Several updates #4

* Improved offline install docs
* Migrated token mechanism backend to SQL
* Preliminary token mechanism frontend integration
* Add clock skew tolerance for OCSP
* Add 'ldap computer filter' support for Kerberized machine enroll
* Include OCSP and CRL URL-s in certificates, controlled by profile.conf
* Better certificate extension handling
* Place DH parameters file in /etc/ssl/dhparam.pem
* Always talk to CA over port 8443 for 'certidude enroll'
* Hardened frontend nginx config
* Separate log files for frontend nginx
* Better provisioning heuristics
* Add sample site.sh config for LEDE image builder
* Add more device profiles for LEDE image builder
* Various bugfixes and improvements

doc/builder/ap.sh

@@ -111,7 +111,7 @@ EOF
 make -C $BUILD/$BASENAME image FILES=$OVERLAY PROFILE=$PROFILE PACKAGES="luci \
     openssl-util curl ca-certificates dropbear \
     strongswan-mod-kernel-libipsec kmod-tun strongswan-default strongswan-mod-openssl strongswan-mod-curl strongswan-mod-ccm strongswan-mod-gcm \
-    htop iftop tcpdump nmap nano -odhcp6c -odhcpd -dnsmasq \
+    htop iftop netdata -odhcp6c -odhcpd -dnsmasq \
     -luci-app-firewall \
     -pppd -luci-proto-ppp -kmod-ppp -ppp -ppp-mod-pppoe \
     -kmod-ip6tables -ip6tables -luci-proto-ipv6 -kmod-iptunnel6 -kmod-ipsec6"

doc/builder/common.sh

@@ -29,9 +29,7 @@ AUTHORITY=$(hostname -f)
 mkdir -p $OVERLAY/etc/config
 mkdir -p $OVERLAY/etc/uci-defaults
 mkdir -p $OVERLAY/etc/certidude/authority/$AUTHORITY/
-cp /var/lib/certidude/$AUTHORITY/ca_cert.pem $OVERLAY/etc/certidude/authority/$AUTHORITY/
-
-echo /etc/certidude >> $OVERLAY/etc/sysupgrade.conf
+cp /var/lib/certidude/ca_cert.pem $OVERLAY/etc/certidude/authority/$AUTHORITY/
 
 cat <<EOF > $OVERLAY/etc/config/certidude
 

doc/builder/ipcam.sh

@@ -40,5 +40,7 @@ EOF
 
 make -C $BUILD/$BASENAME image FILES=$OVERLAY PROFILE=$PROFILE PACKAGES="openssl-util curl ca-certificates \
     strongswan-default strongswan-mod-openssl strongswan-mod-curl strongswan-mod-ccm strongswan-mod-gcm htop \
-    iftop tcpdump nmap nano mtr patch diffutils ipset usbutils luci luci-app-mjpg-streamer kmod-video-uvc dropbear \
-    pciutils -dnsmasq -odhcpd -odhcp6c -kmod-ath9k picocom strongswan-mod-kernel-libipsec kmod-tun"
+    iftop tcpdump nmap nano usbutils luci luci-app-mjpg-streamer kmod-video-uvc dropbear \
+    -pppd -luci-proto-ppp -kmod-ppp -ppp -ppp-mod-pppoe \
+    -dnsmasq -odhcpd -odhcp6c -kmod-ath9k picocom strongswan-mod-kernel-libipsec kmod-tun \
+    netdata"

doc/builder/mfp.sh

@@ -103,8 +103,9 @@ uci set uhttpd.main.listen_http=0.0.0.0:8080
 EOF
 
 make -C $BUILD/$BASENAME image FILES=$OVERLAY PROFILE=$PROFILE PACKAGES="openssl-util curl ca-certificates htop \
-    iftop tcpdump nmap nano mtr patch diffutils ipset usbutils luci dropbear kmod-tun \
+    iftop tcpdump nmap nano mtr patch diffutils ipset usbutils luci dropbear kmod-tun netdata \
     strongswan-default strongswan-mod-kernel-libipsec strongswan-mod-openssl strongswan-mod-curl strongswan-mod-ccm strongswan-mod-gcm \
-    pciutils -odhcpd -odhcp6c -kmod-ath9k picocom libustream-openssl kmod-crypto-gcm bc"
-
+    -odhcpd -odhcp6c -kmod-ath9k picocom libustream-openssl kmod-crypto-gcm \
+    -pppd -luci-proto-ppp -kmod-ppp -ppp -ppp-mod-pppoe \
+    -kmod-ip6tables -ip6tables -luci-proto-ipv6 -kmod-iptunnel6 -kmod-ipsec6"