From 78820752b936e77d30f995498ff36487c5c6af87 Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Mon, 12 Feb 2024 21:17:03 +0100 Subject: rpki: T6034: remove OpenSSH keys from /run/frr when unloaded --- src/conf_mode/protocols_rpki.py | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) (limited to 'src/conf_mode/protocols_rpki.py') diff --git a/src/conf_mode/protocols_rpki.py b/src/conf_mode/protocols_rpki.py index 72ab2d454..a59ecf3e4 100755 --- a/src/conf_mode/protocols_rpki.py +++ b/src/conf_mode/protocols_rpki.py @@ -14,6 +14,9 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see . +import os + +from glob import glob from sys import exit from vyos.config import Config @@ -27,6 +30,8 @@ from vyos import frr from vyos import airbag airbag.enable() +rpki_ssh_key_base = '/run/frr/id_rpki' + def get_config(config=None): if config: conf = config @@ -77,6 +82,9 @@ def verify(rpki): return None def generate(rpki): + for key in glob(f'{rpki_ssh_key_base}*'): + os.unlink(key) + if not rpki: return @@ -88,8 +96,8 @@ def generate(rpki): public_key_type = dict_search_args(rpki['pki'], 'openssh', key_name, 'public', 'type') private_key_data = dict_search_args(rpki['pki'], 'openssh', key_name, 'private', 'key') - cache_config['ssh']['public_key_file'] = f'/run/frr/id_rpki_{cache}.pub' - cache_config['ssh']['private_key_file'] = f'/run/frr/id_rpki_{cache}' + cache_config['ssh']['public_key_file'] = f'{rpki_ssh_key_base}_{cache}.pub' + cache_config['ssh']['private_key_file'] = f'{rpki_ssh_key_base}_{cache}' write_file(cache_config['ssh']['public_key_file'], wrap_openssh_public_key(public_key_data, public_key_type)) write_file(cache_config['ssh']['private_key_file'], wrap_openssh_private_key(private_key_data)) -- cgit v1.2.3