forked from freifunk-franken/firmware
fastd: make secret key update-safe
To use a whitelist easily, it is necessary to make the fastd key update-safe. This patch saves the key to uci fff config and recovers it for use after a firmware upgrade. Signed-off-by: Christian Dresel <fff@chrisi01.de> Reviewed-by: lemmi <lemmi@nerd2nerd.org> Reviewed-by: Robert Langhammer <rlanghammer@web.de> Reviewed-by: Adrian Schmutzler <freifunk@adrianschmutzler.de> [bump PKG_RELEASE, rephrase commit message] Signed-off-by: Adrian Schmutzler <freifunk@adrianschmutzler.de>
This commit is contained in:
Christian Dresel
parent
1c014d04f4
commit
38d2a5a704
|
|
@ -1,7 +1,7 @@
|
|||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=fff-fastd
|
||||
PKG_RELEASE:=2
|
||||
PKG_RELEASE:=3
|
||||
|
||||
PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)
|
||||
|
||||
|
|
@ -17,7 +17,8 @@ define Package/$(PKG_NAME)
|
|||
+@FASTD_ENABLE_CIPHER_NULL \
|
||||
+@FASTD_WITH_STATUS_SOCKET \
|
||||
+fastd \
|
||||
+fff-random
|
||||
+fff-random \
|
||||
+fff-config
|
||||
endef
|
||||
|
||||
define Package/$(PKG_NAME)/description
|
||||
|
|
|
|||
|
|
@ -15,9 +15,17 @@ uci batch <<EOF
|
|||
set fastd.fff.mtu='1426'
|
||||
set fastd.fff.on_up="/etc/fastd/fff/up.sh"
|
||||
set fastd.fff.secure_handshakes='0'
|
||||
set fastd.fff.secret="generate"
|
||||
EOF
|
||||
|
||||
if ! secret=$(uci -q get fff.fastd.secret); then
|
||||
secret=$(/usr/bin/fastd --generate-key --machine-readable)
|
||||
uci set fff.fastd='fff'
|
||||
uci set fff.fastd.secret="$secret"
|
||||
uci commit fff
|
||||
fi
|
||||
uci set fastd.fff.secret="$secret"
|
||||
uci commit fastd
|
||||
|
||||
[ ! -d /etc/fastd/fff ] && mkdir -p /etc/fastd/fff
|
||||
ln -s /tmp/fastd_fff_peers /etc/fastd/fff/peers
|
||||
echo "#!/bin/sh" > /etc/fastd/fff/up.sh
|
||||
|
|
|
|||
Loading…
Reference in New Issue