config-mode, mesh-vpn: refactor key generation

Previously, the config-mode was responsible for generating the fastd
secret. This patch sets the default secret to "generate" causing a
secret to be generated on its first use (e.g. show_key or start).

This also changes the info page (in Expert Mode) to show "n/a" when the
public key is not yet available.

package/gluon-config-mode/files/usr/lib/lua/luci/controller/gluon-config-mode/index.lua

@@ -48,13 +48,13 @@ function index()
 end
 
 function action_reboot()
-  local configmode = require "luci.tools.gluon-config-mode"
+  local util = require "luci.util"
   local pubkey
   local uci = luci.model.uci.cursor()
   local meshvpn_enabled = uci:get("fastd", meshvpn_name, "enabled", "0")
   local sysconfig = require 'gluon.sysconfig'
   if meshvpn_enabled == "1" then
-    pubkey = configmode.get_fastd_pubkey(meshvpn_name)
+    pubkey = util.exec("/etc/init.d/fastd show_key " .. meshvpn_name)
   end
 
   uci:set("gluon-setup-mode", uci:get_first("gluon-setup-mode", "setup_mode"), "configured", "1")

package/gluon-config-mode/files/usr/lib/lua/luci/model/cbi/gluon-config-mode/wizard.lua

@@ -1,11 +1,7 @@
-local configmode = require "luci.tools.gluon-config-mode"
 local meshvpn_name = "mesh_vpn"
 local uci = luci.model.uci.cursor()
 local f, s, o
 
--- prepare fastd key as early as possible
-configmode.setup_fastd_secret(meshvpn_name)
-
 f = SimpleForm("wizard")
 f.reset = false
 f.template = "gluon-config-mode/cbi/wizard"

package/gluon-config-mode/files/usr/lib/lua/luci/tools/gluon-config-mode.lua

@@ -1,29 +0,0 @@
-local luci = require "luci"
-local io = require "io"
-
-module "luci.tools.gluon-config-mode"
-
-function setup_fastd_secret(name)
-  local uci = luci.model.uci.cursor()
-  local secret = uci:get("fastd", name, "secret")
-
-  if not secret or not secret:match("%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x") then
-    local f = io.popen("fastd --generate-key --machine-readable", "r")
-    local secret = f:read("*a")
-    f:close()
-
-    uci:set("fastd", name, "secret", secret)
-    uci:save("fastd")
-    uci:commit("fastd")
-  end
-end
-
-function get_fastd_pubkey(name)
-  local f = io.popen("/etc/init.d/fastd show_key " .. name, "r")
-  local key = f:read("*a")
-  f:close()
-
-  return key
-end
-
-

package/gluon-luci-admin/files/usr/lib/lua/luci/view/admin/info.htm

@@ -25,12 +25,16 @@
      version = util.trim(fs.readfile('/lib/gluon/gluon-version')),
      release = util.trim(fs.readfile('/lib/gluon/release')),
      site = site.site_name,
+     pubkey = 'n/a',
    }
 
+   local meshvpn_enabled = uci:get("fastd", "mesh_vpn", "enabled", "0")
+   if meshvpn_enabled == "1" then
      local pubkey = util.trim(util.exec('/etc/init.d/fastd show_key mesh_vpn'))
      if pubkey ~= '' then
        values.pubkey = pubkey
      end
+   end
 -%>
 <h2>Info</h2>
 <% for _, key in ipairs({'hostname', 'primary_mac', 'model', 'version', 'release', 'site', 'pubkey'}) do %>

package/gluon-mesh-vpn-fastd/files/lib/gluon/upgrade/mesh-vpn-fastd/invariant/020-secret-generate

@@ -0,0 +1,13 @@
+#!/usr/bin/lua
+
+local uci = require 'luci.model.uci'
+
+local c = uci.cursor()
+
+local secret = c:get("fastd", "mesh_vpn", "secret")
+
+if not secret or not secret:match(("%x"):rep(64)) then
+  c:set("fastd", "mesh_vpn", "secret", "generate")
+  c:save("fastd")
+  c:commit("fastd")
+end