summaryrefslogtreecommitdiff
path: root/python/vyos/ifconfig/wireguard.py
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-09-25 09:12:58 +0200
committerChristian Poessinger <christian@poessinger.com>2022-09-25 09:18:53 +0200
commit01fcfb82122f1f1ae1dc4efe6636474c06c6ede4 (patch)
tree6fe6eb6f4b2e76c305995dfdb4c7f45926afb8d5 /python/vyos/ifconfig/wireguard.py
parentadc59ad72d914073595c587f7ed98eb2e7fdd5c8 (diff)
downloadvyos-1x-01fcfb82122f1f1ae1dc4efe6636474c06c6ede4.tar.gz
vyos-1x-01fcfb82122f1f1ae1dc4efe6636474c06c6ede4.zip
wireguard: ifconfig: T2653: use NamedTemporaryFile() when dealing with private key
This prevents habing any leftover private-key files in /tmp directory.
Diffstat (limited to 'python/vyos/ifconfig/wireguard.py')
-rw-r--r--python/vyos/ifconfig/wireguard.py12
1 files changed, 7 insertions, 5 deletions
diff --git a/python/vyos/ifconfig/wireguard.py b/python/vyos/ifconfig/wireguard.py
index 9a92c71b8..0ae431163 100644
--- a/python/vyos/ifconfig/wireguard.py
+++ b/python/vyos/ifconfig/wireguard.py
@@ -1,4 +1,4 @@
-# Copyright 2019-2021 VyOS maintainers and contributors <maintainers@vyos.io>
+# Copyright 2019-2022 VyOS maintainers and contributors <maintainers@vyos.io>
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -17,6 +17,7 @@ import os
import time
from datetime import timedelta
+from tempfile import NamedTemporaryFile
from hurry.filesize import size
from hurry.filesize import alternative
@@ -170,17 +171,18 @@ class WireGuardIf(Interface):
for peer, public_key in config['peer_remove'].items():
self._cmd(f'wg set {self.ifname} peer {public_key} remove')
- config['private_key_file'] = '/tmp/tmp.wireguard.key'
- with open(config['private_key_file'], 'w') as f:
- f.write(config['private_key'])
+ tmp_file = NamedTemporaryFile('w')
+ tmp_file.write(config['private_key'])
+ tmp_file.flush()
# Wireguard base command is identical for every peer
- base_cmd = 'wg set {ifname} private-key {private_key_file}'
+ base_cmd = 'wg set {ifname}'
if 'port' in config:
base_cmd += ' listen-port {port}'
if 'fwmark' in config:
base_cmd += ' fwmark {fwmark}'
+ base_cmd += f' private-key {tmp_file.name}'
base_cmd = base_cmd.format(**config)
if 'peer' in config: