doc/location/README.org

   1 * Location Logging
   2 This document was created by Steven Baltakatei Sandoval on
   3 <2020-06-29 Mon 12:14> under a [[https://creativecommons.org/licenses/by-sa/4.0/][Creative Commons BY-SA 4.0 license]]. It
   4 was updated by Steven Baltakatei Sandoval on <2020-06-29 Mon 18:39>.
   5 ** Narrative
   6 Ninfacyzga-01 records (logs) its position in time and space using a
   7 [[https://en.wikipedia.org/wiki/Satellite_navigation_device][GPS receiver]]. The NMEA location data produced by the receiver is
   8 converted into the more commonly used GPS data storage formats of GPX
   9 and KML. All three types of data are then compressed and encrypted
  10 against a set of public keys. The encrypted data is then written to
  11 disk. Data produced by the receiver is segmented into 60-second chunks
  12 before being processed and written to disk.
  13 ** Description
  14 *** Hardware
  15 **** Raspberry Pi Zero W
  16 See the [[https://www.raspberrypi.org/pi-zero-w/][OEM]] webpage for this product.
  17 **** PiZ UpTime 2.0
  18 See the [[https://alchemy-power.com/piz-uptime-2-0/][OEM]] webpage for this product.
  19 *** Software
  20 ~bkgpslog~ : The bash script that performs the location data
  21 collection and processing. Is an executable file contained within this
  22 repository at ~exec/bkgpslog~. It should be copied to
  23 ~$HOME/.local/bin~.
  24
  25 ~gpsd~ : A background daemon app capable of interfacing with the
  26 Ozzmaker BerryGPS-IMU's GPS submodule. Installed and initialized by
  27 ~apt~.
  28
  29 ~gpspipe~ : A command line app that polls ~gpsd~ and produces a stream
  30 stdout consisting of GPS data lines in NMEA format. Installed via
  31 ~apt~.
  32
  33 ~gpsbabel~ : A command line app that converts GPS data from one format
  34 into another. ~bkgpslog~ uses it to convert NMEA data into GPX and
  35 KML. Installed via ~apt~.
  36
  37 ~gzip~ : A simple command line app that compresses stdin into a
  38 smaller stdout stream.
  39
  40 ~age~ : A simple command line app that encrypts stdin against public
  41 keys specified in its options. Produces encrypted stdout. Is an
  42 executable file contained within this repository at ~exec/age~. It
  43 should be copied to ~$HOME/.local/bin~.
  44
  45 **** Narrative
  46 ~bkgpslog~ populates a 60-second buffer with NMEA data from ~gpsd~ via
  47 ~gpspipe~. This buffer is used by ~gpsbabel~ to produce GPX and KML
  48 versions of the buffer. All 3 buffers are then comprssed with ~gzip~,
  49 encrypted with ~age~, and then written to disk.
  50
  51 *** Output
  52 **** File Formats
  53 ***** NMEA
  54 See the [[https://en.wikipedia.org/wiki/NMEA_0183][Wikipedia page]] for this.
  55 ***** GPX
  56 See the [[https://en.wikipedia.org/wiki/GPS_Exchange_Format][Wikipedia page]] for this. [[http://wiki.gis.com/wiki/index.php/WGS84][WGS84]] is the datum used.
  57 ***** KML
  58 See the [[https://en.wikipedia.org/wiki/Keyhole_Markup_Language][Wikipedia page]] for this. [[http://wiki.gis.com/wiki/index.php/WGS84][WGS84]] is the datum used.
  59 **** Encryption Method
  60 Files produced by the bkgpslog script are encrypted against a set of
  61 public keys using [[https://github.com/FiloSottile/age][~age~]], a simple command line encryption tool
  62 selected over ~gpg~ because of ~age~'s deliberate lack of
  63 configurability.
  64
  65 The public keys are bech32 strings supplied as options to bkgpslog
  66 when called. The secret key should *NOT* be stored in Ninfacyzga-01.
  67
  68 If a key pair was generated using ~age-keygen~, then it is an [[https://en.wikipedia.org/wiki/Curve25519][~X25519~]]
  69 key pair. See the [[https://age-encryption.org/v1][~age~ Version 1 specification]].
  70
  71 An ~ssh-rsa~ or ~ssh-ed25519~ SSH public key string may be used instead of
  72 the bech32 public key string produced by ~age-keygen~ for convenience.
  73
  74 Help information for ~age~ is available by running ~$ age --help~.
  75 ***** Encryption
  76 Files may be encrypted to several recipients using a command similar to:
  77 #+BEGIN_EXAMPLE
  78 timeout "60s" gpspipe -r | gpsbabel -i nmea -f - -o gpx -F | age \
  79 -r age1kza7pfshy7xwygf9349zgmk7x53mquvedgw9r98qwyyqhssh830qqjzlsw \
  80 -r age1ce3pvzrqfcn2pc6zqzglc8ac8yjk3fzukpy08cesqjjwns53xywqmaq7xw \
  81 -r age1pu5usxm743sx7rf22985xv2f4s0luzv6r6yx4fa7p8c2zyvp9fvqus2xr5 \
  82 > location.gpx.age
  83 #+END_EXAMPLE
  84
  85 In this example, the strings beginning with ~age1...~ are
  86 bech32-formatted public key strings.
  87
  88
  89 ***** Decryption
  90 Files may be decrypted using a command similar to:
  91
  92 #+BEGIN_EXAMPLE
  93 cat location.gpx.age | age -d -i key.txt > location.gpx
  94 #+END_EXAMPLE
  95
  96 The version of ~age~ used to perform the encryption
  97 ** Operating Procedures
  98 *** Initial Startup
  99 See OEM (Ozzmaker) [[https://ozzmaker.com/berrygps-berrygps-imu-quick-start-guide/][quickstart guide for the BerryGPS-IMU]].
 100
 101 **** Physical Setup
 102
 103 BerryGPS-IMU must be electrically connected to the correct pins on the
 104 GPIO header of a Raspberry Pi Zero W.
 105
 106 *Optional*: stack together with PiZ Uptime 2.0 module. No GPIO pins
 107 conflict so a simple stacking and soldering with long header pins is
 108 possible.
 109
 110 **** Software Setup
 111
 112 ***** Install Executables
 113
 114 Install Raspbian 10 Buster onto an SD card image. See the Raspberry Pi
 115 Foundation [[https://www.raspberrypi.org/documentation/installation/installing-images/README.md][installation instructions]]. Configure WiFi to permit log
 116 file transfer. Configure SSH to permit remote administration via the
 117 command line interface.
 118
 119 Make sure to install the ~unattended-upgrades~ package to make sure
 120 the latest security patches for packages are installed. See [[https://linux-audit.com/using-unattended-upgrades-on-debian-and-ubuntu/][this page]]
 121 for a description of how ~unattended-upgrades~ works.
 122
 123 Install ~gpsd~, ~gpspipe~, ~git~, and this repository for location
 124 logging capability.
 125
 126 Install ~syncthing~ for log file transfer capability.
 127
 128 Place ~age~ binary (the one compiled for ARM CPU architecture for
 129 Linux) in ~$HOME/.local/bin~.
 130
 131 ***** Automatic Start Configuration
 132
 133 Edit the user cron job list with ~$ crontab -e~ to add the following
 134 lines:
 135
 136 #+BEGIN_EXAMPLE
 137 0 * * * * /bin/bash /path/to/bkgpslog --output $HOME/Sync/example_dir
 138
 139 @reboot /bin/bash /path/to/bkgpslog --output $HOME/Sync/example_dir
 140 #+END_EXAMPLE
 141
 142 The first line will run ~bkgpslog~ at the start of every hour.
 143
 144 The second line will run ~bkgpslog~ when the system starts up.
 145
 146 ***** Log Transfer Configuration
 147 Log files may be shared to other machines via ~syncthing~. See [[https://docs.syncthing.net/][this]]
 148 manual for how to set up a shared folder and add Ninfacyzga-01 as a
 149 device. Syncthing's directory synchronization capability allows a
 150 remote machine to delete files from Ninfacyzga-01 by deleting from the
 151 shared folder that they both share.
 152
 153 When log files are removed from Ninfacyzga-01 is not within the scope
 154 of this document.
 155
 156 ***** Key Generation
 157 An ~age~ encryption key may be generated like so:
 158 #+BEGIN_EXAMPLE
 159 $ umask          # Gets current umask
 160 0022             # Note: This is the default umask for Raspbian 10
 161 $ umask 066      # Sets umask so key.txt will have no permissions except for owner (you)
 162 $ umask          # Confirm umask set to 066
 163 0066
 164 $ age-keygen > key.txt
 165 Public key: age1pu5usxm743sx7rf22985xv2f4s0luzv6r6yx4fa7p8c2zyvp9fvqus2xr5
 166 $ ls -al key.txt
 167 -rw------- 1 baltakatei baltakatei 184 Jun 29 18:28 key.txt
 168 $ umask 0022     # Return umask to default value
 169 $ umask
 170 0022
 171 #+END_EXAMPLE
 172
 173 The resulting public/private keypair data looks like:
 174 #+BEGIN_EXAMPLE
 175 $ cat key.txt
 176 # created: 2020-06-29T18:01:56Z
 177 # public key: age1pu5usxm743sx7rf22985xv2f4s0luzv6r6yx4fa7p8c2zyvp9fvqus2xr5
 178 AGE-SECRET-KEY-1NEUU5U2XGZGL9UYWNPU5DL99TGJJHFSN4F2E2WCCSDJJ6L5ZMLESNTVTU0
 179 #+END_EXAMPLE
 180
 181 The file ~key.txt~ is not password-protected by default and should be
 182 secured like an SSH public key should. The ~$ umask 066~ command run
 183 before the ~$ age-keygen > key.txt~ command ensures ~key.txt~ will not
 184 be readable, writeable, or executable to anyone except the owner
 185 (you).
 186
 187 *** Normal Startup
 188 Turn on Ninfacyzga-01 by supplying 5VDC power to the Raspberry Pi. No
 189 further interaction should be required.
 190 *** Normal Operation
 191 No interaction beyond continually supplying approximately 100mA of
 192 5VDC power and occasionally removing log files to conserve disk space
 193 is required.
 194 **** Log Transfer
 195 Log files may be transferred by use of ~syncthing~ shared folders.
 196 **** Automatic Updates
 197 The ~automatic-upgrades~ package, if installed, should automatically
 198 install security patches to packages installed via ~apt~.
 199 *** Normal Shutdown
 200 The system may be shutdown via SSH by running:
 201
 202 : $ sudo shutdown -r 0
 203
 204 *** Unscheduled Shutdown
 205 Ninfacyzga-01 as described and setup should tolerate unscheduled power
 206 loss. Log files being written every 60 seconds means, at most, 60
 207 seconds worth of location data may be lost.
 208 *** End of Life Disposal
 209 LiPo batteries used by the PiZ Uptime 2.0 module should be disposed of
 210 properly with their potential ignitability in mind, especially if they
 211 are not fully discharged.
 212
 213 Consult your local municipality for its "E-Waste Disposal" (or
 214 equivalent) policy. Metals used in the Raspberry Pi and related
 215 components may be recycled.
 216
 217 Take extra precuation if lead solder was used in assembling the
 218 electronics. Consumer electronics in early 21st century should use
 219 lead-free solder.
 220