| Message ID | 20200104172821.8863-1-fff@chrisi01.de |
|---|---|
| State | Superseded |
| Headers | show |
diff --git a/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd b/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd index d53eb43..4b03229 100644 --- a/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd +++ b/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd @@ -15,9 +15,18 @@ uci batch <<EOF set fastd.fff.mtu='1426' set fastd.fff.on_up="/etc/fastd/fff/up.sh" set fastd.fff.secure_handshakes='0' - set fastd.fff.secret="generate" EOF +if uci -q get fff.fastd.secret; then + uci set fastd.fff.secret=$(uci get fff.fastd.secret) +else + secret=$(/usr/bin/fastd --generate-key --machine-readable) + uci -q set fastd.fff.secret="$secret" + uci set fff.fastd='fff' + uci -q set fff.fastd.secret="$secret" && uci -q commit fff +fi +uci commit fastd + [ ! -d /etc/fastd/fff ] && mkdir -p /etc/fastd/fff ln -s /tmp/fastd_fff_peers /etc/fastd/fff/peers echo "#!/bin/sh" > /etc/fastd/fff/up.sh
Hey Christian, On 04.01.20 18:28, Christian Dresel wrote: > To use a whitelist easy, it is neccessary to make the fastd key updatesafe > This patch safe the key to uci fff and recover it, if a key is after the update available > > Signed-off-by: Christian Dresel <fff@chrisi01.de> > --- > .../fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd | 11 ++++++++++- > 1 file changed, 10 insertions(+), 1 deletion(-) > > diff --git a/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd b/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd > index d53eb43..4b03229 100644 > --- a/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd > +++ b/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd > @@ -15,9 +15,18 @@ uci batch <<EOF > set fastd.fff.mtu='1426' > set fastd.fff.on_up="/etc/fastd/fff/up.sh" > set fastd.fff.secure_handshakes='0' > - set fastd.fff.secret="generate" > EOF > > +if uci -q get fff.fastd.secret; then > + uci set fastd.fff.secret=$(uci get fff.fastd.secret) Man könnte das hier genau wie in den ganzen gateway.d files direkt beim Lesen fürs if in eine Variable schreiben. Das macht einerseits den ansonsten möglicherweise irritierenden Output weg und spart eine Prozessausführung. > +else > + secret=$(/usr/bin/fastd --generate-key --machine-readable) > + uci -q set fastd.fff.secret="$secret" Warum -q? Wenn dieses set nicht klappt, wäre eine Fehlermeldung eine gute Sache.. Weiter unten beim set und commit genauso. > + uci set fff.fastd='fff' > + uci -q set fff.fastd.secret="$secret" && uci -q commit fff trailing whitespace. Ich persönlich würde die commits im uci-defaults weglassen, aber das hat Adrian ja schon in Erfahrung gebracht, dass das eher Geschmackssache ist. Gruß Fabian
To use a whitelist easy, it is neccessary to make the fastd key updatesafe This patch safe the key to uci fff and recover it, if a key is after the update available Signed-off-by: Christian Dresel <fff@chrisi01.de> --- .../fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-)