[PATCH v3] fastd: make secret key updatesafe
Christian Dresel
fff at chrisi01.de
Di Jan 7 12:03:20 CET 2020
To use a whitelist easy, it is neccessary to make the fastd key updatesafe
This patch safe the key to uci fff and recover it, if a key is after the update available
---
Changes in v2:
- use variable in if
- remove trailing whitespace
- remove -q
---
Changes in v3:
- use only one variable $secret
---
Signed-off-by: Christian Dresel <fff at chrisi01.de>
---
.../fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd b/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd
index d53eb43..28384b9 100644
--- a/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd
+++ b/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd
@@ -15,9 +15,18 @@ uci batch <<EOF
set fastd.fff.mtu='1426'
set fastd.fff.on_up="/etc/fastd/fff/up.sh"
set fastd.fff.secure_handshakes='0'
- set fastd.fff.secret="generate"
EOF
+if ! secret=$(uci -q get fff.fastd.secret); then
+ secret=$(/usr/bin/fastd --generate-key --machine-readable)
+ uci set fff.fastd='fff'
+ uci set fff.fastd.secret="$secret"
+ uci commit fff
+fi
+uci set fastd.fff.secret="$secret"
+uci commit fastd
+
+
[ ! -d /etc/fastd/fff ] && mkdir -p /etc/fastd/fff
ln -s /tmp/fastd_fff_peers /etc/fastd/fff/peers
echo "#!/bin/sh" > /etc/fastd/fff/up.sh
--
2.11.0
Mehr Informationen über die Mailingliste franken-dev