54 lines
		
	
	
		
			1.9 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
			
		
		
	
	
			54 lines
		
	
	
		
			1.9 KiB
		
	
	
	
		
			Diff
		
	
	
	
	
	
| From: lemoer <git@irrelefant.net>
 | |
| Date: Sat, 3 Jul 2021 22:50:29 +0200
 | |
| Subject: wireguard-tools: allow generating private_key (v3)
 | |
| 
 | |
| When the uci configuration is created automatically during a very early
 | |
| stage, where no entropy daemon is set up, generating the key directly is
 | |
| not an option. Therefore we allow to set the private_key to "generate"
 | |
| and generate the private key directly before the interface is taken up.
 | |
| 
 | |
| v3: Somebody has implemented another uci cli flag '-t' upstream to handle
 | |
|     this, before my patch to implement the new uci flag '-x' syntax was
 | |
|     accepted. So I dropped my suggestion of '-x'.
 | |
| v2: We now use a new uci cli flag to commit only the private_key and do
 | |
|     not commit uncommited user changes. This is not yet upstream as of
 | |
|     now.
 | |
| 
 | |
| diff --git a/package/network/utils/wireguard-tools/files/wireguard.sh b/package/network/utils/wireguard-tools/files/wireguard.sh
 | |
| index 63261aea71daa058bf37014ba7d670a5e74a2e04..845f9eb902bf3655b631d52aa3ee69231366f657 100644
 | |
| --- a/package/network/utils/wireguard-tools/files/wireguard.sh
 | |
| +++ b/package/network/utils/wireguard-tools/files/wireguard.sh
 | |
| @@ -95,6 +95,23 @@ proto_wireguard_setup_peer() {
 | |
|  	fi
 | |
|  }
 | |
|  
 | |
| +ensure_key_is_generated() {
 | |
| +	local private_key
 | |
| +	private_key="$(uci get network."$1".private_key)"
 | |
| +
 | |
| +	if [ "$private_key" == "generate" ]; then
 | |
| +		local ucitmp
 | |
| +		oldmask="$(umask)"
 | |
| +		umask 077
 | |
| +		ucitmp="$(mktemp -d)"
 | |
| +		private_key="$("${WG}" genkey)"
 | |
| +		uci -q -t "$ucitmp" set network."$1".private_key="$private_key" && \
 | |
| +			uci -q -t "$ucitmp" commit network
 | |
| +		rm -rf "$ucitmp"
 | |
| +		umask "$oldmask"
 | |
| +	fi
 | |
| +}
 | |
| +
 | |
|  proto_wireguard_setup() {
 | |
|  	local config="$1"
 | |
|  	local wg_dir="/tmp/wireguard"
 | |
| @@ -104,6 +121,8 @@ proto_wireguard_setup() {
 | |
|  	local listen_port
 | |
|  	local mtu
 | |
|  
 | |
| +	ensure_key_is_generated "${config}"
 | |
| +
 | |
|  	config_load network
 | |
|  	config_get private_key "${config}" "private_key"
 | |
|  	config_get listen_port "${config}" "listen_port"
 |