diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..892e7840 --- /dev/null +++ b/.gitignore @@ -0,0 +1,91 @@ +# Following files are generated by autotools configure + +config/common/FIRMWARE_APPS_VERSION +config/common/measurement.conf +config/common/ripe-atlas.run.conf +config/common/ripe-atlas.user.conf +config/common/ripe-atlas.users.conf +config/common/ripe-atlas.service +bin/arch/generic/*.sh +bin/config.sh +bin/common-pre.sh +bin/common.sh +bin/paths.lib.sh +bin/reginit.sh +bin/resolvconf +bin/ripe-atlas + +# http://www.gnu.org/software/automake + +Makefile.in +config/Makefile.in +bin/Makefile.in +/ar-lib +/mdate-sh +/py-compile +/test-driver +/ylwrap +.deps/ +.dirstamp + +# http://www.gnu.org/software/autoconf + +autom4te.cache +/autoscan.log +/autoscan-*.log +/aclocal.m4 +/compile +/config.cache +/config.guess +/config.h.in +/config.log +/config.status +/config.sub +/configure +/configure~ +/configure.scan +/depcomp +/install-sh +/missing +/stamp-h1 + +# https://www.gnu.org/software/libtool/ + +/ltmain.sh +libtool + +# http://www.gnu.org/software/texinfo + +/texinfo.tex + +# http://www.gnu.org/software/m4/ + +m4/libtool.m4 +m4/ltoptions.m4 +m4/ltsugar.m4 +m4/ltversion.m4 +m4/lt~obsolete.m4 + +# Generated Makefile +# (meta build system like autotools, +# can automatically generate from config.status script +# (which is called by configure script)) +/Makefile +/config/Makefile +/bin/Makefile + +# dpkg-buildpackage +debian/.debhelper/ +debian/autoreconf.* +debian/autoreconf.before +debian/debhelper-build-stamp +debian/files +debian/ripe-atlas-anchor/ +debian/ripe-atlas-common/ +debian/ripe-atlas-probe/ +debian/ripe-atlas-anchor*.debhelper* +debian/ripe-atlas-common*.debhelper* +debian/ripe-atlas-probe*.debhelper* +debian/ripe-atlas-anchor*.substvars +debian/ripe-atlas-common*.substvars +debian/ripe-atlas-probe*.substvars diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index b6ca6295..afaa96f9 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,14 +1,16 @@ stages: - docker_image - build + - lint - prepare + - deploy:el8 + - deploy:el9 variables: - DOCKER_IMAGE_DEBIAN9: ${CI_REGISTRY}/${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/debian9:${CI_COMMIT_REF_SLUG} - DOCKER_IMAGE_DEBIAN10: ${CI_REGISTRY}/${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/debian10:${CI_COMMIT_REF_SLUG} - DOCKER_IMAGE_DEBIAN11: ${CI_REGISTRY}/${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/debian11:${CI_COMMIT_REF_SLUG} - DOCKER_IMAGE_CENTOS7: ${CI_REGISTRY}/${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/centos7:${CI_COMMIT_REF_SLUG} - DOCKER_IMAGE_CENTOS8: ${CI_REGISTRY}/${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/centos8:${CI_COMMIT_REF_SLUG} + # DOCKER_IMAGE_DEBIAN11: ${CI_REGISTRY}/${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/debian11:${CI_COMMIT_REF_SLUG} + # DOCKER_IMAGE_DEBIAN12: ${CI_REGISTRY}/${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/debian12:${CI_COMMIT_REF_SLUG} + DOCKER_IMAGE_OL8: ${CI_REGISTRY}/${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/ol8:${CI_COMMIT_REF_SLUG} + DOCKER_IMAGE_OL9: ${CI_REGISTRY}/${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/ol9:${CI_COMMIT_REF_SLUG} DOCKER_IMAGE_PREP: ${CI_REGISTRY}/${CI_PROJECT_NAMESPACE}/${CI_PROJECT_NAME}/prep:${CI_COMMIT_REF_SLUG} GIT_SUBMODULE_STRATEGY: recursive RPMS_DIR: rpmbuild/RPMS @@ -18,6 +20,8 @@ variables: only: refs: - /^devel.*/ + - /^testing$/ + - /^master$/ - tags changes: - ${DOCKER_DIR}/Dockerfile @@ -27,146 +31,294 @@ variables: - docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY} - docker push ${DOCKER_IMAGE} -build_image_debian9: - variables: - DOCKER_DIR: build-config/gitlab-docker/debian9 - DOCKER_IMAGE: ${DOCKER_IMAGE_DEBIAN9} - extends: .build_image - -build_image_debian10: - variables: - DOCKER_DIR: build-config/gitlab-docker/debian10 - DOCKER_IMAGE: ${DOCKER_IMAGE_DEBIAN10} - extends: .build_image +# build_image_debian11: +# variables: +# DOCKER_DIR: .gitlab-docker/debian11 +# DOCKER_IMAGE: ${DOCKER_IMAGE_DEBIAN11} +# extends: .build_image -build_image_debian11: - variables: - DOCKER_DIR: build-config/gitlab-docker/debian11 - DOCKER_IMAGE: ${DOCKER_IMAGE_DEBIAN11} - extends: .build_image +# build_image_debian12: +# variables: +# DOCKER_DIR: .gitlab-docker/debian12 +# DOCKER_IMAGE: ${DOCKER_IMAGE_DEBIAN12} +# extends: .build_image -build_image_centos7: +build_image_ol8: variables: - DOCKER_DIR: build-config/gitlab-docker/centos7 - DOCKER_IMAGE: ${DOCKER_IMAGE_CENTOS7} + DOCKER_DIR: .gitlab-docker/ol8 + DOCKER_IMAGE: ${DOCKER_IMAGE_OL8} extends: .build_image -build_image_centos8: +build_image_ol9: variables: - DOCKER_DIR: build-config/gitlab-docker/centos8 - DOCKER_IMAGE: ${DOCKER_IMAGE_CENTOS8} + DOCKER_DIR: .gitlab-docker/ol9 + DOCKER_IMAGE: ${DOCKER_IMAGE_OL9} extends: .build_image build_image_prep: variables: - DOCKER_DIR: build-config/gitlab-docker/prep + DOCKER_DIR: .gitlab-docker/prep DOCKER_IMAGE: ${DOCKER_IMAGE_PREP} extends: .build_image -.build-ci-debian: - stage: build - only: - - /^devel.*/ - - tags - script: - - cd .. - - HOME=${PWD} ripe-atlas-software-probe/build-config/debian/bin/make-deb - - cp atlasswprobe-*.deb ripe-atlas-software-probe - artifacts: - name: "${CI_PROJECT_NAME}-${CI_BUILD_REF_NAME}" - paths: - - atlasswprobe-*.deb - expire_in: never - -build-ci-debian9: - extends: .build-ci-debian - image: ${DOCKER_IMAGE_DEBIAN9} +# .build-ci-debian: +# stage: build +# only: +# - /^devel.*/ +# - tags +# script: +# - cd ripe-atlas-software-probe +# - dpkg-buildpackage -b -us -uc +# - cp ../ripe-atlas-*.deb . +# artifacts: +# name: "${CI_PROJECT_NAME}-${CI_BUILD_REF_NAME}" +# paths: +# - ripe-atlas-*.deb +# expire_in: never -build-ci-debian10: - extends: .build-ci-debian - image: ${DOCKER_IMAGE_DEBIAN10} +# build-ci-debian11: +# extends: .build-ci-debian +# image: ${DOCKER_IMAGE_DEBIAN11} -build-ci-debian11: - extends: .build-ci-debian - image: ${DOCKER_IMAGE_DEBIAN11} +# build-ci-debian12: +# extends: .build-ci-debian +# image: ${DOCKER_IMAGE_DEBIAN12} -.build-ci-centos: +.build-ci-rhel: stage: build only: - /^devel.*/ + - /^testing$/ + - /^master$/ - tags variables: - REPO_RPM_PATH: ${RPMS_DIR}/noarch/ripe-atlas-repo-*.rpm - X86_RPM_PATH: ${RPMS_DIR}/x86_64/atlasswprobe-*.rpm + REPO_RPM_PATH: ${RPMS_DIR}/noarch/*.rpm + X86_RPM_PATH: ${RPMS_DIR}/x86_64/*.rpm + REPO_GIT_SOURCE: https://${CI_REGISTRY_USER}:${CI_REGISTRY_PASSWORD}@${URL} script: - - cd .. - - mkdir -p ${CENTOS_VERSION}/{noarch,x86_64} # create a repo with same structure as prod - - # setup build env - - ripe-atlas-software-probe/build-config/centos/bin/cp-repo-files ${CENTOS_VERSION} - - HOME=${PWD} ripe-atlas-software-probe/build-config/centos/bin/make-tars + # build define list + - REPO_GIT_TAG="" + - export REPO_GIT_TAG="${CI_COMMIT_TAG:-${CI_COMMIT_BRANCH}}" + - export HOME="${PWD}" + - mkdir -p ${HOME}/${OS_VERSION}/{noarch,x86_64} # create a repo with same structure as prod # build repo rpm - - HOME=${PWD} rpmbuild --bb rpmbuild/SPECS/ripe-atlas-repo.spec - - cp -a ${REPO_RPM_PATH} ${CENTOS_VERSION}/noarch + - rpmbuild -bb --define "git_source ${REPO_GIT_SOURCE}" --define "git_tag ${REPO_GIT_TAG}" rhel/ripe-atlas-repo.spec + - cp -a ${HOME}/${REPO_RPM_PATH} ${HOME}/${OS_VERSION}/noarch - # build x86 rpm - - HOME=${PWD} rpmbuild --bb rpmbuild/SPECS/atlasswprobe.spec - - cp -a ${X86_RPM_PATH} ${CENTOS_VERSION}/x86_64 + # build x86_64 rpm + - rpmbuild -bb --define "git_source ${REPO_GIT_SOURCE}" --define "git_tag ${REPO_GIT_TAG}" rhel/ripe-atlas-probe.spec + - cp -a ${HOME}/${REPO_RPM_PATH} ${HOME}/${OS_VERSION}/noarch + - cp -a ${HOME}/${X86_RPM_PATH} ${HOME}/${OS_VERSION}/x86_64 + - cp ${HOME}/rpmbuild/BUILD/ripe-atlas-software-probe/VERSION ${HOME}/${OS_VERSION} - # move artifact to right place - - cd ripe-atlas-software-probe && mv ../${CENTOS_VERSION} . + # build anchor rpm + - rpmbuild -bb --define "git_source ${REPO_GIT_SOURCE}" --define "git_tag ${REPO_GIT_TAG}" rhel/ripe-atlas-anchor.spec + - cp -a ${HOME}/${REPO_RPM_PATH} ${HOME}/${OS_VERSION}/noarch artifacts: - name: "${CI_PROJECT_NAME}-${CI_BUILD_REF_NAME}" + name: "${CI_PROJECT_NAME}-${CI_COMMIT_REF_NAME}" paths: - - ./${CENTOS_VERSION} + - ./${OS_VERSION} expire_in: never -build-ci-centos7: +build-ci-el8: variables: - CENTOS_VERSION: centos7 - image: ${DOCKER_IMAGE_CENTOS7} - extends: .build-ci-centos + OS_VERSION: el8 + image: ${DOCKER_IMAGE_OL8} + extends: .build-ci-rhel -build-ci-centos8: +build-ci-el9: variables: - CENTOS_VERSION: centos8 - image: ${DOCKER_IMAGE_CENTOS8} - extends: .build-ci-centos + OS_VERSION: el9 + image: ${DOCKER_IMAGE_OL9} + extends: .build-ci-rhel -.prepare-ci-centos: - stage: prepare +.lint-ci-rhel: + stage: lint only: - /^devel.*/ + - /^testing$/ + - /^master$/ - tags script: - - 'eval ${PREPARE}' - - 'eval ${FINALIZE}' - - 'eval ${CLEANUP}' + - mkdir lint_report + - for RPM in $(find ${OS_VERSION} -type f); do rpmlint $RPM > lint_report/$(echo $RPM | sed -n "s/^.*\/\s*\(\S*\)-.*$/\1.log/p") ; done || true + artifacts: + name: "${CI_PROJECT_NAME}-${CI_COMMIT_REF_NAME}-lint-report" + paths: + - ./lint_report + expire_in: never - - cp -a ${CENTOS_VERSION} ${CENTOS_VERSION}-deployable +lint-ci-el8: + needs: + - job: build-ci-el8 + artifacts: true + variables: + OS_VERSION: el8 + image: ${DOCKER_IMAGE_OL8} + extends: .lint-ci-rhel +lint-ci-el9: + needs: + - job: build-ci-el9 + artifacts: true + variables: + OS_VERSION: el9 + image: ${DOCKER_IMAGE_OL9} + extends: .lint-ci-rhel + +.prepare-ci-rhel: + stage: prepare + script: + - 'eval ${PREPARE}' + - cp -a ${OS_VERSION} ${OS_VERSION}-deployable + image: ${DOCKER_IMAGE_PREP} artifacts: - name: "${CENTOS_VERSION}-deployable" + name: "${OS_VERSION}-deployable" paths: - - ./${CENTOS_VERSION}-deployable + - ./${OS_VERSION}-deployable expire_in: never -deployable-centos7: +.prepare-ci-el8: needs: - - job: build-ci-centos7 + - job: build-ci-el8 artifacts: true variables: - CENTOS_VERSION: centos7 - image: ${DOCKER_IMAGE_PREP} - extends: .prepare-ci-centos + OS_VERSION: el8 + extends: .prepare-ci-rhel -deployable-centos8: +.prepare-ci-el9: needs: - - job: build-ci-centos8 + - job: build-ci-el9 artifacts: true variables: - CENTOS_VERSION: centos8 + OS_VERSION: el9 + extends: .prepare-ci-rhel + +prepare-ci-el8-devel: + only: + - /^devel.*/ + extends: .prepare-ci-el8 + environment: + name: devel + +prepare-ci-el9-devel: + only: + - /^devel.*/ + extends: .prepare-ci-el9 + environment: + name: devel + +prepare-ci-el8-testing: + only: + - /^testing$/ + extends: .prepare-ci-el8 + environment: + name: testing + +prepare-ci-el9-testing: + only: + - /^testing$/ + extends: .prepare-ci-el9 + environment: + name: testing + +prepare-ci-el8-master: + only: + - /^master$/ + - tags + extends: .prepare-ci-el8 + environment: + name: master + +prepare-ci-el9-master: + only: + - /^master$/ + - tags + extends: .prepare-ci-el9 + environment: + name: master + +.deploy-ci: + variables: + REPO_GIT_SOURCE: https://${DEPLOY_USER}:${DEPLOY_TOKEN}@${URL} + script: + - 'eval ${DEPLOY}' + when: manual + +.deploy-ci-el8: + stage: deploy:el8 + variables: + OS_VERSION: el8 image: ${DOCKER_IMAGE_PREP} - extends: .prepare-ci-centos + extends: .deploy-ci + +.deploy-ci-el9: + stage: deploy:el9 + variables: + OS_VERSION: el9 + image: ${DOCKER_IMAGE_PREP} + extends: .deploy-ci + +deploy-ci-el8-devel: + only: + - /^devel.*/ + needs: + - job: prepare-ci-el8-devel + artifacts: true + extends: .deploy-ci-el8 + environment: + name: devel + +deploy-ci-el9-devel: + only: + - /^devel.*/ + needs: + - job: prepare-ci-el9-devel + artifacts: true + extends: .deploy-ci-el9 + environment: + name: devel + +deploy-ci-el8-testing: + only: + - /^testing$/ + needs: + - job: prepare-ci-el8-testing + artifacts: true + extends: .deploy-ci-el8 + environment: + name: testing + +deploy-ci-el9-testing: + only: + - /^testing$/ + needs: + - job: prepare-ci-el9-testing + artifacts: true + extends: .deploy-ci-el9 + environment: + name: testing + +deploy-ci-el8-master: + only: + - /^master$/ + - tags + needs: + - job: prepare-ci-el8-master + artifacts: true + extends: .deploy-ci-el8 + environment: + name: master + +deploy-ci-el9-master: + only: + - /^master$/ + - tags + needs: + - job: prepare-ci-el9-master + artifacts: true + extends: .deploy-ci-el9 + environment: + name: master diff --git a/.gitlab-docker/debian11/Dockerfile b/.gitlab-docker/debian11/Dockerfile new file mode 100644 index 00000000..7c27f61e --- /dev/null +++ b/.gitlab-docker/debian11/Dockerfile @@ -0,0 +1,10 @@ +FROM debian:11.0 + +MAINTAINER mstam@ripe.net + +RUN apt-get update +RUN apt-get dist-upgrade -y +RUN apt-get install -y libssl-dev +RUN apt-get install -y build-essential +RUN apt-get install -y autoconf-dev +RUN apt-get install -y debhelper diff --git a/.gitlab-docker/debian12/Dockerfile b/.gitlab-docker/debian12/Dockerfile new file mode 100644 index 00000000..7c27f61e --- /dev/null +++ b/.gitlab-docker/debian12/Dockerfile @@ -0,0 +1,10 @@ +FROM debian:11.0 + +MAINTAINER mstam@ripe.net + +RUN apt-get update +RUN apt-get dist-upgrade -y +RUN apt-get install -y libssl-dev +RUN apt-get install -y build-essential +RUN apt-get install -y autoconf-dev +RUN apt-get install -y debhelper diff --git a/.gitlab-docker/ol8/Dockerfile b/.gitlab-docker/ol8/Dockerfile new file mode 100644 index 00000000..633f1844 --- /dev/null +++ b/.gitlab-docker/ol8/Dockerfile @@ -0,0 +1,11 @@ +FROM oraclelinux:8 + +MAINTAINER mmavropoulos@ripe.net + +RUN dnf -y update + +# Replace coreutils-single by coreutils +RUN dnf -y swap coreutils-single coreutils + +RUN dnf -y install tar gcc-c++ redhat-rpm-config redhat-release which xz sed make bzip2 gzip gcc coreutils unzip shadow-utils diffutils cpio bash gawk rpm-build info patch util-linux findutils grep +RUN dnf -y install autoconf automake dnf-utils createrepo_c git-core libtool openssl-devel rpmlint diff --git a/.gitlab-docker/ol9/Dockerfile b/.gitlab-docker/ol9/Dockerfile new file mode 100644 index 00000000..ceb55147 --- /dev/null +++ b/.gitlab-docker/ol9/Dockerfile @@ -0,0 +1,12 @@ +FROM oraclelinux:9 + +MAINTAINER gmeyer@ripe.net + +RUN dnf -y update + +# Replace coreutils-single by coreutils +RUN dnf -y swap coreutils-single coreutils + +# from https://github.com/rpm-software-management/mock/blob/main/mock-core-configs/etc/mock/templates/centos-7.tpl#L3 +RUN dnf -y install bash bzip2 coreutils cpio diffutils redhat-release findutils gawk glibc-minimal-langpack grep gzip info patch redhat-rpm-config rpm-build sed shadow-utils tar unzip util-linux which xz +RUN dnf -y install autoconf automake dnf-utils createrepo_c git-core libtool openssl-devel rpmlint diff --git a/build-config/gitlab-docker/prep/Dockerfile b/.gitlab-docker/prep/Dockerfile similarity index 100% rename from build-config/gitlab-docker/prep/Dockerfile rename to .gitlab-docker/prep/Dockerfile diff --git a/CHANGES.rst b/CHANGES.rst index 2333d8bb..72fe1e33 100644 --- a/CHANGES.rst +++ b/CHANGES.rst @@ -1,58 +1,344 @@ Release History =============== +5090 (released 2024-07-12) +-------------------------- +- All platforms + * All platforms now have a ripe-atlas-common package, a ripe-atlas-anchor and ripe-atlas-probe package to define the purpose of the probe. This deprecates atlasswprobe + * Package is now built using autotools + * Package restructured according to Linux FHS + * Probe private key is not removed upon uninstall + * libevent is now linked to the measurement code statically. It diverged from the original package and cannot be sent upstream + * sudo is no longer required, the processes drop privileges automatically +- Software probes + * Added support for Oracle EL8 and RHEL9 (Oracle EL9 / Rocky Linux 9) + * Added initial code for Debian 11/12 (Support incomplete) + * Added initial code for OpenWRT 22.03 (Support incomplete) + * Fix Atlas not working on SELinux (RHBA-2023:5062); Robert Scheck + * Sanitised log messages (unnecessary errors) + * Probe sub architecture now reports ID, VERSION and PLATFORM + * systemd-sysusers and systemd-tmpfiles now used + * Atlas now exits properly when stopped by systemd on EL8 + * Bash is now a requirement + * RPM now validates properly + +5080 (released 2022-09-23) +-------------------------- +- All platforms + * Introduction of CI/CD pipeline for building firmware + * Fix for ICMPv6 echo replies on systems with 32-bit pid_t (Graham Edgecombe) +- Software probes + * The auto update functionality has been removed from the CentOS 7/8 RPM. +- Cleanup on v3 hardware probe to align with v4 and v5 probes. + * Streamline build process for flash and USB firmware + * Removal of unused software / functionality + * Revert to stock OpenWRT insofar as possible + * Code refactoring to remove duplicate implementation of LED behaviour + * JSON style logging framework introduced, initially for process restarting + * Filesystem bug fixed that prevented release of flash firmware + +5070 (released 2022-05-31) +-------------------------- +- Fix bug that caused processes to restart erroneously. +- Added support for NTP size extension (by Daniel Drown) + +5060 (released 2022-03-16) +-------------------------- +- Removed IPv6 reporting from rxtxrpt +- Replace syscall(__NR_clock_gettime, ...) with clock_gettime() (by Eneas U de Queiroz) +- Fix rptaddrs to handle systems without IPv6. Sad but true. +- Allow measurement targets to be in the prefixes 0.0.0.0/8 and 240.0.0.0/4 +- Add HTTPPOST_PORT port override for httppost +- Improvements for self tests +- Updated cipher list in sslgetcert to Firefox 89.0.2 +- Support for DNS-over-HTTPS measurements + +5050 (released 2022-02-16) +-------------------------- +- This is an administrative release, it does not have any changes. + 5040 (released 2021-10-21) -------------------------- - Measurement changes (version 2.4.1): - * Firmware 5030 introduced a regression where a specific type of TCP connect failure would cause the probe to stop performing measurements. 5030 (released 2021-09-13) -------------------------- - Config variable to disable the check that atlas data is on tmpfs - Support for software probes on OpenWrt (by Jan Pavlinec) -- Measurement changes (version 2.4.0): - +- Measurement busybox v2.4.0: * Solve issue with duplicate src_addr in DNS measurements * Remove as much as possible source files that are not used by Atlas * Fix bug in sslgetcert if there is a connection failure * Replace stime with clock_settime * Support a lot more network interfaces in reporting traffic statistics - * Option to set AD bit in DNS queries + * Option to set AD bit in DNS queries * Initial support for testing Atlas measurement code 5020 (released 2020-04-06) -------------------------- - Support for a centos 8 binary repo -- Use the hash of the public key in sos messages for virtual probes and anchors -- Fix bug in dns measurements where a json field gets duplicated (measurement busybox 2.2.1) +- Use the hash of the public key in SOS messages for software probes and anchors, allowing software probes to report SOS messages +- Fix a bug in DNS measurements where a JSON fields got duplicated (measurement busybox 2.2.1) - Suppress some debug output from dfrm (measurement busybox 2.2.1) - Make response to a reg. server returning WAIT more robust 5010 (released 2020-01-13) ---------------------------- +-------------------------- - Support for Turris routers +- Support Debian - Build fixes for CentOS 8 - Improved mechanism to source architecture specific scripts +- Support for DNS resolvers with IPv6 link local address - Removed some bash-isms -- Support Debian - Measurement changes (version 2.2.0): - * "qt" field for DNS measurements to report query time without setup overhead * Handle IPv6 scope IDs * Switch to libevent 2.1.11 * 'httppost' should only set the system if the environment variable HTTPPOST_ALLOW_STIME is set - * Add '--ttl' option to DNS measurements + * Add '--ttl' option in DNS measurements to report the TTL on replies (for UDP) + +5000 (released 2019-10-07) +-------------------------- +- Probe firmware 5000.2 + * Make setting the time and date in the ATLAS script optional + * Corrected names of production registration servers + * Introduce config.txt to make rxtxrpt optional + * Add -y option to yum update + * Added README.rst, INSTALL.rst, CHANGES.rst and LICENSE +- Probe firmware 5000 + * First release of software probes - sync up probe firmware versions between hardware and software + +4980 (released 2019-04-10) +-------------------------- +- Disable TCP SACK + +4970 (released 2019-03-25) +-------------------------- +- Fixed an issue with periodic HTTP measurements and a chunked response from the remote server +- Generate a new value for the "$r" macro in DNS measurements for each resolver when "use probe's resolvers" is in effect +- Fixed a bug in TCP traceroute when some measurements did not run if there were more than 256 measurements defined + +4960 (released 2019-02-26) +-------------------------- +- Fix local time management to deal with cases where the probe did not adjust its local time correctly +- Add support for reinstalling the current firmware if (filesystem) corruption is suspected +4950 (released 2019-02-20) +-------------------------- +- Fixed a bug in traceroute where a trace was supposed to stop after 5 non-responding hops, but it stopped earlier if the starting hop was not set to 1 +- Added support for DNS cookies (API/UI support is in the works) +- Added support to set EDNS version, flags and options (API/UI support TBD) +- Added support to send DNS queries with IPv6 destination option (API/UI support is in the works) +- Code shuffles to record timestamps for response time as close as possible to sending and receiving calls + +4940 (released 2018-07-17) +-------------------------- +- Add support for DNS client subnet option +- Add support for HTTP host header +- Add support for ping synchronous DNS resolution (only used internally) +- Update SSL/TLS list of ciphers (taken from wget 1.19.1) +- Add support for SSL/TLS elliptic curves +- Add better error reporting for TLS errors +- Add support for traceroute ToS +- Internal code changes to align the behaviour/scripts used on v3 and v4 probes +- Fix a bug where probes no longer sent DNS "sos" queries -5000.2 (released 2019-10-07) ---------------------------- -- Make setting the time and date in the ATLAS script optional -- Corrected names of production registration servers -- Introduce config.txt to make rxtxrpt optional -- Add -y option to yum update -- Added README.rst, INSTALL.rst, CHANGES.rst and LICENSE +4930 (released 2018-05-21) +-------------------------- +- This firmware is a clone of 4910, aimed exclusively for the upcoming v4 probes + +4910 (released 2018-01-08) +-------------------------- +- General + * Upgrade busybox (used inside the probe firmware) + * When name resolution results in a 'local' address and the probe denies executing the measurement, report the offending address + * Report how long name resolution takes (except for DNS measurements) + * SSL/TLS certificate measurements now report the cipher that is chosen by the server + * Fix bug where a TCP socket was not set to non-blocking when explicit binding to an interface was required +- Anchor + * Support added for CentOS 6 and 7 + +4790 (released 2017-05-29) +-------------------------- +- This is a v1/v2 only release meant to fix stability issues that resulted in stretching the hardware capabilities too far. + +4780 (released 2017-05-22) +-------------------------- +- Various fixes for stability and security +- Allow DNS "macros" like $p, $t, $r, which are replaced by the probe each time with probe ID, timestamp and a random value, respectively +- Add SNI support to TLS/SSL checks +- Add option to embed probe ID in ping requests in order to filter out RIPE Atlas generated ICMPs +- Report time-to-complete in TLS/SSL results even if fetching the actual certificate fails +- Fixed a bug where there were no results delivered for DNS measurements with the "include the abuf" option turned off + +4770 (released 2017-03-22) +-------------------------- +- Fixed a regression where DNS measurements using TCP transport always failed +- Fixed a bug where WiFi measurements could sometimes report using the wrong outgoing network interface + +4760 (released 2017-02-23) +-------------------------- +- Changes to use USB sticks (in v3 probes) as little as possible by buffering results in memory. As a tradeoff for more expected stability, the probes lose recent, unreported measurement results (ie. the ones collected in the last 60-90 seconds). +- Unexpectedly terminated TCP connections caused SIGPIPE signals crashing the measurement the process +- Various stability and security fixes to the measurement code + +4750 (released 2017-01-24) +-------------------------- +- First release of wifi firmware (4755) +- Various security/stability fixes in the measurement code + +4740 (released 2016-08-08) +-------------------------- +- Disallow measurements towards 0.0.0.0/8 +- Internal changes to support wifi measurements +- Report local network configuration every hour +- Switch to ext4 filesystem for USB storage +- Check for read-only USB and send SOS message if that's the case +- Fixed kernel to not download new firmware if the usb stick is read-only -5000 (released 2019-10-01) +4730 (released 2016-01-18) -------------------------- -- Initial release +- Better error handling for unexpected measurement results +- Probes will soon start reporting their uptime in a new "virtual measurement", ID 7001 +- Fixed an error case where results of one-off traceroutes could have interfered with ongoing traceroutes +- Added preliminary support for specifying a timeout parameter for DNS measurements + +4720 (released 2015-10-05) +-------------------------- +- The method for measuring times (e.g. RTTs) for each measurement has been switched to use a strictly monotonic, relative clock, thereby avoiding the artefacts caused by absolute clock changes due to time synchronisation. +- The RDATA field of a DNS measurement result (in response to a TXT query) is now a list of strings. It was a single string before. +- The cipher list supported by SSL/TLS certificate checks have been refreshed. +- Fixed a bug where one-off results were reported multiple times in some cases. +- Fixed a issue where NTP measurements could generate syntactically incorrect results which, as a consequence, were never stored. +- Fixed an issue where IPv6-only probes did not properly report their network configuration. +- Fixed a bug where failed DNS measurements in some cases did not report the time of measurement. +- The probes, in addition to the infrastructure, now also enforce the restriction that local (RFC1918 and link-local) addresses should not be measured. +- When removing static configuration from a probe, the statically added previous DNS server was still used + +4700 (released 2015-07-06) +-------------------------- +- This is mostly a maintenance release, with internal behavioural changes only. + +4680 (released 2015-03-28) +-------------------------- +- This firmware incorporates a few bug fixes: +- If probe has statically configured nameserver and also DHCPv4, the DHCP one wins, thereby fixing stale DNS entries +- Enhance the NTP client on v3 probes +- V3 probes now pick up IPv6 DNS resolvers from RA messages +- Stability issues on v1/v2 probes when HTTP measurements immediately fail with connection errors +- "SSLCert" measurements now also support TLS + +4670 (released 2015-01-14) +-------------------------- +- Fixed two bugs in ping measurements where the probe had issues pinging its own IPv6 address +- Fixed wrong host header for IPv6 literals in http measurements +- Probes are now trying to avoid starting too many measurements at exactly the same second + +4660 (released 2014-08-25) +-------------------------- +- Bugfix: fixed a bug in paris traceroute where the ICMP version would have the wrong paris id in outgoing packets +- Bugfix: fixed a memory leak in the DNS measurements code +- Enhancement: include a cookie in outgoing ping packets and check the reply +- Enhancement: in ping, report IP version and target address even if socket connect fails +- Experimental suport for NTP measurements (not publicly available yet) + +4650 (released 2014-07-08) +-------------------------- +- Ping interval option (-i option, needs support from API and UI) +- The "lts" field is now also available in the output of traceroute, dns, sslgetcert, httpget +- Traceroute IPv6 extra error code 'h': destination unreachable/beyond scope +- Fixed error in the output of traceroute +- Fixed bug in parsing multiple IPv6 extension headers in traceroute +- Fixed bug in DNS where RA flag was set in requests + +4610 (released 2014-03-17) +-------------------------- +- The new firmware fixes a few DNS related bugs: +- In some cases the probe sent DNS results too often +- Querying the local DNS resolver could result in multiple results (one per resolver), but these could not be accessed in the data store. The new version collects results from all resolvers into one data structure. See the /apis/result-format/#version-4610-dns-lookup for details. +- In addition, this firmware adds preliminary support for using IPv6 extension headers. This will be available in the UI and in the API at a later date. + +4600 (released 2014-02-17) +-------------------------- +- The new firmware release (4600) contains bug fixes for missing fields in ping results (TTL and source address). It also incorporates a more secure way for the probes to authenticate new firmwares before upgrading. + +4580 (released 2013-12-16) +-------------------------- +- Due to an issue with the latest firmware release, a subset of the v3 probes were listening to incoming connections on an open port that should not have been left open. As a secondary measure, however, access to this port required credentials only available to the RIPE Atlas probe developers. It therefore never presented open access to the probes. This port (SSH) is used for development purposes in our internal development environment. +- We upgraded the v3 probes to a new, corrected firmware version (4580), and improved the checks in our firmware release process. The new firmware is otherwise functionally equivalent to the previous one. +- This issue did not affect version 1/2 probes and anchors. + +4570 (released 2013-11-21) +-------------------------- +- Upgrade kernel on v3 probes without losing static network config +- Uniform interpretation of the size parameter of ping and traceroute: the size excludes the IPv4/IPv6 header and the transport (ICMP, TCP, UDP) header +- Add TCP mode to traceroute measurements +- Most measurements (except for DNS "use probe's local resolvers") now pick up a new list of resolvers if it has been updated by DHCP +- Support for SRV and NAPTR in DNS measurements +- Support "number of retries" option in DNS measurements +- Note that the use of the new measurement flag will be enabled in the UI and API at a later stage. + +4520 (released 2013-04-23) +-------------------------- +- This is a bug fix release for all probe architectures. There is a small bug in the probe measurement code that can be trigger only if a controller sends the wrong commands to a probe. + +4510 (released 2013-04-23) +-------------------------- +- Version 3 probes + * Fixes for static network configuration +- Anchor + * Cleanup in anchor package + * Various fixes to the startup/shutdown scripts + * Aligned build script with upstart for killing processes + * Clean up pid files on Atlas shutdown + * Kill Atlas processes on install/uninstall + * Anchor now requires daemontools to be installed + +4500 (released 2013-02-28) +-------------------------- +- RIPE Atlas probe software now supports two more architectures: TP-Link (for the next generation probes) and CentOS (for RIPE Atlas anchors). +- There is now support for one-off measurements for ping, traceroute, DNS, and HTTPget. +- We fixed a bug in DNS measurements in which, when querying local resolvers, more queries went to the last resolver. +- Fixed "error" : { "TUCONNECT" : "Success"}. Before this version DNS TCP and HTTPget reported an error message "Success". +- First release of anchor package + +4480 (released 2012-10-03) +-------------------------- +- Fixed bug in traceroute when it has to deal with rfc4884 objects (mpls) that have a wrong size. +- Delayed DNS name resolution in ping and traceroute. This feature will soon be enabled through the UI. +- Fixed bug in HTTP GET where some characters where not properly escaped in generating the result JSON. +- Fixed bugs in the libevent stub resolver to better handle DNS errors and timeouts (affects mostly httpget) +- Limit the amount of measurement data that is sent as one unit. This prevents probes that have not connected to a controller for some time from overloading the controller. +- The probe uptime is now in the DNS SOS messages that are sent by probes before they try to connect. This will allow making a distinction between various reasons for disconnects: e.g. probe reboot vs. network problems. +- Initial version for anchor package added (Anand Buddhev) + +4470 (released 2012-09-20) +-------------------------- +- This firmware fixes two bugs. + * The first one is that DNS results may get mixed up when a probe runs two DNS measurements at the same time. + * The second one is where traceroute sometimes reports a timestamp of 0. +- In addition, the firmware now has IPv6 literals for the registrations servers, so an IPv6-only probe can connect to a registration server even if it doesn't have a DNS resolver. + +4460 (released 2012-06-21) +-------------------------- +- The main new feature in this firmware is the use of libevent and rewriting the measurement code to use it. This provides a much higher capacity for doing measurements. In addition, the probe now reports results in JSON. Expect the traceroute output to be completely different. The are a number of small changes. For example, the DHCP client now sets the client-id and vendor class. Please note that if you have given the probe a static IPv4 address through DHCP and the probes stops working then this may be caused by the change in DHCP client-id. + +4310 (released 2012-02-22) +-------------------------- +- This firmware contains a number of small fixes that deal with exceptional conditions. Probes should also reconnected slightly quicker after a disconnect. + +4270 (released 2011-10-10) +-------------------------- +- More pings to fixed destinations +- Traceroutes to fixed destinations +- DNS root server anycast instance checks + +4030 (released 2011-07-04) +-------------------------- +- We're in the process of rolling out a new firmware version. It enables a new feature that has been asked by members of the community: /howtos/probe-static-network-config.md. Using the UI, one can ask the probe to try to use static IPv4/IPv6 addresses (and DNS resolvers). If these settings don't work, the probes will fall back to using DHCP. As a byproduct, this feature also allows IPv6-only deployments. + +4020 (released 2011-02-07) +-------------------------- +- The new firmware version enables the use of a second registration server (woolsey.atlas.ripe.net). All probes are expected to upgrade automatically in the coming days. + diff --git a/INSTALL.rst b/INSTALL.rst index a9244f0d..48d05297 100644 --- a/INSTALL.rst +++ b/INSTALL.rst @@ -1,35 +1,126 @@ Installation Instructions ========================= -To create a RPM for CentOS 7 or CentOS 8 ----------------------------------------- +Picking a release +----------------- -- ``sudo yum update && yum install git tar rpm-build openssl-devel autoconf automake libtool make`` +The repository is structured around 3 main branches, and a topic branch: +- A master branch which contains production-ready code. +- A testing branch +- A devel(opment) branch +- Ticket branches + +The master branch contains the latest production-level code. The firmware for hardware probes is built from this branch. +The testing branch is a pointer on the master branch that contains code that is being readied for the next production release. +The development branch contains code which is by its nature feature complete, but may not be fully tested yet. This code is merged into the testing branch upon completion and unit testing. +Ticket branches that branch off the development branch contain features or fixes that may or may not work + +Any tag which is a number divisible by 10 is a production release (5060, 5070, 5080). Any tag with another number is either a development or a testing release. + +When uncertain, always select the master branch. + +To build RPMs for RHEL-based distributions +------------------------------------------ + +The build process is performed using rpmbuild. +Currently tested on Oracle Enterprise Linux 8, Oracle Enterprise Linux 9 and Rocky Linux 9 on the x86_64 platform. + +- (using root privileges) ``dnf update && dnf install git tar rpm-build openssl-devel autoconf automake libtool make`` - ``git clone --recursive https://github.com/RIPE-NCC/ripe-atlas-software-probe.git`` -- ``ripe-atlas-software-probe/build-config/centos/bin/make-tars`` - (this will create a directory called rpmbuild) -- ``rpmbuild --bb rpmbuild/SPECS/atlasswprobe.spec`` -- This will leave the RPM in rpmbuild/RPMS/x86_64 -- Then install the probe, -- ``sudo dnf -y install rpmbuild/RPMS/x86_64/atlasswprobe*`` -- The public key can be found by using -- ``cat /var/atlas-probe/etc/probe_key.pub`` -- Then register your probe at https://atlas.ripe.net/apply/swprobe/ - -To create a deb for Debian or Debian-based distros --------------------------------------------------- - -Currently only the Debian Build system includes support for amd64, arm64, and armhf. - -- Get the needed tools: ``sudo apt update && sudo apt install git tar fakeroot libssl-dev libcap2-bin autoconf automake libtool build-essential`` +- cd ripe-atlas-software-probe +- ``rpmbuild --bb rhel/ripe-atlas-probe.spec``, see note. +- ``rpmbuild --bb rhel/ripe-atlas-anchor.spec``, see note. +- NOTE: if you wish to build specific (development) branches or repositories: + * git_source; to specify a GIT repository (--define "git_source https://github.com/RIPE-NCC") + * git_tag; to specify a particular version (--define "git_tag 5080") + * git_commit; to specify a particular commit (--define "git_commit abcdef") +- This will leave the RPMs in rpmbuild/RPMS/x86_64 and rpmbuild/RPMS/noarch + +To install RPMs for RHEL-based distributions +-------------------------------------------- + +To install, execute: +- ``cd ~/rpmbuild/RPMS`` +- (using root privileges) ``dnf -y install x86_64/ripe-atlas-common-????-1.el?.x86_64.rpm noarch/ripe-atlas-probe-????-1.el?.noarch.rpm`` +- (using root privileges) ``systemctl enable ripe-atlas.service`` +- (using root privileges) ``systemctl start ripe-atlas.service`` + +To upgrade RPMs from atlasswprobe +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +To upgrade from the existing atlasswprobe: +- ``cd ~/rpmbuild/RPMS`` +- (using root privileges) ``dnf -y install noarch/ripe-atlas-common-????-1.el?.noarch.rpm`` +- (using root privileges) ``rpm -Uvh x86_64/ripe-atlas-probe-????-1.el?.x86_64.rpm`` +- (using root privileges) ``systemctl enable ripe-atlas.service`` +- (using root privileges) ``systemctl start ripe-atlas.service`` + +Note that this will attempt to migrate existing probe keys and configuration. +Existing probe state will be removed (/var/atlas-probe). + +To build DEB files for Debian or Debian-based distributions +----------------------------------------------------------- + +The build process is performed using dpkg-buildpackage (compat version 13). +Currently compile tested on Debian 11 and 12 on the x86_64 platform. Code +should be considered Beta quality and will be fully supported in an +upcoming release. + +- Get the needed tools (using root privileges): ``apt-get update && apt-get -y install git build-essential debhelper libssl-dev autotools-dev``. - Clone the repo: ``git clone --recursive https://github.com/RIPE-NCC/ripe-atlas-software-probe.git`` -- Build the needed .deb file in the current working directory: ``./ripe-atlas-software-probe/build-config/debian/bin/make-deb`` -(Please note if you are running Ubuntu it may be required to checkout the devel branch of this repo. If this is the case and the .deb build does not complete without failing this is the command sequence to follow before trying the install of the .deb); +- Build the needed .deb file in the current working directory: * ``cd ripe-atlas-software-probe`` << this will change into the root directory of the git repo that you have clone - * ``git checkout devel`` << this will checkout the DEVEL branch instead of the MASTER branch + * ``git checkout BRANCH`` << if needed (optional) * ``git submodule update`` << this will update the submodule within this branch - * ``cd ..`` << this take you back to where you started - * ``./ripe-atlas-software-probe/build-config/debian/bin/make-deb`` << this will retry the build -- Install this .deb file: ``sudo dpkg -i atlasswprobe-??????.deb`` -- The public key is stored in ``/var/atlas-probe/etc/probe_key.pub`` -- Then register your probe at https://atlas.ripe.net/apply/swprobe/ + * ``dpkg-buildpackage -b -us -uc`` << this will create the package + * ``cp ../ripe-atlas-*.deb .`` + +To install DEB files for Debian or Debian-based distributions +------------------------------------------------------------- + +To install, execute: +- (using root privileges): ``dpkg -i ripe-atlas-common_????_amd64.deb ripe-atlas-probe_????_all.deb`` +- (using root privileges) ``systemctl enable ripe-atlas.service`` +- (using root privileges) ``systemctl start ripe-atlas.service`` + +To build IPKG files for OpenWRT +------------------------------- + +The build process is performed using OpenWRT's build process. +Currently compile tested on OpenWRT 22.03. OpenWRT 22.03 will be +fully supported in an upcoming release. + +The package can be added to the build by adding the line: +`src-git ripe-atlas git@github.com:RIPE-NCC/ripe-atlas-software-probe.git` +and running: +`scripts/feeds install -a` +from the toplevel OpenWRT directory. + +The branch checked out is master, other branches can be checked out by appending ; or ^commit to the line in feeds.conf. + +After adding the package can be selected using menuconfig and built as normal. + +To install IPKG files for OpenWRT +--------------------------------- + +To install, execute: +- ``opkg install ripe-atlas-common-????.ipkg ripe-atlas-software-probe-????.ipkg`` +- ``service ripe-atlas start`` + +Manual build (using systemd) +---------------------------- + +To build using autoconf tooling and install the software probe, execute the following commands at the top level of the git repo: + +- ``autoreconf -iv`` +- ``./configure --prefix=/usr --sysconfdir=/etc --localstatedir=/var --libdir=/usr/lib64 --runstatedir=/run --with-user=ripe-atlas --with-group=ripe-atlas --with-measurement-user=ripe-atlas-measurement --enable-systemd --enable-chown --enable-setcap-install`` +- ``make`` + +Manual installation +------------------- + +To install, execute: +- (using root privileges) ``make install`` +- (using root privileges) ``systemctl enable ripe-atlas.service`` +- (using root privileges) ``systemctl start ripe-atlas.service`` + diff --git a/Makefile.am b/Makefile.am new file mode 100644 index 00000000..a68c66c1 --- /dev/null +++ b/Makefile.am @@ -0,0 +1,46 @@ +include $(top_srcdir)/rules.mk + +ACLOCAL_AMFLAGS = -I m4 +AM_MAKEFLAGS=CONFIG_PREFIX:=$(DESTDIR)$(atlas_measurementdir) +SUBDIRS = bin config probe-busybox/libevent-2.1.11-stable probe-busybox . + +ATLAS_SPOOL_DIRS = \ + $(foreach dir,. new oneoff out out/ooq out/ooq10,$(DESTDIR)$(atlas_spooldir)/data/$(dir)) \ + $(foreach dir,. main 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20,$(DESTDIR)$(atlas_spooldir)/crons/$(dir)) + +ATLAS_RUN_DIRS = \ + $(foreach dir,status pids,$(DESTDIR)$(atlas_rundir)/$(dir)) + +ATLAS_CONF_DIRS = \ + $(DESTDIR)/$(atlas_sysconfdir) + +if DO_CHOWN +ATLAS_OWN_MEAS_OPTS = \ + -o $(ripe_atlas_measurement) \ + -g $(ripe_atlas_group) +ATLAS_OWN_MAIN_OPTS = \ + -o $(ripe_atlas_user) \ + -g $(ripe_atlas_group) +ATLAS_OWN_SUID_OPTS = \ + -m 4750 +else +ATLAS_OWN_MAIN_OPTS = +ATLAS_OWN_MEAS_OPTS = +ATLAS_OWN_SUID_OPTS = +endif + +install-exec-local: + $(mkinstalldirs) -m 2775 $(ATLAS_OWN_MAIN_OPTS) $(ATLAS_SPOOL_DIRS) + $(mkinstalldirs) -m 0770 $(ATLAS_OWN_MAIN_OPTS) $(ATLAS_CONF_DIRS) +if !SYSTEMD_INSTALL + $(mkinstalldirs) -m 0775 $(ATLAS_OWN_MEAS_OPTS) $(ATLAS_RUN_DIRS) +endif + +# +# Technically this hack belongs in probe-busybox, but it is here +# because busybox is a different build system. +install-exec-hook: + $(install_sh) $(ATLAS_OWN_SUID_OPTS) $(ATLAS_OWN_MEAS_OPTS) $(top_srcdir)/probe-busybox/busybox $(DESTDIR)/$(atlas_measurementdir)/busybox +if SETCAP_INSTALL + setcap cap_net_raw=ep $(DESTDIR)$(atlas_measurementdir)/busybox +endif diff --git a/README.rst b/README.rst index 902c8db4..6130d40d 100644 --- a/README.rst +++ b/README.rst @@ -2,8 +2,16 @@ RIPE Atlas Software Probe ========================= This is the source code for RIPE Atlas software probes. Currently this -source code supports building a RPM package for CentOS 7. See -INSTALL.rst for installation instructions. +source code supports building: +- RPM package for Oracle EL8 (RHEL8), Oracle EL9 / Rocky Linux 9 (RHEL9) +- DEB package for Debian 11/12 +- OpenWRT package for OpenWRT 22.03 + +Of the supported builds, only the RPM has received sufficient testing. +DEB and OpenWRT should be considered Beta quality and will be fully +supported in an upcoming release. + +See INSTALL.rst for installation instructions. Unless specified otherwise, this code is licensed under the GPLv3. A copy of the license can be found in LICENSE. @@ -20,5 +28,10 @@ Runtime Configuration Options Currently there is one runtime configuration option that enables sending interface traffic statistics as Atlas measurement results. This option can be enabled by creating the file -/var/atlas-probe/state/config.txt and adding the line 'RXTXRPT=yes'. +/etc/ripe-atlas/config.txt and adding the line 'RXTXRPT=yes'. + +Common installation instructions +-------------------------------- +The public key is stored in ``/etc/ripe-atlas/probe_key.pub``. Use +this to register your probe at . diff --git a/VERSION b/VERSION new file mode 100644 index 00000000..a6f65e58 --- /dev/null +++ b/VERSION @@ -0,0 +1 @@ +5090 diff --git a/atlas-config/state/FIRMWARE_APPS_VERSION b/atlas-config/state/FIRMWARE_APPS_VERSION deleted file mode 100644 index 4fe3f4e8..00000000 --- a/atlas-config/state/FIRMWARE_APPS_VERSION +++ /dev/null @@ -1 +0,0 @@ -5080 diff --git a/bin/Makefile.am b/bin/Makefile.am new file mode 100644 index 00000000..6c916b8d --- /dev/null +++ b/bin/Makefile.am @@ -0,0 +1,38 @@ +include $(top_srcdir)/rules.mk + +sbin_SCRIPTS = \ + ripe-atlas + +atlas_scripts_SCRIPTS = \ + arch/$(probe_scripts_path)/$(probe_scripts_path)-ATLAS.sh \ + arch/$(probe_scripts_path)/$(probe_scripts_path)-common.sh \ + arch/$(probe_scripts_path)/$(probe_scripts_path)-reginit.sh \ + arch/linux/linux-functions.sh \ + array.lib.sh \ + atlas_log.lib.sh \ + class.lib.sh \ + json.lib.sh \ + paths.lib.sh \ + support.lib.sh \ + common.sh \ + common-pre.sh \ + config.sh \ + reginit.sh \ + resolvconf + +CLEANFILES = \ + paths.lib.sh \ + common.sh \ + common-pre.sh \ + config.sh \ + reginit.sh \ + ripe-atlas \ + resolvconf + +ripe-atlas: ripe-atlas.in + @rm -f $@ + $(AM_V_GEN)$(SUBST_PATHS) $< > $@ + +resolvconf: resolvconf.in + @rm -f $@ + $(AM_V_GEN)$(SUBST_PATHS) $< > $@ diff --git a/bin/arch/centos-atlas-anchor/centos-atlas-anchor-ATLAS.sh b/bin/arch/centos-atlas-anchor/centos-atlas-anchor-ATLAS.sh deleted file mode 100644 index 38616be3..00000000 --- a/bin/arch/centos-atlas-anchor/centos-atlas-anchor-ATLAS.sh +++ /dev/null @@ -1,80 +0,0 @@ -. /usr/local/atlas/bin/common-pre.sh - -# Commands -MANUAL_UPGRADE_CMD=: -TRY_UPGRADE_CMD=: -FINDPID_SSH_CMD=findpid_ssh -KILL_PERDS_CMD=kill_perds -KILL_SSH_CMD=kill_ssh -KILL_TELNETD_CMD=kill_telnetd -MOUNT_FS_CMD=: -SETUP_NETWORK_CMD=: -NTPCLIENT_CMD=: -SU_CMD="sudo -u atlasmsm" -CHOWN_FOR_MSM=: -CHMOD_FOR_MSM=chmod_for_msm -SET_HOSTNAME=: - -# For OpenWRT we need telnetd to run as root. -telnetd() -{ - $SU_CMD $BB_BASE_DIR/usr/sbin/telnetd "$@" -} - -# Various files and directories -: ${HOME:=/home/atlas}; export HOME # Set HOME if it isn't set -RESOLV_CONF=/etc/resolv.conf -MODE_FILE=$BASE_DIR/state/mode - -# Other conf -DHCP=False -do_rxtxrpt=yes - -. /usr/local/atlas/bin/arch/centos-atlas-anchor/centos-atlas-anchor-common.sh - -# Directories -STATE_DIR=$RPM_BASE_DIR/state; export STATE_DIR -BB_BASE_DIR=$RPM_BASE_DIR/bb-13.3; export BB_BASE_DIR -BB_BIN_DIR=$BB_BASE_DIR/bin; export BB_BIN_DIR - -# Files -REG_SERVERS_SOURCE=$RPM_ETC_DIR/reg_servers.sh - -. /usr/local/atlas/bin/arch/linux/linux-functions.sh - -chmod_for_msm() -{ - chmod -R g+rwX $BASE_DIR/data - chmod -R g+rw $RUN_DIR -} - -# Get ethernet address -get_ether_addr - -# Set SOS_ID to the hash of the public key -export SOS_ID="H$(hash_ssh_pubkey $BASE_DIR/etc/probe_key.pub)" - -# Try to link in FIRMWARE_APPS_VERSION -ln -sf $RPM_BASE_DIR/state/FIRMWARE_APPS_VERSION $BASE_DIR/state/FIRMWARE_APPS_VERSION - -while : -do - mode=$(cat $MODE_FILE) - case X$mode in - Xdev|Xtest|Xprod) - # Okay - if [ ! -f $REG_SERVERS ] - then - mkdir -p $BASE_DIR/bin - cp $REG_SERVERS_SOURCE.$mode $REG_SERVERS - fi - ;; - *) - echo "Probe is not configured, mode $mode" - sos "Imode-$mode" - sleep 60 - continue - ;; - esac - break -done diff --git a/bin/arch/centos-atlas-anchor/centos-atlas-anchor-common.sh b/bin/arch/centos-atlas-anchor/centos-atlas-anchor-common.sh deleted file mode 100644 index ae7b79df..00000000 --- a/bin/arch/centos-atlas-anchor/centos-atlas-anchor-common.sh +++ /dev/null @@ -1,9 +0,0 @@ -RPM_BASE_DIR=/usr/local/atlas; export RPM_BASE_DIR -RPM_ETC_DIR=$RPM_BASE_DIR/etc; export RPM_ETC_DIR -BIN_DIR=$RPM_BASE_DIR/bin -ATLASINIT=$BB_BIN_DIR/atlasinit; export REG_INIT_BIN -KNOWN_HOSTS_REG=$RPM_ETC_DIR/known_hosts.reg -REG_SERVERS=$BASE_DIR/bin/reg_servers.sh - -# Commands -SET_LEDS_CMD=: diff --git a/bin/arch/centos-atlas-anchor/centos-atlas-anchor-reginit.sh b/bin/arch/centos-atlas-anchor/centos-atlas-anchor-reginit.sh deleted file mode 100644 index 35262f8b..00000000 --- a/bin/arch/centos-atlas-anchor/centos-atlas-anchor-reginit.sh +++ /dev/null @@ -1,39 +0,0 @@ -. /usr/local/atlas/bin/common-pre.sh - -# Directories - -# Commands -CHECK_FOR_NEW_KERNEL_CMD=: -INSTALL_FIRMWARE_CMD=: -P_TO_R_INIT_CMD=p_to_r_init -SSH_CMD=ssh -SSH_CMD_EXEC=ssh_exec - -# Options -SSH_OPT='' - -NETCONFIG_V4_DEST=$HOME/etc/netconfig_v4.sh -NETCONFIG_V6_DEST=$HOME/etc/netconfig_v6.sh -P_TO_R_INIT_IN=$STATUS_DIR/p_to_r_init.in.vol - -if [ ! -n "$STATE_FILE" ] ; then - echo "called without state file as argument" - STATE_FILE=$STATUS_DIR/reginit.vol -fi - -. /usr/local/atlas/bin/arch/centos-atlas-anchor/centos-atlas-anchor-common.sh -. /usr/local/atlas/bin/arch/linux/linux-functions.sh - -get_arch() -{ - echo "centos" -} - -p_to_r_init() -{ - { - echo P_TO_R_INIT - echo TOKEN_SPECS `get_arch` 1000 `cat $STATE_DIR/FIRMWARE_APPS_VERSION` - echo REASON_FOR_REGISTRATION $1 - } | tee $P_TO_R_INIT_IN -} diff --git a/bin/arch/centos-sw-probe/centos-sw-probe-ATLAS.sh b/bin/arch/centos-sw-probe/centos-sw-probe-ATLAS.sh deleted file mode 100644 index 6f033467..00000000 --- a/bin/arch/centos-sw-probe/centos-sw-probe-ATLAS.sh +++ /dev/null @@ -1,92 +0,0 @@ -if [ -n "$ATLAS_BASE" ] -then - BASE_DIR="$ATLAS_BASE" - export ATLAS_BASE -fi - -. $ATLAS_STATIC/bin/common-pre.sh - -# Commands -MANUAL_UPGRADE_CMD=: -TRY_UPGRADE_CMD=: -FINDPID_SSH_CMD=findpid_ssh -KILL_PERDS_CMD=kill_perds -KILL_SSH_CMD=kill_ssh -KILL_TELNETD_CMD=kill_telnetd -MOUNT_FS_CMD=: -SETUP_NETWORK_CMD=: -NTPCLIENT_CMD=: -SU_CMD="" -CHOWN_FOR_MSM=: -CHMOD_FOR_MSM=chmod_for_msm -SET_HOSTNAME=: - -# For OpenWRT we need telnetd to run as root. -telnetd() -{ - $SU_CMD $BB_BASE_DIR/usr/sbin/telnetd "$@" -} - -# Various files and directories -: ${HOME:=/home/atlas}; export HOME # Set HOME if it isn't set -RESOLV_CONF=/etc/resolv.conf -MODE_FILE=$BASE_DIR/state/mode - -# Other conf -DHCP=False - -. $ATLAS_STATIC/bin/arch/$DEVICE_NAME/$DEVICE_NAME-common.sh - -# Directories -STATE_DIR=$RPM_BASE_DIR/state; export STATE_DIR -BB_BASE_DIR=$RPM_BASE_DIR/bb-13.3; export BB_BASE_DIR -BB_BIN_DIR=$BB_BASE_DIR/bin; export BB_BIN_DIR - -# Files -REG_SERVERS_SOURCE=$RPM_ETC_DIR/reg_servers.sh - -. $ATLAS_STATIC/bin/arch/linux/linux-functions.sh - -chmod_for_msm() -{ - chmod -R g+rwX $BASE_DIR/data -} - -# Get ethernet address -get_ether_addr - -# Set SOS_ID to the hash of the public key -export SOS_ID="H$(hash_ssh_pubkey $BASE_DIR/etc/probe_key.pub)" - -# Try to link in FIRMWARE_APPS_VERSION -ln -sf $RPM_BASE_DIR/state/FIRMWARE_APPS_VERSION $BASE_DIR/state/FIRMWARE_APPS_VERSION - -# Create ssh keys if they are not there yet. -if [ ! -f "$BASE_DIR"/etc/probe_key ]; then - name=$(hostname -s) - mkdir -p "$BASE_DIR"/etc - ssh-keygen -t rsa -P '' -C $name -f "$BASE_DIR"/etc/probe_key - chown -R atlas:atlas "$BASE_DIR"/etc -fi - -while : -do - mode=$(cat $MODE_FILE) - case X$mode in - Xdev|Xtest|Xprod) - # Okay - if [ ! -f $REG_SERVERS ] - then - mkdir -p $BASE_DIR/bin - cp $REG_SERVERS_SOURCE.$mode $REG_SERVERS - fi - ;; - *) - echo "Probe is not configured, mode $mode" - sos "Imode-$mode" - sleep 60 - continue - ;; - esac - break -done diff --git a/bin/arch/centos-sw-probe/centos-sw-probe-common.sh b/bin/arch/centos-sw-probe/centos-sw-probe-common.sh deleted file mode 100644 index ae7b79df..00000000 --- a/bin/arch/centos-sw-probe/centos-sw-probe-common.sh +++ /dev/null @@ -1,9 +0,0 @@ -RPM_BASE_DIR=/usr/local/atlas; export RPM_BASE_DIR -RPM_ETC_DIR=$RPM_BASE_DIR/etc; export RPM_ETC_DIR -BIN_DIR=$RPM_BASE_DIR/bin -ATLASINIT=$BB_BIN_DIR/atlasinit; export REG_INIT_BIN -KNOWN_HOSTS_REG=$RPM_ETC_DIR/known_hosts.reg -REG_SERVERS=$BASE_DIR/bin/reg_servers.sh - -# Commands -SET_LEDS_CMD=: diff --git a/bin/arch/centos-sw-probe/centos-sw-probe-reginit.sh b/bin/arch/centos-sw-probe/centos-sw-probe-reginit.sh deleted file mode 100644 index 63ac8acc..00000000 --- a/bin/arch/centos-sw-probe/centos-sw-probe-reginit.sh +++ /dev/null @@ -1,50 +0,0 @@ -if [ -n "$ATLAS_BASE" ] -then - BASE_DIR="$ATLAS_BASE" - export ATLAS_BASE -fi - -. $ATLAS_STATIC/bin/common-pre.sh - -# Directories - -# Commands -CHECK_FOR_NEW_KERNEL_CMD=: -INSTALL_FIRMWARE_CMD=: -P_TO_R_INIT_CMD=p_to_r_init -SSH_CMD=ssh -SSH_CMD_EXEC=ssh_exec - -# Options -SSH_OPT='' - -NETCONFIG_V4_DEST=$HOME/etc/netconfig_v4.sh -NETCONFIG_V6_DEST=$HOME/etc/netconfig_v6.sh -P_TO_R_INIT_IN=$STATUS_DIR/p_to_r_init.in.vol - -if [ ! -n "$STATE_FILE" ] ; then - echo "called without state file as argument" - STATE_FILE=$STATUS_DIR/reginit.vol -fi - -. $ATLAS_STATIC/bin/arch/$DEVICE_NAME/$DEVICE_NAME-common.sh -. $ATLAS_STATIC/bin/arch/linux/linux-functions.sh - -get_arch() -{ - echo "fluffy" -} - -get_sub_arch() -{ - echo "$SUB_ARCH" -} - -p_to_r_init() -{ - { - echo P_TO_R_INIT - echo TOKEN_SPECS `get_arch` 1000 `cat $STATE_DIR/FIRMWARE_APPS_VERSION` `get_sub_arch` - echo REASON_FOR_REGISTRATION $1 - } | tee $P_TO_R_INIT_IN -} diff --git a/bin/arch/generic/generic-ATLAS.sh.in b/bin/arch/generic/generic-ATLAS.sh.in new file mode 100644 index 00000000..b1c788ad --- /dev/null +++ b/bin/arch/generic/generic-ATLAS.sh.in @@ -0,0 +1,80 @@ +if [ -n "$ATLAS_BASE" ] +then + BASE_DIR="$ATLAS_BASE" + export ATLAS_BASE +fi + +. $ATLAS_SCRIPTS/common-pre.sh + +# Commands +MANUAL_UPGRADE_CMD=: +TRY_UPGRADE_CMD=: +FINDPID_SSH_CMD=findpid_ssh +KILL_PERDS_CMD=kill_perds +KILL_SSH_CMD=kill_ssh +KILL_TELNETD_CMD=kill_telnetd +MOUNT_FS_CMD=: +SETUP_NETWORK_CMD=: +NTPCLIENT_CMD=: +CHOWN_FOR_MSM=: +CHMOD_FOR_MSM=: +SET_HOSTNAME=: + +# For OpenWRT we need telnetd to run as root. +telnetd() +{ + $SU_CMD $ATLAS_MEASUREMENT/telnetd "$@" +} + +# Various files and directories +: ${HOME:=${ATLAS_SPOOLDIR}}; export HOME # Set HOME if it isn't set +RESOLV_CONF=@sysconfdir@/resolv.conf +MODE_FILE=$ATLAS_SYSCONFDIR/mode + +# Other conf +DHCP=False + +. $ATLAS_SCRIPTS/$DEVICE_NAME-common.sh + +# Directories +STATE_DIR=$ATLAS_DATA; export STATE_DIR + +# Files +REG_SERVERS_SOURCE=$ATLAS_SCRIPTS/reg_servers.sh + +. $ATLAS_SCRIPTS/linux-functions.sh + +# Get ethernet address +get_ether_addr + +# Create ssh keys if they are not there yet. +if [ ! -f $ATLAS_SYSCONFDIR/probe_key ]; then + name=$(hostname -s) + ssh-keygen -t rsa -P '' -C $name -f $ATLAS_SYSCONFDIR/probe_key + chown -R @ripe_atlas_user@:@ripe_atlas_group@ $ATLAS_SYSCONFDIR +fi + +# Set SOS_ID to the hash of the public key +export SOS_ID="H$(hash_ssh_pubkey $ATLAS_SYSCONFDIR/probe_key.pub)" + +while : +do + mode=$(cat $MODE_FILE) + case X$mode in + Xdev|Xtest|Xprod) + # Okay + if [ ! -f $REG_SERVERS ] + then + mkdir -p $ATLAS_SCRIPTS + cp $REG_SERVERS_SOURCE.$mode $REG_SERVERS + fi + ;; + *) + echo "Probe is not configured, mode $mode" + sos "Imode-$mode" + sleep 60 + continue + ;; + esac + break +done diff --git a/bin/arch/generic/generic-common.sh.in b/bin/arch/generic/generic-common.sh.in new file mode 100644 index 00000000..eb613996 --- /dev/null +++ b/bin/arch/generic/generic-common.sh.in @@ -0,0 +1,15 @@ +RPM_ETC_DIR=$ATLAS_SYSCONFDIR; export RPM_ETC_DIR +BIN_DIR=$ATLAS_SCRIPTS +ATLASINIT=$ATLAS_MEASUREMENT/atlasinit; export REG_INIT_BIN +KNOWN_HOSTS_REG=$ATLAS_DATADIR/known_hosts.reg +REG_SERVERS=$ATLAS_SYSCONFDIR/reg_servers.sh + +# Commands +SET_LEDS_CMD=: +STATIC_V4_CMD=: +STATIC_V6_CMD=: + +reboot_probe() +{ + : +} diff --git a/bin/arch/generic/generic-reginit.sh.in b/bin/arch/generic/generic-reginit.sh.in new file mode 100644 index 00000000..d46bd088 --- /dev/null +++ b/bin/arch/generic/generic-reginit.sh.in @@ -0,0 +1,57 @@ +if [ -n "$ATLAS_BASE" ] +then + BASE_DIR="$ATLAS_BASE" + export ATLAS_BASE +fi + +. $ATLAS_SCRIPTS/common-pre.sh + +# Directories + +# Commands +CHECK_FOR_NEW_KERNEL_CMD=: +INSTALL_FIRMWARE_CMD=: +P_TO_R_INIT_CMD=p_to_r_init +SSH_CMD=ssh +SSH_CMD_EXEC=ssh_exec + +# Options +SSH_OPT='' + +NETCONFIG_V4_DEST=$ATLAS_SYSCONFDIR/netconfig_v4.sh +NETCONFIG_V6_DEST=$ATLAS_SYSCONFDIR/netconfig_v6.sh +P_TO_R_INIT_IN=$ATLAS_STATUS/p_to_r_init.in.vol + +if [ -z "$STATE_FILE" ] ; then + STATE_FILE=$ATLAS_STATUS/reginit.vol + echo "Warning: STATE_FILE unset. Setting to -> $STATE_FILE" +fi + +. $ATLAS_SCRIPTS/$DEVICE_NAME-common.sh +. $ATLAS_SCRIPTS/linux-functions.sh + +get_arch() +{ + echo "fluffy" +} + +get_sub_arch() +{ + local ID='generic' + local VERSION_ID='unknown' + local ARCH=$(uname -m) + + if [ -r '/etc/os-release' ]; then + . /etc/os-release + fi + echo "${ID}/${VERSION_ID}/${ARCH}" +} + +p_to_r_init() +{ + { + echo P_TO_R_INIT + echo TOKEN_SPECS `get_arch` 1000 `cat $ATLAS_DATADIR/FIRMWARE_APPS_VERSION` `get_sub_arch` + echo REASON_FOR_REGISTRATION $1 + } | tee $P_TO_R_INIT_IN +} diff --git a/bin/arch/linux/linux-functions.sh b/bin/arch/linux/linux-functions.sh index b626f2c5..58f54869 100644 --- a/bin/arch/linux/linux-functions.sh +++ b/bin/arch/linux/linux-functions.sh @@ -1,7 +1,7 @@ # Shell functions that are common between Linux versions. buddyinfo() { - $BB_BIN_DIR/buddyinfo "$@" + $ATLAS_MEASUREMENT/buddyinfo "$@" set $(free | grep 'Mem:') [ $(expr $3 + $5) -gt 2048 ] } @@ -11,7 +11,7 @@ epoch() } rchoose() { - $BB_BIN_DIR/rchoose "$@" + $ATLAS_MEASUREMENT/rchoose "$@" } check_pid() { @@ -19,67 +19,67 @@ check_pid() } condmv() { - $BB_BIN_DIR/condmv "$@" + $ATLAS_MEASUREMENT/condmv "$@" } dfrm() { - $BB_BIN_DIR/dfrm "$@" + $ATLAS_MEASUREMENT/dfrm "$@" } evping() { - $BB_BIN_DIR/evping "$@" + $ATLAS_MEASUREMENT/evping "$@" } evping_no_check() { - ATLAS_DISABLE_CHECK_ADDR=yes $BB_BIN_DIR/evping "$@" + ATLAS_DISABLE_CHECK_ADDR=yes $ATLAS_MEASUREMENT/evping "$@" } httppost() { - $BB_BIN_DIR/httppost "$@" + $ATLAS_MEASUREMENT/httppost "$@" } ping() { - $BB_BIN_DIR/ping "$@" + $ATLAS_LIBEXECDIR/ping "$@" } rxtxrpt() { - $BB_BIN_DIR/rxtxrpt "$@" + $ATLAS_MEASUREMENT/rxtxrpt "$@" } rptaddrs() { - $BB_BIN_DIR/rptaddrs "$@" + $ATLAS_MEASUREMENT/rptaddrs "$@" } rptuptime() { - $BB_BIN_DIR/rptuptime "$@" + $ATLAS_MEASUREMENT/rptuptime "$@" } onlyuptime() { - $BB_BIN_DIR/onlyuptime "$@" + $ATLAS_MEASUREMENT/onlyuptime "$@" } #telnetd() #{ -# $SU_CMD $BB_BASE_DIR/usr/sbin/telnetd "$@" +# $SU_CMD $ATLAS_MEASUREMENT/telnetd "$@" #} perd() { - $SU_CMD $BB_BASE_DIR/bin/perd "$@" + $SU_CMD $ATLAS_MEASUREMENT/perd "$@" } root_perd() { - $BB_BASE_DIR/bin/perd "$@" + $ATLAS_MEASUREMENT/perd "$@" } ooqd() { - $SU_CMD $BB_BASE_DIR/bin/ooqd "$@" + $SU_CMD $ATLAS_LIBEXECDIR/ooqd "$@" } eperd() { - $SU_CMD $BB_BASE_DIR/bin/eperd "$@" + $SU_CMD $ATLAS_MEASUREMENT/eperd "$@" } eooqd() { - $SU_CMD $BB_BASE_DIR/bin/eooqd "$@" + $SU_CMD $ATLAS_MEASUREMENT/eooqd "$@" } sleepkick() { @@ -89,39 +89,39 @@ kill_ssh() { if [ -f $STATUS_DIR/con_keep_pid.vol ] then - kill -9 `cat $STATUS_DIR/con_keep_pid.vol` + kill -9 `cat $STATUS_DIR/con_keep_pid.vol` 2>/dev/null rm -f $STATUS_DIR/con_keep_pid.vol fi } findpid_ssh() { [ -f $STATUS_DIR/con_keep_pid.vol ] && - kill -0 `cat $STATUS_DIR/con_keep_pid.vol` + kill -0 `cat $STATUS_DIR/con_keep_pid.vol` 2>/dev/null } kill_perds() { PERD_PIDS=`pidof perd` for s in $PERD_PIDS do - kill -9 $s + kill -9 $s 2>/dev/null done EPERD_PIDS=`pidof eperd` for s in $EPERD_PIDS do - kill -9 $s + kill -9 $s 2>/dev/null done EOOQD_PIDS=`pidof eooqd` for s in $EOOQD_PIDS do - kill -9 $s + kill -9 $s 2>/dev/null done } kill_telnetd() { if [ -f $STATUS_DIR/telnetd-port$TELNETD_PORT-pid.vol ] ; then - kill -9 `tail -1 $STATUS_DIR/telnetd-port$TELNETD_PORT-pid.vol` + kill -9 `tail -1 $STATUS_DIR/telnetd-port$TELNETD_PORT-pid.vol` 2>/dev/null fi } sos() @@ -136,13 +136,13 @@ ssh() { /usr/bin/ssh -i "$SSH_PVT_KEY" -o "ServerAliveInterval 60" \ -o "StrictHostKeyChecking yes" \ - -o "UserKnownHostsFile $SSH_DIR/known_hosts" "$@" + -o "UserKnownHostsFile $ATLAS_STATUS/known_hosts" "$@" } ssh_exec() { exec /usr/bin/ssh -i "$SSH_PVT_KEY" -o "ServerAliveInterval 60"\ -o "StrictHostKeyChecking yes" \ - -o "UserKnownHostsFile $SSH_DIR/known_hosts" "$@" + -o "UserKnownHostsFile $ATLAS_STATUS/known_hosts" "$@" } get_ether_addr() { diff --git a/bin/arch/openwrt-atlas-probev5/openwrt-atlas-probev5-reginit.sh b/bin/arch/openwrt-atlas-probev5/openwrt-atlas-probev5-reginit.sh index e59cf6f0..7e8338a0 100644 --- a/bin/arch/openwrt-atlas-probev5/openwrt-atlas-probev5-reginit.sh +++ b/bin/arch/openwrt-atlas-probev5/openwrt-atlas-probev5-reginit.sh @@ -112,14 +112,14 @@ probev5_ssh() /usr/bin/ssh -o 'PKCS11Provider /usr/lib/libmox-pkcs11.so' \ -o "ServerAliveInterval 60" \ -o "StrictHostKeyChecking yes" \ - -o "UserKnownHostsFile $SSH_DIR/known_hosts" "$@" + -o "UserKnownHostsFile $ATLAS_STATUS/known_hosts" "$@" } probev5_ssh_exec() { exec /usr/bin/ssh -o 'PKCS11Provider /usr/lib/libmox-pkcs11.so' \ -o "ServerAliveInterval 60"\ -o "StrictHostKeyChecking yes" \ - -o "UserKnownHostsFile $SSH_DIR/known_hosts" "$@" + -o "UserKnownHostsFile $ATLAS_STATUS/known_hosts" "$@" } manual_firmware_upgrade diff --git a/bin/arch/openwrt/openwrt-common.sh b/bin/arch/openwrt/openwrt-common.sh index 8b65ae9b..86e3f2ca 100644 --- a/bin/arch/openwrt/openwrt-common.sh +++ b/bin/arch/openwrt/openwrt-common.sh @@ -4,10 +4,8 @@ # Directories HOME=/root; export HOME # Somewhow, HOME is not set correctly -SSH_DIR=$HOME/.ssh; export SSH_DIR -BB_BASE_DIR=$BASE_DIR/bb-13.3; export BB_BASE_DIR +BB_BASE_DIR=$BASE_DIR; export BB_BASE_DIR BB_BIN_DIR=$BB_BASE_DIR/bin; export BB_BIN_DIR -BB_SBIN_DIR=$BB_BASE_DIR/sbin; export BB_SBIN_DIR RUN_DIR=/tmp/atlas-run # We need DATA_NEW_DIR in this script @@ -111,9 +109,7 @@ chown_data_dirs() } chown_for_msm() { - chown -R atlas $BASE_DIR/crons - chown -R atlas $BASE_DIR/crons/ - chown -R atlas $BASE_DIR/data + chown -R atlas $CRON_DIR chown -R atlas $BASE_DIR/data/ } date() @@ -139,27 +135,6 @@ handle_storage_current_time() cp $STATUS_DIR/currenttime.txt /storage/currenttime.txt fi } -get_arch() -{ - if [ -f /lib/ar71xx.sh ] - then - . /lib/ar71xx.sh - ar71xx_board_name - elif [ -f /lib/ramips.sh ] - then - sh /lib/ramips.sh - sed < /tmp/sysinfo/board_name 's/tplink,//' - elif [ -f /etc/board.json ] && grep -q '"friendlyarm,nanopi-neo-plus2"' /etc/board.json - then - echo 'nanopi-neo-plus2' - elif [ -f /etc/board.json ] && grep -q '"cznic,turris-mox"' /etc/board.json - then - echo 'atlas-mox' - else - echo 'unknown board' - exit 1 - fi -} kill_dhcpc() { @@ -254,7 +229,7 @@ openwrt_atlas_init() echo '/home/atlas/data/%e.%p.%s.%t.core' > /proc/sys/kernel/core_pattern # Set up for user atlas - setcap "cap_net_raw=ep cap_sys_time=ep" /home/atlas/bb-13.3/bin/busybox + setcap "cap_net_raw=ep cap_sys_time=ep" $BB_BIN_DIR/busybox $MOUNT_ROOT_RO } diff --git a/bin/common-pre.sh b/bin/common-pre.sh deleted file mode 100644 index fce76807..00000000 --- a/bin/common-pre.sh +++ /dev/null @@ -1,14 +0,0 @@ -# Shell variables that are needed in both ATLAS and reginit.sh -# These variables are set before the platform dependend scripts are run. - -# Defaults, override if necessary -: ${BASE_DIR:=/home/atlas} # BASE_DIR if not already set -SSH_DIR=$BASE_DIR/.ssh -BIN_DIR=$BASE_DIR/bin -STATUS_DIR=$BASE_DIR/status -STATE_DIR=$BASE_DIR/state -RUN_DIR=$BASE_DIR/run -CON_KEEP_PID=con_keep_pid.vol -RESOLV_CONF_STATIC='/etc/resolv.conf.static' -REG_INIT_REPLY=$STATUS_DIR/reg_init_reply.txt -CONFIG_TXT="$BASE_DIR/state/config.txt" diff --git a/bin/common-pre.sh.in b/bin/common-pre.sh.in new file mode 100644 index 00000000..916dbeb0 --- /dev/null +++ b/bin/common-pre.sh.in @@ -0,0 +1,13 @@ +# Shell variables that are needed in both ATLAS and reginit.sh +# These variables are set before the platform dependend scripts are run. + +# Defaults, override if necessary +BIN_DIR=${ATLAS_MEASUREMENT} +STATE_DIR=${ATLAS_DATA} +RUN_DIR=${ATLAS_PIDS} +STATUS_DIR=${ATLAS_STATUS} +CON_KEEP_PID=con_keep_pid.vol +RESOLV_CONF_STATIC=${ATLAS_SYSCONFDIR}/resolv.conf.static +REG_INIT_REPLY=${ATLAS_STATUS}/reg_init_reply.txt +CONFIG_TXT="${ATLAS_SYSCONFDIR}/config.txt" +CRON_DIR="${ATLAS_CRONS}" diff --git a/bin/common.sh b/bin/common.sh.in similarity index 51% rename from bin/common.sh rename to bin/common.sh.in index 21b9607b..f90b7af0 100644 --- a/bin/common.sh +++ b/bin/common.sh.in @@ -1,19 +1,19 @@ # Shell variables that are needed in both ATLAS and reginit.sh -DATA_DIR=$BASE_DIR/data -DATA_NEW_DIR=$DATA_DIR/new -DATA_OUT_DIR=$DATA_DIR/out -[ -z "$STATE_DIR" ] && STATE_DIR=$BASE_DIR/state +DATA_DIR=${ATLAS_DATA} +DATA_NEW_DIR=$ATLAS_DATA/new +DATA_OUT_DIR=$ATLAS_DATA/out +[ -z "$STATE_DIR" ] && STATE_DIR=${ATLAS_DATA} LOW_MEM_T=256 LOW_DISK_LIMIT=600 -SSH_ERR=$STATUS_DIR/ssh_err.txt -[ -z "$KNOWN_HOSTS_REG" ] && KNOWN_HOSTS_REG=$BASE_DIR/etc/known_hosts.reg -FORCE_REG=$STATUS_DIR/force_reg.txt -NETCONFIG_V4_VOL=$STATUS_DIR/netconfig_v4.vol +SSH_ERR=$ATLAS_STATUS/ssh_err.txt +[ -z "$KNOWN_HOSTS_REG" ] && KNOWN_HOSTS_REG=$ATLAS_SYSCONFDIR/known_hosts.reg +FORCE_REG=$ATLAS_STATUS/force_reg.txt +NETCONFIG_V4_VOL=$ATLAS_STATUS/netconfig_v4.vol [ -z "$NETCONFIG_V4_DEST" ] && NETCONFIG_V4_DEST=/etc/netconfig_v4.sh NETCONFIG_V6_VOL=$STATUS_DIR/netconfig_v6.vol [ -z "$NETCONFIG_V6_DEST" ] && NETCONFIG_V6_DEST=/etc/netconfig_v6.sh [ -z "$FIRMWARE_FETCH_DIR" ] && FIRMWARE_FETCH_DIR=$BASE_DIR -[ -z "$FIRMWARE_TARGET_DIR" ] && FIRMWARE_TARGET_DIR=$BASE_DIR/status +[ -z "$FIRMWARE_TARGET_DIR" ] && FIRMWARE_TARGET_DIR=$RUN_DIR/status [ -z "$SOS_ID" ] && SOS_ID="M$ETHER_SCANNED" [ -z "$BUDDYINFO" ] && BUDDYINFO=: diff --git a/bin/config.sh.in b/bin/config.sh.in new file mode 100644 index 00000000..f999d4de --- /dev/null +++ b/bin/config.sh.in @@ -0,0 +1,57 @@ +export PROBE_TYPE=@probe_scripts_path@ + +get_arch() +{ + case $PROBE_TYPE in + + *"v3"*) + . /lib/ar71xx.sh + ar71xx_board_name + ;; + +# sh /lib/ramips.sh +# sed < /tmp/sysinfo/board_name 's/tplink,//' +# ;; + + *"v4"*) + echo 'nanopi-neo-plus2' + ;; + + *"v5"*) + echo 'atlas-mox' + ;; + + *"rpm"*|*"deb"*|'generic') + echo 'fluffy' + ;; + + *) + echo 'unknown board' + exit 1 + ;; + esac + +} + +get_sub_arch() +{ + arch=`get_arch` + if [ "x$arch" = 'xfluffy' ]; then + echo "$PROBE_TYPE" + else + echo "" + fi +} + +# DEVICE_NAME is used as a reference for which OS specific scripts should be invoked under 'bin/arch/'. The software probe has already been migrated to used the new 'generic' scripts, therefore for software probes the device name should be 'generic', otherwise it should be the autotools probe_type assigned during build. +SUB_ARCH=`get_sub_arch` +if [ "$SUB_ARCH" != "" ]; then + DEVICE_NAME="generic" +else + DEVICE_NAME=$PROBE_TYPE +fi + +ATLAS_BASE=@atlas_datadir@ +ATLAS_STATIC=@atlas_libexecdir@ + +export DEVICE_NAME SUB_ARCH ATLAS_BASE ATLAS_STATIC diff --git a/bin/paths.lib.sh.in b/bin/paths.lib.sh.in new file mode 100644 index 00000000..19b204dd --- /dev/null +++ b/bin/paths.lib.sh.in @@ -0,0 +1,18 @@ +#!/bin/sh +# +# Path definitions for RIPE Atlas. Convenience constants. +# Copyright (c) 2022 RIPE NCC +# +ATLAS_LIBEXECDIR=@atlas_libexecdir@ +ATLAS_DATADIR=@atlas_datadir@ +ATLAS_SYSCONFDIR=@atlas_sysconfdir@ +ATLAS_SPOOLDIR=@atlas_spooldir@ +ATLAS_RUNDIR=@atlas_rundir@ +ATLAS_MEASUREMENT=@atlas_measurementdir@ +ATLAS_SCRIPTS=@atlas_scriptsdir@ +ATLAS_TMP=@tmpdir@ + +ATLAS_CRONS="${ATLAS_SPOOLDIR}/crons" +ATLAS_DATA="${ATLAS_SPOOLDIR}/data" +ATLAS_PIDS="${ATLAS_RUNDIR}/pids" +ATLAS_STATUS="${ATLAS_RUNDIR}/status" diff --git a/bin/reginit.sh b/bin/reginit.sh.in similarity index 91% rename from bin/reginit.sh rename to bin/reginit.sh.in index 607e89d1..9329483f 100755 --- a/bin/reginit.sh +++ b/bin/reginit.sh.in @@ -3,24 +3,26 @@ # Handel registering with ATLAS regservers # 2010 Oct Antony Antony -#exec >/tmp/reginit.out 2>/tmp/reginit.err +. @atlas_scriptsdir@/paths.lib.sh + +#exec >$ATLAS_TMP/reginit.out 2>$ATLAS_TMP/reginit.err #set -x STATE_FILE=$1 -. $ATLAS_STATIC/bin/arch/$DEVICE_NAME/$DEVICE_NAME-reginit.sh +. $ATLAS_SCRIPTS/$DEVICE_NAME-reginit.sh -. $BIN_DIR/common.sh +. $ATLAS_SCRIPTS/common.sh ## Probe # Common -[ -z "$SSH_PVT_KEY" ] && SSH_PVT_KEY=$BASE_DIR/etc/probe_key +[ -z "$SSH_PVT_KEY" ] && SSH_PVT_KEY=$ATLAS_SYSCONFDIR/probe_key # Set REG_SERVERS if it isn't set already -[ -z "$REG_SERVERS" ] && REG_SERVERS=$BIN_DIR/reg_servers.sh -CON_INIT_CONF=./con_init_conf.txt +[ -z "$REG_SERVERS" ] && REG_SERVERS=$ATLAS_SYSCONFDIR/reg_servers.sh +CON_INIT_CONF=$ATLAS_STATUS/con_init_conf.txt CON_INIT_REPLY=con_init_reply.txt -CON_KEEP_CONF=./con_keep_conf.txt +CON_KEEP_CONF=$ATLAS_STATUS/con_keep_conf.txt CON_KEEP_REPLY=con_keep_reply.vol RESOLV_CONF_VOL=resolv.conf.vol SSH_OUT=ssh_out.txt @@ -42,7 +44,7 @@ else fi ## Connect to reg server -cd $STATUS_DIR +cd $ATLAS_STATUS . $REG_SERVERS @@ -68,7 +70,7 @@ else do if [ -z "$line" ] then - echo >&2 "Shell returned empty line in CON_INIT_CONF (1)" + echo "Shell returned empty line in CON_INIT_CONF (1)" 1>&2 break fi set -- $line @@ -90,7 +92,7 @@ else REREG_TIMER) REREG_TIMER="$value" ;; REG_WAIT_UNTIL) REG_WAIT_UNTIL="$value" ;; *) - echo >&2 "unknown keyword '$kw' in CON_INIT_CONF (1)" + echo "unknown keyword '$kw' in CON_INIT_CONF (1)" 1>&2 ;; esac done < $CON_INIT_CONF @@ -165,7 +167,7 @@ if [ "$need_rereg" = 1 ]; then do if [ -z "$line" ] then - echo >&2 "Shell returned empty line in CON_INIT_CONF (2)" + echo "Shell returned empty line in CON_INIT_CONF (2)" 1>&2 break fi set -- $line @@ -187,7 +189,7 @@ if [ "$need_rereg" = 1 ]; then REREG_TIMER) REREG_TIMER="$value" ;; REG_WAIT_UNTIL) REG_WAIT_UNTIL="$value" ;; *) - echo >&2 "unknown keyword '$kw' in CON_INIT_CONF (2)" + echo "unknown keyword '$kw' in CON_INIT_CONF (2)" 1>&2 ;; esac done < $CON_INIT_CONF @@ -205,8 +207,8 @@ if [ "$need_rereg" = 1 ]; then exit fi echo "Got good controller info" - cp $KNOWN_HOSTS_REG $SSH_DIR/known_hosts - cat known_hosts_controllers >> $SSH_DIR/known_hosts + cp $KNOWN_HOSTS_REG $ATLAS_STATUS/known_hosts + cat known_hosts_controllers >> $ATLAS_STATUS/known_hosts NEED_REBOOT=0 if [ -f $RESOLV_CONF_VOL ] ; then # If we have a default IPv6 interface then add that to @@ -221,7 +223,7 @@ if [ "$need_rereg" = 1 ]; then fi - if cmp $RESOLV_CONF_VOL $RESOLV_CONF_STATIC + if cmp -s $RESOLV_CONF_VOL $RESOLV_CONF_STATIC then : else @@ -304,13 +306,13 @@ fi $CHECK_FOR_NEW_KERNEL_CMD ## download image -if [ -f $STATUS_DIR/upgrade_firmware ] +if [ -f $ATLAS_STATUS/upgrade_firmware ] then echo Moving failed log - mv $STATUS_DIR/upgrade_firmware $DATA_NEW_DIR/upgrade_firmware + mv $ATLAS_STATUS/upgrade_firmware $DATA_NEW_DIR/upgrade_firmware condmv $DATA_NEW_DIR/upgrade_firmware $DATA_OUT_DIR/upgrade_firmware elif [ -n "$FIRMWARE_APPS" ] ; then - FIRMWARE_APPS_VERSION_MY=`cat $STATE_DIR/FIRMWARE_APPS_VERSION` + FIRMWARE_APPS_VERSION_MY=`cat $ATLAS_DATA/FIRMWARE_APPS_VERSION` if [ $FIRMWARE_APPS_VERSION -gt $FIRMWARE_APPS_VERSION_MY ] ; then echo "there is a newer FIRMWARE_APPS_VERSION $FIRMWARE_APPS_VERSION, current one is $FIRMWARE_APPS_VERSION_MY" echo "fetching it from -p $CONTROLLER_1_PORT atlas@$CONTROLLER_1_HOST FIRMWARE_APPS $FIRMWARE_APPS" @@ -319,14 +321,14 @@ elif [ -n "$FIRMWARE_APPS" ] ; then echo "RESULT 9013 done $D $ETHER_SCANNED newer firmware $FIRMWARE_APPS_VERSION, currently running $FIRMWARE_APPS_VERSION_MY" >> $DATA_NEW_DIR/simpleping # Make space - rm -f $DATA_DIR/* + rm -f $ATLAS_DATA/* rm -f $DATA_NEW_DIR/* rm -f $DATA_OUT_DIR/* rm -f *.bz2 # Kill cronjobs - rm $BASE_DIR/crons/*/* - for i in $BASE_DIR/crons/* + rm $CRON_DIR/*/* + for i in $CRON_DIR/* do echo root > $i/cron.update done @@ -379,7 +381,7 @@ elif [ -n "$FIRMWARE_APPS" ] ; then if [ $checksum_okay = true -a $signature_okay = true ] then - cp $CON_INIT_CONF $STATUS_DIR/FIRMWARE_APPS + cp $CON_INIT_CONF $ATLAS_STATUS/FIRMWARE_APPS mv $FIRMWARE_FETCH_DIR/$FIRMWARE_APPS $FIRMWARE_TARGET_DIR if [ -n "$DESKTOP" ] ; then echo "ready to reboot, but no this is not a probe"; @@ -404,7 +406,7 @@ if [ -f $CON_KEEP_CONF ] ; then do if [ -z "$line" ] then - echo >&2 "Shell returned empty line in CON_KEEP_CONF (1)" + echo "Shell returned empty line in CON_KEEP_CONF (1)" 1>&2 break fi set -- $line @@ -414,7 +416,7 @@ if [ -f $CON_KEEP_CONF ] ; then REMOTE_PORT) REMOTE_PORT="$value" ;; CON_WAIT_TIMER) CON_WAIT_TIMER="$value" ;; *) - echo >&2 "unknown keyword '$kw' in CON_KEEP_CONF (1)" + echo "unknown keyword '$kw' in CON_KEEP_CONF (1)" 1>&2 ;; esac done < $CON_KEEP_CONF @@ -476,7 +478,7 @@ if [ "$con_reinit" = "1" ] ; then do if [ -z "$line" ] then - echo >&2 "Shell returned empty line in CON_KEEP_CONF (2)" + echo "Shell returned empty line in CON_KEEP_CONF (2)" 1>&2 break fi set -- $line @@ -486,11 +488,11 @@ if [ "$con_reinit" = "1" ] ; then REMOTE_PORT) REMOTE_PORT="$value" ;; CON_WAIT_TIMER) CON_WAIT_TIMER="$value" ;; *) - echo >&2 "unknown keyword '$kw' in CON_KEEP_CONF (2)" + echo "unknown keyword '$kw' in CON_KEEP_CONF (2)" 1>&2 ;; esac done < $CON_KEEP_CONF - rm -f $STATUS_DIR/con_hello_sent.vol + rm -f $ATLAS_STATUS/con_hello_sent.vol fi if [ -n "$CON_WAIT_TIMER" ] ; then diff --git a/bin/resolvconf b/bin/resolvconf deleted file mode 100755 index 6e6017ec..00000000 --- a/bin/resolvconf +++ /dev/null @@ -1,59 +0,0 @@ -#!/bin/sh - -# Create /etc/resolv.conf from various sources. - -#exec > /tmp/resolvconf.out 2>/tmp/resolvconf.err -#set -x - -interface="$1" -dynamic="$2" - -if [ "X$interface" = Xwlan0 ] -then - RESOLV_CONF=/tmp/resolv.conf.wlan0 - RESOLV_CONF_TMP=/tmp/resolv.conf.wlan0.tmp - RESOLV_STATIC=/storage/etc/resolv.conf.wlan0.static - RESOLV_DHCP4=/tmp/resolv.conf.wlan0.dhcp4 - RESOLV_RA6=/tmp/resolv.conf.wlan0.ra6 -else - RESOLV_CONF=/tmp/resolv.conf - RESOLV_CONF_TMP=/tmp/resolv.conf.tmp - RESOLV_STATIC=/storage/etc/resolv.conf.static - RESOLV_DHCP4=/tmp/resolv.conf.dhcp4 - RESOLV_RA6=/tmp/resolv.conf.ra6 -fi - -if [ -f /etc/init.d/chronyd ] -then - CHRONY="/etc/init.d/chronyd restart" # Kick chrony -else - CHRONY="/etc/init.d/ntpd restart" # Kick chrony -fi - -# Static address configuration may be broken. When switching back to DHCP -# also ignore statically configured DNS resolvers -if [ X"$dynamic" != Xdynamic ] -then - if [ -f $RESOLV_STATIC ] - then - # Static - cat $RESOLV_STATIC > $RESOLV_CONF_TMP - mv $RESOLV_CONF_TMP $RESOLV_CONF - $CHRONY & - exit 0 - fi -fi - -# Dynamic -if [ -f $RESOLV_DHCP4 -a -f $RESOLV_RA6 ] -then - paste -d'\n' $RESOLV_DHCP4 $RESOLV_RA6 > $RESOLV_CONF_TMP -elif [ -f $RESOLV_DHCP4 ] -then - cat $RESOLV_DHCP4 > $RESOLV_CONF_TMP -elif [ -f $RESOLV_RA6 ] -then - cat $RESOLV_RA6 > $RESOLV_CONF_TMP -fi -mv $RESOLV_CONF_TMP $RESOLV_CONF -$CHRONY & diff --git a/bin/resolvconf.in b/bin/resolvconf.in new file mode 100755 index 00000000..4e8b03a5 --- /dev/null +++ b/bin/resolvconf.in @@ -0,0 +1,60 @@ +#!/bin/sh +. @atlas_scriptsdir@/paths.lib.sh + +# Create @sysconfdir@/resolv.conf from various sources. + +#exec > $ATLAS_TMP/resolvconf.out 2>$ATLAS_TMP/resolvconf.err +#set -x + +interface="$1" +dynamic="$2" + +if [ "X$interface" = Xwlan0 ] +then + RESOLV_CONF=$ATLAS_TMP/resolv.conf.wlan0 + RESOLV_CONF_TMP=$ATLAS_TMP/resolv.conf.wlan0.tmp + RESOLV_STATIC=@storage_sysconfdir@/resolv.conf.wlan0.static + RESOLV_DHCP4=$ATLAS_TMP/resolv.conf.wlan0.dhcp4 + RESOLV_RA6=$ATLAS_TMP/resolv.conf.wlan0.ra6 +else + RESOLV_CONF=$ATLAS_TMP/resolv.conf + RESOLV_CONF_TMP=$ATLAS_TMP/resolv.conf.tmp + RESOLV_STATIC=@storage_sysconfdir@/resolv.conf.static + RESOLV_DHCP4=$ATLAS_TMP/resolv.conf.dhcp4 + RESOLV_RA6=$ATLAS_TMP/resolv.conf.ra6 +fi + +if [ -f @sysconfdir@/init.d/chronyd ] +then + CHRONY="@sysconfdir@/init.d/chronyd restart" # Kick chrony +else + CHRONY="@sysconfdir@/init.d/ntpd restart" # Kick chrony +fi + +# Static address configuration may be broken. When switching back to DHCP +# also ignore statically configured DNS resolvers +if [ X"$dynamic" != Xdynamic ] +then + if [ -f $RESOLV_STATIC ] + then + # Static + cat $RESOLV_STATIC > $RESOLV_CONF_TMP + mv $RESOLV_CONF_TMP $RESOLV_CONF + $CHRONY & + exit 0 + fi +fi + +# Dynamic +if [ -f $RESOLV_DHCP4 -a -f $RESOLV_RA6 ] +then + paste -d'\n' $RESOLV_DHCP4 $RESOLV_RA6 > $RESOLV_CONF_TMP +elif [ -f $RESOLV_DHCP4 ] +then + cat $RESOLV_DHCP4 > $RESOLV_CONF_TMP +elif [ -f $RESOLV_RA6 ] +then + cat $RESOLV_RA6 > $RESOLV_CONF_TMP +fi +mv $RESOLV_CONF_TMP $RESOLV_CONF +$CHRONY & diff --git a/bin/ATLAS b/bin/ripe-atlas.in similarity index 68% rename from bin/ATLAS rename to bin/ripe-atlas.in index a6cf6f7a..ce0b9a68 100755 --- a/bin/ATLAS +++ b/bin/ripe-atlas.in @@ -4,27 +4,22 @@ # Written by Daniel Karrenberg, Antony Antony # RIPE NCC -#exec >/tmp/ATLAS.out 2>/tmp/ATLAS.err +. @atlas_scriptsdir@/paths.lib.sh + +#exec >$ATLAS_TMP/ATLAS.out 2>$ATLAS_TMP/ATLAS.err #set -x -if [ -f bin/config.sh ] -then - . bin/config.sh - export DEVICE_NAME SUB_ARCH ATLAS_STATIC -else - echo no 'bin/config.sh' >&2 - exit 1 -fi +. $ATLAS_SCRIPTS/config.sh -. $ATLAS_STATIC/bin/arch/$DEVICE_NAME/$DEVICE_NAME-ATLAS.sh +. $ATLAS_SCRIPTS/$DEVICE_NAME-ATLAS.sh -. $BIN_DIR/common.sh +. $ATLAS_SCRIPTS/common.sh -source $ATLAS_STATIC/bin/support.lib.sh -source $ATLAS_STATIC/bin/class.lib.sh -source $ATLAS_STATIC/bin/array.lib.sh -source $ATLAS_STATIC/bin/json.lib.sh -source $ATLAS_STATIC/bin/atlas_log.lib.sh +. $ATLAS_SCRIPTS/support.lib.sh +. $ATLAS_SCRIPTS/class.lib.sh +. $ATLAS_SCRIPTS/array.lib.sh +. $ATLAS_SCRIPTS/json.lib.sh +. $ATLAS_SCRIPTS/atlas_log.lib.sh # config variables if [ $(config_lookup RXTXRPT no) = yes ] @@ -39,16 +34,18 @@ fi export httppost_port export TELNETD_PORT=$(config_lookup TELNETD_PORT 2023) +umask 002 + $MOUNT_FS_CMD -mkdir -p $STATUS_DIR $STATE_DIR $RUN_DIR -mkdir -p $DATA_DIR $DATA_NEW_DIR $DATA_OUT_DIR -mkdir -p $DATA_DIR/out/ooq -mkdir -p $DATA_DIR/out/ooq10 # For wifi, can't hurt to just create this +mkdir -p $ATLAS_STATUS $STATE_DIR $RUN_DIR +mkdir -p $ATLAS_DATA $DATA_NEW_DIR $DATA_OUT_DIR +mkdir -p $ATLAS_DATA/out/ooq +mkdir -p $ATLAS_DATA/out/ooq10 # For wifi, can't hurt to just create this $CHOWN_DATA_DIRS -if dfrm -A 9018 $DATA_DIR 600 $DATA_NEW_DIR $DATA_OUT_DIR $DATA_DIR/home/atlas/data/new $DATA_DIR/home/atlas/data/out >> $DATA_NEW_DIR/simpleping +if dfrm -A 9018 $ATLAS_DATA 600 $DATA_NEW_DIR $DATA_OUT_DIR $ATLAS_DATA/new $ATLAS_DATA/out >> $DATA_NEW_DIR/simpleping then D=`epoch` echo "RESULT 9007 done $D $ETHER_SCANNED data full available space < $LOW_DISK_LIMIT KB" @@ -57,7 +54,7 @@ fi $BUDDYINFO $LOW_MEM_T $DATA_NEW_DIR/simpleping -/bin/mkdir -p $BASE_DIR/crons/main $BASE_DIR/crons/2 +mkdir -p $ATLAS_CRONS/main $ATLAS_CRONS/2 rm -f $DATA_NEW_DIR/v6addr.vol rm -f $DATA_OUT_DIR/v6addr.txt rm -f $SSH_ERR @@ -79,13 +76,12 @@ fi $TRY_UPGRADE_CMD -echo "P_TO_C_REPORT" > $STATUS_DIR/p_to_c_report_header +echo "P_TO_C_REPORT" > $ATLAS_STATUS/p_to_c_report_header -mkdir -p $SSH_DIR -cp $KNOWN_HOSTS_REG $SSH_DIR/known_hosts -if [ -f $STATUS_DIR/known_hosts_controllers ] +cp $KNOWN_HOSTS_REG $ATLAS_STATUS/known_hosts +if [ -f $ATLAS_STATUS/known_hosts_controllers ] then - cat $STATUS_DIR/known_hosts_controllers >> $SSH_DIR/known_hosts + cat $ATLAS_STATUS/known_hosts_controllers >> $ATLAS_STATUS/known_hosts fi $SETUP_NETWORK_CMD @@ -96,7 +92,7 @@ $KILL_TELNETD_CMD $KILL_PERDS_CMD # the system part is done. now set env for ATLAS. -rm -f $STATUS_DIR/*.vol +rm -f $ATLAS_STATUS/*.vol rm -f $RUN_DIR/*.vol # Crontabs may be bad enough that we can't actually do anything. Delete them @@ -110,8 +106,8 @@ then if [ $b -gt 10 ] then echo Removing crontabs - rm -f $BASE_DIR/crons/main/root - rm -f $BASE_DIR/crons/*/root + rm -f $CRON_DIR/main/root + rm -f $CRON_DIR/*/root fi else echo 0 > $DATA_NEW_DIR/reboot-count.txt @@ -130,30 +126,20 @@ $BUDDYINFO $LOW_MEM_T $DATA_NEW_DIR/simpleping ifconfig -mkdir -p $BASE_DIR/crons/main -mkdir -p $BASE_DIR/crons/2 $BASE_DIR/crons/3 $BASE_DIR/crons/4 -mkdir -p $BASE_DIR/crons/5 $BASE_DIR/crons/6 $BASE_DIR/crons/7 -mkdir -p $BASE_DIR/crons/8 $BASE_DIR/crons/9 $BASE_DIR/crons/10 -mkdir -p $BASE_DIR/crons/11 $BASE_DIR/crons/12 $BASE_DIR/crons/13 -mkdir -p $BASE_DIR/crons/14 $BASE_DIR/crons/15 $BASE_DIR/crons/16 -mkdir -p $BASE_DIR/crons/17 $BASE_DIR/crons/18 $BASE_DIR/crons/19 -mkdir -p $BASE_DIR/crons/20 -mkdir -p $DATA_DIR/oneoff - $CHOWN_FOR_MSM $CHMOD_FOR_MSM start_perd() { - perd -c $BASE_DIR/crons/main -A 9801 -P $RUN_DIR/perd-main.pid.vol + perd -c $CRON_DIR/main -A 9801 -P $RUN_DIR/perd-main.pid.vol } start_eperd() { - eperd -c $BASE_DIR/crons/7 -A 9807 -P $RUN_DIR/perd-7.pid.vol -O /home/atlas/data/new/7 -i 7 + eperd -c $CRON_DIR/7 -A 9807 -P $RUN_DIR/perd-7.pid.vol -O $ATLAS_DATA/new/7 -i 7 } start_eooqd() { - eooqd $BASE_DIR/crons/oneoff -A 9809 -P $RUN_DIR/eooqd.pid.vol -i 9 & + eooqd $CRON_DIR/oneoff -A 9809 -P $RUN_DIR/eooqd.pid.vol -i 9 & } start_perd @@ -180,7 +166,7 @@ do $CHECK_RO_USB if [ $DHCP = "Temp" ] ; then - #static config failed started DHCP tempeorly + #static config failed started DHCP temporarily evping_no_check -4 -c 2 $IPV4_GW ARP=`arp -n $IPV4_GW` set $ARP @@ -197,8 +183,7 @@ do if [ $MAC != '' ] ; then $KILL_DHCPC_CMD /sbin/route del default - echo "RESULT 9100 done $D DEFAULT GW complete stop DHCP" > $DATA_NEW_DIR/simpleping - echo "RESULT 9100 done $D DEFAULT GW complete stop DHCP" + echo "RESULT 9100 done $D DEFAULT GW complete stop DHCP" >> $DATA_NEW_DIR/simpleping . $NETCONFIG_V4_DEST /sbin/ifconfig $LANINF 0.0.0.0 DHCP=False @@ -214,17 +199,17 @@ do fi # Check if ssh is still running (when we expect it to be running) - if [ -f $STATUS_DIR/reginit.vol ]; then + if [ -f $ATLAS_STATUS/reginit.vol ]; then $FINDPID_SSH_CMD FOUNDPID=$? if [ $FOUNDPID -eq 1 ] ; then echo "no ssh client matching $KEEP_PID. cleanup state files. for next restart" rm -f $NETCONFIG_V4_VOL rm -f $NETCONFIG_V6_VOL - rm -f $STATUS_DIR/reginit.vol - rm -f $STATUS_DIR/con_hello_sent.vol - rm -f $STATUS_DIR/network_info.vol - rm -f $STATUS_DIR/network_info_sent.vol + rm -f $ATLAS_STATUS/reginit.vol + rm -f $ATLAS_STATUS/con_hello_sent.vol + rm -f $ATLAS_STATUS/network_info.vol + rm -f $ATLAS_STATUS/network_info_sent.vol D=`epoch` echo "RESULT 9010 done $D $ETHER_SCANNED no ssh client running restart registration" >> $DATA_NEW_DIR/simpleping echo "RESULT 9011 done $D $ETHER_SCANNED stderr" `cat $SSH_ERR` >> $DATA_NEW_DIR/simpleping @@ -235,13 +220,13 @@ do fi fi - if [ -s $STATUS_DIR/con_keep_reply.vol ] ; then + if [ -s $ATLAS_STATUS/con_keep_reply.vol ] ; then echo "Controller kicked us out. KEEP result is nonzero" echo "kill the session and forced reregister" $KILL_SSH_CMD echo "REASON=CON_KEEP_BROKEN" > $FORCE_REG - rm -f $STATUS_DIR/con_keep_reply.txt - rm -f $STATUS_DIR/reginit.vol + rm -f $ATLAS_STATUS/con_keep_reply.txt + rm -f $ATLAS_STATUS/reginit.vol D=`epoch` echo "RESULT 9003 done $D $ETHER_SCANNED REREGISTER Controller kicked us out from KEEP" >> $DATA_NEW_DIR/simpleping echo "RESULT 9003 done $D $ETHER_SCANNED REREGISTER Controller kicked us out from KEEP" @@ -249,10 +234,10 @@ do $TRIGGER_MANUAL_UPGRADE_CMD - if [ ! -f $STATUS_DIR/reginit.vol ] ; then + if [ ! -f $ATLAS_STATUS/reginit.vol ] ; then D=`epoch` echo "RESULT 9006 done $D $ETHER_SCANNED no reginit.vol start registration" - echo "$STATUS_DIR/reginit.vol does not exist try new reg" + echo "$ATLAS_STATUS/reginit.vol does not exist try new reg" UPTIME=`onlyuptime` $SET_LEDS_CMD net-try if evping -A "9017" -e -O $DATA_NEW_DIR/simpleping "U$UPTIME.$SOS_ID.sos.atlas.ripe.net" @@ -265,7 +250,7 @@ do fi $KILL_SSH_CMD echo "start reg" - $BIN_DIR/reginit.sh $STATUS_DIR/reginit.vol + $ATLAS_SCRIPTS/reginit.sh $ATLAS_STATUS/reginit.vol fi $BUDDYINFO $LOW_MEM_T $DATA_NEW_DIR/simpleping @@ -279,7 +264,6 @@ do if [ -n "$do_rxtxrpt" ] then rxtxrpt -A "9002" >> $DATA_NEW_DIR/simpleping - rxtxrpt fi rptaddrs -A 9104 -c $DATA_NEW_DIR/v6addr.vol -O $DATA_NEW_DIR/v6addr.txt rptuptime >> $DATA_NEW_DIR/simpleping @@ -301,7 +285,8 @@ do condmv -f $DATA_NEW_DIR/reboot-count.txt $DATA_NEW_DIR/reboot-count.old fi else - if dfrm -A 9018 $DATA_DIR $LOW_DISK_LIMIT $DATA_NEW_DIR $DATA_OUT_DIR >> $DATA_NEW_DIR/simpleping + dfrm -A 9018 $ATLAS_DATA $LOW_DISK_LIMIT $DATA_NEW_DIR $DATA_OUT_DIR 2>&1 >> $DATA_NEW_DIR/simpleping + if [ $? -eq 0 ] then D=`epoch` echo "RESULT 9007 done $D $ETHER_SCANNED REBOOT data full available space < $LOW_DISK_LIMIT KB" @@ -312,33 +297,32 @@ do if [ -n "$RESOLVCONF_CMD" -a -f $DATA_NEW_DIR/resolv.conf.ra6 ] then - mv $DATA_NEW_DIR/resolv.conf.ra6 /tmp/resolv.conf.ra6 + mv $DATA_NEW_DIR/resolv.conf.ra6 $ATLAS_TMP/resolv.conf.ra6 $RESOLVCONF_CMD fi # Check if perd is still running - if check_pid $(cat $RUN_DIR/perd-main.pid.vol) + check_pid $(cat $RUN_DIR/perd-main.pid.vol) + if [ $? -ne 0 ] then - : # perd is running - else echo restarting perd start_perd atlas_log 9811 'perd' 'perd died (restarted)' fi + # Check if eperd is still running - if check_pid $(cat $RUN_DIR/perd-7.pid.vol) + check_pid $(cat $RUN_DIR/perd-7.pid.vol) + if [ $? -ne 0 ] then - : # eperd is running - else echo restarting eperd start_eperd atlas_log 9817 'eperd' 'eperd died (restarted)' fi + # Check if eooqd is still running - if check_pid $(cat $RUN_DIR/eooqd.pid.vol) + check_pid $(cat $RUN_DIR/eooqd.pid.vol) + if [ $? -ne 0 ] then - : # eooqd is running - else echo restarting eooqd start_eooqd atlas_log 9819 'eooqd' 'eooqd died (restarted)' diff --git a/bin/support.lib.sh b/bin/support.lib.sh index de315f24..af05d36b 100644 --- a/bin/support.lib.sh +++ b/bin/support.lib.sh @@ -38,7 +38,7 @@ fw_version() ;; 'application'|'app') - file="${STATE_DIR}/FIRMWARE_APPS_VERSION" + file="${ATLAS_DATADIR}/FIRMWARE_APPS_VERSION" ;; *) diff --git a/build-config/centos/bin/cp-repo-files b/build-config/centos/bin/cp-repo-files deleted file mode 100755 index 01484d9e..00000000 --- a/build-config/centos/bin/cp-repo-files +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/sh - -if [ "$#" -lt 1 ] -then - echo "Usage: cp-repo-files centos[78]" >&2 - exit 1 -fi - -centos_version="$1" - -case "$centos_version" in -centos7|centos8) - : # okay -;; -*) - echo "cp-repo-files: only 'centos7' and 'centos8' are supported" >&2 - exit 1 -;; -esac - -mkdir -p rpmbuild/SPECS -mkdir -p rpmbuild/SOURCES - -cp ripe-atlas-software-probe/build-config/centos/repo-rpm/ripe-atlas-repo.spec rpmbuild/SPECS -cp ripe-atlas-software-probe/build-config/centos/repo-rpm/ripe-atlas-probe.repo-"$centos_version" rpmbuild/SOURCES/ripe-atlas-probe.repo -cp ripe-atlas-software-probe/build-config/centos/repo-rpm/ripe-atlas-probe.pgp rpmbuild/SOURCES - -cp ripe-atlas-software-probe/build-config/centos/repo-rpm-test/ripe-atlas-repo-test.spec rpmbuild/SPECS -cp ripe-atlas-software-probe/build-config/centos/repo-rpm-test/ripe-atlas-probe-test.repo-"$centos_version" rpmbuild/SOURCES/ripe-atlas-probe-test.repo -cp ripe-atlas-software-probe/build-config/centos/repo-rpm-test/ripe-atlas-probe-test.pgp rpmbuild/SOURCES diff --git a/build-config/centos/bin/make-tars b/build-config/centos/bin/make-tars deleted file mode 100755 index 1a6939e0..00000000 --- a/build-config/centos/bin/make-tars +++ /dev/null @@ -1,8 +0,0 @@ -#!/bin/sh -cd -git_id=$(cd ripe-atlas-software-probe && git rev-parse HEAD) -mkdir -p rpmbuild/SOURCES -rm -f rpmbuild/SOURCES/*.tar.gz -tar cvzf rpmbuild/SOURCES/src-$git_id.tar.gz ripe-atlas-software-probe -mkdir -p rpmbuild/SPECS -sed < ripe-atlas-software-probe/build-config/centos/spec/atlasswprobe.spec.in >rpmbuild/SPECS/atlasswprobe.spec "s/COMMIT_ID/$git_id/" diff --git a/build-config/centos/repo-rpm-test/ripe-atlas-probe-test.pgp b/build-config/centos/repo-rpm-test/ripe-atlas-probe-test.pgp deleted file mode 100644 index abb6cfb5..00000000 --- a/build-config/centos/repo-rpm-test/ripe-atlas-probe-test.pgp +++ /dev/null @@ -1,19 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2.0.19 (GNU/Linux) - -mQENBF15CL0BCADsp47ozfPgxB0qg/E8B7DkpS07IZSZUXMvaA/82QSyq2z0tzaS -ZSmkWsXXmbm/YceRNLFbCx1lFCm5B1Jan5DmCxnFYvxpa1Q0V3X4IY6kJYLmsQS2 -9SUv+H9vLjbHKEIHUDF5VeHAU2XTEYRM1kqWzE3aQc/m+I0PpXjzv7FrZsbAQU4c -uLDgzMKJKWQXQtdPCnobUUoot7IhqrqRDwXvw88xTL3uo6HCgYRHFkbXYtlw05tN -ZXLODS7eIr2vztIgd3yEhYgfXGRh78iVDMKf5NoyWaGK2HYBOkAtdEuHaV36oIYG -lHNlsTX2hOukWU0290EfBu/uHfJBsNW3ThHnABEBAAG0JiA8cnBtLXNpZ25pbmct -MjAxOTA5MTFAYXRsYXMucmlwZS5uZXQ+iQE4BBMBAgAiBQJdeQi9AhsDBgsJCAcD -AgYVCAIJCgsEFgIDAQIeAQIXgAAKCRA3GlelRsesorrVB/9HNGY4of3AC6sJWnT4 -kQdz0F+eMR8i9XgKlvhr8hsp/vd6M5lg/eHMpQTQC9XpioIv74bq4OSopSaMK1L9 -kIRjE6WlqzP7ww/NL0FMRPXo1Fb9RTix5zJlDvdjSBrfAYh2IH+8Fu+peiTJZxRp -ReRovgsaGbVarC0Ciy3zkA+hcAjs0+qzrtSZmKXmqYwH1K5b7ERGxo0osfE6lERY -LGkLAmdvGzphhL2mUjsztCNN6s6iRT/J+OGQCFUMG31KQw5j6xq3yxmI417Fw+1b -AeBSjH4GfK9SmnyHRg1D9ba0t3ffTB8l9zdwXViFQ8CKhh6xjQSQdNQQLJ92Z0dc -Ayb1 -=hRkR ------END PGP PUBLIC KEY BLOCK----- diff --git a/build-config/centos/repo-rpm-test/ripe-atlas-probe-test.repo-centos7 b/build-config/centos/repo-rpm-test/ripe-atlas-probe-test.repo-centos7 deleted file mode 100644 index 47b5eab6..00000000 --- a/build-config/centos/repo-rpm-test/ripe-atlas-probe-test.repo-centos7 +++ /dev/null @@ -1,7 +0,0 @@ -[ripe-atlas-probe-test] -name=RIPE Atlas Probe Test Repo -baseurl=https://ftp.ripe.net/ripe/atlas/software-probe/centos7-test -gpgkey=file:///etc/pki/rpm-gpg/ripe-atlas-probe-test -enabled=1 -repo_gpgcheck=1 -gpgcheck=0 diff --git a/build-config/centos/repo-rpm-test/ripe-atlas-probe-test.repo-centos8 b/build-config/centos/repo-rpm-test/ripe-atlas-probe-test.repo-centos8 deleted file mode 100644 index af1b092d..00000000 --- a/build-config/centos/repo-rpm-test/ripe-atlas-probe-test.repo-centos8 +++ /dev/null @@ -1,7 +0,0 @@ -[ripe-atlas-probe-test] -name=RIPE Atlas Probe Test Repo -baseurl=https://ftp.ripe.net/ripe/atlas/software-probe/centos8-test -gpgkey=file:///etc/pki/rpm-gpg/ripe-atlas-probe-test -enabled=1 -repo_gpgcheck=1 -gpgcheck=0 diff --git a/build-config/centos/repo-rpm-test/ripe-atlas-repo-test.spec b/build-config/centos/repo-rpm-test/ripe-atlas-repo-test.spec deleted file mode 100644 index 58481841..00000000 --- a/build-config/centos/repo-rpm-test/ripe-atlas-repo-test.spec +++ /dev/null @@ -1,41 +0,0 @@ -Name: ripe-atlas-repo-test -Summary: RIPE Atlas Software Probe Test Repo -Version: 1 -Release: 3%{?dist} -License: RIPE NCC -Group: Applications/Internet -Source1: ripe-atlas-probe-test.repo -Source2: ripe-atlas-probe-test.pgp -BuildArch: noarch -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release} - -%description -Setup the RIPE Atlas Software Probe Test Repo - -%prep - -%build - -%install -mkdir -p %{buildroot}/etc/yum.repos.d -cp %{SOURCE1} %{buildroot}/etc/yum.repos.d -mkdir -p %{buildroot}/etc/pki/rpm-gpg -cp %{SOURCE2} %{buildroot}/etc/pki/rpm-gpg/ripe-atlas-probe-test - -%clean -rm -rf %{buildroot} - -%files -/etc/yum.repos.d -/etc/pki/rpm-gpg/ripe-atlas-probe-test - - -%pre - -%post - -%preun - -%postun - -%changelog diff --git a/build-config/centos/repo-rpm/ripe-atlas-probe.repo-centos7 b/build-config/centos/repo-rpm/ripe-atlas-probe.repo-centos7 deleted file mode 100644 index 7c5a718c..00000000 --- a/build-config/centos/repo-rpm/ripe-atlas-probe.repo-centos7 +++ /dev/null @@ -1,7 +0,0 @@ -[ripe-atlas-probe] -name=RIPE Atlas Probe Repo -baseurl=https://ftp.ripe.net/ripe/atlas/software-probe/centos7 -gpgkey=file:///etc/pki/rpm-gpg/ripe-atlas-probe -enabled=1 -repo_gpgcheck=1 -gpgcheck=0 diff --git a/build-config/centos/repo-rpm/ripe-atlas-probe.repo-centos8 b/build-config/centos/repo-rpm/ripe-atlas-probe.repo-centos8 deleted file mode 100644 index 8744f07e..00000000 --- a/build-config/centos/repo-rpm/ripe-atlas-probe.repo-centos8 +++ /dev/null @@ -1,7 +0,0 @@ -[ripe-atlas-probe] -name=RIPE Atlas Probe Repo -baseurl=https://ftp.ripe.net/ripe/atlas/software-probe/centos8 -gpgkey=file:///etc/pki/rpm-gpg/ripe-atlas-probe -enabled=1 -repo_gpgcheck=1 -gpgcheck=0 diff --git a/build-config/centos/repo-rpm/ripe-atlas-repo.spec b/build-config/centos/repo-rpm/ripe-atlas-repo.spec deleted file mode 100644 index 0b1609ba..00000000 --- a/build-config/centos/repo-rpm/ripe-atlas-repo.spec +++ /dev/null @@ -1,41 +0,0 @@ -Name: ripe-atlas-repo -Summary: RIPE Atlas Software Probe Repo -Version: 1 -Release: 3%{?dist} -License: RIPE NCC -Group: Applications/Internet -Source1: ripe-atlas-probe.repo -Source2: ripe-atlas-probe.pgp -BuildArch: noarch -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release} - -%description -Setup the RIPE Atlas Software Probe Repo - -%prep - -%build - -%install -mkdir -p %{buildroot}/etc/yum.repos.d -cp %{SOURCE1} %{buildroot}/etc/yum.repos.d -mkdir -p %{buildroot}/etc/pki/rpm-gpg -cp %{SOURCE2} %{buildroot}/etc/pki/rpm-gpg/ripe-atlas-probe - -%clean -rm -rf %{buildroot} - -%files -/etc/yum.repos.d -/etc/pki/rpm-gpg/ripe-atlas-probe - - -%pre - -%post - -%preun - -%postun - -%changelog diff --git a/build-config/centos/spec/atlasswprobe.spec.in b/build-config/centos/spec/atlasswprobe.spec.in deleted file mode 100644 index 16614661..00000000 --- a/build-config/centos/spec/atlasswprobe.spec.in +++ /dev/null @@ -1,163 +0,0 @@ -%define installpath /usr/local/atlas -%define atlas_probe /var/atlas-probe - -Name: atlasswprobe -Summary: RIPE Atlas probe software -Version: 5080 -Release: 1%{?dist} -License: RIPE NCC -Group: Applications/Internet -Source1: src-COMMIT_ID.tar.gz -Requires: sudo %{?el6:daemontools} %{?el7:psmisc} %{?el8:psmisc} openssh-clients iproute %{?el7:sysvinit-tools} %{?el8:procps-ng} net-tools hostname -BuildRequires: rpm %{?el7:systemd} %{?el8:systemd} openssl-devel -BuildRoot: %{_tmppath}/%{name}-%{version}-%{release} - -%description -This is the RIPE Atlas probe software. It's designed to run on CentOS Linux systems. - -%prep -tar xf %{SOURCE1} - -%build -cd ripe-atlas-software-probe/probe-busybox/libevent-2.1.11-stable -autoreconf --install -./configure -make -cd .. -make - -%install -cd ripe-atlas-software-probe/probe-busybox -make install -mkdir -p %{buildroot}%{installpath}/{bin,bin/arch/centos-sw-probe,bin/arch/linux,bb-13.3,etc,lib,state} -cp -r ./_install/* %{buildroot}%{installpath}/bb-13.3 -cp ./libevent-2.1.11-stable/.libs/libevent-*so* %{buildroot}%{installpath}/lib -cp ./libevent-2.1.11-stable/.libs/libevent_openssl-*so* %{buildroot}%{installpath}/lib -cd .. -cp bin/{ATLAS,common-pre.sh,common.sh,reginit.sh,*.lib.sh} %{buildroot}%{installpath}/bin -cp bin/arch/centos-sw-probe/* %{buildroot}%{installpath}/bin/arch/centos-sw-probe -cp bin/arch/linux/* %{buildroot}%{installpath}/bin/arch/linux -cp atlas-config/state/* %{buildroot}%{installpath}/state -cp atlas-config/etc/* %{buildroot}%{installpath}/etc - -%if 0%{?el7} || 0%{?el8} -mkdir -p %{buildroot}%{_unitdir} -cat > %{buildroot}%{_unitdir}/atlas.service << EOF -[Unit] -Description=Atlas Probe -After=network-online.target syslog.target - -[Service] -User=atlas -Group=atlas -Environment=HOME=%{atlas_probe} -WorkingDirectory=%{atlas_probe} -ExecStart=/usr/local/atlas/bin/ATLAS -Restart=always -TimeoutStopSec=60 - -[Install] -WantedBy=multi-user.target -EOF -%endif - -%if 0%{?el6} -mkdir -p %{buildroot}/etc/init -cat > %{buildroot}/etc/init/atlas.conf << EOF -start on stopped rc -stop on runlevel [016] -respawn -env HOME=%{atlas_probe} -exec setuidgid atlas /usr/local/atlas/bin/ATLAS -post-stop script - setuidgid atlas kill \$(cat %{atlas_probe}/run/*pid.vol 2>/dev/null) 2>/dev/null || : - setuidgid atlas rm -f %{atlas_probe}/run/*pid.vol -end script -EOF -%endif - -%clean -rm -rf %{buildroot} - -%files -%{installpath} -%caps(cap_net_raw=ep) %{installpath}/bb-13.3/bin/busybox -%if 0%{?el7} || 0%{?el8} -%{_unitdir}/atlas.service -%endif -%if 0%{?el6} -/etc/init/atlas.conf -%endif - -%pre -%if 0%{?el7} || 0%{?el8} -systemctl stop atlas &>/dev/null -killall -9 eooqd eperd perd telnetd 2>/dev/null || : -%endif -%if 0%{?el6} -stop atlas &>/dev/null -%endif -rm -fr %{atlas_probe}/status %{atlas_probe}/bin/reg_servers.sh - -groupadd -g 10042 atlas 2>/dev/null -useradd -c atlas -d %{atlas_probe} -g atlas -s /sbin/nologin -u 10042 atlas 2>/dev/null -exit 0 - -%post -exec >/tmp/atlasprobe.out 2>/tmp/atlasprobe.err -set -x - -if [ ! -f %{atlas_probe}/state/mode ]; then - mkdir -p %{atlas_probe}/state - echo prod > %{atlas_probe}/state/mode -fi -if [ ! -d %{atlas_probe}/bin ]; then - mkdir -p %{atlas_probe}/bin -fi -echo 'DEVICE_NAME=centos-sw-probe' > %{atlas_probe}/bin/config.sh -echo 'ATLAS_BASE="%{atlas_probe}"' >> %{atlas_probe}/bin/config.sh -echo 'ATLAS_STATIC="%{installpath}"' >> %{atlas_probe}/bin/config.sh -echo 'SUB_ARCH="centos-rpm-%{name}-%{version}-%{release}"' >> %{atlas_probe}/bin/config.sh -chown -R atlas:atlas %{atlas_probe} -chmod 755 %{atlas_probe} - -mkdir -p %{atlas_probe}/crons/main -mkdir -p %{atlas_probe}/crons/2 -mkdir -p %{atlas_probe}/crons/7 -chown -R atlas:atlas %{atlas_probe}/crons -mkdir -p %{atlas_probe}/data/new -mkdir -p %{atlas_probe}/data/oneoff -mkdir -p %{atlas_probe}/data/out/ooq -mkdir -p %{atlas_probe}/data/out/ooq10 -chown -R atlas:atlas %{atlas_probe}/data -chmod -R g+rwx %{atlas_probe}/data -mkdir -p %{atlas_probe}/run -chown -R atlas:atlas %{atlas_probe}/run -chmod -R g+rw %{atlas_probe}/run -%if 0%{?el7} || 0%{?el8} -systemctl --now --quiet enable atlas -systemctl --now --quiet start atlas -%endif -%if 0%{?el6} -start atlas &>/dev/null -%endif -exit 0 - -%preun -if [ $1 -eq 0 ]; then - # uninstall, otherwise upgrade -%if 0%{?el7} || 0%{?el8} - systemctl --now --quiet disable atlas -%endif -%if 0%{?el6} - stop atlas &>/dev/null -%endif -fi -exit 0 - -%postun -if [ $1 -eq 0 ]; then - %{?el7:%systemd_postun} - %{?el8:%systemd_postun} - rm -fr %{atlas_probe}/etc/probe_key /home/atlas/status -fi diff --git a/build-config/debian/DEBIAN/control.in b/build-config/debian/DEBIAN/control.in deleted file mode 100644 index 2f21b76b..00000000 --- a/build-config/debian/DEBIAN/control.in +++ /dev/null @@ -1,9 +0,0 @@ -Package: atlasswprobe -Version: VERSION -Section: base -Priority: optional -Architecture: ARCH -Depends: -Maintainer: Philip Homburg -Description: RIPE Atlas Software probe - Debian version of RIPE Atlas probe software diff --git a/build-config/debian/DEBIAN/postinst b/build-config/debian/DEBIAN/postinst deleted file mode 100755 index 52e09f40..00000000 --- a/build-config/debian/DEBIAN/postinst +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/sh -USER=atlas - -set -e -grep "$USER" /etc/passwd || adduser --system "$USER" -chown -R "$USER" /var/atlas-probe -mkdir -p /var/atlasdata -chown "$USER" /var/atlasdata -chmod 0 /var/atlasdata - -setcap cap_net_raw=ep /usr/local/atlas/bb-13.3/bin/busybox - -systemctl --now --quiet enable var-atlasdata.mount -systemctl --now --quiet enable atlas -systemctl --now --quiet start atlas diff --git a/build-config/debian/DEBIAN/prerm b/build-config/debian/DEBIAN/prerm deleted file mode 100755 index 1cf1415b..00000000 --- a/build-config/debian/DEBIAN/prerm +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh - -action="$1" - -systemctl stop atlas -systemctl disable atlas -systemctl stop var-atlasdata.mount -systemctl disable var-atlasdata.mount -rmdir /var/atlasdata -rm -r /var/atlas-probe/.ssh -rm -r /var/atlas-probe/bin -rm -r /var/atlas-probe/crons -if [ X"$action" = Xupgrade ] -then - : # Keep key material -else - rm -r /var/atlas-probe/etc -fi -rm -r /var/atlas-probe/run -rm -r /var/atlas-probe/state -rm -r /var/atlas-probe/status diff --git a/build-config/debian/bin/make-deb b/build-config/debian/bin/make-deb deleted file mode 100755 index e38ead05..00000000 --- a/build-config/debian/bin/make-deb +++ /dev/null @@ -1,148 +0,0 @@ -#!/bin/sh -VERSION=5080-1 - -set -e - -stadir="$PWD/atlasswprobe-$VERSION" -builddir="$PWD/atlasswprobe-$VERSION"-work - -if [ -d "probe-busybox" ]; then - srcdir="$PWD" -else - srcdir="$PWD/ripe-atlas-software-probe" -fi - -atlas_local_rel="usr/local/atlas" -var_atlas_rel="var/atlas-probe" -sta_atlas_local="$stadir/$atlas_local_rel" -sta_var_atlas="$stadir/$var_atlas_rel" - -systemd_unit_rel="etc/systemd/system" - -get_arch() -{ - case $(uname -m) in - aarch64) echo arm64 ;; - armv5tel) echo armel ;; - armv6l) echo armhf ;; - armv7l) echo armhf ;; - i686) echo i386 ;; - x86_64) echo amd64 ;; - *) - return 1 - ;; - esac - return 0 -} - -# Check if the current architecture is supported -get_arch > /dev/null || -{ - sysarch=$(uname -m) - echo "Unsupported architecture $sysarch" >&2 - # Try to find out what it should be - binarch=$(file -L /bin/sh | sed -n 's/.*ELF 64-bit LSB shared object, \([^,]*\), .*/\1/p') - if [ -n "$binarch" ] - then - echo "Add '$sysarch) echo $binarch ;;' to get_arch()" >&2 - fi - exit -} - -rm -rf "$stadir" -mkdir -p "$stadir" -rm -rf "$builddir" -mkdir -p "$builddir" -cp -r "$srcdir/probe-busybox" "$builddir/probe-busybox" - -# Build -( - cd "$builddir/probe-busybox/libevent-2.1.11-stable" - autoreconf --install - ./configure - make - cd .. - make -) - -# Install -( - cd "$builddir/probe-busybox" - make install - mkdir -p "$sta_atlas_local/bb-13.3" - cp -r ./_install/* "$sta_atlas_local/bb-13.3" - mkdir -p "$sta_atlas_local/lib" - cp ./libevent-2.1.11-stable/.libs/libevent-*so* "$sta_atlas_local/lib" - cp ./libevent-2.1.11-stable/.libs/libevent_openssl-*so* "$sta_atlas_local/lib" - mkdir -p "$sta_atlas_local/bin/arch/debian-sw-probe" - mkdir -p "$sta_atlas_local/bin/arch/linux" -) - -( - cd "$srcdir" - cp bin/ATLAS "$sta_atlas_local/bin" - cp bin/common-pre.sh "$sta_atlas_local/bin" - cp bin/common.sh "$sta_atlas_local/bin" - cp bin/reginit.sh "$sta_atlas_local/bin" - cp bin/arch/debian-sw-probe/* "$sta_atlas_local/bin/arch/debian-sw-probe" - cp bin/arch/linux/* "$sta_atlas_local/bin/arch/linux" - mkdir -p "$sta_atlas_local/etc" - cp atlas-config/etc/* "$sta_atlas_local/etc" - mkdir -p "$sta_atlas_local/state" - cp atlas-config/state/* "$sta_atlas_local/state" -) - - mkdir -p "$sta_var_atlas/state" - echo prod > "$sta_var_atlas/state/mode" - mkdir -p "$sta_var_atlas/bin" - ln -s /var/atlasdata "$sta_var_atlas/data" - -echo 'DEVICE_NAME=debian-sw-probe' > "$sta_var_atlas/bin/config.sh" -echo 'ATLAS_BASE="'"/$var_atlas_rel"'"' >> "$sta_var_atlas/bin/config.sh" -echo 'ATLAS_STATIC="'"/$atlas_local_rel"'"' >> "$sta_var_atlas/bin/config.sh" -echo 'SUB_ARCH="'"debian-atlasswprobe-$VERSION"'"' >> "$sta_var_atlas/bin/config.sh" - -mkdir -p "$stadir/$systemd_unit_rel" -cat > "$stadir/$systemd_unit_rel/atlas.service" << EOF -[Unit] -Description=Atlas Probe -After=network-online.target syslog.target - -[Service] -User=atlas -Group=nogroup -Environment=HOME=/$var_atlas_rel -WorkingDirectory=/$var_atlas_rel -ExecStart=/usr/local/atlas/bin/ATLAS -Restart=always -TimeoutStopSec=60 - -[Install] -WantedBy=multi-user.target -EOF - -cat > "$stadir/$systemd_unit_rel/var-atlasdata.mount" << EOF -[Unit] -Description=Atlas Data -Before=local-fs.target - -[Mount] -What=tmpfs -Where=/var/atlasdata -Type=tmpfs -Options=noatime,nosuid,nodev,noexec,mode=1777 - -[Install] -WantedBy=atlas.service -EOF - -cp -r "$srcdir/build-config/debian/DEBIAN" "$stadir" -ARCH=$(get_arch) - -sed < "$stadir/DEBIAN/control.in" > "$stadir/DEBIAN/control" \ - "s/ARCH/$ARCH/;s/VERSION/$VERSION/" -rm -f "$stadir/DEBIAN/control.in" - -chmod -R og+rX,ugo-st "$stadir" - -fakeroot dpkg-deb --build atlasswprobe-$VERSION diff --git a/build-config/gitlab-docker/centos7/Dockerfile b/build-config/gitlab-docker/centos7/Dockerfile deleted file mode 100644 index 99bd2ada..00000000 --- a/build-config/gitlab-docker/centos7/Dockerfile +++ /dev/null @@ -1,17 +0,0 @@ -FROM centos:7.9.2009 - -MAINTAINER phomburg@ripe.net - -RUN yum -y update -RUN yum -y install git -RUN yum -y install rpm-build -RUN yum -y install openssl-devel -RUN yum -y install ncurses-devel -RUN yum -y install autoconf -RUN yum -y install automake -RUN yum -y install libtool -RUN yum -y install make -RUN yum -y install wget.x86_64 -RUN yum -y install createrepo -RUN yum -y install which -RUN yum -y install file diff --git a/build-config/gitlab-docker/centos8/Dockerfile b/build-config/gitlab-docker/centos8/Dockerfile deleted file mode 100644 index 5c0b3b8f..00000000 --- a/build-config/gitlab-docker/centos8/Dockerfile +++ /dev/null @@ -1,18 +0,0 @@ -FROM centos:8.3.2011 - -MAINTAINER phomburg@ripe.net - -RUN cd /etc/yum.repos.d/ -RUN sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-* -RUN sed -i 's|#baseurl=http://mirror.centos.org|baseurl=http://vault.centos.org|g' /etc/yum.repos.d/CentOS-* -RUN yum -y update -RUN yum -y install git -RUN yum -y install rpm-build -RUN yum -y install openssl-devel -RUN yum -y install ncurses-devel -RUN yum -y install autoconf -RUN yum -y install automake -RUN yum -y install libtool -RUN yum -y install make -RUN yum -y install wget.x86_64 -RUN yum -y install createrepo diff --git a/build-config/gitlab-docker/debian10/Dockerfile b/build-config/gitlab-docker/debian10/Dockerfile deleted file mode 100644 index c0594df2..00000000 --- a/build-config/gitlab-docker/debian10/Dockerfile +++ /dev/null @@ -1,11 +0,0 @@ -FROM debian:10.10 - -MAINTAINER phomburg@ripe.net - -RUN apt-get update -RUN apt-get dist-upgrade -y -RUN apt-get install -y autoconf -RUN apt-get install -y libtool -RUN apt-get install -y make -RUN apt-get install -y libssl-dev -RUN apt-get install -y fakeroot diff --git a/build-config/gitlab-docker/debian11/Dockerfile b/build-config/gitlab-docker/debian11/Dockerfile deleted file mode 100644 index 2e8294db..00000000 --- a/build-config/gitlab-docker/debian11/Dockerfile +++ /dev/null @@ -1,11 +0,0 @@ -FROM debian:11.0 - -MAINTAINER phomburg@ripe.net - -RUN apt-get update -RUN apt-get dist-upgrade -y -RUN apt-get install -y autoconf -RUN apt-get install -y libtool -RUN apt-get install -y make -RUN apt-get install -y libssl-dev -RUN apt-get install -y fakeroot diff --git a/build-config/gitlab-docker/debian9/Dockerfile b/build-config/gitlab-docker/debian9/Dockerfile deleted file mode 100644 index 1d0b10b1..00000000 --- a/build-config/gitlab-docker/debian9/Dockerfile +++ /dev/null @@ -1,11 +0,0 @@ -FROM debian:9.13 - -MAINTAINER phomburg@ripe.net - -RUN apt-get update -RUN apt-get dist-upgrade -y -RUN apt-get install -y autoconf -RUN apt-get install -y libtool -RUN apt-get install -y make -RUN apt-get install -y libssl-dev -RUN apt-get install -y fakeroot diff --git a/config/Makefile.am b/config/Makefile.am new file mode 100644 index 00000000..68b11757 --- /dev/null +++ b/config/Makefile.am @@ -0,0 +1,106 @@ +include $(top_srcdir)/rules.mk + +atlas_scripts_SCRIPTS = \ + common/reg_servers.sh.dev \ + common/reg_servers.sh.test + +atlas_data_DATA = \ + common/FIRMWARE_APPS_VERSION \ + common/measurement.conf + +if INSTALL_MODE_probe +atlas_data_DATA += \ + probe/known_hosts.reg +atlas_scripts_SCRIPTS += \ + probe/reg_servers.sh.prod +endif + +if INSTALL_MODE_anchor +atlas_data_DATA += \ + anchor/known_hosts.reg +atlas_scripts_SCRIPTS += \ + anchor/reg_servers.sh.prod +endif + +CLEANFILES = \ + common/FIRMWARE_APPS_VERSION \ + common/measurement.conf \ + $(top_srcdir)/probe-busybox/include/atlas_path.h + +if SYSTEMD_INSTALL +systemd_units_DATA = \ + common/ripe-atlas.service +systemd_tmpfiles_DATA = \ + common/ripe-atlas.run.conf + +CLEANFILES += \ + common/ripe-atlas.run.conf \ + common/ripe-atlas.service + +if SINGLE_USER +systemd_sysusers_DATA = \ + common/ripe-atlas.user.conf + +CLEANFILES += \ + common/ripe-atlas.user.conf +else +systemd_sysusers_DATA = \ + common/ripe-atlas.users.conf + +CLEANFILES += \ + common/ripe-atlas.users.conf +endif + +endif + +atlas_sysconf_DATA = \ + common/mode + +if PROBE_TYPE_V3 +atlas_data_DATA += \ + probe/2017-11-07-dev.pem \ + probe/2017-11-07-prod.pem \ + probe/2017-11-07-test.pem +else +if PROBE_TYPE_V4 +atlas_data_DATA += \ + probe/2018-04-23-dev.pem \ + probe/2018-04-23-prod.pem \ + probe/2018-04-23-test.pem +else +if PROBE_TYPE_V5 +atlas_data_DATA += \ + probe/2021-02-02-dev.pem \ + probe/2021-02-02-prod.pem \ + probe/2021-02-02-test.pem +endif # PROBE_TYPE_V5 + +endif # PROBE_TYPE_V4 + +endif # PROBE_TYPE_V3 + +# +# This is a hack to ensure that atlas_path.h gets created prior +# to probe-busybox being built. +BUILT_SOURCES = \ + $(top_srcdir)/probe-busybox/include/atlas_path.h + +common/FIRMWARE_APPS_VERSION: common/FIRMWARE_APPS_VERSION.in + @rm -f $@ + $(AM_V_GEN)$(SUBST_PATHS) $< > $@ + +if SYSTEMD_INSTALL +install-data-hook: +if SINGLE_USER + @mv -f $(DESTDIR)$(systemd_sysusersdir)/ripe-atlas.user.conf \ + $(DESTDIR)$(systemd_sysusersdir)/ripe-atlas.conf +else + @mv -f $(DESTDIR)$(systemd_sysusersdir)/ripe-atlas.users.conf \ + $(DESTDIR)$(systemd_sysusersdir)/ripe-atlas.conf +endif + @mv -f $(DESTDIR)$(systemd_tmpfilesdir)/ripe-atlas.run.conf \ + $(DESTDIR)$(systemd_tmpfilesdir)/ripe-atlas.conf +endif +if DO_CHOWN + chown $(ripe_atlas_user):$(ripe_atlas_group) $(DESTDIR)/$(atlas_sysconfdir)/mode +endif diff --git a/config/anchor/known_hosts.reg b/config/anchor/known_hosts.reg new file mode 100644 index 00000000..c019724f --- /dev/null +++ b/config/anchor/known_hosts.reg @@ -0,0 +1,20 @@ +reg02.atlas.ripe.net ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAw5iBrIjWfDIXuyROc8gXxqvPbhh2hvflBIySfe7XMQgjxhRtx5zT61K6Yz/LcViK9pa/+gQNfvOF0I7GAS/5Fsr1q3954mNLqLAoGj9tFBRStQJzExnb43plzxbH8m2apNYIQ9jNNHCaz9YU1x3AJeUcLZXI68f2yPw2w9JNskKN8wi4MoW1qskOQvDQjft9Y37uHtp2BamkTYNqEYb9tolg/0dEfPG6g6diyqRbf1tyvk52J1PezapCOWAqPvw6aL7HNB3IeiDIuSfzsN/6Aj04UTRjJoCTRvTiB81ISPdYJjgK2XLmkSuiIKPTuiCx0KoQffbqrkOEgv8JFCeU6Q== +193.0.19.25 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAw5iBrIjWfDIXuyROc8gXxqvPbhh2hvflBIySfe7XMQgjxhRtx5zT61K6Yz/LcViK9pa/+gQNfvOF0I7GAS/5Fsr1q3954mNLqLAoGj9tFBRStQJzExnb43plzxbH8m2apNYIQ9jNNHCaz9YU1x3AJeUcLZXI68f2yPw2w9JNskKN8wi4MoW1qskOQvDQjft9Y37uHtp2BamkTYNqEYb9tolg/0dEfPG6g6diyqRbf1tyvk52J1PezapCOWAqPvw6aL7HNB3IeiDIuSfzsN/6Aj04UTRjJoCTRvTiB81ISPdYJjgK2XLmkSuiIKPTuiCx0KoQffbqrkOEgv8JFCeU6Q== +2001:67c:2e8:11::c100:1319 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAw5iBrIjWfDIXuyROc8gXxqvPbhh2hvflBIySfe7XMQgjxhRtx5zT61K6Yz/LcViK9pa/+gQNfvOF0I7GAS/5Fsr1q3954mNLqLAoGj9tFBRStQJzExnb43plzxbH8m2apNYIQ9jNNHCaz9YU1x3AJeUcLZXI68f2yPw2w9JNskKN8wi4MoW1qskOQvDQjft9Y37uHtp2BamkTYNqEYb9tolg/0dEfPG6g6diyqRbf1tyvk52J1PezapCOWAqPvw6aL7HNB3IeiDIuSfzsN/6Aj04UTRjJoCTRvTiB81ISPdYJjgK2XLmkSuiIKPTuiCx0KoQffbqrkOEgv8JFCeU6Q== +reg01.atlas.ripe.net ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6ppVOLn3umFMY7SWFdIBG3k0XBQHdmJrjTKNrVIIZpBIdVQEfAEGKrbfqknv0dazEpqsbcXOSCLYUdbR9jKoV8/dX5iT/Rd4ig1bnBojZDDr1qOz+ookUDf9lamGgWHLdjbWPevhTEZh1Jwhc9GpStGdVTmoUB97QLWsrFriYVyUoGqRyWIUUAHUrrGSlM+tYZXgc1X8Pr3pvFdZ86scIqfkTU4v8xoKO8VaWsI+csye0k4/rRanxxgbVPokhwmS6M7E5svT4hvTuL6lzwrfvt9uLjqP40Tw5XfcItOqnTkXjwYfhJWcGCKZqsECvii3a3zABVc3K1uPkvRyNTXrh root@oneill +193.0.19.12 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6ppVOLn3umFMY7SWFdIBG3k0XBQHdmJrjTKNrVIIZpBIdVQEfAEGKrbfqknv0dazEpqsbcXOSCLYUdbR9jKoV8/dX5iT/Rd4ig1bnBojZDDr1qOz+ookUDf9lamGgWHLdjbWPevhTEZh1Jwhc9GpStGdVTmoUB97QLWsrFriYVyUoGqRyWIUUAHUrrGSlM+tYZXgc1X8Pr3pvFdZ86scIqfkTU4v8xoKO8VaWsI+csye0k4/rRanxxgbVPokhwmS6M7E5svT4hvTuL6lzwrfvt9uLjqP40Tw5XfcItOqnTkXjwYfhJWcGCKZqsECvii3a3zABVc3K1uPkvRyNTXrh root@oneill +2001:67c:2e8:11::c100:130c ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6ppVOLn3umFMY7SWFdIBG3k0XBQHdmJrjTKNrVIIZpBIdVQEfAEGKrbfqknv0dazEpqsbcXOSCLYUdbR9jKoV8/dX5iT/Rd4ig1bnBojZDDr1qOz+ookUDf9lamGgWHLdjbWPevhTEZh1Jwhc9GpStGdVTmoUB97QLWsrFriYVyUoGqRyWIUUAHUrrGSlM+tYZXgc1X8Pr3pvFdZ86scIqfkTU4v8xoKO8VaWsI+csye0k4/rRanxxgbVPokhwmS6M7E5svT4hvTuL6lzwrfvt9uLjqP40Tw5XfcItOqnTkXjwYfhJWcGCKZqsECvii3a3zABVc3K1uPkvRyNTXrh root@oneill + +reg02-test.atlas.ripe.net ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxhrmPoZBlvIwDThjIxrxW/JhH2hfmfcJm5czCwt39OrA0Done8/KE8f4EkyI+apsT2nfw43hPZCjZrNSE8jqqDLvy7JBZixJdgj+hkXzZLVeLM7is3IOMmOsSxScKgjdZNQpKsmFe9IUCCzTXnhWmE6pry8t+3ulcLhjuz07tM6TaL4OwVDCw50uaCHkuHu7wpseU2dta28fB6JI5k7Q5HKhH9VAiFWpMRMq8UHUlCRS/WlthYtMG6VL2d2h4igXk5pqNAWQvMC9ovCHAWjf+pkhspJSesR7Z+IW9GSdtKA5XAGGIXClz8O3UD+COGpbX1G3dgsr5ZOE3Q1ZhybqLQ== +193.0.19.26 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxhrmPoZBlvIwDThjIxrxW/JhH2hfmfcJm5czCwt39OrA0Done8/KE8f4EkyI+apsT2nfw43hPZCjZrNSE8jqqDLvy7JBZixJdgj+hkXzZLVeLM7is3IOMmOsSxScKgjdZNQpKsmFe9IUCCzTXnhWmE6pry8t+3ulcLhjuz07tM6TaL4OwVDCw50uaCHkuHu7wpseU2dta28fB6JI5k7Q5HKhH9VAiFWpMRMq8UHUlCRS/WlthYtMG6VL2d2h4igXk5pqNAWQvMC9ovCHAWjf+pkhspJSesR7Z+IW9GSdtKA5XAGGIXClz8O3UD+COGpbX1G3dgsr5ZOE3Q1ZhybqLQ== +2001:67c:2e8:11::c100:131a ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxhrmPoZBlvIwDThjIxrxW/JhH2hfmfcJm5czCwt39OrA0Done8/KE8f4EkyI+apsT2nfw43hPZCjZrNSE8jqqDLvy7JBZixJdgj+hkXzZLVeLM7is3IOMmOsSxScKgjdZNQpKsmFe9IUCCzTXnhWmE6pry8t+3ulcLhjuz07tM6TaL4OwVDCw50uaCHkuHu7wpseU2dta28fB6JI5k7Q5HKhH9VAiFWpMRMq8UHUlCRS/WlthYtMG6VL2d2h4igXk5pqNAWQvMC9ovCHAWjf+pkhspJSesR7Z+IW9GSdtKA5XAGGIXClz8O3UD+COGpbX1G3dgsr5ZOE3Q1ZhybqLQ== +reg01-test.atlas.ripe.net ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3ExHZJtLuv4TLn/zZMPiAUzXO8At8Sf+TOVH7JqrPtNDx+6UiRSAYtDmkb7qp2YWBDThCwI7z8jrKIpDhKRpHEWgOW8pczek5tZvATu5DjgmBjH2k36efeVECGry6+QHn+P3v3mi3g6qwF+1+pjdiXRr0r2pgAoRumMVU1ZsBHkMmvmuo6P8g2de7NWi5wdGUM2EhWghnESBmzr1++bOVWduv0ikA75PZbdj+p32hsjnJGkIM8YgX+lvVuyXTY0iN/HjjlL5+2Ii2iCFntmolEIw7ZDQBQNrIXjXK7Udlrqxn14ywAOD97kO527zmAcYP3pqznJpw8FCp4FxKOXNtQ== +193.0.19.181 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3ExHZJtLuv4TLn/zZMPiAUzXO8At8Sf+TOVH7JqrPtNDx+6UiRSAYtDmkb7qp2YWBDThCwI7z8jrKIpDhKRpHEWgOW8pczek5tZvATu5DjgmBjH2k36efeVECGry6+QHn+P3v3mi3g6qwF+1+pjdiXRr0r2pgAoRumMVU1ZsBHkMmvmuo6P8g2de7NWi5wdGUM2EhWghnESBmzr1++bOVWduv0ikA75PZbdj+p32hsjnJGkIM8YgX+lvVuyXTY0iN/HjjlL5+2Ii2iCFntmolEIw7ZDQBQNrIXjXK7Udlrqxn14ywAOD97kO527zmAcYP3pqznJpw8FCp4FxKOXNtQ== +2001:67c:2e8:11::c100:13b5 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA3ExHZJtLuv4TLn/zZMPiAUzXO8At8Sf+TOVH7JqrPtNDx+6UiRSAYtDmkb7qp2YWBDThCwI7z8jrKIpDhKRpHEWgOW8pczek5tZvATu5DjgmBjH2k36efeVECGry6+QHn+P3v3mi3g6qwF+1+pjdiXRr0r2pgAoRumMVU1ZsBHkMmvmuo6P8g2de7NWi5wdGUM2EhWghnESBmzr1++bOVWduv0ikA75PZbdj+p32hsjnJGkIM8YgX+lvVuyXTY0iN/HjjlL5+2Ii2iCFntmolEIw7ZDQBQNrIXjXK7Udlrqxn14ywAOD97kO527zmAcYP3pqznJpw8FCp4FxKOXNtQ== + +reg02-dev.atlas.ripe.net ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzddu7ATb63Q7/g2rZN+ZivwfV9KI/YN+3R3yuKlctz4TWGInClCqt+hMtVyuKxDqRUA7zFq7JMLuVCPJZt2UlOQJdvy05vYKQKuy8lxPw28m0TnVEWbI4SWvlcL+Sz5a/D/qd/Eg7gLWJTB7L5Z345PH6Ip+l2N8TeiCPWSrBt5bJHecbQptWnG+giafaNCsv3bJM+sirnpWXk9OpycBA9xK2UzKA7dMEsfI5KdRr791R2uMgfaAtR2JyW3R1MzY2Bf0s1VvVT1YlaoJlL7fAc8628V8oea6o/YjUi/Yb1ldmFIGUIUqNpJra5sgrZ5UND+F4BZbqbyaZObwgI6XzQ== +193.0.19.92 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzddu7ATb63Q7/g2rZN+ZivwfV9KI/YN+3R3yuKlctz4TWGInClCqt+hMtVyuKxDqRUA7zFq7JMLuVCPJZt2UlOQJdvy05vYKQKuy8lxPw28m0TnVEWbI4SWvlcL+Sz5a/D/qd/Eg7gLWJTB7L5Z345PH6Ip+l2N8TeiCPWSrBt5bJHecbQptWnG+giafaNCsv3bJM+sirnpWXk9OpycBA9xK2UzKA7dMEsfI5KdRr791R2uMgfaAtR2JyW3R1MzY2Bf0s1VvVT1YlaoJlL7fAc8628V8oea6o/YjUi/Yb1ldmFIGUIUqNpJra5sgrZ5UND+F4BZbqbyaZObwgI6XzQ== +2001:67c:2e8:11::c100:135c ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAzddu7ATb63Q7/g2rZN+ZivwfV9KI/YN+3R3yuKlctz4TWGInClCqt+hMtVyuKxDqRUA7zFq7JMLuVCPJZt2UlOQJdvy05vYKQKuy8lxPw28m0TnVEWbI4SWvlcL+Sz5a/D/qd/Eg7gLWJTB7L5Z345PH6Ip+l2N8TeiCPWSrBt5bJHecbQptWnG+giafaNCsv3bJM+sirnpWXk9OpycBA9xK2UzKA7dMEsfI5KdRr791R2uMgfaAtR2JyW3R1MzY2Bf0s1VvVT1YlaoJlL7fAc8628V8oea6o/YjUi/Yb1ldmFIGUIUqNpJra5sgrZ5UND+F4BZbqbyaZObwgI6XzQ== +reg01-dev.atlas.ripe.net ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA65LBLf30PqFNQEDo+Aly6C+3hWeOoJpbY5qvFgounNPH4puCqYg8uEMNSoXeStm72d1ghKUEvP6O3+W62WgkoBXZJOh8jhRviDOdd23m6Xfmkd0PMmjTx2gjTFsbxrYuuuTJy+ljyWe2FIp8DKRHbyQQ4tAeQ6u9btkqQluFTZCntdZExakjiHPBlA/cmj6JOP1H2VWQVVVK8bR/pzxVPprJ81XyWyFHbIwU47F3wurpjYN+Fd5cFYJbb3Q7V6sDLE2oxFsqwsX8yAyZYh4j7pI769JLGjcUGyoW+b0MLpu46VSUy756jlhvQImIMzGX7Z1sBxj/zO5dioP3vAUo/w== +193.0.19.93 ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA65LBLf30PqFNQEDo+Aly6C+3hWeOoJpbY5qvFgounNPH4puCqYg8uEMNSoXeStm72d1ghKUEvP6O3+W62WgkoBXZJOh8jhRviDOdd23m6Xfmkd0PMmjTx2gjTFsbxrYuuuTJy+ljyWe2FIp8DKRHbyQQ4tAeQ6u9btkqQluFTZCntdZExakjiHPBlA/cmj6JOP1H2VWQVVVK8bR/pzxVPprJ81XyWyFHbIwU47F3wurpjYN+Fd5cFYJbb3Q7V6sDLE2oxFsqwsX8yAyZYh4j7pI769JLGjcUGyoW+b0MLpu46VSUy756jlhvQImIMzGX7Z1sBxj/zO5dioP3vAUo/w== +2001:67c:2e8:11::c100:135d ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA65LBLf30PqFNQEDo+Aly6C+3hWeOoJpbY5qvFgounNPH4puCqYg8uEMNSoXeStm72d1ghKUEvP6O3+W62WgkoBXZJOh8jhRviDOdd23m6Xfmkd0PMmjTx2gjTFsbxrYuuuTJy+ljyWe2FIp8DKRHbyQQ4tAeQ6u9btkqQluFTZCntdZExakjiHPBlA/cmj6JOP1H2VWQVVVK8bR/pzxVPprJ81XyWyFHbIwU47F3wurpjYN+Fd5cFYJbb3Q7V6sDLE2oxFsqwsX8yAyZYh4j7pI769JLGjcUGyoW+b0MLpu46VSUy756jlhvQImIMzGX7Z1sBxj/zO5dioP3vAUo/w== diff --git a/config/anchor/reg_servers.sh.prod b/config/anchor/reg_servers.sh.prod new file mode 100644 index 00000000..78702499 --- /dev/null +++ b/config/anchor/reg_servers.sh.prod @@ -0,0 +1,6 @@ +REG_1_HOST=reg02.atlas.ripe.net +REG_2_HOST=193.0.19.25 +REG_3_HOST=2001:67c:2e8:11::c100:1319 +REG_4_HOST=reg01.atlas.ripe.net +REG_5_HOST=193.0.19.12 +REG_6_HOST=2001:67c:2e8:11::c100:130c diff --git a/config/common/FIRMWARE_APPS_VERSION.in b/config/common/FIRMWARE_APPS_VERSION.in new file mode 100644 index 00000000..d78bda93 --- /dev/null +++ b/config/common/FIRMWARE_APPS_VERSION.in @@ -0,0 +1 @@ +@VERSION@ diff --git a/config/common/measurement.conf.in b/config/common/measurement.conf.in new file mode 100644 index 00000000..ee83b3f4 --- /dev/null +++ b/config/common/measurement.conf.in @@ -0,0 +1,11 @@ +[SUID] +eooqd = ssx @ripe_atlas_measurement@.@ripe_atlas_group@ +eperd = ssx @ripe_atlas_measurement@.@ripe_atlas_group@ +evhttpget = ssx @ripe_atlas_measurement@.@ripe_atlas_group@ +evntp = ssx @ripe_atlas_measurement@.@ripe_atlas_group@ +evping = ssx @ripe_atlas_measurement@.@ripe_atlas_group@ +evsslgetcert = ssx @ripe_atlas_measurement@.@ripe_atlas_group@ +evtdig = ssx @ripe_atlas_measurement@.@ripe_atlas_group@ +evtraceroute = ssx @ripe_atlas_measurement@.@ripe_atlas_group@ +perd = ssx @ripe_atlas_measurement@.@ripe_atlas_group@ +telnetd = ssx @ripe_atlas_measurement@.@ripe_atlas_group@ diff --git a/config/common/mode b/config/common/mode new file mode 100644 index 00000000..b551bb03 --- /dev/null +++ b/config/common/mode @@ -0,0 +1 @@ +prod diff --git a/atlas-config/etc/reg_servers.sh.dev b/config/common/reg_servers.sh.dev similarity index 100% rename from atlas-config/etc/reg_servers.sh.dev rename to config/common/reg_servers.sh.dev diff --git a/atlas-config/etc/reg_servers.sh.test b/config/common/reg_servers.sh.test similarity index 100% rename from atlas-config/etc/reg_servers.sh.test rename to config/common/reg_servers.sh.test diff --git a/config/common/ripe-atlas.run.conf.in b/config/common/ripe-atlas.run.conf.in new file mode 100644 index 00000000..29b936d3 --- /dev/null +++ b/config/common/ripe-atlas.run.conf.in @@ -0,0 +1,32 @@ +#Type Path Mode User Group Age Argument +d @atlas_rundir@ 0755 @ripe_atlas_measurement@ @ripe_atlas_group@ - - +d @atlas_rundir@/pids 0775 @ripe_atlas_measurement@ @ripe_atlas_group@ - - +d @atlas_rundir@/status 0775 @ripe_atlas_measurement@ @ripe_atlas_group@ - - +d @atlas_spooldir@ 2775 @ripe_atlas_user@ @ripe_atlas_group@ - - +d @atlas_spooldir@/data 2775 @ripe_atlas_user@ @ripe_atlas_group@ - - +d @atlas_spooldir@/data/oneoff 2775 @ripe_atlas_user@ @ripe_atlas_group@ - - +d @atlas_spooldir@/data/out 2775 @ripe_atlas_user@ @ripe_atlas_group@ - - +d @atlas_spooldir@/data/out/ooq10 2775 @ripe_atlas_user@ @ripe_atlas_group@ - - +d @atlas_spooldir@/data/out/ooq 2775 @ripe_atlas_user@ @ripe_atlas_group@ - - +d @atlas_spooldir@/data/new 2775 @ripe_atlas_user@ @ripe_atlas_group@ - - +d @atlas_spooldir@/crons 2775 @ripe_atlas_user@ @ripe_atlas_group@ - - +d @atlas_spooldir@/crons/main 2775 @ripe_atlas_user@ @ripe_atlas_group@ - - +d @atlas_spooldir@/crons/2 2775 @ripe_atlas_user@ @ripe_atlas_group@ - - +d @atlas_spooldir@/crons/3 2775 @ripe_atlas_user@ @ripe_atlas_group@ - - +d @atlas_spooldir@/crons/4 2775 @ripe_atlas_user@ @ripe_atlas_group@ - - +d @atlas_spooldir@/crons/5 2775 @ripe_atlas_user@ @ripe_atlas_group@ - - +d @atlas_spooldir@/crons/6 2775 @ripe_atlas_user@ @ripe_atlas_group@ - - +d @atlas_spooldir@/crons/7 2775 @ripe_atlas_user@ @ripe_atlas_group@ - - +d @atlas_spooldir@/crons/8 2775 @ripe_atlas_user@ @ripe_atlas_group@ - - +d @atlas_spooldir@/crons/9 2775 @ripe_atlas_user@ @ripe_atlas_group@ - - +d @atlas_spooldir@/crons/10 2775 @ripe_atlas_user@ @ripe_atlas_group@ - - +d @atlas_spooldir@/crons/11 2775 @ripe_atlas_user@ @ripe_atlas_group@ - - +d @atlas_spooldir@/crons/12 2775 @ripe_atlas_user@ @ripe_atlas_group@ - - +d @atlas_spooldir@/crons/13 2775 @ripe_atlas_user@ @ripe_atlas_group@ - - +d @atlas_spooldir@/crons/14 2775 @ripe_atlas_user@ @ripe_atlas_group@ - - +d @atlas_spooldir@/crons/15 2775 @ripe_atlas_user@ @ripe_atlas_group@ - - +d @atlas_spooldir@/crons/16 2775 @ripe_atlas_user@ @ripe_atlas_group@ - - +d @atlas_spooldir@/crons/17 2775 @ripe_atlas_user@ @ripe_atlas_group@ - - +d @atlas_spooldir@/crons/18 2775 @ripe_atlas_user@ @ripe_atlas_group@ - - +d @atlas_spooldir@/crons/19 2775 @ripe_atlas_user@ @ripe_atlas_group@ - - +d @atlas_spooldir@/crons/20 2775 @ripe_atlas_user@ @ripe_atlas_group@ - - diff --git a/config/common/ripe-atlas.service.in b/config/common/ripe-atlas.service.in new file mode 100644 index 00000000..fe293748 --- /dev/null +++ b/config/common/ripe-atlas.service.in @@ -0,0 +1,16 @@ +[Unit] +Description=Atlas Probe +After=network-online.target syslog.target + +[Service] +User=@ripe_atlas_user@ +Group=@ripe_atlas_group@ +Environment=HOME=@atlas_spooldir@ +WorkingDirectory=@atlas_spooldir@ +ExecStart=@sbindir@/ripe-atlas +ExecStop=/usr/bin/killall -n 0 telnetd perd eperd eooqd +Restart=always +TimeoutStopSec=60 + +[Install] +WantedBy=multi-user.target diff --git a/config/common/ripe-atlas.user.conf.in b/config/common/ripe-atlas.user.conf.in new file mode 100644 index 00000000..423f8e0f --- /dev/null +++ b/config/common/ripe-atlas.user.conf.in @@ -0,0 +1,4 @@ +#Type Name ID GECOS Home directory Shell +g @ripe_atlas_group@ - +u @ripe_atlas_user@ - "RIPE Atlas" @atlas_rundir@ - +m @ripe_atlas_user@ @ripe_atlas_group@ diff --git a/config/common/ripe-atlas.users.conf.in b/config/common/ripe-atlas.users.conf.in new file mode 100644 index 00000000..b052200a --- /dev/null +++ b/config/common/ripe-atlas.users.conf.in @@ -0,0 +1,6 @@ +#Type Name ID GECOS Home directory Shell +g @ripe_atlas_group@ - +u @ripe_atlas_user@ - "RIPE Atlas" @atlas_rundir@ - +m @ripe_atlas_user@ @ripe_atlas_group@ +u @ripe_atlas_measurement@ - "RIPE Atlas Measurements" @atlas_spooldir@ - +m @ripe_atlas_measurement@ @ripe_atlas_group@ diff --git a/config/probe/2017-11-07-dev.pem b/config/probe/2017-11-07-dev.pem new file mode 100644 index 00000000..189161c6 --- /dev/null +++ b/config/probe/2017-11-07-dev.pem @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv0gcbB/l+gkgaxkpaSNI +MyaJLSiUYALEMaRMqXOzt5xHkiOCpeKaJpiMmbF17nyg3exndMB1dG2u74p0CAC0 +JvIroKxCRK2klJNr2lC+0ws9Y/rdF3CKXbT/uxbgKVJQOXkt9acA4KwL6wtptaCk +SIQzEff6ihHQOlcdbyLuKXJguEW5QHu009A8OqBdlFIKfVL8sQugf56rQGaDt7Ci +fhONjqOmIorvomMMktMGnGaH3rhubTn01IqeVYR6L313F0gTnysGzwVjK4aMVnID +nmC3cdaEH1EhJJ50l5KiPBn7Few1tzZTSyCF8l91nZ+FweND970ll5Y1BgsUuIpe +BwIDAQAB +-----END PUBLIC KEY----- diff --git a/config/probe/2017-11-07-prod.pem b/config/probe/2017-11-07-prod.pem new file mode 100644 index 00000000..1b06b8f2 --- /dev/null +++ b/config/probe/2017-11-07-prod.pem @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusyPt4aiNVJNPS62suEu +8pwyn+pncY9h76os0yl3daBRTGEJgw6DmfGnGU1Z7xLGMFRaOXjgn8TmHk7V8J6O +K/LdY0i4ZydwuG9aGu8+XrOVHtMHdzS/433HOBuYmZdZLR5j+R+q88A9KvINGFfv +jNl3+6IQX1dmbJQjMY7B/EdA0qrI3vXhdyYOhzIjFZ599P5Qy5DaNcVszcUtWqf4 +HH7JtjEGmbbXBioj0TCxsY72kL2H5AstYvwFfiKXLmglwv0hgEY+VO5UDkvWImIz +rr7GeBIYswy+huN2366W3DT24nIsCp6DRhUNmkzlIpsb9Mf7zZIyZNet4ot8mBx3 +9QIDAQAB +-----END PUBLIC KEY----- diff --git a/config/probe/2017-11-07-test.pem b/config/probe/2017-11-07-test.pem new file mode 100644 index 00000000..06e18545 --- /dev/null +++ b/config/probe/2017-11-07-test.pem @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvab62rUDlbhNBL8Tkhlg +4XSElQVjD5Z/d6cINqfeancpJRRdpQkNBuQO0qrbhKf0SRHeRSW59uhmdT8c393a +T3t9mnb2HGoJkUxQufktvM3jl37tP5PcXd7LERoRXHqwyzYXlQz9f6SpQ7tyPmUp +AwFtEZKgvqdqkYcw0USBShnAKzPDCmYTEEHlE0DejasWgaUlDsS1QCgHzHDvHaYH +7J7/soz4SqcEh1JapYH9HbZVvN23f9/VhTUkosgzDcZJbZMe/tzWi0R2kCAGCU0K +WM9aT+T5ueTAPjT4gl1thzoKxKkQRxSdCgEIkhMoDV8Fyft81J/t1CahZ3DSbw4r +AwIDAQAB +-----END PUBLIC KEY----- diff --git a/config/probe/2018-04-23-dev.pem b/config/probe/2018-04-23-dev.pem new file mode 100644 index 00000000..28488078 --- /dev/null +++ b/config/probe/2018-04-23-dev.pem @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyZRJZz81S0zDxG1n/PdV +TXvmciBxgqbabzyDXKbZ1cdJEmI2NwGFGEaO2zXi+NdfgxfDJIo8To3hNO9clCdB +cHmmMSfM2uw45rvw87GZPE9yWdwe1fIZKUXM7g/GbXzBtKF8QmJFtQCqo1ef6aGD +5o3JCzg5rO36TXK8JPNSSwUSLwpTPvIJkYuCjG8hJjcThypo3YzJavmRdu2a/ies +vc+LQVSlVhHb0W4LhfrG45qGIYW6jDTkUlAXVAawT/9ep2ydee3GGYj7+aJaAGwJ +QQgOqC6dykqJQG90bFxo0Skx5pO2TBSc4eGjwbMErqfp9qdAJ+f1S3wyLa8R4JBC +vQIDAQAB +-----END PUBLIC KEY----- diff --git a/config/probe/2018-04-23-prod.pem b/config/probe/2018-04-23-prod.pem new file mode 100644 index 00000000..38cd682c --- /dev/null +++ b/config/probe/2018-04-23-prod.pem @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAn6Uh9PEDprK2i9fK7tMq +6XuvJViIqs7kkfxhLMhV0Fi+3uTjrarUQr4JGFTJp9vhuut7E8AolnTgT3W1+MUM +0jvZh1/Pd7HluCCAkQzCyMGgURM7tyzmC8mok7cRdZVV3IBQsVJ3KYwSCy0OIWu1 +01Vh3cQ1hxs09uwzpfExeDMyYicohO/M674jpdyOtRDre5ikFeHTAIlozWbTBZkO +11sycTOS6GvgG6subiT4VBjb1q3DPF6xcxCYYC6OhSodA9iKERxEvjbHfVn/wR6s +2kvlU+X8xbIfOhxngBxG+uOTD5SoILb2oDF+zkcsuuv/Gtwjs88PjeqN7jX7E4L5 +wQIDAQAB +-----END PUBLIC KEY----- diff --git a/config/probe/2018-04-23-test.pem b/config/probe/2018-04-23-test.pem new file mode 100644 index 00000000..36b9445f --- /dev/null +++ b/config/probe/2018-04-23-test.pem @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2WAOTCDVSLdDl2VJKhU4 +P/eyclWWmhEPxiZn2ZEkGgKNVHB4rM2MYIv99nutgFuRv0IEwZn36mciM8+ncTXE +zTB+QXlVVBSkBJaxioZ7s4wtA7ZRn7Bvr3ufZ2tYzvaM0JcmwjQu17fLa/MbWjZI +TjLiY6xGxYhv9cwco+1EGWAl60k4GzYMU2hn6DM7BiZego0emKXEpZ8u7pSqKu/H +t3M2ilJTXb+lEQZtmshEyphy5pjCabS5WoB/CkZzsBjcZDzoNnWIFnqATl6r54Vk +9Lct+kZ/H6qfigvNqiOBvjGanKUAwj9uESpcntx/jnhhIU7xu330JA+QrIuxjuMa +1QIDAQAB +-----END PUBLIC KEY----- diff --git a/config/probe/2021-02-02-dev.pem b/config/probe/2021-02-02-dev.pem new file mode 100644 index 00000000..0d483c26 --- /dev/null +++ b/config/probe/2021-02-02-dev.pem @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA5A47XF4UAXJFScaca4fm +VH+i7fq9njWDGyd1Pt5e3lzASwYxzZxJyMO7qvrNtUrIZBzP2HVbzrRCOuvPHMjn +veTydEgRZBqbqRf9pph4blfoFxHri/t+sDfu+xo+gleeUOLd5dLacAQ8/UHp9Aes +SheLL6TR4Y9xCNnZJKXUg89Gb/cA38QpKVvAEAmxS/yPc7E5xuwXYwu0DyzaHaOd +mVbXDi4yRaLdNNYoRqdnh+blgIz8Tmicgfeu94SLk/7sw2TkPPwzEfSGQ9VZkFIE +GBsi19sl8fkIrjERVNktoQGZvzg5Vm4s+46rGxT3ZnS3zYu1L4acUJPeQNO/Zf/M +/QIDAQAB +-----END PUBLIC KEY----- diff --git a/config/probe/2021-02-02-prod.pem b/config/probe/2021-02-02-prod.pem new file mode 100644 index 00000000..e869e12b --- /dev/null +++ b/config/probe/2021-02-02-prod.pem @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuknsMfei2JiwEgZnTkkp ++TJvLzeL0cmx1HnbpNw5MYS9amUm97sR0hTaHX6YK3w1NOM0mx9sltBzENBw1WEx +3o4m8MBO1g0EVezPLSMI8VFSrFKiwY4PvB72SMMhAO4bSamDics7jnC2S+Sy37En +Cp+IArLUHP1dRj3IvuUcsGr5CU3wyhIJfTwU5VO6IGBNBQH01pFzXsCMANzmS+Ly +sewQrqpDwyEEpterLpKsBJgsW3/LzrBAf1MSiLI/YQEjU7L+5dOklR8yT4P05MLi +WJ7wwNZAOIt+ObkUMlDit9CqMXfhA4JhrxPiEmB58xh89TP9V7nYiLLoPjyYVQfT +LQIDAQAB +-----END PUBLIC KEY----- diff --git a/config/probe/2021-02-02-test.pem b/config/probe/2021-02-02-test.pem new file mode 100644 index 00000000..c7571302 --- /dev/null +++ b/config/probe/2021-02-02-test.pem @@ -0,0 +1,9 @@ +-----BEGIN PUBLIC KEY----- +MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2pI3wx6Dw8Svau+NjNvV +68YQxbmRAadJbSICsjQsZVgz5zleQdd2/ZidD6Rbe4pjGkY960WXx86U0PqiES3i +qBKROAaSf1V3kEhxPkS3px9nUDlGdVsWZ0lprFPCHkkAeVxMa+HYwOjKNxcnIJOg +O2h8hwGeaSsV76LUXmfVHFSwb4E/i4CCbiWi9AjzEH+bFieR29f5ecvTCPjLZEkg +aPUHbqIPyW5qXH2Z0RoLTPy72N7azFqHUGT8Sb4CPCNlBtgJOkTmPt678mMhmPfa +yAEnd6ZIPylcsLAhqHJk7lcCGzS3sO+UCUmYXWQExVzeFtxtitv9FU6iD1smUFlG +uwIDAQAB +-----END PUBLIC KEY----- diff --git a/atlas-config/etc/known_hosts.reg b/config/probe/known_hosts.reg similarity index 100% rename from atlas-config/etc/known_hosts.reg rename to config/probe/known_hosts.reg diff --git a/atlas-config/etc/reg_servers.sh.prod b/config/probe/reg_servers.sh.prod similarity index 100% rename from atlas-config/etc/reg_servers.sh.prod rename to config/probe/reg_servers.sh.prod diff --git a/configure.ac b/configure.ac new file mode 100644 index 00000000..2513452e --- /dev/null +++ b/configure.ac @@ -0,0 +1,174 @@ +AC_PREREQ([2.68]) +AC_INIT([ripe-atlas], [m4_esyscmd_s([cat VERSION])], [mstam@ripe.net]) + +AC_CONFIG_AUX_DIR([.]) +AC_CONFIG_MACRO_DIR([m4]) + +AM_INIT_AUTOMAKE([foreign]) +AM_SILENT_RULES([yes]) + +# use the following arguments for '--with-probe-type' flag +# v3: openwrt-atlas-probev3 +# v4: openwrt-atlas-probev4 +# v5: openwrt-atlas-probev5 +# centos: centos-rpm--- (ie. centos-rpm-ripe-atlas-probe-5090-1.el7) +# debian: debian-- (ie. debian-ripe-atlas-probe-5090) +AC_ARG_WITH([probe-type], [AS_HELP_STRING([--with-probe-type], [define which probe flavour should be built (v3,v4,v5)])], [], [with_probe_type=no]) + +probe_type=${with_probe_type} +AC_SUBST(probe_type) + +AS_CASE([$probe_type], + [*openwrt*], [probe_scripts_path=$probe_type], + [probe_scripts_path=generic]) +AC_SUBST(probe_scripts_path) +AM_CONDITIONAL([PROBE_TYPE_V3], [test "x${probe_type}" = 'xopenwrt-atlas-probev3']) +AM_CONDITIONAL([PROBE_TYPE_V4], [test "x${probe_type}" = 'xopenwrt-atlas-probev4']) +AM_CONDITIONAL([PROBE_TYPE_V5], [test "x${probe_type}" = 'xopenwrt-atlas-probev5']) + +AC_ARG_ENABLE([chown], + [AS_HELP_STRING([--enable-chown], [set permissions during install @<:@default=yes@:>@])], + [case "${enableval}" in + yes) do_chown=true ;; + no) do_chown=false ;; + *) AC_MSG_ERROR([bad value ${enableval} for --enable-chown]) ;; + esac],[do_chown=true]) +AM_CONDITIONAL([DO_CHOWN], [test "x${do_chown}" = 'xtrue']) +if test "x${do_chown}" != 'xtrue'; then + AC_MSG_WARN([Disabling chown may prevent the probe from running as a non-privileged user]) +fi + +ripe_atlas_user= +ripe_atlas_group= +ripe_atlas_measurement= +AC_ARG_WITH([user], [AS_HELP_STRING([--with-user], [run main process as username @<:@default=ripe-atlas@:>@])], [ripe_atlas_user="${withval}"], []) +AC_ARG_WITH([measurement-user], [AS_HELP_STRING([--with-measurement-user], [run measurement processes as username @<:@default=--with-user@:>@])], [ripe_atlas_measurement="${withval}"], []) +AC_ARG_WITH([group], [AS_HELP_STRING([--with-group], [run group @<:@default=ripe-atlas@:>@])], [ripe_atlas_group="${withval}"], []) + +if test -z "${ripe_atlas_user}"; then + ripe_atlas_user='ripe-atlas' +fi + +if ! grep -qE "^${ripe_atlas_user}:" /etc/passwd; then + AC_MSG_WARN([User ${ripe_atlas_user} doesn't seem to exist, installation may fail]) +fi + +if test -z "${ripe_atlas_group}"; then + ripe_atlas_group='ripe-atlas' +fi + +if ! grep -qE "^${ripe_atlas_group}:" /etc/group; then + AC_MSG_WARN([Group ${ripe_atlas_group} doesn't seem to exist, installation may fail]) +fi + +if test -z "${ripe_atlas_measurement}"; then + ripe_atlas_measurement="${ripe_atlas_user}" +fi + +if ! grep -qE "^${ripe_atlas_measurement}:" /etc/passwd; then + AC_MSG_WARN([User ${ripe_atlas_measurement} doesn't seem to exist, installation may fail]) +fi +AM_CONDITIONAL(SINGLE_USER, [test "${ripe_atlas_measurement}" = "${ripe_atlas_user}"]) + +AC_SUBST(ripe_atlas_user) +AC_SUBST(ripe_atlas_group) +AC_SUBST(ripe_atlas_measurement) + +# use the following arguments for the '--with-install-mode' flag +# common: common, non-probe specific +# probe: (software) probe +# anchor +AC_ARG_WITH([install-mode], [AS_HELP_STRING([--with-install-mode], [define the purpose of the probe (probe,anchor,common)])], [], [with_install_mode=probe]) + +AM_CONDITIONAL([INSTALL_MODE_probe], [test "x${with_install_mode}" = 'xprobe']) +AM_CONDITIONAL([INSTALL_MODE_anchor], [test "x${with_install_mode}" = 'xanchor']) + +AC_PATH_PROG(SETCAP, setcap) +AC_ARG_ENABLE([setcap-install], [AC_HELP_STRING([--enable-setcap-install], [install measurements with cap_net_raw @<:@default=yes@:>@])], [enable_setcap_install="${enableval}"],[enable_setcap_install=yes]) + +AC_MSG_CHECKING([whether to install measurements with cap_net_raw capabilities]) +if test "x${enable_setcap_install}" = 'xno'; then + AC_MSG_RESULT([no]) + AC_MSG_WARN([Disabling setcap installation may prevent the probe from running as a non-privileged user]) +else + if test "x${SETCAP}" = 'x'; then + AC_MSG_RESULT([no. 'setcap' not found]) + else + AC_MSG_RESULT([yes]) + fi +fi + +AM_CONDITIONAL(SETCAP_INSTALL, [test "x${enable_setcap_install}" = 'xyes']) + +AC_PATH_PROG(SYSTEMDPATH, systemd-path) +AC_ARG_ENABLE([systemd], [AC_HELP_STRING([--enable-systemd], [install files for systemd @<:@default=yes@:>@])], [enable_systemd="${enableval}"],[enable_systemd=yes]) + +AC_MSG_CHECKING([whether to install systemd support files]) +systemd_tmpfilesdir= +systemd_unitsdir= +systemd_sysusersdir= +if test "x${enable_systemd}" = 'xno'; then + AC_MSG_RESULT([no]) +else + if test "x${SYSTEMDPATH}" != 'x'; then + AC_MSG_RESULT([yes]) + systemd_tmpfilesdir=$(${SYSTEMDPATH} tmpfiles 2>/dev/null) + if test "x${systemd_tmpfilesdir}" = "x"; then + systemd_tmpfilesdir=$(${SYSTEMDPATH} --suffix=tmpfiles.d system-library-private 2>/dev/null) + fi + systemd_unitsdir=$(${SYSTEMDPATH} systemd-system-unit 2>/dev/null) + if test "x${systemd_unitsdir}" = "x"; then + systemd_unitsdir=$(${SYSTEMDPATH} --suffix=systemd/system system-library-private 2>/dev/null) + fi + systemd_sysusersdir=$(${SYSTEMDPATH} sysusers 2>/dev/null) + if test "x${systemd_sysusersdir}" = "x"; then + systemd_sysusersdir=$(${SYSTEMDPATH} --suffix=sysusers.d system-library-private 2>/dev/null) + fi + else + AC_MSG_RESULT([no. 'systemd-path' not found]) + fi +fi +AM_CONDITIONAL(SYSTEMD_INSTALL, [test "x${SYSTEMDPATH}" != 'x' -a "x${enable_systemd}" = 'xyes']) +AC_SUBST(systemd_tmpfilesdir) +AC_SUBST(systemd_unitsdir) +AC_SUBST(systemd_sysusersdir) + +# system paths +atlas_libexecdir="\${libexecdir}/ripe-atlas" +atlas_datadir="\${datadir}/ripe-atlas" +atlas_measurementdir="${atlas_libexecdir}/measurement" +atlas_rundir="\${runstatedir}/ripe-atlas" +atlas_scriptsdir="${atlas_libexecdir}/scripts" +atlas_spooldir="\${localstatedir}/spool/ripe-atlas" +atlas_sysconfdir="\${sysconfdir}/ripe-atlas" + +# Compatibility fix for EL8 +if test "x${runstatedir}" = "x"; then + atlas_rundir="\${localstatedir}/run/ripe-atlas" +fi + +storage_sysconfdir=/storage/etc +tmpdir=/tmp + +AC_SUBST(storage_sysconfdir) +AC_SUBST(tmpdir) + +AC_SUBST(atlas_libexecdir) +AC_SUBST(atlas_datadir) +AC_SUBST(atlas_measurementdir) +AC_SUBST(atlas_rundir) +AC_SUBST(atlas_scriptsdir) +AC_SUBST(atlas_sysconfdir) +AC_SUBST(atlas_spooldir) + +AC_PROG_LIBTOOL +AC_PROG_CC + +AC_CONFIG_FILES([ +Makefile +config/Makefile +bin/Makefile +]) + +AC_CONFIG_SUBDIRS([probe-busybox/libevent-2.1.11-stable]) +AC_OUTPUT diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 00000000..d44530e3 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,428 @@ +ripe-atlas-software-probe (5090) bookworm bullseye; urgency=medium + + * All platforms + - All platforms now have a ripe-atlas-common package, a ripe-atlas-anchor and ripe-atlas-probe package to define the purpose of the probe. This deprecates atlasswprobe + - Package is now built using autotools + - Package restructured according to Linux FHS + - Probe private key is not removed upon uninstall + - libevent is now linked to the measurement code statically. It diverged from the original package and cannot be sent upstream + - sudo is no longer required, the processes drop privileges automatically + * Software probes + - Added support for Oracle EL8 and RHEL9 (Oracle EL9 / Rocky Linux 9) + - Added initial code for Debian 11/12 (Support incomplete) + - Added initial code for OpenWRT 22.03 (Support incomplete) + - Fix Atlas not working on SELinux (RHBA-2023:5062); Robert Scheck + - Sanitised log messages (unnecessary errors) + - Probe sub architecture now reports ID, VERSION and PLATFORM + - systemd-sysusers and systemd-tmpfiles now used + - Atlas now exits properly when stopped by systemd on EL8 + - Bash is now a requirement + - RPM now validates properly + + -- RIPE Atlas Team Fri, 12 Jul 2024 00:00:00 -0000 + +ripe-atlas-software-probe (5080) bookworm bullseye; urgency=medium + + * All platforms + - Introduction of CI/CD pipeline for building firmware + - Fix for ICMPv6 echo replies on systems with 32-bit pid_t (Graham Edgecombe) + * Software probes + - The auto update functionality has been removed from the CentOS 7/8 RPM. + * Cleanup on v3 hardware probe to align with v4 and v5 probes. + - Streamline build process for flash and USB firmware + - Removal of unused software / functionality + - Revert to stock OpenWRT insofar as possible + - Code refactoring to remove duplicate implementation of LED behaviour + - JSON style logging framework introduced, initially for process restarting + - Filesystem bug fixed that prevented release of flash firmware + + -- RIPE Atlas Team Fri, 23 Sep 2022 00:00:00 -0000 + +ripe-atlas-software-probe (5070) bookworm bullseye; urgency=medium + + * Fix bug that caused processes to restart erroneously. + * Added support for NTP size extension (by Daniel Drown) + + -- RIPE Atlas Team Tue, 31 May 2022 00:00:00 -0000 + +ripe-atlas-software-probe (5060) bookworm bullseye; urgency=medium + + * Removed IPv6 reporting from rxtxrpt + * Replace syscall(__NR_clock_gettime, ...) with clock_gettime() (by Eneas U de Queiroz) + * Fix rptaddrs to handle systems without IPv6. Sad but true. + * Allow measurement targets to be in the prefixes 0.0.0.0/8 and 240.0.0.0/4 + * Add HTTPPOST_PORT port override for httppost + * Improvements for self tests + * Updated cipher list in sslgetcert to Firefox 89.0.2 + * Support for DNS-over-HTTPS measurements + + -- RIPE Atlas Team Wed, 16 Mar 2022 00:00:00 -0000 + +ripe-atlas-software-probe (5050) bookworm bullseye; urgency=medium + + * This is an administrative release, it does not have any changes. + + -- RIPE Atlas Team Wed, 16 Feb 2022 00:00:00 -0000 + +ripe-atlas-software-probe (5040) bookworm bullseye; urgency=medium + + * Measurement changes (version 2.4.1): + - Firmware 5030 introduced a regression where a specific type of TCP connect failure would cause the probe to stop performing measurements. + + -- RIPE Atlas Team Thu, 21 Oct 2021 00:00:00 -0000 + +ripe-atlas-software-probe (5030) bookworm bullseye; urgency=medium + + * Config variable to disable the check that atlas data is on tmpfs + * Support for software probes on OpenWrt (by Jan Pavlinec) + * Measurement busybox v2.4.0: + - Solve issue with duplicate src_addr in DNS measurements + - Remove as much as possible source files that are not used by Atlas + - Fix bug in sslgetcert if there is a connection failure + - Replace stime with clock_settime + - Support a lot more network interfaces in reporting traffic statistics + - Option to set AD bit in DNS queries + - Initial support for testing Atlas measurement code + + -- RIPE Atlas Team Mon, 13 Sep 2021 00:00:00 -0000 + +ripe-atlas-software-probe (5020) bookworm bullseye; urgency=medium + + * Support for a centos 8 binary repo + * Use the hash of the public key in SOS messages for software probes and anchors, allowing software probes to report SOS messages + * Fix a bug in DNS measurements where a JSON fields got duplicated (measurement busybox 2.2.1) + * Suppress some debug output from dfrm (measurement busybox 2.2.1) + * Make response to a reg. server returning WAIT more robust + + -- RIPE Atlas Team Mon, 06 Apr 2020 00:00:00 -0000 + +ripe-atlas-software-probe (5010) bookworm bullseye; urgency=medium + + * Support for Turris routers + * Support Debian + * Build fixes for CentOS 8 + * Improved mechanism to source architecture specific scripts + * Support for DNS resolvers with IPv6 link local address + * Removed some bash-isms + * Measurement changes (version 2.2.0): + - "qt" field for DNS measurements to report query time without setup overhead + - Handle IPv6 scope IDs + - Switch to libevent 2.1.11 + - 'httppost' should only set the system if the environment variable HTTPPOST_ALLOW_STIME is set + - Add '--ttl' option in DNS measurements to report the TTL on replies (for UDP) + + -- RIPE Atlas Team Mon, 13 Jan 2020 00:00:00 -0000 + +ripe-atlas-software-probe (5000) bookworm bullseye; urgency=medium + + * Probe firmware 5000.2 + - Make setting the time and date in the ATLAS script optional + - Corrected names of production registration servers + - Introduce config.txt to make rxtxrpt optional + - Add -y option to yum update + - Added README.rst, INSTALL.rst, CHANGES.rst and LICENSE + * Probe firmware 5000 + - First release of software probes - sync up probe firmware versions between hardware and software + + -- RIPE Atlas Team Mon, 07 Oct 2019 00:00:00 -0000 + +ripe-atlas-software-probe (4980) bookworm bullseye; urgency=medium + + * Disable TCP SACK + + -- RIPE Atlas Team Wed, 10 Apr 2019 00:00:00 -0000 + +ripe-atlas-software-probe (4970) bookworm bullseye; urgency=medium + + * Fixed an issue with periodic HTTP measurements and a chunked response from the remote server + * Generate a new value for the "$r" macro in DNS measurements for each resolver when "use probe's resolvers" is in effect + * Fixed a bug in TCP traceroute when some measurements did not run if there were more than 256 measurements defined + + -- RIPE Atlas Team Mon, 25 Mar 2019 00:00:00 -0000 + +ripe-atlas-software-probe (4960) bookworm bullseye; urgency=medium + + * Fix local time management to deal with cases where the probe did not adjust its local time correctly + * Add support for reinstalling the current firmware if (filesystem) corruption is suspected + + -- RIPE Atlas Team Tue, 26 Feb 2019 00:00:00 -0000 + +ripe-atlas-software-probe (4950) bookworm bullseye; urgency=medium + + * Fixed a bug in traceroute where a trace was supposed to stop after 5 non-responding hops, but it stopped earlier if the starting hop was not set to 1 + * Added support for DNS cookies (API/UI support is in the works) + * Added support to set EDNS version, flags and options (API/UI support TBD) + * Added support to send DNS queries with IPv6 destination option (API/UI support is in the works) + * Code shuffles to record timestamps for response time as close as possible to sending and receiving calls + + -- RIPE Atlas Team Wed, 20 Feb 2019 00:00:00 -0000 + +ripe-atlas-software-probe (4940) bookworm bullseye; urgency=medium + + * Add support for DNS client subnet option + * Add support for HTTP host header + * Add support for ping synchronous DNS resolution (only used internally) + * Update SSL/TLS list of ciphers (taken from wget 1.19.1) + * Add support for SSL/TLS elliptic curves + * Add better error reporting for TLS errors + * Add support for traceroute ToS + * Internal code changes to align the behaviour/scripts used on v3 and v4 probes + * Fix a bug where probes no longer sent DNS "sos" queries + + -- RIPE Atlas Team Tue, 17 Jul 2018 00:00:00 -0000 + +ripe-atlas-software-probe (4930) bookworm bullseye; urgency=medium + + * This firmware is a clone of 4910, aimed exclusively for the upcoming v4 probes + + -- RIPE Atlas Team Mon, 21 May 2018 00:00:00 -0000 + +ripe-atlas-software-probe (4910) bookworm bullseye; urgency=medium + + * General + - Upgrade busybox (used inside the probe firmware) + - When name resolution results in a 'local' address and the probe denies executing the measurement, report the offending address + - Report how long name resolution takes (except for DNS measurements) + - SSL/TLS certificate measurements now report the cipher that is chosen by the server + - Fix bug where a TCP socket was not set to non-blocking when explicit binding to an interface was required + * Anchor + - Support added for CentOS 6 and 7 + + -- RIPE Atlas Team Mon, 08 Jan 2018 00:00:00 -0000 + +ripe-atlas-software-probe (4790) bookworm bullseye; urgency=medium + + * This is a v1/v2 only release meant to fix stability issues that resulted in stretching the hardware capabilities too far. + + -- RIPE Atlas Team Mon, 29 May 2017 00:00:00 -0000 + +ripe-atlas-software-probe (4780) bookworm bullseye; urgency=medium + + * Various fixes for stability and security + * Allow DNS "macros" like $p, $t, $r, which are replaced by the probe each time with probe ID, timestamp and a random value, respectively + * Add SNI support to TLS/SSL checks + * Add option to embed probe ID in ping requests in order to filter out RIPE Atlas generated ICMPs + * Report time-to-complete in TLS/SSL results even if fetching the actual certificate fails + * Fixed a bug where there were no results delivered for DNS measurements with the "include the abuf" option turned off + + -- RIPE Atlas Team Mon, 22 May 2017 00:00:00 -0000 + +ripe-atlas-software-probe (4770) bookworm bullseye; urgency=medium + + * Fixed a regression where DNS measurements using TCP transport always failed + * Fixed a bug where WiFi measurements could sometimes report using the wrong outgoing network interface + + -- RIPE Atlas Team Wed, 22 Mar 2017 00:00:00 -0000 + +ripe-atlas-software-probe (4760) bookworm bullseye; urgency=medium + + * Changes to use USB sticks (in v3 probes) as little as possible by buffering results in memory. As a tradeoff for more expected stability, the probes lose recent, unreported measurement results (ie. the ones collected in the last 60-90 seconds). + * Unexpectedly terminated TCP connections caused SIGPIPE signals crashing the measurement the process + * Various stability and security fixes to the measurement code + + -- RIPE Atlas Team Thu, 23 Feb 2017 00:00:00 -0000 + +ripe-atlas-software-probe (4750) bookworm bullseye; urgency=medium + + * First release of wifi firmware (4755) + * Various security/stability fixes in the measurement code + + -- RIPE Atlas Team Tue, 24 Jan 2017 00:00:00 -0000 + +ripe-atlas-software-probe (4740) bookworm bullseye; urgency=medium + + * Disallow measurements towards 0.0.0.0/8 + * Internal changes to support wifi measurements + * Report local network configuration every hour + * Switch to ext4 filesystem for USB storage + * Check for read-only USB and send SOS message if that's the case + * Fixed kernel to not download new firmware if the usb stick is read-only + + -- RIPE Atlas Team Mon, 08 Aug 2016 00:00:00 -0000 + +ripe-atlas-software-probe (4730) bookworm bullseye; urgency=medium + + * Better error handling for unexpected measurement results + * Probes will soon start reporting their uptime in a new "virtual measurement", ID 7001 + * Fixed an error case where results of one-off traceroutes could have interfered with ongoing traceroutes + * Added preliminary support for specifying a timeout parameter for DNS measurements + + -- RIPE Atlas Team Mon, 18 Jan 2016 00:00:00 -0000 + +ripe-atlas-software-probe (4720) bookworm bullseye; urgency=medium + + * The method for measuring times (e.g. RTTs) for each measurement has been switched to use a strictly monotonic, relative clock, thereby avoiding the artefacts caused by absolute clock changes due to time synchronisation. + * The RDATA field of a DNS measurement result (in response to a TXT query) is now a list of strings. It was a single string before. + * The cipher list supported by SSL/TLS certificate checks have been refreshed. + * Fixed a bug where one-off results were reported multiple times in some cases. + * Fixed a issue where NTP measurements could generate syntactically incorrect results which, as a consequence, were never stored. + * Fixed an issue where IPv6-only probes did not properly report their network configuration. + * Fixed a bug where failed DNS measurements in some cases did not report the time of measurement. + * The probes, in addition to the infrastructure, now also enforce the restriction that local (RFC1918 and link-local) addresses should not be measured. + * When removing static configuration from a probe, the statically added previous DNS server was still used + + -- RIPE Atlas Team Mon, 05 Oct 2015 00:00:00 -0000 + +ripe-atlas-software-probe (4700) bookworm bullseye; urgency=medium + + * This is mostly a maintenance release, with internal behavioural changes only. + + -- RIPE Atlas Team Mon, 06 Jul 2015 00:00:00 -0000 + +ripe-atlas-software-probe (4680) bookworm bullseye; urgency=medium + + * This firmware incorporates a few bug fixes: + * If probe has statically configured nameserver and also DHCPv4, the DHCP one wins, thereby fixing stale DNS entries + * Enhance the NTP client on v3 probes + * V3 probes now pick up IPv6 DNS resolvers from RA messages + * Stability issues on v1/v2 probes when HTTP measurements immediately fail with connection errors + * "SSLCert" measurements now also support TLS + + -- RIPE Atlas Team Sat, 28 Mar 2015 00:00:00 -0000 + +ripe-atlas-software-probe (4670) bookworm bullseye; urgency=medium + + * Fixed two bugs in ping measurements where the probe had issues pinging its own IPv6 address + * Fixed wrong host header for IPv6 literals in http measurements + * Probes are now trying to avoid starting too many measurements at exactly the same second + + -- RIPE Atlas Team Wed, 14 Jan 2015 00:00:00 -0000 + +ripe-atlas-software-probe (4660) bookworm bullseye; urgency=medium + + * Bugfix: fixed a bug in paris traceroute where the ICMP version would have the wrong paris id in outgoing packets + * Bugfix: fixed a memory leak in the DNS measurements code + * Enhancement: include a cookie in outgoing ping packets and check the reply + * Enhancement: in ping, report IP version and target address even if socket connect fails + * Experimental suport for NTP measurements (not publicly available yet) + + -- RIPE Atlas Team Mon, 25 Aug 2014 00:00:00 -0000 + +ripe-atlas-software-probe (4650) bookworm bullseye; urgency=medium + + * Ping interval option (-i option, needs support from API and UI) + * The "lts" field is now also available in the output of traceroute, dns, sslgetcert, httpget + * Traceroute IPv6 extra error code 'h': destination unreachable/beyond scope + * Fixed error in the output of traceroute + * Fixed bug in parsing multiple IPv6 extension headers in traceroute + * Fixed bug in DNS where RA flag was set in requests + + -- RIPE Atlas Team Tue, 08 Jul 2014 00:00:00 -0000 + +ripe-atlas-software-probe (4610) bookworm bullseye; urgency=medium + + * The new firmware fixes a few DNS related bugs: + * In some cases the probe sent DNS results too often + * Querying the local DNS resolver could result in multiple results (one per resolver), but these could not be accessed in the data store. The new version collects results from all resolvers into one data structure. See the /apis/result-format/#version-4610-dns-lookup for details. + * In addition, this firmware adds preliminary support for using IPv6 extension headers. This will be available in the UI and in the API at a later date. + + -- RIPE Atlas Team Mon, 17 Mar 2014 00:00:00 -0000 + +ripe-atlas-software-probe (4600) bookworm bullseye; urgency=medium + + * The new firmware release (4600) contains bug fixes for missing fields in ping results (TTL and source address). It also incorporates a more secure way for the probes to authenticate new firmwares before upgrading. + + -- RIPE Atlas Team Mon, 17 Feb 2014 00:00:00 -0000 + +ripe-atlas-software-probe (4580) bookworm bullseye; urgency=medium + + * Due to an issue with the latest firmware release, a subset of the v3 probes were listening to incoming connections on an open port that should not have been left open. As a secondary measure, however, access to this port required credentials only available to the RIPE Atlas probe developers. It therefore never presented open access to the probes. This port (SSH) is used for development purposes in our internal development environment. + * We upgraded the v3 probes to a new, corrected firmware version (4580), and improved the checks in our firmware release process. The new firmware is otherwise functionally equivalent to the previous one. + * This issue did not affect version 1/2 probes and anchors. + + -- RIPE Atlas Team Mon, 16 Dec 2013 00:00:00 -0000 + +ripe-atlas-software-probe (4570) bookworm bullseye; urgency=medium + + * Upgrade kernel on v3 probes without losing static network config + * Uniform interpretation of the size parameter of ping and traceroute: the size excludes the IPv4/IPv6 header and the transport (ICMP, TCP, UDP) header + * Add TCP mode to traceroute measurements + * Most measurements (except for DNS "use probe's local resolvers") now pick up a new list of resolvers if it has been updated by DHCP + * Support for SRV and NAPTR in DNS measurements + * Support "number of retries" option in DNS measurements + * Note that the use of the new measurement flag will be enabled in the UI and API at a later stage. + + -- RIPE Atlas Team Thu, 21 Nov 2013 00:00:00 -0000 + +ripe-atlas-software-probe (4520) bookworm bullseye; urgency=medium + + * This is a bug fix release for all probe architectures. There is a small bug in the probe measurement code that can be trigger only if a controller sends the wrong commands to a probe. + + -- RIPE Atlas Team Tue, 23 Apr 2013 00:00:00 -0000 + +ripe-atlas-software-probe (4510) bookworm bullseye; urgency=medium + + * Version 3 probes + - Fixes for static network configuration + * Anchor + - Cleanup in anchor package + - Various fixes to the startup/shutdown scripts + - Aligned build script with upstart for killing processes + - Clean up pid files on Atlas shutdown + - Kill Atlas processes on install/uninstall + - Anchor now requires daemontools to be installed + + -- RIPE Atlas Team Tue, 23 Apr 2013 00:00:00 -0000 + +ripe-atlas-software-probe (4500) bookworm bullseye; urgency=medium + + * RIPE Atlas probe software now supports two more architectures: TP-Link (for the next generation probes) and CentOS (for RIPE Atlas anchors). + * There is now support for one-off measurements for ping, traceroute, DNS, and HTTPget. + * We fixed a bug in DNS measurements in which, when querying local resolvers, more queries went to the last resolver. + * Fixed "error" : { "TUCONNECT" : "Success"}. Before this version DNS TCP and HTTPget reported an error message "Success". + * First release of anchor package + + -- RIPE Atlas Team Thu, 28 Feb 2013 00:00:00 -0000 + +ripe-atlas-software-probe (4480) bookworm bullseye; urgency=medium + + * Fixed bug in traceroute when it has to deal with rfc4884 objects (mpls) that have a wrong size. + * Delayed DNS name resolution in ping and traceroute. This feature will soon be enabled through the UI. + * Fixed bug in HTTP GET where some characters where not properly escaped in generating the result JSON. + * Fixed bugs in the libevent stub resolver to better handle DNS errors and timeouts (affects mostly httpget) + * Limit the amount of measurement data that is sent as one unit. This prevents probes that have not connected to a controller for some time from overloading the controller. + * The probe uptime is now in the DNS SOS messages that are sent by probes before they try to connect. This will allow making a distinction between various reasons for disconnects: e.g. probe reboot vs. network problems. + * Initial version for anchor package added (Anand Buddhev) + + -- RIPE Atlas Team Wed, 03 Oct 2012 00:00:00 -0000 + +ripe-atlas-software-probe (4470) bookworm bullseye; urgency=medium + + * This firmware fixes two bugs. + - The first one is that DNS results may get mixed up when a probe runs two DNS measurements at the same time. + - The second one is where traceroute sometimes reports a timestamp of 0. + * In addition, the firmware now has IPv6 literals for the registrations servers, so an IPv6-only probe can connect to a registration server even if it doesn't have a DNS resolver. + + -- RIPE Atlas Team Thu, 20 Sep 2012 00:00:00 -0000 + +ripe-atlas-software-probe (4460) bookworm bullseye; urgency=medium + + * The main new feature in this firmware is the use of libevent and rewriting the measurement code to use it. This provides a much higher capacity for doing measurements. In addition, the probe now reports results in JSON. Expect the traceroute output to be completely different. The are a number of small changes. For example, the DHCP client now sets the client-id and vendor class. Please note that if you have given the probe a static IPv4 address through DHCP and the probes stops working then this may be caused by the change in DHCP client-id. + + -- RIPE Atlas Team Thu, 21 Jun 2012 00:00:00 -0000 + +ripe-atlas-software-probe (4310) bookworm bullseye; urgency=medium + + * This firmware contains a number of small fixes that deal with exceptional conditions. Probes should also reconnected slightly quicker after a disconnect. + + -- RIPE Atlas Team Wed, 22 Feb 2012 00:00:00 -0000 + +ripe-atlas-software-probe (4270) bookworm bullseye; urgency=medium + + * More pings to fixed destinations + * Traceroutes to fixed destinations + * DNS root server anycast instance checks + + -- RIPE Atlas Team Mon, 10 Oct 2011 00:00:00 -0000 + +ripe-atlas-software-probe (4030) bookworm bullseye; urgency=medium + + * We're in the process of rolling out a new firmware version. It enables a new feature that has been asked by members of the community: /howtos/probe-static-network-config.md. Using the UI, one can ask the probe to try to use static IPv4/IPv6 addresses (and DNS resolvers). If these settings don't work, the probes will fall back to using DHCP. As a byproduct, this feature also allows IPv6-only deployments. + + -- RIPE Atlas Team Mon, 04 Jul 2011 00:00:00 -0000 + +ripe-atlas-software-probe (4020) bookworm bullseye; urgency=medium + + * The new firmware version enables the use of a second registration server (woolsey.atlas.ripe.net). All probes are expected to upgrade automatically in the coming days. + + -- RIPE Atlas Team Mon, 07 Feb 2011 00:00:00 -0000 diff --git a/debian/control b/debian/control new file mode 100644 index 00000000..29cfb96d --- /dev/null +++ b/debian/control @@ -0,0 +1,74 @@ +Source: ripe-atlas-software-probe +Section: net +Priority: optional +Build-Depends: + debhelper-compat (= 13), + autotools-dev, + libssl-dev, +Rules-Requires-Root: binary-targets +Maintainer: Michel Stam + +Package: ripe-atlas-common +Architecture: any +Depends: + ${shlibs:Depends}, + ${misc:Depends}, + libssl3 | libssl1, + net-tools, + openssh-client, +Section: net +Priority: optional +Homepage: https://atlas.ripe.net/ +Description: RIPE Atlas essential components + RIPE Atlas is the RIPE NCC's main Internet data collection system. + It is a global network of devices, called probes and anchors, that + actively measure Internet connectivity. Anyone can access this + data via Internet traffic maps, streaming data visualisations, and + an API. RIPE Atlas users can also perform customised measurements + to gain valuable data about their own networks. + . + This package contains essential core assets used in all probe + flavours. It must be installed for a probe to operate as expected. + +Package: ripe-atlas-probe +Architecture: all +Depends: ripe-atlas-common (= ${binary:Version}) +Conflicts: ripe-atlas-anchor +Replaces: atlasswprobe +Section: net +Priority: optional +Homepage: https://atlas.ripe.net/apply/swprobe/ +Description: RIPE Atlas probe specific files and configuration + RIPE Atlas is the RIPE NCC's main Internet data collection system. + It is a global network of devices, called probes and anchors, that + actively measure Internet connectivity. Anyone can access this + data via Internet traffic maps, streaming data visualisations, and + an API. RIPE Atlas users can also perform customised measurements + to gain valuable data about their own networks. + . + This package contains probe specific files and configuration. + It must be installed for a probe to operate as expected. + . + Please visit https://atlas.ripe.net/apply/swprobe/ to register. + +Package: ripe-atlas-anchor +Architecture: all +Depends: ripe-atlas-common (= ${binary:Version}) +Conflicts: ripe-atlas-probe +Replaces: atlasswprobe +Section: net +Priority: optional +Homepage: https://atlas.ripe.net/anchors/apply/ +Description: RIPE Atlas anchor specific files and configuration + RIPE Atlas is the RIPE NCC's main Internet data collection system. + It is a global network of devices, called probes and anchors, that + actively measure Internet connectivity. Anyone can access this + data via Internet traffic maps, streaming data visualisations, and + an API. RIPE Atlas users can also perform customised measurements + to gain valuable data about their own networks. + . + This package contains anchor specific files and configuration. + It must be installed for an anchor to operate as expected. + . + Please visit https://atlas.ripe.net/anchors/apply/ to register. + Only install at the direction of RIPE NCC. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 00000000..6ebdd8ad --- /dev/null +++ b/debian/copyright @@ -0,0 +1,47 @@ +Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ +Source: +Upstream-Name: ripe-atlas-software-probe +Upstream-Contact: + +Files: + * +Copyright: + + +License: + + + . + + +# If you want to use GPL v2 or later for the /debian/* files use +# the following clauses, or change it to suit. Delete these two lines +Files: + debian/* +Copyright: + 2023 atlas +License: GPL-2+ + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + . + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + . + You should have received a copy of the GNU General Public License + along with this program. If not, see +Comment: + On Debian systems, the complete text of the GNU General + Public License version 2 can be found in "/usr/share/common-licenses/GPL-2". + +# Please also look if there are files or directories which have a +# different copyright/license attached and list them here. +# Please avoid picking licenses with terms that are more restrictive than the +# packaged work, as it may make Debian's contributions unacceptable upstream. +# +# If you need, there are some extra license texts available in two places: +# /usr/share/debhelper/dh_make/licenses/ +# /usr/share/common-licenses/ diff --git a/debian/ripe-atlas-anchor.install b/debian/ripe-atlas-anchor.install new file mode 100644 index 00000000..34df45da --- /dev/null +++ b/debian/ripe-atlas-anchor.install @@ -0,0 +1,2 @@ +config/anchor/known_hosts.reg usr/share/ripe-atlas/ +config/anchor/reg_servers.sh.prod usr/libexec/ripe-atlas/scripts/ diff --git a/debian/ripe-atlas-anchor.postinst b/debian/ripe-atlas-anchor.postinst new file mode 100755 index 00000000..2dcd48fa --- /dev/null +++ b/debian/ripe-atlas-anchor.postinst @@ -0,0 +1,54 @@ +#!/bin/sh +# postinst script for ripe-atlas-anchor +# +# See: dh_installdeb(1). + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-deconfigure' `in-favour' +# `removing' +# +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package +# + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +atlas_olddir='var/atlas-probe' +atlas_newdir='etc/ripe-atlas' +atlas_newkey="${atlas_newdir}/probe_key" +atlas_newmode="${atlas_newdir}/mode" + +case "${1}" in + configure) + # This will be regenerated when the service restarts + rm -f etc/ripe-atlas/reg_servers.sh 1>/dev/null 2>&1 + + # clean up old atlas installation, it is now obsolete + if ( [ -f "%{atlas_newkey}" ] && + [ -f "%{atlas_newkey}.pub" ] && + [ -f "%{atlas_newmode}" ] && + [ -d "%{atlas_olddir}" ] ); then + rm -rf "%{atlas_olddir}" + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument '$1'" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/debian/ripe-atlas-common.links b/debian/ripe-atlas-common.links new file mode 100644 index 00000000..4cf8f89b --- /dev/null +++ b/debian/ripe-atlas-common.links @@ -0,0 +1,22 @@ +usr/libexec/ripe-atlas/measurement/busybox usr/libexec/ripe-atlas/measurement/atlasinit +usr/libexec/ripe-atlas/measurement/busybox usr/libexec/ripe-atlas/measurement/buddyinfo +usr/libexec/ripe-atlas/measurement/busybox usr/libexec/ripe-atlas/measurement/condmv +usr/libexec/ripe-atlas/measurement/busybox usr/libexec/ripe-atlas/measurement/date +usr/libexec/ripe-atlas/measurement/busybox usr/libexec/ripe-atlas/measurement/dfrm +usr/libexec/ripe-atlas/measurement/busybox usr/libexec/ripe-atlas/measurement/eooqd +usr/libexec/ripe-atlas/measurement/busybox usr/libexec/ripe-atlas/measurement/eperd +usr/libexec/ripe-atlas/measurement/busybox usr/libexec/ripe-atlas/measurement/evhttpget +usr/libexec/ripe-atlas/measurement/busybox usr/libexec/ripe-atlas/measurement/evntp +usr/libexec/ripe-atlas/measurement/busybox usr/libexec/ripe-atlas/measurement/evping +usr/libexec/ripe-atlas/measurement/busybox usr/libexec/ripe-atlas/measurement/evsslgetcert +usr/libexec/ripe-atlas/measurement/busybox usr/libexec/ripe-atlas/measurement/evtdig +usr/libexec/ripe-atlas/measurement/busybox usr/libexec/ripe-atlas/measurement/evtraceroute +usr/libexec/ripe-atlas/measurement/busybox usr/libexec/ripe-atlas/measurement/httppost +usr/libexec/ripe-atlas/measurement/busybox usr/libexec/ripe-atlas/measurement/onlyuptime +usr/libexec/ripe-atlas/measurement/busybox usr/libexec/ripe-atlas/measurement/perd +usr/libexec/ripe-atlas/measurement/busybox usr/libexec/ripe-atlas/measurement/rchoose +usr/libexec/ripe-atlas/measurement/busybox usr/libexec/ripe-atlas/measurement/rptaddrs +usr/libexec/ripe-atlas/measurement/busybox usr/libexec/ripe-atlas/measurement/rptra6 +usr/libexec/ripe-atlas/measurement/busybox usr/libexec/ripe-atlas/measurement/rptuptime +usr/libexec/ripe-atlas/measurement/busybox usr/libexec/ripe-atlas/measurement/rxtxrpt +usr/libexec/ripe-atlas/measurement/busybox usr/libexec/ripe-atlas/measurement/telnetd diff --git a/debian/ripe-atlas-common.postinst b/debian/ripe-atlas-common.postinst new file mode 100755 index 00000000..a9706ca1 --- /dev/null +++ b/debian/ripe-atlas-common.postinst @@ -0,0 +1,51 @@ +#!/bin/sh +# postinst script for ripe-atlas-software-common. +# +# See: dh_installdeb(1). + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-deconfigure' `in-favour' +# `removing' +# +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package +# + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +ATLAS_MEAS_OWN='ripe-atlas-measurement:ripe-atlas' +ATLAS_MAIN_OWN='ripe-atlas:ripe-atlas' +ATLAS_CONF_DIR='etc/ripe-atlas' +ATLAS_MEAS_DIR='usr/libexec/ripe-atlas/measurement' +ATLAS_CONF_DIRS="${ATLAS_CONF_DIR}" + +case "${1}" in + configure) + chown -R ${ATLAS_MAIN_OWN} ${ATLAS_CONF_DIRS} + chmod 0770 ${ATLAS_CONF_DIRS} + + chown ${ATLAS_MEAS_OWN} ${ATLAS_MEAS_DIR}/busybox + chmod 4750 ${ATLAS_MEAS_DIR}/busybox + setcap cap_net_raw=ep ${ATLAS_MEAS_DIR}/busybox + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument '$1'" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/debian/ripe-atlas-common.postrm b/debian/ripe-atlas-common.postrm new file mode 100755 index 00000000..3dbfb25d --- /dev/null +++ b/debian/ripe-atlas-common.postrm @@ -0,0 +1,56 @@ +#!/bin/sh +# prerm script for ripe-atlas-common. +# +# See: dh_installdeb(1). + +set -e + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +# Summary of how this script can be called: +# * 'remove' +# * 'purge' +# * 'upgrade' +# * 'failed-upgrade' +# * 'abort-install' +# * 'abort-install' +# * 'abort-upgrade' +# * 'disappear' +# +# for details, see https://www.debian.org/doc/debian-policy/ or +# the debian-policy package. + +case "${1}" in + purge) + rm -f \ + run/ripe-atlas/pids/* \ + run/ripe-atlas/status/* \ + var/spool/ripe-atlas/crons/* \ + var/spool/ripe-atlas/crons/*/* \ + var/spool/ripe-atlas/data/* \ + var/spool/ripe-atlas/data/*/* \ + etc/ripe-atlas/probe_key \ + etc/ripe-atlas/probe_key.pub \ + etc/ripe-atlas/mode \ + 1>/dev/null 2>&1 || true + ;; + + remove|upgrade) + rm -f \ + run/ripe-atlas/status/* \ + 1>/dev/null 2>&1 || true + ;; + + failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "prerm called with unknown argument '$1'" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/debian/ripe-atlas-common.preinst b/debian/ripe-atlas-common.preinst new file mode 100755 index 00000000..fb09d57d --- /dev/null +++ b/debian/ripe-atlas-common.preinst @@ -0,0 +1,48 @@ +#!/bin/sh +# preinst script for ripe-atlas-common. +# +# See: dh_installdeb(1). + +set -e + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +atlas_olddir='var/atlas-probe' +atlas_oldkey="${atlas_olddir}/etc/probe_key" +atlas_oldmode="${atlas_olddir}/state/mode" +atlas_newdir='etc/ripe-atlas' +atlas_newkey="${atlas_newdir}/probe_key" +atlas_newmode="${atlas_newdir}/mode" +# Summary of how this script can be called: +# * 'install' +# * 'install' +# * 'upgrade' +# * 'abort-upgrade' +# for details, see https://www.debian.org/doc/debian-policy/ or +# the debian-policy package. + +case "$1" in + configure) + cat etc/passwd + mkdir -p -m 0770 "${atlas_newdir}" + cp "${atlas_oldkey}" "${atlas_newkey}" 1>/dev/null 2>&1 || true + cp "${atlas_oldkey}.pub" "${atlas_newkey}.pub" 1>/dev/null 2>&1 || true + cp "${atlas_oldmode}" "${atlas_newmode}" 1>/dev/null 2>&1 || true + chmod 664 "${atlas_newkey}.pub" 1>/dev/null 2>&1 || true + chmod 400 "${atlas_newkey}" 1>/dev/null 2>&1 || true + chown -R ripe-atlas:ripe-atlas "${atlas_newdir}" 1>/dev/null 2>&1 + ;; + + install|upgrade|abort-upgrade) + ;; + + *) + echo "preinst called with unknown argument '$1'" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/debian/ripe-atlas-common.prerm b/debian/ripe-atlas-common.prerm new file mode 100755 index 00000000..ed2ad4b3 --- /dev/null +++ b/debian/ripe-atlas-common.prerm @@ -0,0 +1,42 @@ +#!/bin/sh +# prerm script for ripe-atlas-anchor. +# +# See: dh_installdeb(1). + +set -e + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +# Summary of how this script can be called: +# * 'remove' +# * 'purge' +# * 'upgrade' +# * 'failed-upgrade' +# * 'abort-install' +# * 'abort-install' +# * 'abort-upgrade' +# * 'disappear' +# +# for details, see https://www.debian.org/doc/debian-policy/ or +# the debian-policy package. + +case "${1}" in + purge|remove|upgrade) + rm -f \ + etc/ripe-atlas/reg_servers.sh \ + 1>/dev/null 2>&1 + ;; + + failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "prerm called with unknown argument '$1'" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/debian/ripe-atlas-probe.install b/debian/ripe-atlas-probe.install new file mode 100644 index 00000000..ffed90d8 --- /dev/null +++ b/debian/ripe-atlas-probe.install @@ -0,0 +1,2 @@ +config/probe/known_hosts.reg usr/share/ripe-atlas/ +config/probe/reg_servers.sh.prod usr/libexec/ripe-atlas/scripts/ diff --git a/debian/ripe-atlas-probe.postinst b/debian/ripe-atlas-probe.postinst new file mode 100755 index 00000000..f222fec5 --- /dev/null +++ b/debian/ripe-atlas-probe.postinst @@ -0,0 +1,54 @@ +#!/bin/sh +# postinst script for ripe-atlas-probe. +# +# See: dh_installdeb(1). + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-deconfigure' `in-favour' +# `removing' +# +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package +# + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +atlas_olddir='var/atlas-probe' +atlas_newdir='etc/ripe-atlas' +atlas_newkey="${atlas_newdir}/probe_key" +atlas_newmode="${atlas_newdir}/mode" + +case "${1}" in + configure) + # This will be regenerated when the service restarts + rm -f etc/ripe-atlas/reg_servers.sh 1>/dev/null 2>&1 + + # clean up old atlas installation, it is now obsolete + if ( [ -f "%{atlas_newkey}" ] && + [ -f "%{atlas_newkey}.pub" ] && + [ -f "%{atlas_newmode}" ] && + [ -d "%{atlas_olddir}" ] ); then + rm -rf "%{atlas_olddir}" + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument '$1'" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/debian/ripe-atlas-probe.postrm b/debian/ripe-atlas-probe.postrm new file mode 100755 index 00000000..294d664a --- /dev/null +++ b/debian/ripe-atlas-probe.postrm @@ -0,0 +1,42 @@ +#!/bin/sh +# postrm script for ripe-atlas-probe. +# +# See: dh_installdeb(1). + +set -e + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +# Summary of how this script can be called: +# * 'remove' +# * 'purge' +# * 'upgrade' +# * 'failed-upgrade' +# * 'abort-install' +# * 'abort-install' +# * 'abort-upgrade' +# * 'disappear' +# +# for details, see https://www.debian.org/doc/debian-policy/ or +# the debian-policy package. + +case "${1}" in + purge|remove|upgrade) + rm -f \ + etc/ripe-atlas/reg_servers.sh \ + 1>/dev/null 2>&1 + ;; + + failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument '$1'" >&2 + exit 1 + ;; +esac + +exit 0 diff --git a/debian/rules b/debian/rules new file mode 100755 index 00000000..0a2a202b --- /dev/null +++ b/debian/rules @@ -0,0 +1,57 @@ +#!/usr/bin/make -f +RIPE_ATLAS_USER:=ripe-atlas +RIPE_ATLAS_MEASUREMENT_USER:=ripe-atlas-measurement +RIPE_ATLAS_GROUP:=ripe-atlas + +# See debhelper(7) (uncomment to enable). +# Output every command that modifies files on the build system. +export DH_VERBOSE = 1 + + +export DEB_BUILD_MAINT_OPTIONS = hardening=+all + +%: + dh $@ + +override_dh_auto_configure: + dh_auto_configure -- \ + --with-user=$(RIPE_ATLAS_USER) \ + --with-measurement-user=$(RIPE_ATLAS_MEASUREMENT_USER) \ + --with-group=$(RIPE_ATLAS_GROUP) \ + --enable-systemd \ + --disable-chown \ + --disable-setcap-install \ + --with-install-mode=probe + +# Installing/restarting systemd will conflict with the tmpusers being created +# and the permissions being fixed. Either users don't exist and permissions +# are fixed, which won't work. Or, the users are created and systemd is +# restarted, but the permissions are not fixed. +sysusers: + dh_installsysusers \ + -pripe-atlas-common \ + --name=ripe-atlas + +override_dh_installsystemd: + dh_installsystemd \ + -pripe-atlas-common \ + --no-enable \ + --no-start \ + --name=ripe-atlas + +override_dh_installtmpfiles: sysusers + dh_installtmpfiles \ + -pripe-atlas-common \ + --name=ripe-atlas + +override_dh_auto_install: + dh_auto_install \ + --destdir=debian/ripe-atlas-common -- + + # Probe specific files added in other package + rm -f debian/ripe-atlas-common/usr/libexec/ripe-atlas/scripts/reg_servers.sh.prod + rm -f debian/ripe-atlas-common/usr/share/ripe-atlas/known_hosts.reg + +# The only tests that exist are in libevent and these +# do not work +override_dh_auto_test: diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 00000000..163aaf8d --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/upstream/metadata b/debian/upstream/metadata new file mode 100644 index 00000000..af5a2957 --- /dev/null +++ b/debian/upstream/metadata @@ -0,0 +1,6 @@ +Bug-Database: https://github.com/RIPE-NCC/ripe-atlas-software-probe/issues +Bug-Submit: https://github.com/RIPE-NCC/ripe-atlas-software-probe/issues/new +Changelog: https://github.com/RIPE-NCC/ripe-atlas-software-probe/blob/master/CHANGES +Documentation: https://github.com/RIPE-NCC/ripe-atlas-software-probe/wiki +Repository-Browse: https://github.com/RIPE-NCC/ripe-atlas-software-probe +Repository: https://github.com/RIPE-NCC/ripe-atlas-software-probe.git diff --git a/debian/watch b/debian/watch new file mode 100644 index 00000000..6755e6a9 --- /dev/null +++ b/debian/watch @@ -0,0 +1,6 @@ +# Compulsory line, this is a version 4 file. +version=4 + +# Direct Git. +opts="mode=git" http://git.example.com/ripe-atlas-software-probe.git \ + refs/tags/v([\d\.]+) diff --git a/openwrt/Config.in b/openwrt/Config.in new file mode 100644 index 00000000..38874cd5 --- /dev/null +++ b/openwrt/Config.in @@ -0,0 +1,26 @@ +choice RIPE_ATLAS_PROBE_TYPE + prompt "Probe Type" + default RIPE_ATLAS_PROBE_TYPE_GENERIC + help + Select probe type to build. Set to "Generic" if unsure. + +config RIPE_ATLAS_PROBE_TYPE_GENERIC + bool "Generic" + help + Generic software probe. + +config RIPE_ATLAS_PROBE_TYPE_V3 + bool "HWProbe V3" + help + Hardware Probe V3. + +config RIPE_ATLAS_PROBE_TYPE_V4 + bool "HWProbe V4" + help + Hardware Probe V4. + +config RIPE_ATLAS_PROBE_TYPE_V5 + bool "HWProbe V5" + help + Hardware Probe V5. +endchoice diff --git a/openwrt/Makefile b/openwrt/Makefile new file mode 100644 index 00000000..4e61f2fe --- /dev/null +++ b/openwrt/Makefile @@ -0,0 +1,264 @@ +include $(TOPDIR)/rules.mk + +PKG_NAME:=ripe-atlas-probe +PKG_VERSION:=$(shell cat $(CURDIR)/$(SOURCE)/../VERSION) +PKG_RELEASE:=1 +PKG_LICENSE:=GPL +PKG_LICENSE_FILES:=LICENSE +PKG_MAINTAINER:=Michel Stam +PKG_FIXUP=autoreconf +PKG_INSTALL:=1 +PRB_TYPE:=$(if $(CONFIG_RIPE_ATLAS_PROBE_TYPE_V3),openwrt-atlas-probev3,$(if $(CONFIG_RIPE_ATLAS_PROBE_TYPE_V4),openwrt-atlas-probev4,$(if $(CONFIG_RIPE_ATLAS_PROBE_TYPE_V5),openwrt-atlas-probev5,generic))) + +ATLAS_USER=ripe-atlas +ATLAS_GROUP=ripe-atlas +ATLAS_MEAS=ripe-atlas-measurement +PROBE_FW_KEYS= + +include $(INCLUDE_DIR)/package.mk + +define Package/ripe-atlas/Default + TITLE:=RIPE Atlas + SECTION:=net + CATEGORY:=Network + URL:=https://atlas.ripe.net/ +endef + +CONFIGURE_ARGS+= \ + --with-probe-type=$(PRB_TYPE) \ + --with-user=$(ATLAS_USER) \ + --with-group=$(ATLAS_GROUP) \ + --with-measurement-user=$(ATLAS_MEAS) \ + --disable-systemd \ + --disable-setcap-install \ + --disable-chown + +define Package/ripe-atlas/Default/description +RIPE Atlas is the RIPE NCC's main Internet data +collection system. It is a global network of +devices, called probes and anchors, that +actively measure Internet connectivity. Anyone +can access this data via Internet traffic maps, +streaming data visualisations, and an API. +RIPE Atlas users can also perform customised +measurements to gain valuable data about their +own networks. +endef + +define Build/Prepare + $(CP) $(patsubst %/openwrt,%,$(TOPDIR)/$(SOURCE))/. $(PKG_BUILD_DIR) +endef + + +define Package/ripe-atlas-common + $(call Package/ripe-atlas/Default) + TITLE+=(common files) + USERID:=$(ATLAS_USER):$(ATLAS_GROUP) $(ATLAS_MEAS):$(ATLAS_GROUP) + DEPENDS+= \ + +e2fsprogs \ + +jsonfilter \ + +openssh-client \ + +openssh-keygen \ + +libopenssl \ + +@OPENSSL_WITH_DEPRECATED \ + +@BUSYBOX_CONFIG_HOSTNAME \ + +@BUSYBOX_CONFIG_KILL \ + +@BUSYBOX_CONFIG_KILLALL \ + +@BUSYBOX_CONFIG_PS \ + +@BUSYBOX_CONFIG_SED \ + +@BUSYBOX_CONFIG_TAR \ + +!PACKAGE_ntpd:chrony \ + +!BUSYBOX_CONFIG_BUNZIP2:bzip2 + CONFLICTS:=atlasmsm \ + atlasprobe \ + atlas_extra_v3 \ + atlas_extra_v4 \ + atlas_extra_v5 \ + atlas-sw-probe \ + atlas-sw-probe-rpc + +ifneq ($(CONFIG_RIPE_ATLAS_PROBE_TYPE_V5),) + DEPENDS+= \ + +btrfs +endif +endef + +define Package/ripe-atlas-common/conffiles +/etc/ripe-atlas/mode +endef + +define Package/ripe-atlas-common/description +RIPE Atlas (common files) + +$(call Package/ripe-atlas/Default/description) +endef + +define LinkApplet + $(LN) busybox $(1)/usr/lib/ripe-atlas/measurement/$(2) +endef + +ifneq ($(CONFIG_RIPE_ATLAS_PROBE_TYPE_V3),) + PROBE_FW_KEYS += \ + 2017-11-07-dev.pem \ + 2017-11-07-prod.pem \ + 2017-11-07-test.pem +endif +ifneq ($(CONFIG_RIPE_ATLAS_PROBE_TYPE_V4),) + PROBE_FW_KEYS += \ + 2018-04-23-dev.pem \ + 2018-04-23-prod.pem \ + 2018-04-23-test.pem +endif +ifneq ($(CONFIG_RIPE_ATLAS_PROBE_TYPE_V5),) + PROBE_FW_KEYS += \ + 2021-02-02-dev.pem \ + 2021-02-02-prod.pem \ + 2021-02-02-test.pem +endif + +define Package/ripe-atlas-common/install + $(INSTALL_DIR) \ + $(1)/etc/init.d \ + $(1)/etc/uci-defaults \ + $(1)/usr/lib/ripe-atlas/measurement \ + $(1)/usr/lib/ripe-atlas/scripts \ + $(1)/usr/share/ripe-atlas \ + $(1)/usr/sbin + $(INSTALL_BIN) -t \ + $(1)/usr/lib/ripe-atlas/scripts \ + $(foreach script, \ + array.lib.sh \ + atlas_log.lib.sh \ + class.lib.sh \ + common-pre.sh \ + common.sh \ + config.sh \ + $(PRB_TYPE)-ATLAS.sh \ + $(PRB_TYPE)-common.sh \ + $(PRB_TYPE)-reginit.sh \ + json.lib.sh \ + linux-functions.sh \ + paths.lib.sh \ + reg_servers.sh.dev \ + reg_servers.sh.test \ + reginit.sh \ + resolvconf \ + support.lib.sh, \ + $(PKG_INSTALL_DIR)/usr/lib/ripe-atlas/scripts/$(script)) + $(INSTALL_BIN) \ + $(PKG_INSTALL_DIR)/usr/lib/ripe-atlas/measurement/busybox \ + $(1)/usr/lib/ripe-atlas/measurement/busybox + $(INSTALL_BIN) \ + $(PKG_INSTALL_DIR)/usr/sbin/ripe-atlas \ + $(1)/usr/sbin/ripe-atlas + $(INSTALL_DATA) -t \ + $(1)/usr/share/ripe-atlas \ + $(foreach file, \ + FIRMWARE_APPS_VERSION \ + measurement.conf \ + $(PROBE_FW_KEYS), \ + $(PKG_INSTALL_DIR)/usr/share/ripe-atlas/$(file)) + $(INSTALL_BIN) files/ripe-atlas.init $(1)/etc/init.d/ripe-atlas + $(INSTALL_BIN) files/ripe-atlas.uci-defaults $(1)/etc/uci-defaults/60_ripe-atlas + $(INSTALL_DATA) files/capabilities.json $(1)/usr/share/ripe-atlas/capabilities.json + $(call LinkApplet,$(1),atlasinit) + $(call LinkApplet,$(1),buddyinfo) + $(call LinkApplet,$(1),condmv) + $(call LinkApplet,$(1),date) + $(call LinkApplet,$(1),dfrm) + $(call LinkApplet,$(1),eooqd) + $(call LinkApplet,$(1),eperd) + $(call LinkApplet,$(1),evhttpget) + $(call LinkApplet,$(1),evntp) + $(call LinkApplet,$(1),evping) + $(call LinkApplet,$(1),evsslgetcert) + $(call LinkApplet,$(1),evtdig) + $(call LinkApplet,$(1),evtraceroute) + $(call LinkApplet,$(1),httppost) + $(call LinkApplet,$(1),onlyuptime) + $(call LinkApplet,$(1),perd) + $(call LinkApplet,$(1),rchoose) + $(call LinkApplet,$(1),rptaddrs) + $(call LinkApplet,$(1),rptra6) + $(call LinkApplet,$(1),rptuptime) + $(call LinkApplet,$(1),rxtxrpt) + $(call LinkApplet,$(1),telnetd) +endef + +define Package/ripe-atlas-probe + $(call Package/ripe-atlas/Default) + TITLE+=(Software Probe) + DEPENDS+=+ripe-atlas-common + VARIANT:=probe + CONFLICTS+=ripe-atlas-anchor + MENU:=1 +endef + +define Package/ripe-atlas-probe/config + source "$(SOURCE)/Config.in" +endef + +define Package/ripe-atlas-probe/description +RIPE Atlas (Software Probe) + +$(call Package/ripe-atlas/Default/description) +endef + +define Package/ripe-atlas-probe/install + $(INSTALL_DIR) \ + $(1)/usr/lib/ripe-atlas/scripts \ + $(1)/usr/share/ripe-atlas + $(INSTALL_DATA) \ + $(PKG_BUILD_DIR)/config/probe/known_hosts.reg \ + $(1)/usr/share/ripe-atlas + $(INSTALL_BIN) \ + $(PKG_BUILD_DIR)/config/probe/reg_servers.sh.prod \ + $(1)/usr/lib/ripe-atlas/scripts +endef + +define Package/ripe-atlas-probe/conffiles +/etc/ripe-atlas/probe_key +/etc/ripe-atlas/probe_key.pub +/etc/config/ripe-atlas +endef + +define Package/ripe-atlas-anchor + $(call Package/ripe-atlas/Default) + TITLE+=(Anchor) + DEPENDS+=+ripe-atlas-common + VARIANT:=anchor + PROVIDES+=ripe-atlas-probe + MENU:=1 +endef + +define Package/ripe-atlas-anchor/config + source "$(SOURCE)/Config.in" +endef + +define Package/ripe-atlas-anchor/description +RIPE Atlas (Anchor) + +$(call Package/ripe-atlas/Default/description) +endef + +define Package/ripe-atlas-anchor/install + $(INSTALL_DIR) \ + $(1)/usr/lib/ripe-atlas/scripts \ + $(1)/usr/share/ripe-atlas + $(INSTALL_DATA) \ + $(PKG_BUILD_DIR)/config/anchor/known_hosts.reg \ + $(1)/usr/share/ripe-atlas + $(INSTALL_BIN) \ + $(PKG_BUILD_DIR)/config/anchor/reg_servers.sh.prod \ + $(1)/usr/lib/ripe-atlas/scripts +endef + +define Package/ripe-atlas-anchor/conffiles +/etc/ripe-atlas/probe_key +/etc/ripe-atlas/probe_key.pub +/etc/config/ripe-atlas +endef + +$(eval $(call BuildPackage,ripe-atlas-common)) +$(eval $(call BuildPackage,ripe-atlas-anchor)) +$(eval $(call BuildPackage,ripe-atlas-probe)) diff --git a/openwrt/files/capabilities.json b/openwrt/files/capabilities.json new file mode 100644 index 00000000..ab56e432 --- /dev/null +++ b/openwrt/files/capabilities.json @@ -0,0 +1,17 @@ +{ + "bounding": [ + "CAP_NET_RAW", "CAP_SETUID" + ], + "effective": [ + "CAP_NET_RAW", "CAP_SETUID" + ], + "ambient": [ + "CAP_NET_RAW", "CAP_SETUID" + ], + "permitted": [ + "CAP_NET_RAW", "CAP_SETUID" + ], + "inheritable": [ + "CAP_NET_RAW", "CAP_SETUID" + ] +} diff --git a/openwrt/files/ripe-atlas.init b/openwrt/files/ripe-atlas.init new file mode 100755 index 00000000..3075844a --- /dev/null +++ b/openwrt/files/ripe-atlas.init @@ -0,0 +1,150 @@ +#!/bin/sh /etc/rc.common +START=60 +STOP=01 +USE_PROCD=1 +MAINU=ripe-atlas +MEASU=ripe-atlas-measurement +GROUP=ripe-atlas + +validate_config() +{ + uci_load_validate 'ripe-atlas' 'ripe-atlas' "${1}" "${2}" \ + 'enabled:uinteger:1' \ + 'log_console:uinteger:0' \ + 'mode:string:prod' \ + 'rxtx_report:uinteger:0' +} + +create_dir() +{ + local user + local group + local mode + local dir + + user="${1}" + shift + group="${1}" + shift + mode="${1}" + shift + + while [ -n "${1}" ]; do + ent="${1}" + mkdir -p ${IPKG_INSTROOT}/${ent} + chown ${user}:${group} ${IPKG_INSTROOT}/${ent} + chmod ${mode} ${IPKG_INSTROOT}/${ent} + shift + done +} + +setup_environment() +{ + create_dir ${MAINU} ${GROUP} 0770 \ + /etc/ripe-atlas + create_dir ${MEASU} ${GROUP} 0775 \ + /var/run/ripe-atlas/pids \ + /var/run/ripe-atlas/status + create_dir ${MEASU} ${GROUP} 2775 \ + /var/spool/ripe-atlas/crons \ + /var/spool/ripe-atlas/crons/main \ + /var/spool/ripe-atlas/crons/2 \ + /var/spool/ripe-atlas/crons/3 \ + /var/spool/ripe-atlas/crons/4 \ + /var/spool/ripe-atlas/crons/5 \ + /var/spool/ripe-atlas/crons/6 \ + /var/spool/ripe-atlas/crons/7 \ + /var/spool/ripe-atlas/crons/8 \ + /var/spool/ripe-atlas/crons/9 \ + /var/spool/ripe-atlas/crons/10 \ + /var/spool/ripe-atlas/crons/11 \ + /var/spool/ripe-atlas/crons/12 \ + /var/spool/ripe-atlas/crons/13 \ + /var/spool/ripe-atlas/crons/14 \ + /var/spool/ripe-atlas/crons/15 \ + /var/spool/ripe-atlas/crons/16 \ + /var/spool/ripe-atlas/crons/17 \ + /var/spool/ripe-atlas/crons/18 \ + /var/spool/ripe-atlas/crons/19 \ + /var/spool/ripe-atlas/crons/20 \ + /var/spool/ripe-atlas/data \ + /var/spool/ripe-atlas/data/new \ + /var/spool/ripe-atlas/data/oneoff \ + /var/spool/ripe-atlas/data/out \ + /var/spool/ripe-atlas/data/out/ooq \ + /var/spool/ripe-atlas/data/out/ooq10 +} + +start_instance() +{ + local cfg=${IPKG_INSTROOT}/etc/ripe-atlas/config.txt + local mod=${IPKG_INSTROOT}/etc/ripe-atlas/mode + + if [ ${2} -ne 0 ]; then + echo 'validation failed' + return 1 + fi + + if [ ${enabled} -eq 0 ]; then + return 1 + fi + + rm -f ${IPKG_INSTROOT}/etc/ripe-atlas/reg_servers.sh + case "${mode}" in + test|dev|prod) + ;; + *) + return 1 + ;; + esac + + echo 'Starting RIPE Atlas' + setup_environment + echo 1>/dev/null 2> "${mod}" + echo 1>/dev/null 2> "${cfg}" + + if [ ${rxtx_report} -ne 0 ]; then + echo 'RXTXRPT=yes' >> "${cfg}" + fi + echo "${mode}" > "${mod}" + + procd_open_instance + procd_set_param command ${IPKG_INSTROOT}/usr/sbin/ripe-atlas + procd_set_param user ${MAINU} + procd_set_param group ${GROUP} + procd_set_param stdout ${log_console} + procd_set_param stderr ${log_console} + procd_set_param respawn + if [ -x /sbin/ujail ]; then + procd_add_jail ripe-atlas + procd_append_param capabilities ${IPKG_INSTROOT}/usr/share/ripe-atlas/capabilities.json + fi + procd_close_instance + + return 0 +} + +start_service() +{ + config_load 'ripe-atlas' + config_foreach validate_config 'ripe-atlas' start_instance +} + +stop_service() +{ + local pids + local pid + + for pid in $(find /proc -type d -maxdepth 1 -group ${GROUP} -print); do + pids="${pid##*/} ${pids}" + done + + if [ -n "${pids}" ]; then + kill ${pids} 1>/dev/null 2>&1 + fi +} + +service_triggers() +{ + procd_add_validation validate_config +} diff --git a/openwrt/files/ripe-atlas.uci-defaults b/openwrt/files/ripe-atlas.uci-defaults new file mode 100644 index 00000000..92e832fc --- /dev/null +++ b/openwrt/files/ripe-atlas.uci-defaults @@ -0,0 +1,18 @@ +#!/bin/sh +chown ripe-atlas-measurement:ripe-atlas ${IPKG_INSTROOT}/usr/lib/ripe-atlas/measurement/busybox 1>/dev/null 2>&1 +chmod 0750 ${IPKG_INSTROOT}/usr/lib/ripe-atlas/measurement/busybox 1>/dev/null 2>&1 +chown 0:0 ${IPKG_INSTROOT}/usr/share/ripe-atlas/measurement.conf 1>/dev/null 2>&1 +chmod 0644 ${IPKG_INSTROOT}/usr/share/ripe-atlas/measurement.conf 1>/dev/null 2>&1 +uci get ripe-atlas 1>/dev/null 2>&1 +if [ $? -ne 0 ]; then + touch ${IPKG_INSTROOT}/etc/config/ripe-atlas + uci -q batch 1>/dev/null 2>&1 < - 5090 +- All platforms + - All platforms now have a ripe-atlas-common package, a ripe-atlas-anchor and ripe-atlas-probe package to define the purpose of the probe. This deprecates atlasswprobe + - Package is now built using autotools + - Package restructured according to Linux FHS + - Probe private key is not removed upon uninstall + - libevent is now linked to the measurement code statically. It diverged from the original package and cannot be sent upstream + - sudo is no longer required, the processes drop privileges automatically +- Software probes + - Added support for Oracle EL8 and RHEL9 (Oracle EL9 / Rocky Linux 9) + - Added initial code for Debian 11/12 (Support incomplete) + - Added initial code for OpenWRT 22.03 (Support incomplete) + - Fix Atlas not working on SELinux (RHBA-2023:5062); Robert Scheck + - Sanitised log messages (unnecessary errors) + - Probe sub architecture now reports ID, VERSION and PLATFORM + - systemd-sysusers and systemd-tmpfiles now used + - Atlas now exits properly when stopped by systemd on EL8 + - Bash is now a requirement + - RPM now validates properly + +* Fri Sep 23 2022 RIPE Atlas Team - 5080 +- All platforms + - Introduction of CI/CD pipeline for building firmware + - Fix for ICMPv6 echo replies on systems with 32-bit pid_t (Graham Edgecombe) +- Software probes + - The auto update functionality has been removed from the CentOS 7/8 RPM. +- Cleanup on v3 hardware probe to align with v4 and v5 probes. + - Streamline build process for flash and USB firmware + - Removal of unused software / functionality + - Revert to stock OpenWRT insofar as possible + - Code refactoring to remove duplicate implementation of LED behaviour + - JSON style logging framework introduced, initially for process restarting + - Filesystem bug fixed that prevented release of flash firmware + +* Tue May 31 2022 RIPE Atlas Team - 5070 +- Fix bug that caused processes to restart erroneously. +- Added support for NTP size extension (by Daniel Drown) + +* Wed Mar 16 2022 RIPE Atlas Team - 5060 +- Removed IPv6 reporting from rxtxrpt +- Replace syscall(__NR_clock_gettime, ...) with clock_gettime() (by Eneas U de Queiroz) +- Fix rptaddrs to handle systems without IPv6. Sad but true. +- Allow measurement targets to be in the prefixes 0.0.0.0/8 and 240.0.0.0/4 +- Add HTTPPOST_PORT port override for httppost +- Improvements for self tests +- Updated cipher list in sslgetcert to Firefox 89.0.2 +- Support for DNS-over-HTTPS measurements + +* Wed Feb 16 2022 RIPE Atlas Team - 5050 +- This is an administrative release, it does not have any changes. + +* Thu Oct 21 2021 RIPE Atlas Team - 5040 +- Measurement changes (version 2.4.1): + - Firmware 5030 introduced a regression where a specific type of TCP connect failure would cause the probe to stop performing measurements. + +* Mon Sep 13 2021 RIPE Atlas Team - 5030 +- Config variable to disable the check that atlas data is on tmpfs +- Support for software probes on OpenWrt (by Jan Pavlinec) +- Measurement busybox v2.4.0: + - Solve issue with duplicate src_addr in DNS measurements + - Remove as much as possible source files that are not used by Atlas + - Fix bug in sslgetcert if there is a connection failure + - Replace stime with clock_settime + - Support a lot more network interfaces in reporting traffic statistics + - Option to set AD bit in DNS queries + - Initial support for testing Atlas measurement code + +* Mon Apr 6 2020 RIPE Atlas Team - 5020 +- Support for a centos 8 binary repo +- Use the hash of the public key in SOS messages for software probes and anchors, allowing software probes to report SOS messages +- Fix a bug in DNS measurements where a JSON fields got duplicated (measurement busybox 2.2.1) +- Suppress some debug output from dfrm (measurement busybox 2.2.1) +- Make response to a reg. server returning WAIT more robust + +* Mon Jan 13 2020 RIPE Atlas Team - 5010 +- Support for Turris routers +- Support Debian +- Build fixes for CentOS 8 +- Improved mechanism to source architecture specific scripts +- Support for DNS resolvers with IPv6 link local address +- Removed some bash-isms +- Measurement changes (version 2.2.0): + - "qt" field for DNS measurements to report query time without setup overhead + - Handle IPv6 scope IDs + - Switch to libevent 2.1.11 + - 'httppost' should only set the system if the environment variable HTTPPOST_ALLOW_STIME is set + - Add '--ttl' option in DNS measurements to report the TTL on replies (for UDP) + +* Mon Oct 7 2019 RIPE Atlas Team - 5000 +- Probe firmware 5000.2 + - Make setting the time and date in the ATLAS script optional + - Corrected names of production registration servers + - Introduce config.txt to make rxtxrpt optional + - Add -y option to yum update + - Added README.rst, INSTALL.rst, CHANGES.rst and LICENSE +- Probe firmware 5000 + - First release of software probes - sync up probe firmware versions between hardware and software + +* Wed Apr 10 2019 RIPE Atlas Team - 4980 +- Disable TCP SACK + +* Mon Mar 25 2019 RIPE Atlas Team - 4970 +- Fixed an issue with periodic HTTP measurements and a chunked response from the remote server +- Generate a new value for the "$r" macro in DNS measurements for each resolver when "use probe's resolvers" is in effect +- Fixed a bug in TCP traceroute when some measurements did not run if there were more than 256 measurements defined + +* Tue Feb 26 2019 RIPE Atlas Team - 4960 +- Fix local time management to deal with cases where the probe did not adjust its local time correctly +- Add support for reinstalling the current firmware if (filesystem) corruption is suspected + +* Wed Feb 20 2019 RIPE Atlas Team - 4950 +- Fixed a bug in traceroute where a trace was supposed to stop after 5 non-responding hops, but it stopped earlier if the starting hop was not set to 1 +- Added support for DNS cookies (API/UI support is in the works) +- Added support to set EDNS version, flags and options (API/UI support TBD) +- Added support to send DNS queries with IPv6 destination option (API/UI support is in the works) +- Code shuffles to record timestamps for response time as close as possible to sending and receiving calls + +* Tue Jul 17 2018 RIPE Atlas Team - 4940 +- Add support for DNS client subnet option +- Add support for HTTP host header +- Add support for ping synchronous DNS resolution (only used internally) +- Update SSL/TLS list of ciphers (taken from wget 1.19.1) +- Add support for SSL/TLS elliptic curves +- Add better error reporting for TLS errors +- Add support for traceroute ToS +- Internal code changes to align the behaviour/scripts used on v3 and v4 probes +- Fix a bug where probes no longer sent DNS "sos" queries + +* Mon May 21 2018 RIPE Atlas Team - 4930 +- This firmware is a clone of 4910, aimed exclusively for the upcoming v4 probes + +* Mon Jan 8 2018 RIPE Atlas Team - 4910 +- General + - Upgrade busybox (used inside the probe firmware) + - When name resolution results in a 'local' address and the probe denies executing the measurement, report the offending address + - Report how long name resolution takes (except for DNS measurements) + - SSL/TLS certificate measurements now report the cipher that is chosen by the server + - Fix bug where a TCP socket was not set to non-blocking when explicit binding to an interface was required +- Anchor + - Support added for CentOS 6 and 7 + +* Mon May 29 2017 RIPE Atlas Team - 4790 +- This is a v1/v2 only release meant to fix stability issues that resulted in stretching the hardware capabilities too far. + +* Mon May 22 2017 RIPE Atlas Team - 4780 +- Various fixes for stability and security +- Allow DNS "macros" like $p, $t, $r, which are replaced by the probe each time with probe ID, timestamp and a random value, respectively +- Add SNI support to TLS/SSL checks +- Add option to embed probe ID in ping requests in order to filter out RIPE Atlas generated ICMPs +- Report time-to-complete in TLS/SSL results even if fetching the actual certificate fails +- Fixed a bug where there were no results delivered for DNS measurements with the "include the abuf" option turned off + +* Wed Mar 22 2017 RIPE Atlas Team - 4770 +- Fixed a regression where DNS measurements using TCP transport always failed +- Fixed a bug where WiFi measurements could sometimes report using the wrong outgoing network interface + +* Thu Feb 23 2017 RIPE Atlas Team - 4760 +- Changes to use USB sticks (in v3 probes) as little as possible by buffering results in memory. As a tradeoff for more expected stability, the probes lose recent, unreported measurement results (ie. the ones collected in the last 60-90 seconds). +- Unexpectedly terminated TCP connections caused SIGPIPE signals crashing the measurement the process +- Various stability and security fixes to the measurement code + +* Tue Jan 24 2017 RIPE Atlas Team - 4750 +- First release of wifi firmware (4755) +- Various security/stability fixes in the measurement code + +* Mon Aug 8 2016 RIPE Atlas Team - 4740 +- Disallow measurements towards 0.0.0.0/8 +- Internal changes to support wifi measurements +- Report local network configuration every hour +- Switch to ext4 filesystem for USB storage +- Check for read-only USB and send SOS message if that's the case +- Fixed kernel to not download new firmware if the usb stick is read-only + +* Mon Jan 18 2016 RIPE Atlas Team - 4730 +- Better error handling for unexpected measurement results +- Probes will soon start reporting their uptime in a new "virtual measurement", ID 7001 +- Fixed an error case where results of one-off traceroutes could have interfered with ongoing traceroutes +- Added preliminary support for specifying a timeout parameter for DNS measurements + +* Mon Oct 5 2015 RIPE Atlas Team - 4720 +- The method for measuring times (e.g. RTTs) for each measurement has been switched to use a strictly monotonic, relative clock, thereby avoiding the artefacts caused by absolute clock changes due to time synchronisation. +- The RDATA field of a DNS measurement result (in response to a TXT query) is now a list of strings. It was a single string before. +- The cipher list supported by SSL/TLS certificate checks have been refreshed. +- Fixed a bug where one-off results were reported multiple times in some cases. +- Fixed a issue where NTP measurements could generate syntactically incorrect results which, as a consequence, were never stored. +- Fixed an issue where IPv6-only probes did not properly report their network configuration. +- Fixed a bug where failed DNS measurements in some cases did not report the time of measurement. +- The probes, in addition to the infrastructure, now also enforce the restriction that local (RFC1918 and link-local) addresses should not be measured. +- When removing static configuration from a probe, the statically added previous DNS server was still used + +* Mon Jul 6 2015 RIPE Atlas Team - 4700 +- This is mostly a maintenance release, with internal behavioural changes only. + +* Sat Mar 28 2015 RIPE Atlas Team - 4680 +- This firmware incorporates a few bug fixes: +- If probe has statically configured nameserver and also DHCPv4, the DHCP one wins, thereby fixing stale DNS entries +- Enhance the NTP client on v3 probes +- V3 probes now pick up IPv6 DNS resolvers from RA messages +- Stability issues on v1/v2 probes when HTTP measurements immediately fail with connection errors +- "SSLCert" measurements now also support TLS + +* Wed Jan 14 2015 RIPE Atlas Team - 4670 +- Fixed two bugs in ping measurements where the probe had issues pinging its own IPv6 address +- Fixed wrong host header for IPv6 literals in http measurements +- Probes are now trying to avoid starting too many measurements at exactly the same second + +* Mon Aug 25 2014 RIPE Atlas Team - 4660 +- Bugfix: fixed a bug in paris traceroute where the ICMP version would have the wrong paris id in outgoing packets +- Bugfix: fixed a memory leak in the DNS measurements code +- Enhancement: include a cookie in outgoing ping packets and check the reply +- Enhancement: in ping, report IP version and target address even if socket connect fails +- Experimental suport for NTP measurements (not publicly available yet) + +* Tue Jul 8 2014 RIPE Atlas Team - 4650 +- Ping interval option (-i option, needs support from API and UI) +- The "lts" field is now also available in the output of traceroute, dns, sslgetcert, httpget +- Traceroute IPv6 extra error code 'h': destination unreachable/beyond scope +- Fixed error in the output of traceroute +- Fixed bug in parsing multiple IPv6 extension headers in traceroute +- Fixed bug in DNS where RA flag was set in requests + +* Mon Mar 17 2014 RIPE Atlas Team - 4610 +- The new firmware fixes a few DNS related bugs: +- In some cases the probe sent DNS results too often +- Querying the local DNS resolver could result in multiple results (one per resolver), but these could not be accessed in the data store. The new version collects results from all resolvers into one data structure. See the /apis/result-format/#version-4610-dns-lookup for details. +- In addition, this firmware adds preliminary support for using IPv6 extension headers. This will be available in the UI and in the API at a later date. + +* Mon Feb 17 2014 RIPE Atlas Team - 4600 +- The new firmware release (4600) contains bug fixes for missing fields in ping results (TTL and source address). It also incorporates a more secure way for the probes to authenticate new firmwares before upgrading. + +* Mon Dec 16 2013 RIPE Atlas Team - 4580 +- Due to an issue with the latest firmware release, a subset of the v3 probes were listening to incoming connections on an open port that should not have been left open. As a secondary measure, however, access to this port required credentials only available to the RIPE Atlas probe developers. It therefore never presented open access to the probes. This port (SSH) is used for development purposes in our internal development environment. +- We upgraded the v3 probes to a new, corrected firmware version (4580), and improved the checks in our firmware release process. The new firmware is otherwise functionally equivalent to the previous one. +- This issue did not affect version 1/2 probes and anchors. + +* Thu Nov 21 2013 RIPE Atlas Team - 4570 +- Upgrade kernel on v3 probes without losing static network config +- Uniform interpretation of the size parameter of ping and traceroute: the size excludes the IPv4/IPv6 header and the transport (ICMP, TCP, UDP) header +- Add TCP mode to traceroute measurements +- Most measurements (except for DNS "use probe's local resolvers") now pick up a new list of resolvers if it has been updated by DHCP +- Support for SRV and NAPTR in DNS measurements +- Support "number of retries" option in DNS measurements +- Note that the use of the new measurement flag will be enabled in the UI and API at a later stage. + +* Tue Apr 23 2013 RIPE Atlas Team - 4520 +- This is a bug fix release for all probe architectures. There is a small bug in the probe measurement code that can be trigger only if a controller sends the wrong commands to a probe. + +* Tue Apr 23 2013 RIPE Atlas Team - 4510 +- Version 3 probes + - Fixes for static network configuration +- Anchor + - Cleanup in anchor package + - Various fixes to the startup/shutdown scripts + - Aligned build script with upstart for killing processes + - Clean up pid files on Atlas shutdown + - Kill Atlas processes on install/uninstall + - Anchor now requires daemontools to be installed + +* Thu Feb 28 2013 RIPE Atlas Team - 4500 +- RIPE Atlas probe software now supports two more architectures: TP-Link (for the next generation probes) and CentOS (for RIPE Atlas anchors). +- There is now support for one-off measurements for ping, traceroute, DNS, and HTTPget. +- We fixed a bug in DNS measurements in which, when querying local resolvers, more queries went to the last resolver. +- Fixed "error" : { "TUCONNECT" : "Success"}. Before this version DNS TCP and HTTPget reported an error message "Success". +- First release of anchor package + +* Wed Oct 3 2012 RIPE Atlas Team - 4480 +- Fixed bug in traceroute when it has to deal with rfc4884 objects (mpls) that have a wrong size. +- Delayed DNS name resolution in ping and traceroute. This feature will soon be enabled through the UI. +- Fixed bug in HTTP GET where some characters where not properly escaped in generating the result JSON. +- Fixed bugs in the libevent stub resolver to better handle DNS errors and timeouts (affects mostly httpget) +- Limit the amount of measurement data that is sent as one unit. This prevents probes that have not connected to a controller for some time from overloading the controller. +- The probe uptime is now in the DNS SOS messages that are sent by probes before they try to connect. This will allow making a distinction between various reasons for disconnects: e.g. probe reboot vs. network problems. +- Initial version for anchor package added (Anand Buddhev) + +* Thu Sep 20 2012 RIPE Atlas Team - 4470 +- This firmware fixes two bugs. + - The first one is that DNS results may get mixed up when a probe runs two DNS measurements at the same time. + - The second one is where traceroute sometimes reports a timestamp of 0. +- In addition, the firmware now has IPv6 literals for the registrations servers, so an IPv6-only probe can connect to a registration server even if it doesn't have a DNS resolver. + +* Thu Jun 21 2012 RIPE Atlas Team - 4460 +- The main new feature in this firmware is the use of libevent and rewriting the measurement code to use it. This provides a much higher capacity for doing measurements. In addition, the probe now reports results in JSON. Expect the traceroute output to be completely different. The are a number of small changes. For example, the DHCP client now sets the client-id and vendor class. Please note that if you have given the probe a static IPv4 address through DHCP and the probes stops working then this may be caused by the change in DHCP client-id. + +* Wed Feb 22 2012 RIPE Atlas Team - 4310 +- This firmware contains a number of small fixes that deal with exceptional conditions. Probes should also reconnected slightly quicker after a disconnect. + +* Mon Oct 10 2011 RIPE Atlas Team - 4270 +- More pings to fixed destinations +- Traceroutes to fixed destinations +- DNS root server anycast instance checks + +* Mon Jul 4 2011 RIPE Atlas Team - 4030 +- We're in the process of rolling out a new firmware version. It enables a new feature that has been asked by members of the community: /howtos/probe-static-network-config.md. Using the UI, one can ask the probe to try to use static IPv4/IPv6 addresses (and DNS resolvers). If these settings don't work, the probes will fall back to using DHCP. As a byproduct, this feature also allows IPv6-only deployments. + +* Mon Feb 7 2011 RIPE Atlas Team - 4020 +- The new firmware version enables the use of a second registration server (woolsey.atlas.ripe.net). All probes are expected to upgrade automatically in the coming days. diff --git a/rhel/ripe-atlas-anchor.spec b/rhel/ripe-atlas-anchor.spec new file mode 100644 index 00000000..eee6fa49 --- /dev/null +++ b/rhel/ripe-atlas-anchor.spec @@ -0,0 +1,153 @@ +%define git_repo ripe-atlas-software-probe +%define build_dirname %{git_repo} +%define base_path ripe-atlas +%define service_name ripe-atlas.service +%define version %(find . -name VERSION | head -1 | xargs -I {} sh -c "cat {}") + +# define user to perform measurements +%define atlas_measurement ripe-atlas-measurement +%define atlas_user ripe-atlas +%define atlas_group ripe-atlas + +# flag to ignore files installed in builddir but not packaged in the final RPM +%define _unpackaged_files_terminate_build 0 + +# prevent creation of the build ids in /usr/lib -> see https://access.redhat.com/discussions/5045161 +%define _build_id_links none + +# Files to migrate +%define atlas_olddir /home/atlas +%define atlas_oldkey %{atlas_olddir}/etc/probe_key +%define atlas_oldmode %{atlas_olddir}/state/mode +%define atlas_oldconfig %{atlas_olddir}/state/config.txt +%define atlas_newdir %{_sysconfdir}/%{base_path} +%define atlas_newkey %{atlas_newdir}/probe_key +%define atlas_newmode %{atlas_newdir}/mode +%define atlas_newconfig %{atlas_newdir}/config.txt + +# Workaround for systems using autoconf 2.69 and older +%if 0%{?rhel} >= 9 +%define fix_rundir %{_rundir} +%else +%define fix_rundir %{_localstatedir}/run +%endif + +%define rpm_statedir %{_localstatedir}/lib/rpm-state/ripe-atlas + +# Keep scripts intact +%define __brp_mangle_shebangs_exclude_from ^%{_libexecdir}/%{base_path}/scripts/.*$ + +Name: ripe-atlas-anchor +Summary: RIPE Atlas Anchor Package +Version: %{version} +Release: 1%{?dist} +License: RIPE NCC +Group: Applications/Internet +BuildArch: noarch +Requires: ripe-atlas-common = %{version}-%{release} +BuildRequires: rpm, systemd, openssl-devel +Provides: ripe-atlas-software-probe +Obsoletes: atlasprobe < 5080.0-3 +Conflicts: atlasprobe, atlasswprobe, ripe-atlas-probe +URL: https://atlas.ripe.net/anchors/apply/ +%{systemd_requires} + +%description +Probe specific files and configurations that form a working anchor. Please visit https://atlas.ripe.net/anchors/apply/ to register. +Only install at the direction of RIPE NCC. + +%prep +echo "Building for anchor version: %{version}" + +# performing the steps of '%setup' manually since we are pulling from a remote git repo +echo "Cleaning build dir" +cd %{_builddir} +rm -rf %{_builddir}/%{build_dirname} +echo "Getting Sources..." + +%{!?git_tag:%define git_tag master} +%{!?git_source:%define git_source https://github.com/RIPE_NCC} + +git clone -b %{git_tag} --recursive %{git_source}/%{git_repo}.git %{_builddir}/%{build_dirname} + +cd %{_builddir}/%{build_dirname} +%{?git_commit:git checkout %{git_commit}} + +%install +mkdir -p %{buildroot}%{_datadir}/%{base_path} +install -m 0644 %{_builddir}/%{build_dirname}/config/anchor/known_hosts.reg %{buildroot}%{_datadir}/%{base_path}/known_hosts.reg +mkdir -p %{buildroot}%{_libexecdir}/%{base_path}/scripts +install -m 0755 %{_builddir}/%{build_dirname}/config/common/reg_servers.sh.dev %{buildroot}%{_libexecdir}/%{base_path}/scripts/reg_servers.sh.dev +install -m 0755 %{_builddir}/%{build_dirname}/config/common/reg_servers.sh.test %{buildroot}%{_libexecdir}/%{base_path}/scripts/reg_servers.sh.test +install -m 0755 %{_builddir}/%{build_dirname}/config/anchor/reg_servers.sh.prod %{buildroot}%{_libexecdir}/%{base_path}/scripts/reg_servers.sh.prod +mkdir -p %{buildroot}%{atlas_newdir} +touch %{buildroot}%{atlas_newdir}/reg_servers.sh + +%files +%{_datadir}/%{base_path}/known_hosts.reg +%{_libexecdir}/%{base_path}/scripts/reg_servers.sh.* +%ghost %attr(0755, %{atlas_user}, %{atlas_group}) %{atlas_newdir}/reg_servers.sh + +%define get_state() [ -f "%{rpm_statedir}/%1" ] + +%define init_state() \ +mkdir -p %{rpm_statedir} \ +systemctl "%1" --quiet %{service_name} 1>/dev/null 2>&1 \ +if [ $? -eq 0 ]; then \ + touch "%{rpm_statedir}/%1" 2>/dev/null \ +else \ + rm -f "%{rpm_statedir}/%1" 2>/dev/null \ +fi \ +%{nil} + +%define clear_state() rm -rf %{rpm_statedir} 1>/dev/null 2>&1 + +%define migrate_file() \ +if ( [ -f "%1" ] && ! cmp -s "%1" "%2" 1>/dev/null 2>&1 ); then \ + install -D -p -m "%3" -o "%4" -g "%5" "%1" "%2" 1>/dev/null 2>&1; \ +fi \ +%{nil} + +%post +# Migrate configuration files +%migrate_file %{atlas_oldkey} %{atlas_newkey} 0600 %{atlas_user} %{atlas_group} +%migrate_file %{atlas_oldkey}.pub %{atlas_newkey}.pub 0644 %{atlas_user} %{atlas_group} +%migrate_file %{atlas_oldmode} %{atlas_newmode} 0644 %{atlas_user} %{atlas_group} +%migrate_file %{atlas_oldconfig} %{atlas_newconfig} 0644 %{atlas_user} %{atlas_group} + +# clean up old atlas installation, it is now obsolete +if ( [ -f "%{atlas_newkey}" ] && + [ -f "%{atlas_newkey}.pub" ] && + [ -f "%{atlas_newmode}" ] && + [ -d "%{atlas_olddir}" ] ); then + # NOTE: %{atlas_newconfig} may not exist + # if %{atlas_oldconfig} did not either + rm -rf "%{atlas_olddir}/*" +fi + +# clean environment of previous version (if any) +# on upgrade systemd restarts after this +rm -fr %{fix_rundir}/%{base_path}/status/* %{_sysconfdir}/%{base_path}/reg_servers.sh + +%systemd_post %{service_name} + +if %{get_state is-active}; then + systemctl start %{service_name} 1>/dev/null 2>&1 +fi + +if %{get_state is-enabled}; then + systemctl enable %{service_name} 1>/dev/null 2>&1 +fi +exit 0 + +%preun +if [ $1 -eq 0 ]; then + systemctl disable %{service_name} 1>/dev/null 2>&1 + systemctl stop %{service_name} 1>/dev/null 2>&1 +fi +exit 0 + +%postun +exit 0 + +%include rhel/changelog diff --git a/rhel/ripe-atlas-probe.repo b/rhel/ripe-atlas-probe.repo new file mode 100644 index 00000000..f92436d7 --- /dev/null +++ b/rhel/ripe-atlas-probe.repo @@ -0,0 +1,7 @@ +[ripe-atlas-probe] +name=RIPE Atlas Probe Repo +baseurl=https://ftp.ripe.net/ripe/atlas/software-probe/ +gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-ripe-atlas +enabled=1 +repo_gpgcheck=1 +gpgcheck=1 diff --git a/rhel/ripe-atlas-probe.spec b/rhel/ripe-atlas-probe.spec new file mode 100644 index 00000000..32d654ed --- /dev/null +++ b/rhel/ripe-atlas-probe.spec @@ -0,0 +1,251 @@ +%define git_repo ripe-atlas-software-probe +%define build_dirname %{git_repo} +%define base_path ripe-atlas +%define service_name ripe-atlas.service +%define version %(find . -name VERSION | head -1 | xargs -I {} sh -c "cat {}") + +# define user to perform measurements +%define atlas_measurement ripe-atlas-measurement +%define atlas_user ripe-atlas +%define atlas_group ripe-atlas + +# flag to ignore files installed in builddir but not packaged in the final RPM +%define _unpackaged_files_terminate_build 0 + +# prevent creation of the build ids in /usr/lib -> see https://access.redhat.com/discussions/5045161 +%define _build_id_links none + +# Files to migrate +%define atlas_olddir /var/atlas-probe +%define atlas_oldkey %{atlas_olddir}/etc/probe_key +%define atlas_oldmode %{atlas_olddir}/state/mode +%define atlas_oldconfig %{atlas_olddir}/state/config.txt +%define atlas_newdir %{_sysconfdir}/%{base_path} +%define atlas_newkey %{atlas_newdir}/probe_key +%define atlas_newmode %{atlas_newdir}/mode +%define atlas_newconfig %{atlas_newdir}/config.txt + +# Workaround for systems using autoconf 2.69 and older +%if 0%{?rhel} >= 9 +%define fix_rundir %{_rundir} +%else +%define fix_rundir %{_localstatedir}/run +%endif + +%define rpm_statedir %{_localstatedir}/lib/rpm-state/%{base_path} + +# Keep scripts intact +%define __brp_mangle_shebangs_exclude_from ^%{_libexecdir}/%{base_path}/scripts/.*$ + +Name: ripe-atlas-common +Summary: RIPE Atlas Software Probe Essentials +Group: Applications/Internet +Version: %{version} +Release: 1%{?dist} +License: GPLv3.0 +Requires: %{?el6:daemontools} %{?el7:psmisc} %{?el8:psmisc} openssh-clients iproute %{?el7:sysvinit-tools} %{?el8:procps-ng} net-tools hostname /bin/sh bash +Requires(pre): %{_sbindir}/semanage %{_bindir}/systemd-sysusers %{_bindir}/systemd-tmpfiles +Requires(post): %{_sbindir}/semanage +BuildRequires: rpm systemd-rpm-macros %{?el7:systemd} %{?el8:systemd} openssl-devel autoconf automake libtool make +URL: https://atlas.ripe.net/ +%{systemd_requires} + +%description +Essential core assets used in all probe flavours. This package must be installed for a probe to operate as expected. + +%package -n ripe-atlas-probe +Summary: RIPE Atlas Software Probe +Group: Applications/Internet +BuildArch: noarch +Requires: ripe-atlas-common = %{version}-%{release} +Provides: ripe-atlas-software-probe +Obsoletes: atlasswprobe < 5080-3%{?dist} +Conflicts: atlasprobe, atlasswprobe, ripe-atlas-anchor +URL: https://atlas.ripe.net/apply/swprobe/ + +%description -n ripe-atlas-probe +Probe specific files and configurations that form a working software probe. Please visit https://atlas.ripe.net/apply/swprobe/ to register. + +%prep +echo "Building for probe version: %{version}" + +# performing the steps of '%setup' manually since we are pulling from a remote git repo +echo "Cleaning build dir" +cd %{_builddir} +rm -rf %{_builddir}/%{build_dirname} +echo "Getting Sources..." + +%{!?git_tag:%define git_tag master} +%{!?git_source:%define git_source https://github.com/RIPE_NCC} + +git clone -b %{git_tag} --recursive %{git_source}/%{git_repo}.git %{_builddir}/%{build_dirname} + +cd %{_builddir}/%{build_dirname} +%{?git_commit:git checkout %{git_commit}} + +%build +cd %{_builddir}/%{build_dirname} +autoreconf -iv +./configure \ + --prefix=%{_prefix} \ + --sysconfdir=%{_sysconfdir} \ + --localstatedir=%{_localstatedir} \ + --libdir=%{_libdir} \ +%if 0%{?rhel} >= 9 + --runstatedir=%{fix_rundir} \ +%endif + --with-user=%{atlas_user} \ + --with-group=%{atlas_group} \ + --with-measurement-user=%{atlas_measurement} \ + --enable-systemd \ + --disable-chown \ + --disable-setcap-install \ + --with-install-mode=probe +make + +%install +cd %{_builddir}/%{build_dirname} +make DESTDIR=%{buildroot} install +touch %{buildroot}%{atlas_newdir}/reg_servers.sh + +%files +%{_sbindir}/* +%dir %{_datadir}/%{base_path} +%{_unitdir}/%{service_name} +%{_sysusersdir}/ripe-atlas.conf +%{_tmpfilesdir}/ripe-atlas.conf +%attr(0644, root, root) %{_datadir}/%{base_path}/measurement.conf +%{_datadir}/%{base_path}/FIRMWARE_APPS_VERSION +%config(noreplace) %attr(0644, %{atlas_user}, %{atlas_group}) %{atlas_newmode} +%attr(0770, %{atlas_user}, %{atlas_group}) %dir %{atlas_newdir} +%dir %{_libexecdir}/%{base_path} +%dir %{_libexecdir}/%{base_path}/measurement/ +%{_libexecdir}/%{base_path}/measurement/a* +%{_libexecdir}/%{base_path}/measurement/buddyinfo +%{_libexecdir}/%{base_path}/measurement/c* +%{_libexecdir}/%{base_path}/measurement/d* +%{_libexecdir}/%{base_path}/measurement/e* +%{_libexecdir}/%{base_path}/measurement/h* +%{_libexecdir}/%{base_path}/measurement/o* +%{_libexecdir}/%{base_path}/measurement/p* +%{_libexecdir}/%{base_path}/measurement/r* +%{_libexecdir}/%{base_path}/measurement/t* +%caps(cap_net_raw=ep) %attr(4750, %{atlas_measurement}, %{atlas_group}) %{_libexecdir}/%{base_path}/measurement/busybox +%dir %{_libexecdir}/%{base_path}/scripts +%exclude %{_libexecdir}/%{base_path}/scripts/reg_servers.sh.* +%exclude %{atlas_newdir}/reg_servers.sh +%{_libexecdir}/%{base_path}/scripts/resolvconf +%{_libexecdir}/%{base_path}/scripts/*.sh + +%files -n ripe-atlas-probe +%{_datadir}/%{base_path}/known_hosts.reg +%{_libexecdir}/%{base_path}/scripts/reg_servers.sh.* +%ghost %attr(0755, %{atlas_user}, %{atlas_group}) %{atlas_newdir}/reg_servers.sh + +%define get_state() [ -f "%{rpm_statedir}/%1" ] + +%define init_state() \ +mkdir -p %{rpm_statedir} \ +systemctl "%1" --quiet %{service_name} 1>/dev/null 2>&1 \ +if [ $? -eq 0 ]; then \ + touch "%{rpm_statedir}/%1" 2>/dev/null \ +else \ + rm -f "%{rpm_statedir}/%1" 2>/dev/null \ +fi \ +%{nil} + +%define clear_state() rm -rf %{rpm_statedir} 1>/dev/null 2>&1 + +%pre -n ripe-atlas-common +%init_state is-active +%init_state is-enabled +systemctl stop %{service_name} 1>/dev/null 2>&1 +systemctl disable %{service_name} 1>/dev/null 2>&1 +%{_bindir}/systemd-sysusers --replace=%{_sysusersdir}/ripe-atlas.conf - </dev/null 2>&1 || : +exit 0 + +%post -n ripe-atlas-common +%{_bindir}/systemd-tmpfiles --create %{_tmpfilesdir}/ripe-atlas.conf + +if [ $1 -eq 0 ]; then + %{_sbindir}/semanage fcontext -d -f a -t bin_t -r s0 %{_sbindir}/ripe-atlas > /dev/null 2>&1 || : +fi +exit 0 + +%define migrate_file() \ +if ( [ -f "%1" ] && ! cmp -s "%1" "%2" 1>/dev/null 2>&1 ); then \ + install -D -p -m "%3" -o "%4" -g "%5" "%1" "%2" 1>/dev/null 2>&1; \ +fi \ +%{nil} + +%post -n ripe-atlas-probe +# Migrate configuration files +%migrate_file %{atlas_oldkey} %{atlas_newkey} 0600 %{atlas_user} %{atlas_group} +%migrate_file %{atlas_oldkey}.pub %{atlas_newkey}.pub 0644 %{atlas_user} %{atlas_group} +%migrate_file %{atlas_oldmode} %{atlas_newmode} 0644 %{atlas_user} %{atlas_group} +%migrate_file %{atlas_oldconfig} %{atlas_newconfig} 0644 %{atlas_user} %{atlas_group} + +# clean up old atlas installation, it is now obsolete +if ( [ -f "%{atlas_newkey}" ] && + [ -f "%{atlas_newkey}.pub" ] && + [ -f "%{atlas_newmode}" ] && + [ -d "%{atlas_olddir}" ] ); then + # NOTE: %{atlas_newconfig} may not exist + # if %{atlas_oldconfig} did not either + rm -rf "%{atlas_olddir}" +fi + +# clean environment of previous version (if any) +# on upgrade systemd restarts after this +rm -fr %{fix_rundir}/%{base_path}/status/* %{_sysconfdir}/%{base_path}/reg_servers.sh + +%systemd_post %{service_name} + +if %{get_state is-active}; then + systemctl start %{service_name} 1>/dev/null 2>&1 +fi + +if %{get_state is-enabled}; then + systemctl enable %{service_name} 1>/dev/null 2>&1 +fi + +%clear_state +exit 0 + +%preun -n ripe-atlas-probe +if [ $1 -eq 0 ]; then + systemctl disable %{service_name} 1>/dev/null 2>&1 + systemctl stop %{service_name} 1>/dev/null 2>&1 +fi +exit 0 + +%preun -n ripe-atlas-common +# Uninstall +if [ $1 -eq 0 ]; then + systemctl stop %{service_name} 1>/dev/null 2>&1 + systemctl disable %{service_name} 1>/dev/null 2>&1 + # clean environment; %files doesn't support leaving directories but removing files + rm -f %{fix_rundir}/%{base_path}/pids/* \ + %{fix_rundir}/%{base_path}/status/* \ + %{_localstatedir}/spool/%{base_path}/crons/* \ + %{_localstatedir}/spool/%{base_path}/crons/*/* \ + %{_localstatedir}/spool/%{base_path}/data/*/* \ + 1>/dev/null 2>&1 +fi +exit 0 + +%postun -n ripe-atlas-common +exit 0 + +%postun -n ripe-atlas-probe +exit 0 + +%include rhel/changelog diff --git a/rhel/ripe-atlas-repo.spec b/rhel/ripe-atlas-repo.spec new file mode 100644 index 00000000..c1985f3a --- /dev/null +++ b/rhel/ripe-atlas-repo.spec @@ -0,0 +1,83 @@ +%define git_repo ripe-atlas-software-probe +%define build_dirname ripe-atlas-repo +%define assets_path rhel + +%define repofile_dirname %{_sysconfdir}/yum.repos.d +%define key_dirname %{_sysconfdir}/pki/rpm-gpg +%define gpg_key_filename RPM-GPG-KEY-ripe-atlas + +%define repofile_path %{_builddir}/%{build_dirname}/%{assets_path}/ripe-atlas-probe.repo +%define gpg_key_path %{_builddir}/%{build_dirname}/%{assets_path}/%{gpg_key_filename} + +Name: ripe-atlas-repo +Summary: RIPE Atlas Software Probe Repo +Version: 1 +Release: 4%{?dist} +License: RIPE NCC +Group: Applications/Internet +BuildArch: noarch + +%description +Setup the RIPE Atlas Software Probe Repo + +%prep +# performing the steps of '%setup' manually since we are pulling from a remote git repo +echo "Cleaning build dir" +cd %{_builddir} +rm -rf %{_builddir}/%{build_dirname} +echo "Getting Sources..." + +%{!?git_tag:%define git_tag master} +%{!?git_source:%define git_source https://github.com/RIPE_NCC} + +git clone -b %{git_tag} --recursive %{git_source}/%{git_repo}.git %{_builddir}/%{build_dirname} + +cd %{_builddir}/%{build_dirname} +%{?git_commit:git checkout %{git_commit}} + +%build +RELEASE=%{git_tag} +RELEASE=${RELEASE%%%.*} +case "${RELEASE}" in + ([0-9]*) + RELEASE='master' + ;; + + master) + ;; + + *) + sed -i -e "s/baseurl.*\$/&.${RELEASE}\//" %{repofile_path} + ;; +esac + +STRIPPED_DIST=$(echo %{?dist} | sed -r 's/^\.//') +if [ -z ${STRIPPED_DIST} ] ; then + echo "OS Error: No Distribution Detected! rpm macro ?dist is empty" + exit 1 +fi + +echo "OS Distro detected as: ${STRIPPED_DIST}" +sed -i -e "s/baseurl.*\$/&${STRIPPED_DIST}\//" %{repofile_path} + +%install +RELEASE=%{git_tag} +RELEASE=${RELEASE%%%.*} +case "${RELEASE}" in + ([0-9]*) + RELEASE='master' + ;; + + *) + ;; +esac +mkdir -p %{buildroot}/{%{repofile_dirname},%{key_dirname}} +install -m 0644 %{repofile_path} %{buildroot}%{repofile_dirname} +install -m 0644 %{gpg_key_path}."${RELEASE}" %{buildroot}%{key_dirname}/%{gpg_key_filename} + +%files +%{repofile_dirname} +%{key_dirname} + +%include rhel/changelog + diff --git a/rules.mk b/rules.mk new file mode 100644 index 00000000..cee13841 --- /dev/null +++ b/rules.mk @@ -0,0 +1,47 @@ +SUBST_PATHS = sed \ + -e 's|@atlas_datadir[@]|$(atlas_datadir)|g' \ + -e 's|@atlas_execprefix[@]|$(atlas_execprefix)|g' \ + -e 's|@atlas_libexecdir[@]|$(atlas_libexecdir)|g' \ + -e 's|@atlas_measurementdir[@]|$(atlas_measurementdir)|g' \ + -e 's|@atlas_scriptsdir[@]|$(atlas_scriptsdir)|g' \ + -e 's|@atlas_rundir[@]|$(atlas_rundir)|g' \ + -e 's|@atlas_spooldir[@]|$(atlas_spooldir)|g' \ + -e 's|@atlas_sysconfdir[@]|$(atlas_sysconfdir)|g' \ + -e 's|@bindir[@]|$(bindir)|g' \ + -e 's|@datadir[@]|$(datadir)|g' \ + -e 's|@datarootdir[@]|$(datarootdir)|g' \ + -e 's|@docdir[@]|$(docdir)|g' \ + -e 's|@exec_prefix[@]|$(exec_prefix)|g' \ + -e 's|@includedir[@]|$(includedir)|g' \ + -e 's|@libdir[@]|$(libdir)|g' \ + -e 's|@libexecdir[@]|$(libexecdir)|g' \ + -e 's|@localedir[@]|$(localedir)|g' \ + -e 's|@localstatedir[@]|$(localstatedir)|g' \ + -e 's|@mandir[@]|$(mandir)|g' \ + -e 's|@prefix[@]|$(prefix)|g' \ + -e 's|@probe_scripts_path[@]|$(probe_scripts_path)|g' \ + -e 's|@ripe_atlas_user[@]|$(ripe_atlas_user)|g' \ + -e 's|@ripe_atlas_measurement[@]|$(ripe_atlas_measurement)|g' \ + -e 's|@ripe_atlas_group[@]|$(ripe_atlas_group)|g' \ + -e 's|@sbindir[@]|$(sbindir)|g' \ + -e 's|@sharedstatedir[@]|$(sharedstatedir)|g' \ + -e 's|@storage_sysconfdir[@]|$(storage_sysconfdir)|g' \ + -e 's|@sysconfdir[@]|$(sysconfdir)|g' \ + -e 's|@tmpdir[@]|$(tmpdir)|g' \ + -e 's|@VERSION[@]|$(VERSION)|g' + +%.service: %.service.in + @rm -f $@ + $(AM_V_GEN)$(SUBST_PATHS) $< > $@ + +%.conf: %.conf.in + @rm -f $@ + $(AM_V_GEN)$(SUBST_PATHS) $< > $@ + +%.h: %.h.in + @rm -f $@ + $(AM_V_GEN)$(SUBST_PATHS) $< > $@ + +%.sh: %.sh.in + @rm -f $@ + $(AM_V_GEN)$(SUBST_PATHS) $< > $@