Commit 29631424 authored by iv's avatar iv

Add script to run/configure re6st.

parent 8eeb72cd
author "NayuOS team"
description "Resilient, Scalable, IPv6 Network application"
chdir /etc/re6stnet
pre-start script
# interface configuration
sysctl net.ipv6.conf.wlan0.accept_ra=0 || sysctl net.ipv6.conf.mlan0.accept_ra=0
# firewall configuration
ip6tables -P FORWARD ACCEPT
ip6tables -A OUTPUT -p udp --dport 6696 -j ACCEPT
ip6tables -A OUTPUT -p udp --dport 326 -j ACCEPT
ip6tables -A INPUT -p udp --dport 6696 -j ACCEPT
ip6tables -A INPUT -p udp --dport 326 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 9684 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 50005 -j ACCEPT
stop shill || echo shill already stopped
stop shill_respawn || echo shill_respawn already stopped
start re6st_shill && echo start re6st_shill
end script
script
if [ -f re6stnet.conf ] ; then
if [ ! -f /usr/bin/re6stnet ] ; then
# @ is a Python notation
exec /usr/local/bin/re6stnet @re6stnet.conf
else
exec /usr/bin/re6stnet @re6stnet.conf
fi
fi
end script
post-stop script
# remove firewall configuration
ip6tables -D OUTPUT -p udp --dport 6696 -j ACCEPT
ip6tables -D OUTPUT -p udp --dport 326 -j ACCEPT
ip6tables -D INPUT -p udp --dport 6696 -j ACCEPT
ip6tables -D INPUT -p udp --dport 326 -j ACCEPT
ip6tables -D INPUT -p tcp --dport 9684 -j ACCEPT
ip6tables -D INPUT -p tcp --dport 50005 -j ACCEPT
stop re6st_shill
start shill
end script
\ No newline at end of file
#
# Copyright (C) 2012 The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
description "Run the shill network connection manager with specific blacklisted devices for re6st"
author "chromium-os-dev@chromium.org ; minor modifications for re6st by NayuOS team"
# shill termination may take more than 5s (the default kill timeout) in some
# cases (e.g. it needs to disconnect a cellular modem from the network). A
# longer kill timeout is used to ensure that shill terminates properly in most
# cases. Also, stop shill on "starting pre-shutdown" so its exiting blocks the
# chromeos_shutdown script from running (jobs that "stop on stopping
# boot-services" may still be running in parallel with chromeos_shutdown if
# they do not exit quickly).
start on started network-services and started wpasupplicant
stop on starting pre-shutdown
kill timeout 10
respawn
# Default parameters to be overridden by upstart configuration.
env SHILL_LOG_LEVEL=0
env SHILL_LOG_SCOPES=
env SHILL_PASSIVE_MODE=
env SHILL_PREPEND_DNS_SERVERS=
env SHILL_ACCEPT_HOSTNAME_FROM=
env SHILL_MINIMUM_MTU=
env BLACKLISTED_DEVICES=re6stnet-tcp,re6stnet10,re6stnet9,re6stnet8,re6stnet7,re6stnet6,re6stnet5,re6stnet4,re6stnet3,re6stnet2,re6stnet1,tun0,tun1,tun2
env DHCPV6_ENABLED_DEVICES=
# Hook for mod_for_test_scripts/100setupTestingInterface.
env SHILL_TEST_DEVICES=""
pre-start script
bootstat shill-start
# Create state directory
mkdir -p /var/run/shill
# Create storage for the shill global profile.
mkdir -p /var/cache/shill
# Use flimflam's default profile if shill doesn't have one.
if [ ! -f /var/cache/shill/default.profile -a \
-f /var/cache/flimflam/default.profile ]; then
mv /var/cache/flimflam/default.profile /var/cache/shill/default.profile
chmod a+r /var/cache/shill/default.profile
fi
# Set up dhcpcd's /var/{lib|run} dirs to run as user 'dhcp'.
mkdir -m 0755 -p /var/lib/dhcpcd
mkdir -m 0755 -p /var/run/dhcpcd
chmod -R u+rwX,g+rX,o+rX /var/lib/dhcpcd
chown -R dhcp:dhcp /var/lib/dhcpcd
chown -R dhcp:dhcp /var/run/dhcpcd
# This option is no longer supported.
rm -f /home/chronos/.disable_shill
end script
post-stop script
bootstat shill-stop
end script
script
DAEMONBIN="shill"
ARGS="--log-level=${SHILL_LOG_LEVEL} --log-scopes=${SHILL_LOG_SCOPES}"
if [ -n "${BLACKLISTED_DEVICES}" ] && [ -n "${SHILL_TEST_DEVICES}" ]; then
ARGS="${ARGS} --device-black-list=${BLACKLISTED_DEVICES},${SHILL_TEST_DEVICES}"
elif [ -n "${BLACKLISTED_DEVICES}" ]; then
ARGS="${ARGS} --device-black-list=${BLACKLISTED_DEVICES}"
elif [ -n "${SHILL_TEST_DEVICES}" ]; then
ARGS="${ARGS} --device-black-list=${SHILL_TEST_DEVICES}"
fi
if [ -n "${SHILL_PASSIVE_MODE}" ]; then
ARGS="${ARGS} --passive-mode"
fi
if [ -n "${SHILL_PREPEND_DNS_SERVERS}" ]; then
ARGS="${ARGS} --prepend-dns-servers=${SHILL_PREPEND_DNS_SERVERS}"
fi
if [ -n "${SHILL_ACCEPT_HOSTNAME_FROM}" ]; then
ARGS="${ARGS} --accept-hostname-from=${SHILL_ACCEPT_HOSTNAME_FROM}"
fi
if [ -n "${SHILL_MINIMUM_MTU}" ]; then
ARGS="${ARGS} --minimum-mtu=${SHILL_MINIMUM_MTU}"
fi
if [ -n "${DHCPV6_ENABLED_DEVICES}" ]; then
ARGS="${ARGS} --dhcpv6-enabled-devices=${DHCPV6_ENABLED_DEVICES}"
fi
ARGS="${ARGS} ${SHILL_TEST_ARGS}"
# If OOBE has not completed (i.e. EULA not agreed to), do not run
# portal checks.
if [ ! -f /home/chronos/.oobe_completed ]; then
ARGS="${ARGS} --portal-list="
fi
exec ${DAEMONBIN} ${ARGS}
end script
\ No newline at end of file
# Copyright 1999-2015 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $
EAPI=4
LICENSE="GPL-2"
SLOT="0"
KEYWORDS="*"
S=${WORKDIR}
RDEPEND="net-misc/re6stnet"
src_install() {
insinto /etc/init
doins "${FILESDIR}"/*.conf
dosym /home/chronos/user/.re6stconf /etc/re6stnet
}
\ No newline at end of file
DIST miniupnpc-1.8.tar.gz 70624 SHA256 bc5f73c7b0056252c1888a80e6075787a1e1e9112b808f863a245483ff79859c SHA512 8eedac9ad473fc952ca8896fe534d6da6b1b234e8b6f35f721394d4c71aca84ed287ca6c4f0455b50d97a45e4cd34e27d99a6813386e0864781364aa607e13d4 WHIRLPOOL 5b76ccbb5ed7daa9bb0d481b424b7c31a5f6dc85c5c812ba10175a29aefc0d3924f3db2aa8c3529d1241be59d67d1d4c702d27aad2de8c8a07fecf3857d73169
#!/bin/bash
# interactively generate configuration for re6st on NayuOS
mountpoint="/media/removable"
configdir="/home/chronos/user/.re6stconf"
configfile="${configdir}/re6stnet.conf"
options=""
save=0
install -d ${configdir}
echo "After having run this script, you will be able to join the Grandenet network, based on re6st, a resilient overlay mesh network providing IPv6."
read -p "token (you can get one on http://www.grandenet.cn): " token
read -p "registry [http://re6stnet.grandenet.cn]: " registry
if [ "$registry" == "" ] ; then
registry="http://re6stnet.grandenet.cn"
fi
read -p "set re6st route as default [Y/n]? " default
if [ "$default" == "y" -o "$default" == "Y" -o "$default" == "" ] ; then
options+="default "
fi
read -p "save configuration on an external device [Y/n]? " save
if [ "$save" == "y" -o "$save" == "Y" -o "$save" == "" ] ; then
save=1
if [[ $(ls -d ${mountpoint}/*) ]]; then
echo "Detected external partitions:"
for mnt in /media/removable/* ; do
echo " * $mnt"
done
else
echo "no external device partition mounted on /media/removable"
fi
fi
read -e -p "Where the configuration directory should be saved (use tabulation for autocompletion): " place
place+="/re6stconf"
echo "configuration will be saved in $place"
else
echo "Configuration will be placed in ${configfile}, please do manually backup later or you could lose your access."
fi
re6st-conf --registry "${registry}" --token "${token}" --dir ${configdir}
for opt in $options; do
echo "$opt" >> ${configfile}
done
if [ $save -a $place ] ; then
sudo install -d "${place}"
sudo cp ${configdir}/* "${place}"
fi
echo "Use grdn-run command to run re6st."
\ No newline at end of file
#!/bin/bash
# interactively run re6stnet on NayuOS
mountpoint="/media/removable"
configdir="/home/chronos/user/.re6stconf"
configfile="${configdir}/re6stnet.conf"
options=""
shill_options="BLACKLISTED_DEVICES=re6stnet-tcp,re6stnet10,re6stnet9,re6stnet8,re6stnet7,re6stnet6,re6stnet5,re6stnet4,re6stnet3,re6stnet2,re6stnet1,tun0,tun1,tun2"
echo "After having run this script, you will connect to the Grandenet network, based on re6st, a resilient overlay mesh network providing IPv6."
if [[ $(ps -A | grep re6stnet) ]] ; then
read -p "re6stnet is already running. Stop it [y/N] ?" stop
if [ "$stop" == "y" -o "$stop" == "Y" ] ; then
echo "Killing re6stnet process..."
killall re6stnet
else
echo "Exiting."
fi
fi
# get configuration
if [ -f ${configfile} -a -f ${configdir}/cert.crt -a -f ${configdir}/cert.key -a -f ${configdir}/ca.crt ]; then
echo "configuration was found in ${configdir}"
else
echo "no configuration was found in ${configdir}, looking for it elsewhere..."
path=""
if [[ $(find ${mountpoint} -type d | grep re6stconf) ]] ; then
tempath=$(find ${mountpoint} -type d | grep -m 1 re6stconf)
read -p "Use configuration directory found at: ${tempath} [Y/n]? " confirm
if [ "${confirm}" == "y" -o "${confirm}" == "Y" -o "${confirm}" == "" ] ; then
path=$tempath
fi
else
echo "no configuration directory was found"
fi
if [ "$path" == "" ] ; then
read -e -p "please give a path to the directory containing the re6stnet configuration if you already generated one: " path
if [ "$path" == "" ] ; then
echo "No configuration given, you can generate one using grdn-cfg command. Exiting."
exit 1
fi
fi
if [ ! -d "$path" ] ; then
echo "Invalid path ${path}, you can generate a valid configuration using grdn-cfg command. Exiting."
exit 1
fi
if [ -f ${path}/re6stnet.conf -a -f ${path}/cert.crt -a -f ${path}/cert.key -a -f ${path}/ca.crt ]; then
install -d ${configdir}
cp -R ${path}/* ${configdir} && chmod 640 ${configdir}/* && chmod 600 ${configdir}/cert.key
else
echo "Missing some configuration files in ${path}, you can generate a valid configuration using grdn-cfg command. Exiting."
exit 1
fi
fi
# setup
# firewall configuration
# TODO check if not already accepted
# TODO only forward what comes from re6st
ip6tables -P FORWARD ACCEPT
ip6tables -A OUTPUT -p udp --dport 6696 -j ACCEPT
ip6tables -A OUTPUT -p udp --dport 326 -j ACCEPT
ip6tables -A INPUT -p udp --dport 6696 -j ACCEPT
ip6tables -A INPUT -p udp --dport 326 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 9684 -j ACCEPT
ip6tables -A INPUT -p tcp --dport 50005 -j ACCEPT
# TODO: how to get environment variables used by shill upstart script/shill options
# setup shill network manager
read -p "Was the network manager shill already started with the right blacklisted devices? (It should be the case if you run this script since you boot. Answering n will restart shill.) [y/N]? " confirm
if [ "$confirm" != "y" -a "$confirm" != "Y" ] ; then
if [[ $( status shill_respawn | grep running ) ]] ; then
# shill_respawn job does not allow to pass arguments to shill
stop shill_respawn
fi
if [[ $( status shill | grep running ) ]] ; then
stop shill
fi
start shill ${shill_options}
fi
# TODO get interface name with netstat -i
read -p "Should the interface accept router advertisement via IPv6 [y/N]? " accept_ra
# give some time for interfaces to be back
for i in {0..2} ; do
printf "." && sleep 1
done
echo ""
interface="$(netstat -i | grep RU | cut -d' ' -f1 | grep 0 || netstat -i | grep RU | cut -d' ' -f1 | grep 1)"
read -p "Is $interface the name of the interface that is used to access the Internet (via IPv4) [Y/n]? " confirm
if [ "$confirm" != "y" -a "$confirm" != "Y" -a "$confirm" != "" ] ; then
printf "running interfaces found:\n$(netstat -i | grep RU | cut -d' ' -f1)\n"
read -p "name of the interface used to access the Internet (via IPv4): " interface
fi
if [ accept_ra == "y" -o accept_ra == "Y" ] ; then
sysctl net.ipv6.conf."${interface}".accept_ra=1
else
sysctl net.ipv6.conf."${interface}".accept_ra=0
fi
echo "re6st will start, it may take a few minutes before beeing usable"
# wait a bit, so the user can see it and the message is not lost among re6st log
for i in {0..2} ; do
printf "." && sleep 1
done
echo ""
while [[ $( grep default ${configfile} ) && $( ip -6 r | grep default ) ]] ; do
printf "Default route was found for interface '${interface}':\n $( ip -6 r | grep default )\nwhereas option 'default' is in ${configfile}.\n"
read -p "Use ip route (i) or try restarting shill (s) [I/s]: " choice
if [ "$choice" != "s" -a "$confirm" != "S" ] ; then
echo ip -6 route del $( ip -6 r | grep default | sed "s/ dev .*/ /" )
ip -6 route del $( ip -6 r | grep default | sed "s/ dev .*/ /" )
else
restart shill ${shill_options}
fi
done
# join re6st network
cd ${configdir}
exec re6stnet @re6stnet.conf
\ No newline at end of file
...@@ -42,5 +42,6 @@ python_compile() { ...@@ -42,5 +42,6 @@ python_compile() {
} }
python_install() { python_install() {
dobin "${FILESDIR}"/grdn-cfg "${FILESDIR}"/grdn-run
distutils-r1_python_install distutils-r1_python_install
} }
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment