icwmp: GetRPCMethod from cpe and ssl keep update

2026-03-11 11:38:41 +01:00 · 2022-04-26 19:32:36 +05:30 · 2022-04-26 19:32:36 +05:30 · c1ef23456b
commit c1ef23456b
parent 00fd54ba1b
3 changed files with 41 additions and 12 deletions
--- a/icwmp/Makefile
+++ b/icwmp/Makefile
@ -8,11 +8,11 @@
 include $(TOPDIR)/rules.mk

 PKG_NAME:=icwmp
-PKG_VERSION:=8.4.1
+PKG_VERSION:=8.4.2

 PKG_SOURCE_PROTO:=git
 PKG_SOURCE_URL:=https://dev.iopsys.eu/iopsys/icwmp.git
-PKG_SOURCE_VERSION:=8e6bde511a8032a7ffb253e6c1323fc641c05b4c
+PKG_SOURCE_VERSION:=f7c42eaba6ec1ed83754f82815c6e98b5b693074
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION)-$(PKG_SOURCE_VERSION).tar.gz
 PKG_MIRROR_HASH:=skip

--- a/icwmp/files/etc/init.d/icwmpd
+++ b/icwmp/files/etc/init.d/icwmpd
@ -106,7 +106,8 @@ validate_acs_section()
 		'compression:or("GZIP","Deflate","Disabled")' \
 		'retry_min_wait_interval:range(1, 65535)' \
 		'retry_interval_multiplier:range(1000, 65535)' \
-		'ipv6_enable:bool'
+		'ipv6_enable:bool' \
+		'ssl_capath:string'

 }

@ -135,6 +136,7 @@ validate_cpe_section()
 }

 validate_defaults() {
+	local ssl_capath
 	config_load cwmp

 	validate_acs_section || {
@ -142,6 +144,13 @@ validate_defaults() {
 		return 1;
 	}

+	# Put the cert pem file in keep list
+	if [ -f "${ssl_capth}" ]; then
+		if ! grep "${ssl_capath}" /lib/upgrade/keep.d/icwmp; then
+			echo "${ssl_capath}/*.pem" >> /lib/upgrade/keep.d/icwmp
+		fi
+	fi
+
 	[ -z "${url}" ] && [ -z "${dhcp_url}" ] && {
 		log "ACS url is empty can't start"
 		return 1;
--- a/icwmp/files/etc/uci-defaults/95-icwmp-generate-ssl
+++ b/icwmp/files/etc/uci-defaults/95-icwmp-generate-ssl
@ -2,17 +2,37 @@

 . /lib/functions.sh

-regenerate_ssl_link(){
-	[ ! -d "/etc/ssl/certs" ] && return 0;
-	[ ! -f "/etc/ssl/certs/*.pem" ] && return 0;
+regenerate_ssl_link_path()
+{
+        local cert_dir all_file rehash

-	local cert_dir="/etc/ssl/certs"
-	local all_file=$(ls $cert_dir/*.pem)
+        cert_dir="${1}"

-	for cfile in $all_file
-	do
-		ln -s $cfile $cert_dir/$(openssl x509 -hash -noout -in $cfile).0
-	done
+        all_file=$(ls $cert_dir/*.pem 2>/dev/null)
+
+        [ ! -d "${cert_dir}" ] && return 0;
+        [ ! -f "${all_file}" ] && return 0;
+
+        for cfile in $all_file
+        do
+		rehash="$(openssl x509 -hash -noout -in $cfile)"
+		[ -f ${cert_dir}/${rehash}.0 ] || \
+			ln -s $cfile $cert_dir/${rehash}.0
+        done
+}
+
+regenerate_ssl_link()
+{
+        local cwmp_ca_path
+
+        regenerate_ssl_link_path "/etc/ssl/certs"
+
+        cwmp_ca_path=$(uci -q get cwmp.acs.ssl_capath)
+        if [[ "${cwmp_ca_path}" != "/etc/ssl/certs"* ]]; then
+                if [ -n "${cwmp_ca_path}" ]; then
+                        regenerate_ssl_link_path "${cwmp_ca_path}"
+                fi
+        fi
 }

 regenerate_ssl_link