aprsc 2.1.13: Ubuntu 22.03 builds, bugfixes, optimisations, TLS & SCTP improvements

[Heikki Hannikainen]

aprsc 2.1.13 is now available.

Upgrading on Debian / Ubuntu:

sudo apt-get update && sudo apt-get upgrade
sudo systemctl disable aprsc
sudo systemctl enable aprsc
sudo reboot (to test that it works, if upgrading from pre-2.1.7)

Upgrading on CentOS:

sudo yum upgrade
sudo /etc/init.d/aprsc liveupgrade

Mac OS X & FreeBSD:

http://he.fi/aprsc/down/


aprsc is now 10 years old! Time for some cake I guess! Version 1.0 was
tagged on Friday, Septeber 21th, 2012, and I gave a presentation on it at
the TAPR Digital Communicatins Conference in 2012. The presentation paper
is still mostly valid: http://he.fi/aprsc/dcc-2012-aprsc.pdf


Changes in 2.1.13:

* Builds and repository for Ubuntu 22.04 (jammy) are now available. I
upgraded one of my servers already and it seems to work alright. Note
that Ubuntu 16.04 builds were dropped in May 2022. Ubuntu 18.04 builds
will be dropped after April 2023 when Ubuntu standard support for it ends,
so please upgrade to 20.04 or 22.04. 22.04 support ends in April 2027 so
that'll work for quite some time.

* Some older glibc versions have a bug where the DNS stub resolver does
not reload /etc/resolv.conf after it has changed. Debian and Ubuntu have
had a patch for this bug in glibc for a long time, but some other
operating systems apparently do not. Added code in the uplink connection
establishment department to initialize the resolver after resolv.conf
changes to make sure the changes are applied. Hopefully fixes bug #68
where aprsc would on some systems fail to make an uplink after the server
was rebooted - DNS would not work, probably resolv.conf did not have
correct contents when aprsc started up.

* Prevent uplink establishment from blocking worker threads and the stream
of packets through aprsc when uplink connection establishment is very slow
(or fails through a timeout), and an uplink is being closed at the same
time. Make aprsc shut down faster when an uplink connection attempt is
timing out.

* Some CPU performance optimisations in packet accounting (updating the
counters for each listener and connection), duplicate packet checking, and
incoming packets handling. Not because it was necessary but mostly because
it felt relaxing.

* A lot of string replacement from "SSL" to "TLS" here and there. SSL is
an older version of the same protocol which is already obsolete and TLS is
what everyone is actually using when they talk about "SSL". Config
options (sslkey, sslcert, sslca, sslcrl) are now named tlskey, tlscert,
tlsca, and tlscrl, but the old names will continue to work as well.

* Builds from source code now build with TLS by default if openssl is
found.

* Disabled TLSv1.1 to meet NIST guidelines and PCI-DSS requirements
without explicitly specifying algorithm suites. TLSv1.2 and TLSv1.3 are
supported. Just in case you need to process credit card transactions
with APRS. Ha-ha.

* Ran some test suite tests with TLS to verify Q construct processing.
Started working on regular automated tests of TLS with Github Actions, but
that doesn't quite work yet.

* Added a test suite test for the g/ filter, which appears to be
implemented right but was not being tested.

* Improved SCTP performance and logging. Added an SCTP full-feed
uplink/downlink test between two aprsc servers in the test suite. Indicate
SCTP connections in status web. SCTP is still experimental and I don't
recommend using it - I'll have to test it a bit more still to confirm it's
stable. Some code to use SCTP has been present in aprsc for a few years,
but it's been waiting for additional polishing.

SCTP is a newer layer-4 protocol, which lands between UDP and TCP but has
some interesting additional features. SCTP transports messages/datagrams
like UDP, while TCP transports a stream and the recipient of TCP data does
not know where a message (such as an APRS packet) begins and ends, unless
additional framing is used within the data stream. The APRS-IS simply uses
a CR LF character sequence to delimit packets.

SCTP is, by default, reliable like TCP and will retransmit lost packets,
but it can be configured to not maintain message ordering (UDP doesn't
maintain order of packets), which improves throughput when retransmissions
are needed for a few packets. It can also be configured to stop
retransmitting a lost packet after some time and accept the loss, which
results in a best-effort delivery channel where retransmissions are
attempted but a little loss is alright.

* Fixed a bunch of smaller issues found by a Coverity scan. Coverity is a
static analysis package, a tool for finding bugs, which I've used with
aprsc sporadically since 2013. They have a free service for open source
software. https://scan.coverity.com/projects/aprsc

* Fixed some build-time compiler warnings.


CentOS users out there, please remember this was fixed with the previous
release and please upgrade at some convenient time in the near future:

* The Centos RPM YUM repository should work again - there was a problem with the
repository management program, createrepo, going missing in new Ubuntu releases,
preventing the repository index from being built.

- Hessu

--
You received this message because you are subscribed to the Google Groups
"aprsc" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to aprsc+un...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/aprsc/alpine.DEB.2.21.2205111139440.8928%40jazz2.he.fi.

[Scott Evans]

T2TAS has been updated.

Wow ten years! it certainly doesn't seem like it has been.

Cheers 

To view this discussion on the web visit https://groups.google.com/d/msgid/aprsc/alpine.DEB.2.21.2211020844090.20803%40jazz2.he.fi.

[AD6NH]

Except for Ubuntu being upset over the keyring, all is well with 22.04

W: http://aprsc-dist.he.fi/aprsc/apt/dists/jammy/InRelease: Key is stored in legacy trusted.gpg keyring (/etc/apt/trusted.gpg), see the DEPRECATION section in apt-key(8) for details.

[Heikki Hannikainen]

Hi,

Right, good. Ubuntu 22.04 will be the last release which ships apt-key.

When you get that warning, you can do the following (as root) to migrate
away. I believe a similar thing will be needed on the next Debian release.
I'll update the INSTALL instructions.


# put the key in the new preferred apt trusted key place (just a silly
# little file):

gpg --keyserver keyserver.ubuntu.com \
--recv C51AA22389B5B74C3896EF3CA72A581E657A2B8D

gpg --export C51AA22389B5B74C3896EF3CA72A581E657A2B8D \
> /etc/apt/trusted.gpg.d/aprsc.gpg

# remove the key from the GPG keychain which was previously used:

apt-key del C51AA22389B5B74C3896EF3CA72A581E657A2B8D

> https://groups.google.com/d/msgid/aprsc/1e60c749-9536-424f-828f-fdcbbdc41549n%40googlegroups.com.
>
>

- Hessu

[Heikki Hannikainen]

Ooops, a little clarication is immediately needed for Ubuntu 22.04!

The "apt-key del" will remove the specified key from the GPG keychain,
*and* the new /etc/apt/trusted.gpg.d directory - aprsc.gpg will be renamed
to aprsc.gpg~ and not used any more. So "apt-key del" should be run
*first*, and the aprsc.gpg file created *after that*.


Corrected instructions:

# remove the key from the GPG keychain which was previously used:

apt-key del C51AA22389B5B74C3896EF3CA72A581E657A2B8D

# put the key in the new preferred apt trusted key place (just a silly #
little file):

gpg --keyserver keyserver.ubuntu.com \
--recv C51AA22389B5B74C3896EF3CA72A581E657A2B8D

gpg --export C51AA22389B5B74C3896EF3CA72A581E657A2B8D \
> /etc/apt/trusted.gpg.d/aprsc.gpg

> https://groups.google.com/d/msgid/aprsc/alpine.DEB.2.21.2211040844010.31405%40jazz2.he.fi.
>

- Hessu