[PATCH v2] wireguard-tools: allow generating private_key
Leonardo Mörlein
me at irrelefant.net
Tue Sep 14 18:09:18 PDT 2021
When the uci configuration is created automatically during a very early
stage, where no entropy daemon is set up, generating the key directly is
not an option. Therefore we allow to set the private_key to "generate"
and generate the private key directly before the interface is taken up.
Signed-off-by: Leonardo Mörlein <me at irrelefant.net>
---
v2: Changes since v1:
- The (recently introduced) uci flag "-t" is used to avoid interference
with potentially existing uncommited user changes. This addresses
Jo-Philipp Wich's concerns about v1 of the patch.
- The functionality has been moved to a function, so it can be included
from other files.
References:
- v1 of the patch: https://patchwork.ozlabs.org/project/openwrt/patch/20210108012435.175345-1-me@irrelefant.net/
- uci "-t": https://git.openwrt.org/?p=project/uci.git;a=commit;h=4b3db1179747b6a6779029407984bacef851325c
.../network/utils/wireguard-tools/Makefile | 2 +-
.../utils/wireguard-tools/files/wireguard.sh | 19 +++++++++++++++++++
2 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/package/network/utils/wireguard-tools/Makefile b/package/network/utils/wireguard-tools/Makefile
index 5f8da147c1..bcf360329c 100644
--- a/package/network/utils/wireguard-tools/Makefile
+++ b/package/network/utils/wireguard-tools/Makefile
@@ -12,7 +12,7 @@ include $(INCLUDE_DIR)/kernel.mk
PKG_NAME:=wireguard-tools
PKG_VERSION:=1.0.20210223
-PKG_RELEASE:=2
+PKG_RELEASE:=3
PKG_SOURCE:=wireguard-tools-$(PKG_VERSION).tar.xz
PKG_SOURCE_URL:=https://git.zx2c4.com/wireguard-tools/snapshot/
diff --git a/package/network/utils/wireguard-tools/files/wireguard.sh b/package/network/utils/wireguard-tools/files/wireguard.sh
index 63261aea71..845f9eb902 100644
--- a/package/network/utils/wireguard-tools/files/wireguard.sh
+++ b/package/network/utils/wireguard-tools/files/wireguard.sh
@@ -95,6 +95,23 @@ proto_wireguard_setup_peer() {
fi
}
+ensure_key_is_generated() {
+ local private_key
+ private_key="$(uci get network."$1".private_key)"
+
+ if [ "$private_key" == "generate" ]; then
+ local ucitmp
+ oldmask="$(umask)"
+ umask 077
+ ucitmp="$(mktemp -d)"
+ private_key="$("${WG}" genkey)"
+ uci -q -t "$ucitmp" set network."$1".private_key="$private_key" && \
+ uci -q -t "$ucitmp" commit network
+ rm -rf "$ucitmp"
+ umask "$oldmask"
+ fi
+}
+
proto_wireguard_setup() {
local config="$1"
local wg_dir="/tmp/wireguard"
@@ -104,6 +121,8 @@ proto_wireguard_setup() {
local listen_port
local mtu
+ ensure_key_is_generated "${config}"
+
config_load network
config_get private_key "${config}" "private_key"
config_get listen_port "${config}" "listen_port"
--
2.33.0
More information about the openwrt-devel
mailing list