From 2f5705b5debf958ebd6bd227a6367ddd24d5197f Mon Sep 17 00:00:00 2001
From: Nils Schneider <nils@nilsschneider.net>
Date: Sat, 26 Jul 2014 23:21:06 +0200
Subject: [PATCH] config-mode, mesh-vpn: refactor key generation

Previously, the config-mode was responsible for generating the fastd
secret. This patch sets the default secret to "generate" causing a
secret to be generated on its first use (e.g. show_key or start).

This also changes the info page (in Expert Mode) to show "n/a" when the
public key is not yet available.
---
 .../controller/gluon-config-mode/index.lua    |  4 +--
 .../model/cbi/gluon-config-mode/wizard.lua    |  4 ---
 .../lib/lua/luci/tools/gluon-config-mode.lua  | 29 -------------------
 .../usr/lib/lua/luci/view/admin/info.htm      | 10 +++++--
 .../invariant/020-secret-generate             | 13 +++++++++
 5 files changed, 22 insertions(+), 38 deletions(-)
 delete mode 100644 package/gluon-config-mode/files/usr/lib/lua/luci/tools/gluon-config-mode.lua
 create mode 100755 package/gluon-mesh-vpn-fastd/files/lib/gluon/upgrade/mesh-vpn-fastd/invariant/020-secret-generate

diff --git a/package/gluon-config-mode/files/usr/lib/lua/luci/controller/gluon-config-mode/index.lua b/package/gluon-config-mode/files/usr/lib/lua/luci/controller/gluon-config-mode/index.lua
index def9d4017..521d8658e 100644
--- a/package/gluon-config-mode/files/usr/lib/lua/luci/controller/gluon-config-mode/index.lua
+++ b/package/gluon-config-mode/files/usr/lib/lua/luci/controller/gluon-config-mode/index.lua
@@ -48,13 +48,13 @@ function index()
 end
 
 function action_reboot()
-  local configmode = require "luci.tools.gluon-config-mode"
+  local util = require "luci.util"
   local pubkey
   local uci = luci.model.uci.cursor()
   local meshvpn_enabled = uci:get("fastd", meshvpn_name, "enabled", "0")
   local sysconfig = require 'gluon.sysconfig'
   if meshvpn_enabled == "1" then
-    pubkey = configmode.get_fastd_pubkey(meshvpn_name)
+    pubkey = util.exec("/etc/init.d/fastd show_key " .. meshvpn_name)
   end
 
   uci:set("gluon-setup-mode", uci:get_first("gluon-setup-mode", "setup_mode"), "configured", "1")
diff --git a/package/gluon-config-mode/files/usr/lib/lua/luci/model/cbi/gluon-config-mode/wizard.lua b/package/gluon-config-mode/files/usr/lib/lua/luci/model/cbi/gluon-config-mode/wizard.lua
index ce7e549cd..a663585bb 100644
--- a/package/gluon-config-mode/files/usr/lib/lua/luci/model/cbi/gluon-config-mode/wizard.lua
+++ b/package/gluon-config-mode/files/usr/lib/lua/luci/model/cbi/gluon-config-mode/wizard.lua
@@ -1,11 +1,7 @@
-local configmode = require "luci.tools.gluon-config-mode"
 local meshvpn_name = "mesh_vpn"
 local uci = luci.model.uci.cursor()
 local f, s, o
 
--- prepare fastd key as early as possible
-configmode.setup_fastd_secret(meshvpn_name)
-
 f = SimpleForm("wizard")
 f.reset = false
 f.template = "gluon-config-mode/cbi/wizard"
diff --git a/package/gluon-config-mode/files/usr/lib/lua/luci/tools/gluon-config-mode.lua b/package/gluon-config-mode/files/usr/lib/lua/luci/tools/gluon-config-mode.lua
deleted file mode 100644
index ba1748f1e..000000000
--- a/package/gluon-config-mode/files/usr/lib/lua/luci/tools/gluon-config-mode.lua
+++ /dev/null
@@ -1,29 +0,0 @@
-local luci = require "luci"
-local io = require "io"
-
-module "luci.tools.gluon-config-mode"
-
-function setup_fastd_secret(name)
-  local uci = luci.model.uci.cursor()
-  local secret = uci:get("fastd", name, "secret")
-
-  if not secret or not secret:match("%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x%x") then
-    local f = io.popen("fastd --generate-key --machine-readable", "r")
-    local secret = f:read("*a")
-    f:close()
-
-    uci:set("fastd", name, "secret", secret)
-    uci:save("fastd")
-    uci:commit("fastd")
-  end
-end
-
-function get_fastd_pubkey(name)
-  local f = io.popen("/etc/init.d/fastd show_key " .. name, "r")
-  local key = f:read("*a")
-  f:close()
-
-  return key
-end
-
-
diff --git a/package/gluon-luci-admin/files/usr/lib/lua/luci/view/admin/info.htm b/package/gluon-luci-admin/files/usr/lib/lua/luci/view/admin/info.htm
index 5d243a898..9c3843995 100644
--- a/package/gluon-luci-admin/files/usr/lib/lua/luci/view/admin/info.htm
+++ b/package/gluon-luci-admin/files/usr/lib/lua/luci/view/admin/info.htm
@@ -25,11 +25,15 @@
      version = util.trim(fs.readfile('/lib/gluon/gluon-version')),
      release = util.trim(fs.readfile('/lib/gluon/release')),
      site = site.site_name,
+     pubkey = 'n/a',
    }
 
-   local pubkey = util.trim(util.exec('/etc/init.d/fastd show_key mesh_vpn'))
-   if pubkey ~= '' then
-     values.pubkey = pubkey
+   local meshvpn_enabled = uci:get("fastd", "mesh_vpn", "enabled", "0")
+   if meshvpn_enabled == "1" then
+     local pubkey = util.trim(util.exec('/etc/init.d/fastd show_key mesh_vpn'))
+     if pubkey ~= '' then
+       values.pubkey = pubkey
+     end
    end
 -%>
 <h2>Info</h2>
diff --git a/package/gluon-mesh-vpn-fastd/files/lib/gluon/upgrade/mesh-vpn-fastd/invariant/020-secret-generate b/package/gluon-mesh-vpn-fastd/files/lib/gluon/upgrade/mesh-vpn-fastd/invariant/020-secret-generate
new file mode 100755
index 000000000..68a2fe676
--- /dev/null
+++ b/package/gluon-mesh-vpn-fastd/files/lib/gluon/upgrade/mesh-vpn-fastd/invariant/020-secret-generate
@@ -0,0 +1,13 @@
+#!/usr/bin/lua
+
+local uci = require 'luci.model.uci'
+
+local c = uci.cursor()
+
+local secret = c:get("fastd", "mesh_vpn", "secret")
+
+if not secret or not secret:match(("%x"):rep(64)) then
+  c:set("fastd", "mesh_vpn", "secret", "generate")
+  c:save("fastd")
+  c:commit("fastd")
+end
-- 
GitLab