMaster": true, >+ "Sigs": >+ [ >+ { >+ "PubKey": >"e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4", >+ "Sig": >"760e1e9f36b543842d32c8f85fa7df64f993a25da3ad3d0e868fe20d18a93b0b364cc675991e8934a5368c3e22c3bf4f5376dae89188c59fdb3937c50f28ca08" >+ }, >+ { >+ "PubKey": >"8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e", >+ "Sig": >"07f6aad96f3eb6373244f7a8f6dbf25f8c630d8e4d1c53eb75dd0615ad4e000c4f50580413b1cad89eafb6a0c70e672d8a10a066cd28d21d7ed8dee84d897209" >+ } >+ ] >+} >diff --git >a/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e.key >b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e.key >new file mode 100644 >index 0000000..aeb480f >--- /dev/null >+++ >b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e.key >@@ -0,0 +1,16 @@ >+{ >+ "PubKey": >"8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e", >+ "Owner": "TestUser2", >+ "IsMaster": true, >+ "Sigs": >+ [ >+ { >+ "PubKey": >"e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4", >+ "Sig": >"00aa58032c1fd014401eb1a5bc730904c1ed91fde13c05ff29d203b82a88fe0f8aa9698c662dc21b8e4f8b24d3a0e6f9d123f0be4607b642b3f670cbe37b8607" >+ }, >+ { >+ "PubKey": >"2ec61ddc4d3b6c9d0b479e81b5bd76ab7888240b26fed03f7f0b4a0b74ad4b6e", >+ "Sig": >"1337c7f4106aa79d5f5d8f76256d76155137536da35048c7e49608cbf1699e0e1527f52cba4342428772124cff00980e7354cdf495dccdae26e8ccd7c15bb606" >+ } >+ ] >+} >diff --git >a/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/c572b7e4908f1cbf9786c06ddf7b03a79fccfd8f0edf4ac07bff72f0f33bc021.key >b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/c572b7e4908f1cbf9786c06ddf7b03a79fccfd8f0edf4ac07bff72f0f33bc021.key >new file mode 100644 >index 0000000..17f0333 >--- /dev/null >+++ >b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/c572b7e4908f1cbf9786c06ddf7b03a79fccfd8f0edf4ac07bff72f0f33bc021.key >@@ -0,0 +1,16 @@ >+{ >+ "PubKey": >"c572b7e4908f1cbf9786c06ddf7b03a79fccfd8f0edf4ac07bff72f0f33bc021", >+ "Owner": "TestUser0.1", >+ "IsMaster": false, >+ "Sigs": >+ [ >+ { >+ "PubKey": >"e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4", >+ "Sig": >"6356b1984020b4d6fd9ce425dc9a454d0b52be0cd0db418d662df4bfa5211f00565a36c019553e7d4982509b0e0a8d245ed232b0c6b5d97fd6df1648dce8f30f" >+ }, >+ { >+ "PubKey": >"8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e", >+ "Sig": >"c6d5c9f68e89063a235ec80a81d6b825d6b75f0e635218f52d921c7cfee00e0794097391feaf1d2a7f4b32cd8c784fe7fe3b5e6b420506be20ed7aa4a4db6d04" >+ } >+ ] >+} >diff --git >a/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4.key >b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4.key >new file mode 100644 >index 0000000..3211b30 >--- /dev/null >+++ >b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4.key >@@ -0,0 +1,16 @@ >+{ >+ "PubKey": >"e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4", >+ "Owner": "TestUser1", >+ "IsMaster": true, >+ "Sigs": >+ [ >+ { >+ "PubKey": >"8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e", >+ "Sig": >"ad8f982ebb9e26676fd717787dcb42ab3093b5b1a3b37dc98b89cfb0eed24e0b286399287506a694a8731c05087be943eec97e6ebe9955905d5346d240042703" >+ }, >+ { >+ "PubKey": >"2ec61ddc4d3b6c9d0b479e81b5bd76ab7888240b26fed03f7f0b4a0b74ad4b6e", >+ "Sig": >"f441100c255f784a8a448d0108eebce42c44a1b5ec5eaea819704e6b020c1c0b55b4a50147900ae63073c97d42ea547d95b42074c6ecfd99a4582f9e1bc8a90a" >+ } >+ ] >+} >diff --git a/src/packages/fff/fff-hoodsync/files/usr/sbin/synchronize >b/src/packages/fff/fff-hoodsync/files/usr/sbin/synchronize >new file mode 100755 >index 0000000..b5a9250 >--- /dev/null >+++ b/src/packages/fff/fff-hoodsync/files/usr/sbin/synchronize >@@ -0,0 +1,27 @@ >+#!/bin/sh >+ >+UPDATELINK="http://[fdff:3::e418:c9ff:fec6:9d7d]/foo/hoods" Das wird erst erreichbar, wenn wir ipv6 routen. Vorschlag: wir nehmen _erstmal_ dir IP vom netmon.. Oder vllt sogar mehrere sourcen? HM.. >+HOODDIR=/tmp/syncedhoods >+KEYDIR=/tmp/syncedkeys >+ >+rm -rf "$HOODDIR" >+rm -rf "$KEYDIR" >+mkdir -p "$HOODDIR" >+mkdir -p "$KEYDIR" >+rm -f /tmp/hoods.list >+rm -f /tmp/keys.list >+wget "$UPDATELINK/hoods.list" -O /tmp/hoods.list >+wget "$UPDATELINK/keys/keys.list" -O /tmp/keys.list >+ >+while read filename >+do >+ wget "$UPDATELINK/$filename" -O "$HOODDIR/$filename" >+done < /tmp/hoods.list >+ >+while read filename >+do >+ wget "$UPDATELINK/keys/$filename" -O "$KEYDIR/$filename" >+done < /tmp/keys.list >+ >+. /usr/sbin/verifyhoods Eigentlich ist verifyhoods kein sbin file, wenn man es als dot script sourcen muss. Allgemein halte ich das sourcen von dot files hier für ungeschickt, weil eine nicht leicht zu erkennende Abhängigkeit (durch das environment) entsteht. >+ >diff --git a/src/packages/fff/fff-hoodsync/files/usr/sbin/verifyhoods >b/src/packages/fff/fff-hoodsync/files/usr/sbin/verifyhoods >new file mode 100755 >index 0000000..cdc5b43 >--- /dev/null >+++ b/src/packages/fff/fff-hoodsync/files/usr/sbin/verifyhoods >@@ -0,0 +1,70 @@ >+#!/bin/sh >+ >+. /usr/share/libubox/jshn.sh >+ >+TRUSTEDHOODDIR=/etc/hoods >+ >+if [ -z "$HOODDIR" ]; then >+ HOODDIR="$TRUSTEDHOODDIR" >+fi >+ >+. /usr/sbin/verifykeys Siehe oben. Weitere Anmerkung: warum wird verifykeys in verifyhoods gesourced? Hängt das wirklich zusammen? Wäre das nicht als unabhängiges script nicht besser? >+ >+for hoodfile in $HOODDIR/*.hood >+do >+ echo -e "Check if hood-files are valid" >+ echo "Parsing $hoodfile" >+ json_load "$(cat $hoodfile)" >+ json_select hood >+ json_get_var newHoodName name >+ json_get_var newTimestamp timestamp >+ if [ -f "$TRUSTEDHOODDIR/$newHoodName.hood" ] >+ then >+ json_load "$(cat $TRUSTEDHOODDIR/$newHoodName.hood)" >+ json_select hood >+ json_get_var oldHoodName name >+ json_get_var oldTimestamp timestamp >+ if [ "$newHoodName" != "$oldHoodName" ] >+ then >+ echo "Hoodnames are not matching" >+ continue >+ fi >+ if [ "$newTimestamp" -le "$oldTimestamp" ] >+ then >+ echo "the synchronized file is older than current" >+ continue >+ fi >+ fi >+ json_load "$(cat $hoodfile.sig)" >+ json_select Sigs >+ SigCount="0" >+ local Index="1" >+ while json_select $Index > /dev/null >+ do >+ json_get_var SigPubKey PubKey >+ json_get_var Sig Sig >+ if grep "$SigPubKey" "/tmp/trustedkeys" ; then >+ if ecdsaverify -s "$Sig" -p "$SigPubKey" "$hoodfile" ;then >+ echo "Valid Signature of $SigPubKey" >+ SigCount=$((SigCount+1)) >+ else >+ echo "Invalid Signature of $SigPubKey" >+ fi >+ else >+ echo "$SigPubKey is not trusted. So signature is >worthless." >+ fi >+ json_select ".." >+ Index=$((Index+1)) >+ done >+ if [ "$SigCount" -gt 1 ];then >+ echo "There are enough valid Signatures, so hoodfile is now >trusted." >+ cp "$hoodfile"* "$TRUSTEDHOODDIR/." >+ else >+ echo "There aren't enough valid Signatures" >+ echo "$hoodfile will be removed" >+ rm -f "$hoodfile"* >+ fi >+ echo >+done >+ >+. /usr/sbin/configurehood Kann man das synchronisieren, validieren, auswählen und konfigurieren nicht entkoppeln? Zu letzt noch die Frage: wie löscht man eine hood oder ein key file? Tim >diff --git a/src/packages/fff/fff-hoodsync/files/usr/sbin/verifykeys >b/src/packages/fff/fff-hoodsync/files/usr/sbin/verifykeys >new file mode 100755 >index 0000000..57f9446 >--- /dev/null >+++ b/src/packages/fff/fff-hoodsync/files/usr/sbin/verifykeys >@@ -0,0 +1,59 @@ >+#!/bin/sh >+ >+. /usr/share/libubox/jshn.sh >+ >+TRUSTEDKEYDIR=/etc/hoods/keys >+ >+if [ -z "$KEYDIR" ]; then >+ KEYDIR="$TRUSTEDKEYDIR" >+fi >+ >+rm -f /tmp/trustedkeys >+for keyfile in $TRUSTEDKEYDIR/*.key >+do >+ echo "Parsing trusted $keyfile" >+ json_load "$(cat $keyfile)" >+ json_get_var PubKey PubKey >+ echo "$PubKey" >> /tmp/trustedkeys >+done >+ >+for keyfile in $KEYDIR/*.key >+do >+ echo "Check if key-signatures are valid" >+ echo "Parsing $keyfile" >+ json_load "$(cat $keyfile)" >+ json_get_var PubKey PubKey >+ echo "$PubKey" > "/tmp/$PubKey" >+ SigCount="0" >+ json_select Sigs >+ local Index="1" >+ while json_select $Index > /dev/null >+ do >+ json_get_var SigPubKey PubKey >+ json_get_var Sig Sig >+ if grep "$SigPubKey" "/tmp/trustedkeys" ; then >+ if ecdsaverify -s "$Sig" -p "$SigPubKey" "/tmp/$PubKey" >;then >+ echo "Valid Signature of $SigPubKey" >+ SigCount=$((SigCount+1)) >+ else >+ echo "Invalid Signature of $SigPubKey" >+ fi >+ else >+ echo "$SigPubKey is not trusted. So signature is >worthless." >+ fi >+ json_select ".." >+ Index=$((Index+1)) >+ done >+ json_select ".." >+ if [ "$SigCount" -gt 1 ];then >+ echo "There are enough valid Signatures, so key is now >trusted." >+ cp "$keyfile" "$TRUSTEDKEYDIR/$PubKey.key" >+ else >+ echo "There aren't enough valid Signatures" >+ echo "$keyfile will be removed" >+ rm -f "$keyfile" >+ fi >+ rm -f "/tmp/$PubKey" >+ echo >+done >+ >diff --git a/src/packages/fff/fff/Makefile >b/src/packages/fff/fff/Makefile >index 45f034e..14d2af5 100644 >--- a/src/packages/fff/fff/Makefile >+++ b/src/packages/fff/fff/Makefile >@@ -22,7 +22,8 @@ define Package/fff-base > +fff-fastd \ > +fff-firewall \ > +fff-network \ >- +fff-hoods >+ +fff-hoods \ >+ +fff-hoodsync > endef > > define Package/fff-base/description -----BEGIN PGP SIGNATURE----- iQE5BAEBCgAjHBxUaW0gTmllbWV5ZXIgPHRpbUB0bi14Lm9yZz4FAlcuXE0ACgkQ ELiw0DPkKM/Pgwf9G4jGu5vLaVgi3gRNPqICthJS1Yj8upXsGw5Ct9qqVhiJ7jxm frmw/SlkHgvXIOd3ATFt33jFdcDn2sph6X7oZ2DNuctZj/3HfOmdMCj+vC7GXU+h lnrmBF3FeWUD06tsk3Y7jRblitn8ccr/wnVZWdM9u2BHdoZ1xv7Sk5zS3pwnPMhj 34Ovm9etDgTq0A4iVki8+/H9Z5dHOeh6Hy9NW9MVXDC1dll4vCsRORXgSLy56cJ5 KeBFKhXBUZDKPUoTOCukm8iqaFknv1oHaSQVVubEThYvMAZ0Z8w3VO/0ZUuTXN1z Ipc1X9OR/jw3hZiMHjX268CJApy8mYWsbXmXbg== =olKj -----END PGP SIGNATURE-----
Hi Am Samstag, den 07.05.2016, 23:21 +0200 schrieb Tim Niemeyer: > Hi > > Ich weiss noch nicht, ob die Aufteilung zwischen fff-hoods und fff-hoodsync so gut ist. Vllt muss da nochmal genauer diskutieren, was wo rein sollte. > Im Nachhinein hatte ich das auch schon überlegt. Das zu mergen wäre jetzt kein sonderlich großer Aufwand. Hätte da gern noch 1-2 andere Meinungen. > > Am 3. Mai 2016 23:20:56 MESZ, schrieb Jan Kraus <mayosemmel@googlemail.com>: > >the package will synchronize and verify hood- and keyfiles > > > >Signed-off-by: Jan Kraus <mayosemmel@gmail.com> > >--- > > .../fff/fff-hoods/files/etc/hoods/fuerth.hood | 1 + > > .../fff/fff-hoods/files/etc/hoods/fuerth.hood.sig | 13 ++++ > > .../fff/fff-hoods/files/etc/hoods/nuernberg.hood | 23 ++++++- > > .../fff-hoods/files/etc/hoods/nuernberg.hood.sig | 13 ++++ > > .../fff/fff-hoods/files/etc/hoods/test.hood | 1 + > > .../fff/fff-hoods/files/etc/hoods/test.hood.sig | 13 ++++ > > .../fff-hoods/files/etc/hoods/trainstation.hood | 1 + > > .../files/etc/hoods/trainstation.hood.sig | 13 ++++ > > src/packages/fff/fff-hoodsync/Makefile | 39 ++++++++++++ > > ...0fd7c342494754949d338f77a84ac1a74a6c56077fb.key | 16 +++++ > > ...e81b5bd76ab7888240b26fed03f7f0b4a0b74ad4b6e.key | 16 +++++ > > ...e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e.key | 16 +++++ > > ...06ddf7b03a79fccfd8f0edf4ac07bff72f0f33bc021.key | 16 +++++ > > ...834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4.key | 16 +++++ > > .../fff/fff-hoodsync/files/usr/sbin/synchronize | 27 +++++++++ > >.../fff/fff-hoodsync/files/usr/sbin/verifyhoods | 70 > >++++++++++++++++++++++ > >.../fff/fff-hoodsync/files/usr/sbin/verifykeys | 59 > >++++++++++++++++++ > > src/packages/fff/fff/Makefile | 3 +- > > 18 files changed, 352 insertions(+), 4 deletions(-) > >create mode 100644 > >src/packages/fff/fff-hoods/files/etc/hoods/fuerth.hood.sig > >create mode 100644 > >src/packages/fff/fff-hoods/files/etc/hoods/nuernberg.hood.sig > >create mode 100644 > >src/packages/fff/fff-hoods/files/etc/hoods/test.hood.sig > >create mode 100644 > >src/packages/fff/fff-hoods/files/etc/hoods/trainstation.hood.sig > > create mode 100644 src/packages/fff/fff-hoodsync/Makefile > >create mode 100644 > >src/packages/fff/fff-hoodsync/files/etc/hoods/keys/120e50e60f05b80f5e6900fd7c342494754949d338f77a84ac1a74a6c56077fb.key > >create mode 100644 > >src/packages/fff/fff-hoodsync/files/etc/hoods/keys/2ec61ddc4d3b6c9d0b479e81b5bd76ab7888240b26fed03f7f0b4a0b74ad4b6e.key > >create mode 100644 > >src/packages/fff/fff-hoodsync/files/etc/hoods/keys/8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e.key > >create mode 100644 > >src/packages/fff/fff-hoodsync/files/etc/hoods/keys/c572b7e4908f1cbf9786c06ddf7b03a79fccfd8f0edf4ac07bff72f0f33bc021.key > >create mode 100644 > >src/packages/fff/fff-hoodsync/files/etc/hoods/keys/e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4.key > >create mode 100755 > >src/packages/fff/fff-hoodsync/files/usr/sbin/synchronize > >create mode 100755 > >src/packages/fff/fff-hoodsync/files/usr/sbin/verifyhoods > >create mode 100755 > >src/packages/fff/fff-hoodsync/files/usr/sbin/verifykeys > > > >diff --git a/src/packages/fff/fff-hoods/files/etc/hoods/fuerth.hood > >b/src/packages/fff/fff-hoods/files/etc/hoods/fuerth.hood > >index fd5c9ea..2f2a75f 100644 > >--- a/src/packages/fff/fff-hoods/files/etc/hoods/fuerth.hood > >+++ b/src/packages/fff/fff-hoods/files/etc/hoods/fuerth.hood > >@@ -11,6 +11,7 @@ > > "mode5": "ht40+", > > "type5": "adhoc", > > "location": { "lat": 49.478330, "lon": 10.990270 }, > >+ "timestamp": "1462211188", > > }, > > "network": { > > "ula_prefix": "fdff:2::/64" > >diff --git a/src/packages/fff/fff-hoods/files/etc/hoods/fuerth.hood.sig > >b/src/packages/fff/fff-hoods/files/etc/hoods/fuerth.hood.sig > >new file mode 100644 > >index 0000000..92caa68 > >--- /dev/null > >+++ b/src/packages/fff/fff-hoods/files/etc/hoods/fuerth.hood.sig > >@@ -0,0 +1,13 @@ > >+{ > >+ "Sigs": > >+ [ > >+ { > >+ "PubKey": > >"e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4", > > ich nehme an das ist hier nur wie ein Name zu sehen. > Nein, aktuell wird dieser String wirklich als PubKey zum verifizieren genutzt. Du willst vermutlich darauf hinaus, das man sich den key anhand eines Namens aus dem Key file holt. Wäre eine Überlegung Wert. Muss ich mal schauen wie viel Zusatzaufwand das wäre. > >+ "Sig": > >"a5955fb8ab054b60b8084cae0a6d8d7393a079955c2272acd80bd4b702ae2e0cd40535a3580a23b158b4bbb6dcebc117e0102e65dce586cbde981729f8073b03" > >+ }, > >+ { > >+ "PubKey": > >"8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e", > >+ "Sig": > >"9f91af084c06ace9e4722fac09b6cbfc6822cdc6f5b7a1502237b3f75589c002a053f0a8625005d9ff6c2ce83d3d7be5c277e65c7bef789e721a60049eacb802" > >+ } > >+ ] > >+} > >diff --git a/src/packages/fff/fff-hoods/files/etc/hoods/nuernberg.hood > >b/src/packages/fff/fff-hoods/files/etc/hoods/nuernberg.hood > >index 6c26ab3..91c82c3 100644 > >--- a/src/packages/fff/fff-hoods/files/etc/hoods/nuernberg.hood > >+++ b/src/packages/fff/fff-hoods/files/etc/hoods/nuernberg.hood > >@@ -6,13 +6,30 @@ > > "protocol": "batman-adv-v14", > > "channel2": 1, > > "mode2": "HT20", > >- "type": "adhoc", > >+ "type2": "adhoc", > > "channel5": 40, > > "mode5": "HT40+", > >- "type": "adhoc", > >+ "type5": "adhoc", > > "location": { "lat": 49.448856, "lon": 11.082108 }, > >+ "timestamp": "1462205682" > > }, > > "network": { > > "ula_prefix": "fdff:3::/64" > >- } > >+ }, > >+ "vpn": [ > >+ { > >+ "name": "FFF-GW-M1.nuernberg", > >+ "protocol": "fastd", > >+ "address": "37.120.190.92", > >+ "port": "10004", > >+ "key": > >"b68f96ff2e1c5866494432ddee960ec61ec6832ade06a0d05890c7802d7c14b7" > >+ }, > >+ { > >+ "name": "fff-bbg.nuernberg", > >+ "protocol": "fastd", > >+ "address": "78.46.181.112", > >+ "port": "10004", > >+ "key": > >"2686395242eb871fec1103abead2893d21b0b54a078f0246747eb3b03859f67a" > >+ } > >+ ] > > } > >diff --git > >a/src/packages/fff/fff-hoods/files/etc/hoods/nuernberg.hood.sig > >b/src/packages/fff/fff-hoods/files/etc/hoods/nuernberg.hood.sig > >new file mode 100644 > >index 0000000..8d292d7 > >--- /dev/null > >+++ b/src/packages/fff/fff-hoods/files/etc/hoods/nuernberg.hood.sig > >@@ -0,0 +1,13 @@ > >+{ > >+ "Sigs": > >+ [ > >+ { > >+ "PubKey": > >"e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4", > >+ "Sig": > >"0ca1a62ba4a5ae7a49f9451eae721ab4a37fbaf89073ff00651e87f03df72d0dc8f1def364f609727e9080d87bda742b5e0ffd25bd75aa678fc13204b7c3ac01" > >+ }, > >+ { > >+ "PubKey": > >"8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e", > >+ "Sig": > >"1a2443056ef5768ffcade7c63676fe6b3103a2c2703610b35390fdf200004e044402fe4cc1da2493e5429a0a90e89310d18ec524585804e5376a77652f9f630a" > >+ } > >+ ] > >+} > >diff --git a/src/packages/fff/fff-hoods/files/etc/hoods/test.hood > >b/src/packages/fff/fff-hoods/files/etc/hoods/test.hood > >index 18a93f1..aee0e7e 100644 > >--- a/src/packages/fff/fff-hoods/files/etc/hoods/test.hood > >+++ b/src/packages/fff/fff-hoods/files/etc/hoods/test.hood > >@@ -11,6 +11,7 @@ > > "mode5": "ht40+", > > "type5": "adhoc", > > "location": { "lat": 49.46654, "lon": 10.992 }, > >+ "timestamp": "1462211188", > > }, > > "network": { > > "ula_prefix": "fdff:ff::/64" > >diff --git a/src/packages/fff/fff-hoods/files/etc/hoods/test.hood.sig > >b/src/packages/fff/fff-hoods/files/etc/hoods/test.hood.sig > >new file mode 100644 > >index 0000000..33b64a8 > >--- /dev/null > >+++ b/src/packages/fff/fff-hoods/files/etc/hoods/test.hood.sig > >@@ -0,0 +1,13 @@ > >+{ > >+ "Sigs": > >+ [ > >+ { > >+ "PubKey": > >"e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4", > >+ "Sig": > >"5085e78610c1d51e9f5677a1ab1f0219155ea6b2e2029cfddc99dd65898d1c099e1bd6c193265d6a760e244d060bbb464539e449bd4193b07706c270b53f3c01" > >+ }, > >+ { > >+ "PubKey": > >"8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e", > >+ "Sig": > >"2da699c0487bb7cb9063f96e826a7d10f9bc1f29dbc82c66dc19080b36445b058b3a661006f4d39de49d604a1f6deb2f12471d40b537210fab87896b5d271303" > >+ } > >+ ] > >+} > >diff --git > >a/src/packages/fff/fff-hoods/files/etc/hoods/trainstation.hood > >b/src/packages/fff/fff-hoods/files/etc/hoods/trainstation.hood > >index 41ac75e..cc1fcc4 100644 > >--- a/src/packages/fff/fff-hoods/files/etc/hoods/trainstation.hood > >+++ b/src/packages/fff/fff-hoods/files/etc/hoods/trainstation.hood > >@@ -10,6 +10,7 @@ > > "channel5": 40, > > "mode5": "ht40+", > > "type5": "adhoc", > >+ "timestamp": "1462211188", > > }, > > "network": { > > "ula_prefix": "fdff:0::/64" > >diff --git > >a/src/packages/fff/fff-hoods/files/etc/hoods/trainstation.hood.sig > >b/src/packages/fff/fff-hoods/files/etc/hoods/trainstation.hood.sig > >new file mode 100644 > >index 0000000..0adda1d > >--- /dev/null > >+++ b/src/packages/fff/fff-hoods/files/etc/hoods/trainstation.hood.sig > >@@ -0,0 +1,13 @@ > >+{ > >+ "Sigs": > >+ [ > >+ { > >+ "PubKey": > >"e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4", > >+ "Sig": > >"e83099ff7e1a529b136a916e2af95d08d8794eae62d71c0c858d1a9c6fd1ee09a127fd225637188f257c612138efc0808ef3a613afd181ee059cfb74c3087906" > >+ }, > >+ { > >+ "PubKey": > >"8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e", > >+ "Sig": > >"8f664d6a3a318131426e8d83dc30518aeeb01de04b47cd1e0bd4869eed14b1098a521a125d6209a40ae8ef247053a14ac32466b81c041c26be15b36b8ee0ab0d" > >+ } > >+ ] > >+} > >diff --git a/src/packages/fff/fff-hoodsync/Makefile > >b/src/packages/fff/fff-hoodsync/Makefile > >new file mode 100644 > >index 0000000..6242f54 > >--- /dev/null > >+++ b/src/packages/fff/fff-hoodsync/Makefile > >@@ -0,0 +1,39 @@ > >+include $(TOPDIR)/rules.mk > >+ > >+PKG_NAME:=fff-hoodsync > >+PKG_VERSION:=0.0.1 > >+PKG_RELEASE:=1 > >+ > >+PKG_BUILD_DIR:=$(BUILD_DIR)/fff-hoodsync > >+ > >+include $(INCLUDE_DIR)/package.mk > >+ > >+define Package/fff-hoodsync > >+ SECTION:=base > >+ CATEGORY:=Freifunk > >+ TITLE:= Freifunk-Franken hoodfile synchronisation > >+ URL:=http://www.freifunk-franken.de > >+ DEPENDS:=+fff-hoods +libubox > >+endef > >+ > >+define Package/fff-hoodsync/description > >+ This package synchronises and verifys hoodfiles and keyfiles > >+endef > >+ > >+define Build/Prepare > >+ echo "all: " > $(PKG_BUILD_DIR)/Makefile > >+endef > >+ > >+define Build/Configure > >+ # nothing > >+endef > >+ > >+define Build/Compile > >+ # nothing > >+endef > >+ > >+define Package/fff-hoodsync/install > >+ $(CP) ./files/* $(1)/ > >+endef > >+ > >+$(eval $(call BuildPackage,fff-hoodsync)) > >diff --git > >a/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/120e50e60f05b80f5e6900fd7c342494754949d338f77a84ac1a74a6c56077fb.key > >b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/120e50e60f05b80f5e6900fd7c342494754949d338f77a84ac1a74a6c56077fb.key > >new file mode 100644 > >index 0000000..0cce1ca > >--- /dev/null > >+++ > >b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/120e50e60f05b80f5e6900fd7c342494754949d338f77a84ac1a74a6c56077fb.key > >@@ -0,0 +1,16 @@ > >+{ > >+ "PubKey": > >"120e50e60f05b80f5e6900fd7c342494754949d338f77a84ac1a74a6c56077fb", > >+ "Owner": "TestUser0.2", > >+ "IsMaster": false, > > was soll ismaster sein? Ein Parameter, den ich nutzen wollte. Beim schreiben vom Script ist mir aufgefallen, das man den nicht braucht. Hatte nur vergessen den Parameter entsprechend wieder wegzuwerfen. Wird in v2 weg sein. > > >+ "Sigs": > >+ [ > >+ { > >+ "PubKey": > >"8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e", > >+ "Sig": > >"3033dd3d91645bf063dc74b30020d18d208ceb14beafcb8872843ce6cff58f0f9b61fbc64d6a307c98da560f60aff590c62617ab39a89215c0383dbf9b99a20c" > >+ }, > >+ { > >+ "PubKey": > >"2ec61ddc4d3b6c9d0b479e81b5bd76ab7888240b26fed03f7f0b4a0b74ad4b6e", > >+ "Sig": > >"56dfb602887d1db913200470d90256fb1935742f226ee84575df1e03cfab2e0611a0f353dbb6cec1291bc8098a61940510aef2c8fca44c375824c24059feea0a" > >+ } > >+ ] > >+} > >diff --git > >a/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/2ec61ddc4d3b6c9d0b479e81b5bd76ab7888240b26fed03f7f0b4a0b74ad4b6e.key > >b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/2ec61ddc4d3b6c9d0b479e81b5bd76ab7888240b26fed03f7f0b4a0b74ad4b6e.key > >new file mode 100644 > >index 0000000..f3e20e4 > >--- /dev/null > >+++ > >b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/2ec61ddc4d3b6c9d0b479e81b5bd76ab7888240b26fed03f7f0b4a0b74ad4b6e.key > >@@ -0,0 +1,16 @@ > >+{ > >+ "PubKey": > >"2ec61ddc4d3b6c9d0b479e81b5bd76ab7888240b26fed03f7f0b4a0b74ad4b6e", > >+ "Owner": "TestUser3", > >+ "IsMaster": true, > >+ "Sigs": > >+ [ > >+ { > >+ "PubKey": > >"e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4", > >+ "Sig": > >"760e1e9f36b543842d32c8f85fa7df64f993a25da3ad3d0e868fe20d18a93b0b364cc675991e8934a5368c3e22c3bf4f5376dae89188c59fdb3937c50f28ca08" > >+ }, > >+ { > >+ "PubKey": > >"8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e", > >+ "Sig": > >"07f6aad96f3eb6373244f7a8f6dbf25f8c630d8e4d1c53eb75dd0615ad4e000c4f50580413b1cad89eafb6a0c70e672d8a10a066cd28d21d7ed8dee84d897209" > >+ } > >+ ] > >+} > >diff --git > >a/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e.key > >b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e.key > >new file mode 100644 > >index 0000000..aeb480f > >--- /dev/null > >+++ > >b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e.key > >@@ -0,0 +1,16 @@ > >+{ > >+ "PubKey": > >"8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e", > >+ "Owner": "TestUser2", > >+ "IsMaster": true, > >+ "Sigs": > >+ [ > >+ { > >+ "PubKey": > >"e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4", > >+ "Sig": > >"00aa58032c1fd014401eb1a5bc730904c1ed91fde13c05ff29d203b82a88fe0f8aa9698c662dc21b8e4f8b24d3a0e6f9d123f0be4607b642b3f670cbe37b8607" > >+ }, > >+ { > >+ "PubKey": > >"2ec61ddc4d3b6c9d0b479e81b5bd76ab7888240b26fed03f7f0b4a0b74ad4b6e", > >+ "Sig": > >"1337c7f4106aa79d5f5d8f76256d76155137536da35048c7e49608cbf1699e0e1527f52cba4342428772124cff00980e7354cdf495dccdae26e8ccd7c15bb606" > >+ } > >+ ] > >+} > >diff --git > >a/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/c572b7e4908f1cbf9786c06ddf7b03a79fccfd8f0edf4ac07bff72f0f33bc021.key > >b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/c572b7e4908f1cbf9786c06ddf7b03a79fccfd8f0edf4ac07bff72f0f33bc021.key > >new file mode 100644 > >index 0000000..17f0333 > >--- /dev/null > >+++ > >b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/c572b7e4908f1cbf9786c06ddf7b03a79fccfd8f0edf4ac07bff72f0f33bc021.key > >@@ -0,0 +1,16 @@ > >+{ > >+ "PubKey": > >"c572b7e4908f1cbf9786c06ddf7b03a79fccfd8f0edf4ac07bff72f0f33bc021", > >+ "Owner": "TestUser0.1", > >+ "IsMaster": false, > >+ "Sigs": > >+ [ > >+ { > >+ "PubKey": > >"e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4", > >+ "Sig": > >"6356b1984020b4d6fd9ce425dc9a454d0b52be0cd0db418d662df4bfa5211f00565a36c019553e7d4982509b0e0a8d245ed232b0c6b5d97fd6df1648dce8f30f" > >+ }, > >+ { > >+ "PubKey": > >"8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e", > >+ "Sig": > >"c6d5c9f68e89063a235ec80a81d6b825d6b75f0e635218f52d921c7cfee00e0794097391feaf1d2a7f4b32cd8c784fe7fe3b5e6b420506be20ed7aa4a4db6d04" > >+ } > >+ ] > >+} > >diff --git > >a/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4.key > >b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4.key > >new file mode 100644 > >index 0000000..3211b30 > >--- /dev/null > >+++ > >b/src/packages/fff/fff-hoodsync/files/etc/hoods/keys/e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4.key > >@@ -0,0 +1,16 @@ > >+{ > >+ "PubKey": > >"e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4", > >+ "Owner": "TestUser1", > >+ "IsMaster": true, > >+ "Sigs": > >+ [ > >+ { > >+ "PubKey": > >"8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e", > >+ "Sig": > >"ad8f982ebb9e26676fd717787dcb42ab3093b5b1a3b37dc98b89cfb0eed24e0b286399287506a694a8731c05087be943eec97e6ebe9955905d5346d240042703" > >+ }, > >+ { > >+ "PubKey": > >"2ec61ddc4d3b6c9d0b479e81b5bd76ab7888240b26fed03f7f0b4a0b74ad4b6e", > >+ "Sig": > >"f441100c255f784a8a448d0108eebce42c44a1b5ec5eaea819704e6b020c1c0b55b4a50147900ae63073c97d42ea547d95b42074c6ecfd99a4582f9e1bc8a90a" > >+ } > >+ ] > >+} > >diff --git a/src/packages/fff/fff-hoodsync/files/usr/sbin/synchronize > >b/src/packages/fff/fff-hoodsync/files/usr/sbin/synchronize > >new file mode 100755 > >index 0000000..b5a9250 > >--- /dev/null > >+++ b/src/packages/fff/fff-hoodsync/files/usr/sbin/synchronize > >@@ -0,0 +1,27 @@ > >+#!/bin/sh > >+ > >+UPDATELINK="http://[fdff:3::e418:c9ff:fec6:9d7d]/foo/hoods" > > Das wird erst erreichbar, wenn wir ipv6 routen. Vorschlag: wir nehmen _erstmal_ dir IP vom netmon.. > Oder vllt sogar mehrere sourcen? HM.. > > >+HOODDIR=/tmp/syncedhoods > >+KEYDIR=/tmp/syncedkeys > >+ > >+rm -rf "$HOODDIR" > >+rm -rf "$KEYDIR" > >+mkdir -p "$HOODDIR" > >+mkdir -p "$KEYDIR" > >+rm -f /tmp/hoods.list > >+rm -f /tmp/keys.list > >+wget "$UPDATELINK/hoods.list" -O /tmp/hoods.list > >+wget "$UPDATELINK/keys/keys.list" -O /tmp/keys.list > >+ > >+while read filename > >+do > >+ wget "$UPDATELINK/$filename" -O "$HOODDIR/$filename" > >+done < /tmp/hoods.list > >+ > >+while read filename > >+do > >+ wget "$UPDATELINK/keys/$filename" -O "$KEYDIR/$filename" > >+done < /tmp/keys.list > >+ > >+. /usr/sbin/verifyhoods > > Eigentlich ist verifyhoods kein sbin file, wenn man es als dot script sourcen muss. Allgemein halte ich das sourcen von dot files hier für ungeschickt, weil eine nicht leicht zu erkennende Abhängigkeit (durch das environment) entsteht. > An ein oder 2 Stellen, werden hier Variablen benötigt. Ein Übergabeparameter wäre vermutlich besser. > > >+ > >diff --git a/src/packages/fff/fff-hoodsync/files/usr/sbin/verifyhoods > >b/src/packages/fff/fff-hoodsync/files/usr/sbin/verifyhoods > >new file mode 100755 > >index 0000000..cdc5b43 > >--- /dev/null > >+++ b/src/packages/fff/fff-hoodsync/files/usr/sbin/verifyhoods > >@@ -0,0 +1,70 @@ > >+#!/bin/sh > >+ > >+. /usr/share/libubox/jshn.sh > >+ > >+TRUSTEDHOODDIR=/etc/hoods > >+ > >+if [ -z "$HOODDIR" ]; then > >+ HOODDIR="$TRUSTEDHOODDIR" > >+fi > >+ > >+. /usr/sbin/verifykeys > Siehe oben. > > Weitere Anmerkung: warum wird verifykeys in verifyhoods gesourced? Hängt das wirklich zusammen? > > Wäre das nicht als unabhängiges script nicht besser? > Weil ich vor dem Verifizieren der Hoods sicher gehen wollte, das die Keys auch valide sind. > >+ > >+for hoodfile in $HOODDIR/*.hood > >+do > >+ echo -e "Check if hood-files are valid" > >+ echo "Parsing $hoodfile" > >+ json_load "$(cat $hoodfile)" > >+ json_select hood > >+ json_get_var newHoodName name > >+ json_get_var newTimestamp timestamp > >+ if [ -f "$TRUSTEDHOODDIR/$newHoodName.hood" ] > >+ then > >+ json_load "$(cat $TRUSTEDHOODDIR/$newHoodName.hood)" > >+ json_select hood > >+ json_get_var oldHoodName name > >+ json_get_var oldTimestamp timestamp > >+ if [ "$newHoodName" != "$oldHoodName" ] > >+ then > >+ echo "Hoodnames are not matching" > >+ continue > >+ fi > >+ if [ "$newTimestamp" -le "$oldTimestamp" ] > >+ then > >+ echo "the synchronized file is older than current" > >+ continue > >+ fi > >+ fi > >+ json_load "$(cat $hoodfile.sig)" > >+ json_select Sigs > >+ SigCount="0" > >+ local Index="1" > >+ while json_select $Index > /dev/null > >+ do > >+ json_get_var SigPubKey PubKey > >+ json_get_var Sig Sig > >+ if grep "$SigPubKey" "/tmp/trustedkeys" ; then > >+ if ecdsaverify -s "$Sig" -p "$SigPubKey" "$hoodfile" ;then > >+ echo "Valid Signature of $SigPubKey" > >+ SigCount=$((SigCount+1)) > >+ else > >+ echo "Invalid Signature of $SigPubKey" > >+ fi > >+ else > >+ echo "$SigPubKey is not trusted. So signature is > >worthless." > >+ fi > >+ json_select ".." > >+ Index=$((Index+1)) > >+ done > >+ if [ "$SigCount" -gt 1 ];then > >+ echo "There are enough valid Signatures, so hoodfile is now > >trusted." > >+ cp "$hoodfile"* "$TRUSTEDHOODDIR/." > >+ else > >+ echo "There aren't enough valid Signatures" > >+ echo "$hoodfile will be removed" > >+ rm -f "$hoodfile"* > >+ fi > >+ echo > >+done > >+ > >+. /usr/sbin/configurehood > > Kann man das synchronisieren, validieren, auswählen und konfigurieren nicht entkoppeln? > Kann man machen. Sollte man vermutlich auch machen. Die Funktionen sind vom Prinzip her ja schon eigenständig und ich habe sie nur verzahnt. > > Zu letzt noch die Frage: wie löscht man eine hood oder ein key file? > Bisher noch garnicht. Mir fehlt grad noch die Idee dafür. Eventuell noch sowas wie *.revoke files oder sowas. Ich versuche da in v2 noch was mit einzubauen. Grüße Jan > Tim > > >diff --git a/src/packages/fff/fff-hoodsync/files/usr/sbin/verifykeys > >b/src/packages/fff/fff-hoodsync/files/usr/sbin/verifykeys > >new file mode 100755 > >index 0000000..57f9446 > >--- /dev/null > >+++ b/src/packages/fff/fff-hoodsync/files/usr/sbin/verifykeys > >@@ -0,0 +1,59 @@ > >+#!/bin/sh > >+ > >+. /usr/share/libubox/jshn.sh > >+ > >+TRUSTEDKEYDIR=/etc/hoods/keys > >+ > >+if [ -z "$KEYDIR" ]; then > >+ KEYDIR="$TRUSTEDKEYDIR" > >+fi > >+ > >+rm -f /tmp/trustedkeys > >+for keyfile in $TRUSTEDKEYDIR/*.key > >+do > >+ echo "Parsing trusted $keyfile" > >+ json_load "$(cat $keyfile)" > >+ json_get_var PubKey PubKey > >+ echo "$PubKey" >> /tmp/trustedkeys > >+done > >+ > >+for keyfile in $KEYDIR/*.key > >+do > >+ echo "Check if key-signatures are valid" > >+ echo "Parsing $keyfile" > >+ json_load "$(cat $keyfile)" > >+ json_get_var PubKey PubKey > >+ echo "$PubKey" > "/tmp/$PubKey" > >+ SigCount="0" > >+ json_select Sigs > >+ local Index="1" > >+ while json_select $Index > /dev/null > >+ do > >+ json_get_var SigPubKey PubKey > >+ json_get_var Sig Sig > >+ if grep "$SigPubKey" "/tmp/trustedkeys" ; then > >+ if ecdsaverify -s "$Sig" -p "$SigPubKey" "/tmp/$PubKey" > >;then > >+ echo "Valid Signature of $SigPubKey" > >+ SigCount=$((SigCount+1)) > >+ else > >+ echo "Invalid Signature of $SigPubKey" > >+ fi > >+ else > >+ echo "$SigPubKey is not trusted. So signature is > >worthless." > >+ fi > >+ json_select ".." > >+ Index=$((Index+1)) > >+ done > >+ json_select ".." > >+ if [ "$SigCount" -gt 1 ];then > >+ echo "There are enough valid Signatures, so key is now > >trusted." > >+ cp "$keyfile" "$TRUSTEDKEYDIR/$PubKey.key" > >+ else > >+ echo "There aren't enough valid Signatures" > >+ echo "$keyfile will be removed" > >+ rm -f "$keyfile" > >+ fi > >+ rm -f "/tmp/$PubKey" > >+ echo > >+done > >+ > >diff --git a/src/packages/fff/fff/Makefile > >b/src/packages/fff/fff/Makefile > >index 45f034e..14d2af5 100644 > >--- a/src/packages/fff/fff/Makefile > >+++ b/src/packages/fff/fff/Makefile > >@@ -22,7 +22,8 @@ define Package/fff-base > > +fff-fastd \ > > +fff-firewall \ > > +fff-network \ > >- +fff-hoods > >+ +fff-hoods \ > >+ +fff-hoodsync > > endef > > > > define Package/fff-base/description
Hi grad noch was vergessen: Am Samstag, den 07.05.2016, 23:21 +0200 schrieb Tim Niemeyer: > Hi ... > >+++ b/src/packages/fff/fff-hoodsync/files/usr/sbin/synchronize > >@@ -0,0 +1,27 @@ > >+#!/bin/sh > >+ > >+UPDATELINK="http://[fdff:3::e418:c9ff:fec6:9d7d]/foo/hoods" > > Das wird erst erreichbar, wenn wir ipv6 routen. Vorschlag: wir nehmen _erstmal_ dir IP vom netmon.. > Oder vllt sogar mehrere sourcen? HM.. > Das ist zzt. einfach nur mein GW-Server und ist nur aus der Nürnberger Hood erreichbar. Als ich mit Christian drüber diskutiert habe, hatten wir schon eine Idee wie man das ablösen könnte. Grüße Jan > >+HOODDIR=/tmp/syncedhoods > >+KEYDIR=/tmp/syncedkeys > >+ > >+rm -rf "$HOODDIR" > >+rm -rf "$KEYDIR" > >+mkdir -p "$HOODDIR" > >+mkdir -p "$KEYDIR" > >+rm -f /tmp/hoods.list > >+rm -f /tmp/keys.list ...
the package will synchronize and verify hood- and keyfiles Signed-off-by: Jan Kraus <mayosemmel@gmail.com> --- .../fff/fff-hoods/files/etc/hoods/fuerth.hood | 1 + .../fff/fff-hoods/files/etc/hoods/fuerth.hood.sig | 13 ++++ .../fff/fff-hoods/files/etc/hoods/nuernberg.hood | 23 ++++++- .../fff-hoods/files/etc/hoods/nuernberg.hood.sig | 13 ++++ .../fff/fff-hoods/files/etc/hoods/test.hood | 1 + .../fff/fff-hoods/files/etc/hoods/test.hood.sig | 13 ++++ .../fff-hoods/files/etc/hoods/trainstation.hood | 1 + .../files/etc/hoods/trainstation.hood.sig | 13 ++++ src/packages/fff/fff-hoodsync/Makefile | 39 ++++++++++++ ...0fd7c342494754949d338f77a84ac1a74a6c56077fb.key | 16 +++++ ...e81b5bd76ab7888240b26fed03f7f0b4a0b74ad4b6e.key | 16 +++++ ...e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e.key | 16 +++++ ...06ddf7b03a79fccfd8f0edf4ac07bff72f0f33bc021.key | 16 +++++ ...834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4.key | 16 +++++ .../fff/fff-hoodsync/files/usr/sbin/synchronize | 27 +++++++++ .../fff/fff-hoodsync/files/usr/sbin/verifyhoods | 70 ++++++++++++++++++++++ .../fff/fff-hoodsync/files/usr/sbin/verifykeys | 59 ++++++++++++++++++ src/packages/fff/fff/Makefile | 3 +- 18 files changed, 352 insertions(+), 4 deletions(-) create mode 100644 src/packages/fff/fff-hoods/files/etc/hoods/fuerth.hood.sig create mode 100644 src/packages/fff/fff-hoods/files/etc/hoods/nuernberg.hood.sig create mode 100644 src/packages/fff/fff-hoods/files/etc/hoods/test.hood.sig create mode 100644 src/packages/fff/fff-hoods/files/etc/hoods/trainstation.hood.sig create mode 100644 src/packages/fff/fff-hoodsync/Makefile create mode 100644 src/packages/fff/fff-hoodsync/files/etc/hoods/keys/120e50e60f05b80f5e6900fd7c342494754949d338f77a84ac1a74a6c56077fb.key create mode 100644 src/packages/fff/fff-hoodsync/files/etc/hoods/keys/2ec61ddc4d3b6c9d0b479e81b5bd76ab7888240b26fed03f7f0b4a0b74ad4b6e.key create mode 100644 src/packages/fff/fff-hoodsync/files/etc/hoods/keys/8366b366904c41e5c1839e3ae2cbb7fb5253ce7664fe9c67aabaa5549d44c79e.key create mode 100644 src/packages/fff/fff-hoodsync/files/etc/hoods/keys/c572b7e4908f1cbf9786c06ddf7b03a79fccfd8f0edf4ac07bff72f0f33bc021.key create mode 100644 src/packages/fff/fff-hoodsync/files/etc/hoods/keys/e96e53f782aa4bb432773834a08c759fd7c0d70fdd124c432d9ec5c2c3826fd4.key create mode 100755 src/packages/fff/fff-hoodsync/files/usr/sbin/synchronize create mode 100755 src/packages/fff/fff-hoodsync/files/usr/sbin/verifyhoods create mode 100755 src/packages/fff/fff-hoodsync/files/usr/sbin/verifykeys