From 516c2c43392907493f4157ea7d6d2149b725688b Mon Sep 17 00:00:00 2001 From: Christian Breunig Date: Fri, 12 Jan 2024 21:53:17 +0100 Subject: wireguard: T5924: harden migration script logic 22-to-23 The original commit 2c1c36135 ("wireguard: T5413: Blocked adding the peer with the router's public key") did not honor the fact that there might be no private-key CLI node defined for a WireGuard interface. If this is the case, private-key defaults to "default". This fact needs to be handled in the migration script. --- src/migration-scripts/interfaces/22-to-23 | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'src/migration-scripts') diff --git a/src/migration-scripts/interfaces/22-to-23 b/src/migration-scripts/interfaces/22-to-23 index c3c4ea366..a66bd303b 100755 --- a/src/migration-scripts/interfaces/22-to-23 +++ b/src/migration-scripts/interfaces/22-to-23 @@ -1,6 +1,6 @@ #!/usr/bin/env python3 # -# Copyright (C) 2023 VyOS maintainers and contributors +# Copyright (C) 2024 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -33,9 +33,11 @@ if __name__ == '__main__': if not config.exists(base): # Nothing to do sys.exit(0) + for interface in config.list_nodes(base): - private_key_name = config.return_value( - base + [interface, 'private-key']) + private_key_name = 'default' + if config.exists(base + [interface, 'private-key']): + private_key_name = config.return_value(base + [interface, 'private-key']) private_key_path = f'/config/auth/wireguard/{private_key_name}/private.key' with open(private_key_path, 'r') as file: private_key = file.read().rstrip() -- cgit v1.2.3