summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-02-12 21:17:03 +0100
committerMergify <37929162+mergify[bot]@users.noreply.github.com>2024-02-13 20:40:01 +0000
commitb68206ba65a8341df86bc220696cc313764e9ba5 (patch)
treed91d2d97756f7ecfa633aa2eedf007384e00cd7b /src
parent5e527b2b01e8e994caa2458f4fead445294a27c9 (diff)
downloadvyos-1x-b68206ba65a8341df86bc220696cc313764e9ba5.tar.gz
vyos-1x-b68206ba65a8341df86bc220696cc313764e9ba5.zip
rpki: T6034: remove OpenSSH keys from /run/frr when unloaded
(cherry picked from commit 78820752b936e77d30f995498ff36487c5c6af87)
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/protocols_rpki.py12
1 files changed, 10 insertions, 2 deletions
diff --git a/src/conf_mode/protocols_rpki.py b/src/conf_mode/protocols_rpki.py
index 72ab2d454..a59ecf3e4 100755
--- a/src/conf_mode/protocols_rpki.py
+++ b/src/conf_mode/protocols_rpki.py
@@ -14,6 +14,9 @@
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
+import os
+
+from glob import glob
from sys import exit
from vyos.config import Config
@@ -27,6 +30,8 @@ from vyos import frr
from vyos import airbag
airbag.enable()
+rpki_ssh_key_base = '/run/frr/id_rpki'
+
def get_config(config=None):
if config:
conf = config
@@ -77,6 +82,9 @@ def verify(rpki):
return None
def generate(rpki):
+ for key in glob(f'{rpki_ssh_key_base}*'):
+ os.unlink(key)
+
if not rpki:
return
@@ -88,8 +96,8 @@ def generate(rpki):
public_key_type = dict_search_args(rpki['pki'], 'openssh', key_name, 'public', 'type')
private_key_data = dict_search_args(rpki['pki'], 'openssh', key_name, 'private', 'key')
- cache_config['ssh']['public_key_file'] = f'/run/frr/id_rpki_{cache}.pub'
- cache_config['ssh']['private_key_file'] = f'/run/frr/id_rpki_{cache}'
+ cache_config['ssh']['public_key_file'] = f'{rpki_ssh_key_base}_{cache}.pub'
+ cache_config['ssh']['private_key_file'] = f'{rpki_ssh_key_base}_{cache}'
write_file(cache_config['ssh']['public_key_file'], wrap_openssh_public_key(public_key_data, public_key_type))
write_file(cache_config['ssh']['private_key_file'], wrap_openssh_private_key(private_key_data))