0004-wireguard-tools-allow-generating-private_key-v3.patch

From: lemoer <git@irrelefant.net>
Date: Sat, 3 Jul 2021 22:50:29 +0200
Subject: wireguard-tools: allow generating private_key (v3)

When the uci configuration is created automatically during a very early
stage, where no entropy daemon is set up, generating the key directly is
not an option. Therefore we allow to set the private_key to "generate"
and generate the private key directly before the interface is taken up.

v3: Somebody has implemented another uci cli flag '-t' upstream to handle
    this, before my patch to implement the new uci flag '-x' syntax was
    accepted. So I dropped my suggestion of '-x'.
v2: We now use a new uci cli flag to commit only the private_key and do
    not commit uncommited user changes. This is not yet upstream as of
    now.

diff --git a/package/network/utils/wireguard-tools/files/wireguard.sh b/package/network/utils/wireguard-tools/files/wireguard.sh
index 63261aea71daa058bf37014ba7d670a5e74a2e04..845f9eb902bf3655b631d52aa3ee69231366f657 100644
--- a/package/network/utils/wireguard-tools/files/wireguard.sh
+++ b/package/network/utils/wireguard-tools/files/wireguard.sh
@@ -95,6 +95,23 @@ proto_wireguard_setup_peer() {
 	fi
 }
 
+ensure_key_is_generated() {
+	local private_key
+	private_key="$(uci get network."$1".private_key)"
+
+	if [ "$private_key" == "generate" ]; then
+		local ucitmp
+		oldmask="$(umask)"
+		umask 077
+		ucitmp="$(mktemp -d)"
+		private_key="$("${WG}" genkey)"
+		uci -q -t "$ucitmp" set network."$1".private_key="$private_key" && \
+			uci -q -t "$ucitmp" commit network
+		rm -rf "$ucitmp"
+		umask "$oldmask"
+	fi
+}
+
 proto_wireguard_setup() {
 	local config="$1"
 	local wg_dir="/tmp/wireguard"
@@ -104,6 +121,8 @@ proto_wireguard_setup() {
 	local listen_port
 	local mtu
 
+	ensure_key_is_generated "${config}"
+
 	config_load network
 	config_get private_key "${config}" "private_key"
 	config_get listen_port "${config}" "listen_port"