[PATCH v4] fastd: make secret key updatesafe
Christian Dresel
fff at chrisi01.de
Fr Jan 10 12:57:13 CET 2020
To use a whitelist easy, it is neccessary to make the fastd key updatesafe
This patch safe the key to uci fff and recover it, if a key is after the update available
---
Changes in v2:
- use variable in if
- remove trailing whitespace
- remove -q
---
Changes in v3:
- use only one variable $secret
---
Changes in v4:
- remove new line
- add dependencies to fff-config
---
Signed-off-by: Christian Dresel <fff at chrisi01.de>
Reviewed-by: lemmi <lemmi at nerd2nerd.org>
---
src/packages/fff/fff-fastd/Makefile | 3 ++-
src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd | 10 +++++++++-
2 files changed, 11 insertions(+), 2 deletions(-)
diff --git a/src/packages/fff/fff-fastd/Makefile b/src/packages/fff/fff-fastd/Makefile
index 513775d..0d9a9b5 100644
--- a/src/packages/fff/fff-fastd/Makefile
+++ b/src/packages/fff/fff-fastd/Makefile
@@ -17,7 +17,8 @@ define Package/$(PKG_NAME)
+ at FASTD_ENABLE_CIPHER_NULL \
+ at FASTD_WITH_STATUS_SOCKET \
+fastd \
- +fff-random
+ +fff-random \
+ +fff-config
endef
define Package/$(PKG_NAME)/description
diff --git a/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd b/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd
index d53eb43..08ceecb 100644
--- a/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd
+++ b/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd
@@ -15,9 +15,17 @@ uci batch <<EOF
set fastd.fff.mtu='1426'
set fastd.fff.on_up="/etc/fastd/fff/up.sh"
set fastd.fff.secure_handshakes='0'
- set fastd.fff.secret="generate"
EOF
+if ! secret=$(uci -q get fff.fastd.secret); then
+ secret=$(/usr/bin/fastd --generate-key --machine-readable)
+ uci set fff.fastd='fff'
+ uci set fff.fastd.secret="$secret"
+ uci commit fff
+fi
+uci set fastd.fff.secret="$secret"
+uci commit fastd
+
[ ! -d /etc/fastd/fff ] && mkdir -p /etc/fastd/fff
ln -s /tmp/fastd_fff_peers /etc/fastd/fff/peers
echo "#!/bin/sh" > /etc/fastd/fff/up.sh
--
2.11.0
Mehr Informationen über die Mailingliste franken-dev