[PATCH v4] fastd: make secret key updatesafe

Adrian Schmutzler mail at adrianschmutzler.de
Fr Jan 10 14:24:55 CET 2020 

Reviewed-by: Adrian Schmutzler <freifunk at adrianschmutzler.de>

> -----Original Message-----
> From: franken-dev [mailto:franken-dev-bounces at freifunk.net] On Behalf Of
> robert
> Sent: Freitag, 10. Januar 2020 13:18
> To: franken-dev at freifunk.net
> Subject: Re: [PATCH v4] fastd: make secret key updatesafe
> 
> Reviewed-by: Robert Langhammer <rlanghammer at web.de>
> 
> Am 10.01.20 um 12:57 schrieb Christian Dresel:
> > To use a whitelist easy, it is neccessary to make the fastd key updatesafe
> > This patch safe the key to uci fff and recover it, if a key is after the update
> available
> >
> > ---
> > Changes in v2:
> > - use variable in if
> > - remove trailing whitespace
> > - remove -q
> > ---
> > Changes in v3:
> > - use only one variable $secret
> > ---
> > Changes in v4:
> > - remove new line
> > - add dependencies to fff-config
> > ---
> >
> > Signed-off-by: Christian Dresel <fff at chrisi01.de>
> > Reviewed-by: lemmi <lemmi at nerd2nerd.org>
> > ---
> >  src/packages/fff/fff-fastd/Makefile                            |  3 ++-
> >  src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd | 10 +++++++++-
> >  2 files changed, 11 insertions(+), 2 deletions(-)
> >
> > diff --git a/src/packages/fff/fff-fastd/Makefile b/src/packages/fff/fff-
> fastd/Makefile
> > index 513775d..0d9a9b5 100644
> > --- a/src/packages/fff/fff-fastd/Makefile
> > +++ b/src/packages/fff/fff-fastd/Makefile
> > @@ -17,7 +17,8 @@ define Package/$(PKG_NAME)
> >  			 + at FASTD_ENABLE_CIPHER_NULL \
> >  			 + at FASTD_WITH_STATUS_SOCKET \
> >  			 +fastd \
> > -			 +fff-random
> > +			 +fff-random \
> > +			 +fff-config
> >  endef
> >
> >  define Package/$(PKG_NAME)/description
> > diff --git a/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd
> b/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd
> > index d53eb43..08ceecb 100644
> > --- a/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd
> > +++ b/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd
> > @@ -15,9 +15,17 @@ uci batch <<EOF
> >    set fastd.fff.mtu='1426'
> >    set fastd.fff.on_up="/etc/fastd/fff/up.sh"
> >    set fastd.fff.secure_handshakes='0'
> > -  set fastd.fff.secret="generate"
> >  EOF
> >
> > +if ! secret=$(uci -q get fff.fastd.secret); then
> > +	secret=$(/usr/bin/fastd --generate-key --machine-readable)
> > +	uci set fff.fastd='fff'
> > +	uci set fff.fastd.secret="$secret"
> > +	uci commit fff
> > +fi
> > +uci set fastd.fff.secret="$secret"
> > +uci commit fastd
> > +
> >  [ ! -d /etc/fastd/fff ] &&  mkdir -p /etc/fastd/fff
> >  ln -s /tmp/fastd_fff_peers /etc/fastd/fff/peers
> >  echo "#!/bin/sh" > /etc/fastd/fff/up.sh
-------------- nächster Teil --------------
Ein Dateianhang mit Binärdaten wurde abgetrennt...
Dateiname   : openpgp-digital-signature.asc
Dateityp    : application/pgp-signature
Dateigröße  : 834 bytes
Beschreibung: nicht verfügbar
URL         : <https://lists.freifunk.net/pipermail/franken-dev-freifunk.net/attachments/20200110/429c772c/attachment.sig>

Mehr Informationen über die Mailingliste franken-dev