| Message ID | 20210915010918.83602-1-me@irrelefant.net |
|---|---|
| State | Accepted |
| Delegated to: | Petr Štetiar |
| Headers | show |
| Series | [v2] wireguard-tools: allow generating private_key | expand |
Hey ynezz,
I tried to bump this in #openwrt-devel yesterday; as your last message
there is from december, I thought I do it here instead.
We've been using the patch for a few months now.
Is there something I can help to progress this faster?
Thanks for the effort
Aiyion
On 9/15/21 03:09, Leonardo Mörlein wrote:
> [...]
Hello ynezz, [1] says you are reviewing this? It might be outdated? It's been three and a half months now; any chance one could help you with this? Thanks so far Aiyion On 1/24/22 11:43, Aiyion.Prime wrote: > > Hey ynezz, > > I tried to bump this in #openwrt-devel yesterday; as your last message > there is from december, I thought I do it here instead. > > We've been using the patch for a few months now. > Is there something I can help to progress this faster? > > Thanks for the effort > Aiyion > > > On 9/15/21 03:09, Leonardo Mörlein wrote: >> [...] > > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Aiyion.Prime <git@aiyionpri.me> [2022-01-24 11:43:00]: Hi, > We've been using the patch for a few months now. Ok, good to know, thank you for testing. > Is there something I can help to progress this faster? replying to the patch with your `Tested-by: Real Name <valid@email.com>` never hurts and actually increases the chances to get it merged. -- ynezz
Tested-by: Jan-Niklas Burfeind <git@aiyionpri.me> This has been running on at least 80 devices in the past months in our ff-community. Let me know if and what you need more Aiyion On 9/15/21 03:09, Leonardo Mörlein wrote: > When the uci configuration is created automatically during a very early > stage, where no entropy daemon is set up, generating the key directly is > not an option. Therefore we allow to set the private_key to "generate" > and generate the private key directly before the interface is taken up. > > Signed-off-by: Leonardo Mörlein <me@irrelefant.net> > --- > > v2: Changes since v1: > - The (recently introduced) uci flag "-t" is used to avoid interference > with potentially existing uncommited user changes. This addresses > Jo-Philipp Wich's concerns about v1 of the patch. > - The functionality has been moved to a function, so it can be included > from other files. > > References: > - v1 of the patch: https://patchwork.ozlabs.org/project/openwrt/patch/20210108012435.175345-1-me@irrelefant.net/ > - uci "-t": https://git.openwrt.org/?p=project/uci.git;a=commit;h=4b3db1179747b6a6779029407984bacef851325c > [...]
What else could you make use of, in order to get this moving? Or what is currently blocking this? Thanks Aiyion On 1/31/22 16:35, Petr Štetiar wrote: > Aiyion.Prime <git@aiyionpri.me> [2022-01-24 11:43:00]: > > Hi, > >> We've been using the patch for a few months now. > > Ok, good to know, thank you for testing. > >> Is there something I can help to progress this faster? > > replying to the patch with your `Tested-by: Real Name <valid@email.com>` never > hurts and actually increases the chances to get it merged. > > -- ynezz > > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel
Aiyion.Prime <git@aiyionpri.me> [2022-02-08 13:50:21]:
Hi,
> Or what is currently blocking this?
I would guess `git pull` in your tree as I've merged it[1] already.
1. https://git.openwrt.org/5406684087815d3f66df9d8318e15db7137148f5
Cheers,
Petr
As far as I can see its already merged: https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=5406684087815d3f66df9d8318e15db7137148f5 Regards On Tue, 8 Feb 2022 at 14:09, Aiyion.Prime <git@aiyionpri.me> wrote: > > What else could you make use of, in order to get this moving? > > Or what is currently blocking this? > > > Thanks > Aiyion > > On 1/31/22 16:35, Petr Štetiar wrote: > > Aiyion.Prime <git@aiyionpri.me> [2022-01-24 11:43:00]: > > > > Hi, > > > >> We've been using the patch for a few months now. > > > > Ok, good to know, thank you for testing. > > > >> Is there something I can help to progress this faster? > > > > replying to the patch with your `Tested-by: Real Name <valid@email.com>` never > > hurts and actually increases the chances to get it merged. > > > > -- ynezz > > > > _______________________________________________ > > openwrt-devel mailing list > > openwrt-devel@lists.openwrt.org > > https://lists.openwrt.org/mailman/listinfo/openwrt-devel > > _______________________________________________ > openwrt-devel mailing list > openwrt-devel@lists.openwrt.org > https://lists.openwrt.org/mailman/listinfo/openwrt-devel
My bad, thank you very much! Aiyion On 2/8/22 14:01, Petr Štetiar wrote: > Aiyion.Prime <git@aiyionpri.me> [2022-02-08 13:50:21]: > > Hi, > >> Or what is currently blocking this? > > I would guess `git pull` in your tree as I've merged it[1] already. > > 1. https://git.openwrt.org/5406684087815d3f66df9d8318e15db7137148f5 > > Cheers, > > Petr
diff --git a/package/network/utils/wireguard-tools/Makefile b/package/network/utils/wireguard-tools/Makefile index 5f8da147c1..bcf360329c 100644 --- a/package/network/utils/wireguard-tools/Makefile +++ b/package/network/utils/wireguard-tools/Makefile @@ -12,7 +12,7 @@ include $(INCLUDE_DIR)/kernel.mk PKG_NAME:=wireguard-tools PKG_VERSION:=1.0.20210223 -PKG_RELEASE:=2 +PKG_RELEASE:=3 PKG_SOURCE:=wireguard-tools-$(PKG_VERSION).tar.xz PKG_SOURCE_URL:=https://git.zx2c4.com/wireguard-tools/snapshot/ diff --git a/package/network/utils/wireguard-tools/files/wireguard.sh b/package/network/utils/wireguard-tools/files/wireguard.sh index 63261aea71..845f9eb902 100644 --- a/package/network/utils/wireguard-tools/files/wireguard.sh +++ b/package/network/utils/wireguard-tools/files/wireguard.sh @@ -95,6 +95,23 @@ proto_wireguard_setup_peer() { fi } +ensure_key_is_generated() { + local private_key + private_key="$(uci get network."$1".private_key)" + + if [ "$private_key" == "generate" ]; then + local ucitmp + oldmask="$(umask)" + umask 077 + ucitmp="$(mktemp -d)" + private_key="$("${WG}" genkey)" + uci -q -t "$ucitmp" set network."$1".private_key="$private_key" && \ + uci -q -t "$ucitmp" commit network + rm -rf "$ucitmp" + umask "$oldmask" + fi +} + proto_wireguard_setup() { local config="$1" local wg_dir="/tmp/wireguard" @@ -104,6 +121,8 @@ proto_wireguard_setup() { local listen_port local mtu + ensure_key_is_generated "${config}" + config_load network config_get private_key "${config}" "private_key" config_get listen_port "${config}" "listen_port"
When the uci configuration is created automatically during a very early stage, where no entropy daemon is set up, generating the key directly is not an option. Therefore we allow to set the private_key to "generate" and generate the private key directly before the interface is taken up. Signed-off-by: Leonardo Mörlein <me@irrelefant.net> --- v2: Changes since v1: - The (recently introduced) uci flag "-t" is used to avoid interference with potentially existing uncommited user changes. This addresses Jo-Philipp Wich's concerns about v1 of the patch. - The functionality has been moved to a function, so it can be included from other files. References: - v1 of the patch: https://patchwork.ozlabs.org/project/openwrt/patch/20210108012435.175345-1-me@irrelefant.net/ - uci "-t": https://git.openwrt.org/?p=project/uci.git;a=commit;h=4b3db1179747b6a6779029407984bacef851325c .../network/utils/wireguard-tools/Makefile | 2 +- .../utils/wireguard-tools/files/wireguard.sh | 19 +++++++++++++++++++ 2 files changed, 20 insertions(+), 1 deletion(-)