3 files changed, 91 insertions, 1 deletions
diff --git a/src/migration-scripts/dhcpv6-server/4-to-5 b/src/migration-scripts/dhcpv6-server/4-to-5
new file mode 100755
index 000000000..e808edbe0
--- /dev/null
+++ b/src/migration-scripts/dhcpv6-server/4-to-5
@@ -0,0 +1,68 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2024 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+
+# T5993: Check if subnet is locally accessible and assign interface to subnet
+
+import sys
+from ipaddress import ip_network
+from vyos.configtree import ConfigTree
+
+if (len(sys.argv) < 1):
+    print("Must specify file name!")
+    sys.exit(1)
+
+file_name = sys.argv[1]
+
+with open(file_name, 'r') as f:
+    config_file = f.read()
+
+base = ['service', 'dhcpv6-server', 'shared-network-name']
+config = ConfigTree(config_file)
+
+if not config.exists(base):
+    # Nothing to do
+    exit(0)
+
+def find_subnet_interface(subnet):
+    subnet_net = ip_network(subnet)
+
+    for iftype in config.list_nodes(['interfaces']):
+        for ifname in config.list_nodes(['interfaces', iftype]):
+            if_base = ['interfaces', iftype, ifname]
+
+            if config.exists(if_base + ['address']):
+                for addr in config.return_values(if_base + ['address']):
+                    if ip_network(addr, strict=False) == subnet_net:
+                        return ifname
+
+    return False
+
+for network in config.list_nodes(base):
+    if not config.exists(base + [network, 'subnet']):
+        continue
+
+    for subnet in config.list_nodes(base + [network, 'subnet']):
+        subnet_interface = find_subnet_interface(subnet)
+
+        if subnet_interface:
+            config.set(base + [network, 'subnet', subnet, 'interface'], value=subnet_interface)
+
+try:
+    with open(file_name, 'w') as f:
+        f.write(config.to_string())
+except OSError as e:
+    print("Failed to save the modified config: {}".format(e))
+    exit(1)
diff --git a/src/migration-scripts/ipsec/6-to-7 b/src/migration-scripts/ipsec/6-to-7
index 71fbbe8a1..f8b6de560 100755
--- a/src/migration-scripts/ipsec/6-to-7
+++ b/src/migration-scripts/ipsec/6-to-7
@@ -63,7 +63,7 @@ if config.exists(ipsec_site_base):
         changes_made = True
 
         peer_x509_base = ipsec_site_base + [peer, 'authentication', 'x509']
-        pki_name = 'peer_' + peer.replace(".", "-")
+        pki_name = 'peer_' + peer.replace(".", "-").replace("@", "")
 
         if config.exists(peer_x509_base + ['cert-file']):
             cert_file = config.return_value(peer_x509_base + ['cert-file'])
diff --git a/src/migration-scripts/rpki/1-to-2 b/src/migration-scripts/rpki/1-to-2
index 559440bba..50d4a3dfc 100755
--- a/src/migration-scripts/rpki/1-to-2
+++ b/src/migration-scripts/rpki/1-to-2
@@ -19,7 +19,11 @@
 
 from sys import exit
 from sys import argv
+
 from vyos.configtree import ConfigTree
+from vyos.pki import OPENSSH_KEY_BEGIN
+from vyos.pki import OPENSSH_KEY_END
+from vyos.utils.file import read_file
 
 if len(argv) < 2:
     print("Must specify file name!")
@@ -43,6 +47,24 @@ if config.exists(base + ['cache']):
         if config.exists(ssh_node + ['known-hosts-file']):
             config.delete(ssh_node + ['known-hosts-file'])
 
+        if config.exists(base + ['cache', cache, 'ssh']):
+            private_key_node = base + ['cache', cache, 'ssh', 'private-key-file']
+            private_key_file = config.return_value(private_key_node)
+            private_key = read_file(private_key_file).replace(OPENSSH_KEY_BEGIN, '').replace(OPENSSH_KEY_END, '').replace('\n','')
+
+            public_key_node = base + ['cache', cache, 'ssh', 'public-key-file']
+            public_key_file = config.return_value(public_key_node)
+            public_key = read_file(public_key_file).split()
+
+            config.set(['pki', 'openssh', f'rpki-{cache}', 'private', 'key'], value=private_key)
+            config.set(['pki', 'openssh', f'rpki-{cache}', 'public', 'key'], value=public_key[1])
+            config.set(['pki', 'openssh', f'rpki-{cache}', 'public', 'type'], value=public_key[0])
+            config.set_tag(['pki', 'openssh'])
+            config.set(ssh_node + ['key'], value=f'rpki-{cache}')
+
+            config.delete(private_key_node)
+            config.delete(public_key_node)
+
 try:
     with open(file_name, 'w') as f:
         f.write(config.to_string())