diff options
author | Leonardo Mörlein <me@irrelefant.net> | 2021-09-15 03:09:18 +0200 |
---|---|---|
committer | Petr Štetiar <ynezz@true.cz> | 2022-02-08 12:52:14 +0100 |
commit | 5406684087815d3f66df9d8318e15db7137148f5 (patch) | |
tree | bc4a363f455952f7ea1e431b7280ab086f4de16f /package/network/utils | |
parent | 04ed224543ad10030c4394c86e533f02bf596a1b (diff) | |
download | upstream-5406684087815d3f66df9d8318e15db7137148f5.tar.gz upstream-5406684087815d3f66df9d8318e15db7137148f5.tar.bz2 upstream-5406684087815d3f66df9d8318e15db7137148f5.zip |
wireguard-tools: allow generating private_key
When the uci configuration is created automatically during a very early
stage, where no entropy daemon is set up, generating the key directly is
not an option. Therefore we allow to set the private_key to "generate"
and generate the private key directly before the interface is taken up.
Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
Tested-by: Jan-Niklas Burfeind <git@aiyionpri.me>
Diffstat (limited to 'package/network/utils')
-rw-r--r-- | package/network/utils/wireguard-tools/files/wireguard.sh | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/package/network/utils/wireguard-tools/files/wireguard.sh b/package/network/utils/wireguard-tools/files/wireguard.sh index 2e6d74bc91..f6ad967b40 100644 --- a/package/network/utils/wireguard-tools/files/wireguard.sh +++ b/package/network/utils/wireguard-tools/files/wireguard.sh @@ -102,6 +102,23 @@ proto_wireguard_setup_peer() { fi } +ensure_key_is_generated() { + local private_key + private_key="$(uci get network."$1".private_key)" + + if [ "$private_key" == "generate" ]; then + local ucitmp + oldmask="$(umask)" + umask 077 + ucitmp="$(mktemp -d)" + private_key="$("${WG}" genkey)" + uci -q -t "$ucitmp" set network."$1".private_key="$private_key" && \ + uci -q -t "$ucitmp" commit network + rm -rf "$ucitmp" + umask "$oldmask" + fi +} + proto_wireguard_setup() { local config="$1" local wg_dir="/tmp/wireguard" @@ -111,6 +128,8 @@ proto_wireguard_setup() { local listen_port local mtu + ensure_key_is_generated "${config}" + config_load network config_get private_key "${config}" "private_key" config_get listen_port "${config}" "listen_port" |