aboutsummaryrefslogtreecommitdiffstats
path: root/package/network/utils
diff options
context:
space:
mode:
authorLeonardo Mörlein <me@irrelefant.net>2021-09-15 03:09:18 +0200
committerPetr Štetiar <ynezz@true.cz>2022-02-08 12:52:14 +0100
commit5406684087815d3f66df9d8318e15db7137148f5 (patch)
treebc4a363f455952f7ea1e431b7280ab086f4de16f /package/network/utils
parent04ed224543ad10030c4394c86e533f02bf596a1b (diff)
downloadupstream-5406684087815d3f66df9d8318e15db7137148f5.tar.gz
upstream-5406684087815d3f66df9d8318e15db7137148f5.tar.bz2
upstream-5406684087815d3f66df9d8318e15db7137148f5.zip
wireguard-tools: allow generating private_key
When the uci configuration is created automatically during a very early stage, where no entropy daemon is set up, generating the key directly is not an option. Therefore we allow to set the private_key to "generate" and generate the private key directly before the interface is taken up. Signed-off-by: Leonardo Mörlein <me@irrelefant.net> Tested-by: Jan-Niklas Burfeind <git@aiyionpri.me>
Diffstat (limited to 'package/network/utils')
-rw-r--r--package/network/utils/wireguard-tools/files/wireguard.sh19
1 files changed, 19 insertions, 0 deletions
diff --git a/package/network/utils/wireguard-tools/files/wireguard.sh b/package/network/utils/wireguard-tools/files/wireguard.sh
index 2e6d74bc91..f6ad967b40 100644
--- a/package/network/utils/wireguard-tools/files/wireguard.sh
+++ b/package/network/utils/wireguard-tools/files/wireguard.sh
@@ -102,6 +102,23 @@ proto_wireguard_setup_peer() {
fi
}
+ensure_key_is_generated() {
+ local private_key
+ private_key="$(uci get network."$1".private_key)"
+
+ if [ "$private_key" == "generate" ]; then
+ local ucitmp
+ oldmask="$(umask)"
+ umask 077
+ ucitmp="$(mktemp -d)"
+ private_key="$("${WG}" genkey)"
+ uci -q -t "$ucitmp" set network."$1".private_key="$private_key" && \
+ uci -q -t "$ucitmp" commit network
+ rm -rf "$ucitmp"
+ umask "$oldmask"
+ fi
+}
+
proto_wireguard_setup() {
local config="$1"
local wg_dir="/tmp/wireguard"
@@ -111,6 +128,8 @@ proto_wireguard_setup() {
local listen_port
local mtu
+ ensure_key_is_generated "${config}"
+
config_load network
config_get private_key "${config}" "private_key"
config_get listen_port "${config}" "listen_port"