Message ID | 20200105091009.22443-1-fff@chrisi01.de |
---|---|
State | Superseded |
Headers | show |
diff --git a/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd b/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd index d53eb43..4bfc316 100644 --- a/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd +++ b/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd @@ -15,9 +15,18 @@ uci batch <<EOF set fastd.fff.mtu='1426' set fastd.fff.on_up="/etc/fastd/fff/up.sh" set fastd.fff.secure_handshakes='0' - set fastd.fff.secret="generate" EOF +if secretkey=$(uci -q get fff.fastd.secret); then + uci set fastd.fff.secret=$secretkey +else + secret=$(/usr/bin/fastd --generate-key --machine-readable) + uci set fastd.fff.secret="$secret" + uci set fff.fastd='fff' + uci set fff.fastd.secret="$secret" && uci commit fff +fi +uci commit fastd + [ ! -d /etc/fastd/fff ] && mkdir -p /etc/fastd/fff ln -s /tmp/fastd_fff_peers /etc/fastd/fff/peers echo "#!/bin/sh" > /etc/fastd/fff/up.sh
Hi Christian, das find ich richtig gut. Einen Vorschlag hab ich noch. s. unten. Am 05.01.20 um 10:10 schrieb Christian Dresel: > To use a whitelist easy, it is neccessary to make the fastd key updatesafe > This patch safe the key to uci fff and recover it, if a key is after the update available > > Signed-off-by: Christian Dresel <fff@chrisi01.de> > > --- > Changes in v2: > - use variable in if > - remove trailing whitespace > - remove -q > --- > --- > .../fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd | 11 ++++++++++- > 1 file changed, 10 insertions(+), 1 deletion(-) > > diff --git a/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd b/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd > index d53eb43..4bfc316 100644 > --- a/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd > +++ b/src/packages/fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd > @@ -15,9 +15,18 @@ uci batch <<EOF > set fastd.fff.mtu='1426' > set fastd.fff.on_up="/etc/fastd/fff/up.sh" > set fastd.fff.secure_handshakes='0' > - set fastd.fff.secret="generate" > EOF > > +if secretkey=$(uci -q get fff.fastd.secret); then > + uci set fastd.fff.secret=$secretkey > +else > + secret=$(/usr/bin/fastd --generate-key --machine-readable) > + uci set fastd.fff.secret="$secret" > + uci set fff.fastd='fff' > + uci set fff.fastd.secret="$secret" && uci commit fff > +fi > +uci commit fastd > + Nenn doch die Variable, in die das Gleiche rein kommt gleich. secretkey <-> secret Es ist auch einiges doppelt. Mein Vorschlag: if ! secret=$(uci -q get fff.fastd.secret); then secret=$(/usr/bin/fastd --generate-key --machine-readable) uci set fff.fastd='fff' uci set fff.fastd.secret="$secret" fi uci set fastd.fff.secret="$secret" # optional uci commit Viele Grüße Robert > [ ! -d /etc/fastd/fff ] && mkdir -p /etc/fastd/fff > ln -s /tmp/fastd_fff_peers /etc/fastd/fff/peers > echo "#!/bin/sh" > /etc/fastd/fff/up.sh
To use a whitelist easy, it is neccessary to make the fastd key updatesafe This patch safe the key to uci fff and recover it, if a key is after the update available Signed-off-by: Christian Dresel <fff@chrisi01.de> --- Changes in v2: - use variable in if - remove trailing whitespace - remove -q --- --- .../fff/fff-fastd/files/etc/uci-defaults/55_fff-fastd | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-)