sentinel-dynfw-c-client: Add new package
Add alternative Sentinel Dynfw client written in C.
Merge request reports
Activity
requested review from @mvasilek
assigned to @mvasilek
- Resolved by Michal Hrusecky
changed milestone to %Turris OS 6.2.3
1 #!/bin/sh /etc/rc.common 2 3 USE_PROCD=1 4 START=25 5 STOP=80 6 7 CERT_KEY="/var/run/dynfw_server.pub" 8 IPSET="turris-sn-dynfw-block" 9 10 start_service() { 11 mkdir -p -m 0700 "$(dirname "$CERT_KEY")" 12 curl -f -s https://repo.turris.cz/sentinel/dynfw.pub -o "$CERT_KEY" || return 1 I don't like it. This requires to have working Internet connection otherwise the key would not be downloaded. Why we can not ship the certificate as we do for "normal" dynfw-client? See: https://gitlab.nic.cz/turris/os/packages/-/blob/18ff80867b0a2fc03997fe8ae4a0bee5beb8f6ad/collect/sentinel/sentinel-dynfw-client/files/server.pub
Also you are forcing to have installed curl by default. Let's avoid to have more dependencies than necessary.
changed this line in version 7 of the diff
1 # 2 # Copyright (C) 2018-2020 CZ.NIC, z.s.p.o. (https://www.nic.cz/) 3 # 4 # This is free software, licensed under the GNU General Public License v3. 5 # See /LICENSE for more information. 6 # 7 8 include $(TOPDIR)/rules.mk 9 10 PKG_NAME:=sentinel-dynfw-c-client 11 PKG_VERSION:=1.1.0 12 PKG_RELEASE:=$(AUTORELEASE) 13 14 PKG_SOURCE_PROTO:=git 15 PKG_SOURCE_URL:=https://gitlab.com/miska/dynfw-c.git Stillm it should be mirrored to our GitLab (I am not sure if you have 2FA enabled on GitLab.com instance) and while moving it here, it should go through review process.
Edited by Josef Schlehofer
- Resolved by Michal Hrusecky
- Resolved by Michal Hrusecky
added 1 commit
- 696b80ca - sentienl-dynfw-client: Move certificate to separate package
added 1 commit
- c8b9728c - fixup! sentinel-dynfw-c-client: Add new package
marked this merge request as draft from c8b9728c
added 39 commits
-
c8b9728c...b01db7a2 - 32 commits from branch
develop
- 3b425d52 - sentinel-dynfw-c-client: Add new package
- 1a249e75 - Apply 1 suggestion(s) to 1 file(s)
- fd324c35 - Apply 1 suggestion(s) to 1 file(s)
- 75f3e54c - Apply 1 suggestion(s) to 1 file(s)
- 7d2d3c5d - sentienl-dynfw-client: Move certificate to separate package
- 954de78b - sentinel-firewall: Basic support for IPv6
- 3a827d54 - fixup! sentinel-dynfw-c-client: Add new package
Toggle commit list-
c8b9728c...b01db7a2 - 32 commits from branch
@jschlehofer Rebased and split, but had to also do some changes in sentinel-firewall.
added 1 commit
- 8d8a677e - fixup! fixup! sentinel-dynfw-c-client: Add new package
marked this merge request as draft from 8d8a677e
1 #!/bin/sh /etc/rc.common 2 3 USE_PROCD=1 4 START=25 5 STOP=80 6 7 CERT_KEY="/etc/dynfw_server.pub" changed this line in version 10 of the diff
changed milestone to %Turris OS 6.2.4
added 1 commit
- 9942420b - fixup! sentienl-dynfw-client: Move certificate to separate package
added 27 commits
-
9942420b...c8ebb712 - 18 commits from branch
develop
- 9ac4438b - sentinel-dynfw-c-client: Add new package
- 4260577b - Apply 1 suggestion(s) to 1 file(s)
- b0a2a1ef - Apply 1 suggestion(s) to 1 file(s)
- 1d0956e8 - Apply 1 suggestion(s) to 1 file(s)
- f6c2cb85 - sentienl-dynfw-client: Move certificate to separate package
- dbde7999 - sentinel-firewall: Basic support for IPv6
- 8473cee9 - fixup! sentinel-dynfw-c-client: Add new package
- 248822e3 - fixup! fixup! sentinel-dynfw-c-client: Add new package
- 9d977a69 - fixup! sentienl-dynfw-client: Move certificate to separate package
Toggle commit list-
9942420b...c8ebb712 - 18 commits from branch
added 1 commit
- 0d7ce0ed - fixup! fixup! fixup! sentinel-dynfw-c-client: Add new package
marked this merge request as draft from 0d7ce0ed
- Resolved by Michal Hrusecky
1 #!/bin/sh /etc/rc.common 2 3 USE_PROCD=1 4 START=25 5 STOP=80 6 7 CERT_KEY="/etc/sentinel_dynfw_server.pub" 8 IPSET="turris-sn-dynfw-block" 9 10 start_service() { 11 procd_open_instance 12 procd_set_param command dynfw-ipset-client 13 procd_append_param command --ipset "$IPSET" 14 procd_append_param command --cert "$CERT_KEY" 15 # If not started, try ten times while waiting for 5 secs between tries Nitpick: Is there any reason, why you want to try it ten times instead of five times which is default?
https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=package/system/procd/files/procd.sh#l472
Also "the previous" variant has values 600, 5, 5
https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=package/system/procd/files/procd.sh#l472
It is true that OpenWrt has treshold as 3600, which we have 600.
- Resolved by Michal Hrusecky
- Resolved by Michal Hrusecky
- Resolved by Michal Hrusecky
Ok, this seems like last round from my review. We are reaching to the end.
Edited by Josef Schlehoferadded 5 commits
-
27b6b8b2...618ee9ff - 2 commits from branch
develop
- c197b9df - sentinel-dynfw-c-client: Add new package
- 7ade5419 - sentienl-dynfw-client: Move certificate to separate package
- 954e0065 - sentinel-firewall: Basic support for IPv6
Toggle commit list-
27b6b8b2...618ee9ff - 2 commits from branch
Rebased and squashed
Edited by Michal Hruseckyassigned to @jschlehofer and unassigned @mvasilek
requested review from @jschlehofer and removed review request for @mvasilek
added Feature New package labels