wireguard-tools: allow generating private_key

When the uci configuration is created automatically during a very early
stage, where no entropy daemon is set up, generating the key directly is
not an option. Therefore we allow to set the private_key to "generate"
and generate the private key directly before the interface is taken up.

Signed-off-by: Leonardo Mörlein <me@irrelefant.net>
Tested-by: Jan-Niklas Burfeind <git@aiyionpri.me>

diff --git a/package/network/utils/wireguard-tools/files/wireguard.sh b/package/network/utils/wireguard-tools/files/wireguard.sh
index 2e6d74bc913def99a7381c94b9fa07c4141e8c0b..f6ad967b404ea6116f14e8ce2ff79c0d47049c23 100644 (file)
--- a/package/network/utils/wireguard-tools/files/wireguard.sh
+++ b/package/network/utils/wireguard-tools/files/wireguard.sh
@@ -102,6 +102,23 @@ proto_wireguard_setup_peer() {
        fi
 }
 
+ensure_key_is_generated() {
+       local private_key
+       private_key="$(uci get network."$1".private_key)"
+
+       if [ "$private_key" == "generate" ]; then
+               local ucitmp
+               oldmask="$(umask)"
+               umask 077
+               ucitmp="$(mktemp -d)"
+               private_key="$("${WG}" genkey)"
+               uci -q -t "$ucitmp" set network."$1".private_key="$private_key" && \
+                       uci -q -t "$ucitmp" commit network
+               rm -rf "$ucitmp"
+               umask "$oldmask"
+       fi
+}
+
 proto_wireguard_setup() {
        local config="$1"
        local wg_dir="/tmp/wireguard"
@@ -111,6 +128,8 @@ proto_wireguard_setup() {
        local listen_port
        local mtu
 
+       ensure_key_is_generated "${config}"
+
        config_load network
        config_get private_key "${config}" "private_key"
        config_get listen_port "${config}" "listen_port"