[PATCH v4] fastd: make secret key updatesafe
robert
rlanghammer at web.de
Fr Jan 10 13:17:46 CET 2020
Reviewed-by: Robert Langhammer <rlanghammer at web.de>
Am 10.01.20 um 12:57 schrieb Christian Dresel:
> To use a whitelist easy, it is neccessary to make the fastd key updatesafe
> This patch safe the key to uci fff and recover it, if a key is after the update available
>
> ---
> Changes in v2:
> - use variable in if
> - remove trailing whitespace
> - remove -q
> ---
> Changes in v3:
> - use only one variable $secret
> ---
> Changes in v4:
> - remove new line
> - add dependencies to fff-config
> ---
>
> Signed-off-by: Christian Dresel <fff at chrisi01.de>
> Reviewed-by: lemmi <lemmi at nerd2nerd.org>
> ---
> src/packages/fff/fff-fastd/Makefile | 3 ++-
> src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd | 10 +++++++++-
> 2 files changed, 11 insertions(+), 2 deletions(-)
>
> diff --git a/src/packages/fff/fff-fastd/Makefile b/src/packages/fff/fff-fastd/Makefile
> index 513775d..0d9a9b5 100644
> --- a/src/packages/fff/fff-fastd/Makefile
> +++ b/src/packages/fff/fff-fastd/Makefile
> @@ -17,7 +17,8 @@ define Package/$(PKG_NAME)
> + at FASTD_ENABLE_CIPHER_NULL \
> + at FASTD_WITH_STATUS_SOCKET \
> +fastd \
> - +fff-random
> + +fff-random \
> + +fff-config
> endef
>
> define Package/$(PKG_NAME)/description
> diff --git a/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd b/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd
> index d53eb43..08ceecb 100644
> --- a/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd
> +++ b/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd
> @@ -15,9 +15,17 @@ uci batch <<EOF
> set fastd.fff.mtu='1426'
> set fastd.fff.on_up="/etc/fastd/fff/up.sh"
> set fastd.fff.secure_handshakes='0'
> - set fastd.fff.secret="generate"
> EOF
>
> +if ! secret=$(uci -q get fff.fastd.secret); then
> + secret=$(/usr/bin/fastd --generate-key --machine-readable)
> + uci set fff.fastd='fff'
> + uci set fff.fastd.secret="$secret"
> + uci commit fff
> +fi
> +uci set fastd.fff.secret="$secret"
> +uci commit fastd
> +
> [ ! -d /etc/fastd/fff ] && mkdir -p /etc/fastd/fff
> ln -s /tmp/fastd_fff_peers /etc/fastd/fff/peers
> echo "#!/bin/sh" > /etc/fastd/fff/up.sh
Mehr Informationen über die Mailingliste franken-dev