From e12390d75b5ea0423f19efc1dc5dd97ae5fe42dd Mon Sep 17 00:00:00 2001
From: Christian Poessinger <christian@poessinger.com>
Date: Thu, 21 May 2020 18:19:52 +0200
Subject: macsec: T2023: delete wpa_supplicant config when interface is removed

---
 src/conf_mode/interfaces-macsec.py         | 14 ++++++++------
 src/systemd/wpa_supplicant-macsec@.service |  2 +-
 2 files changed, 9 insertions(+), 7 deletions(-)

(limited to 'src')

diff --git a/src/conf_mode/interfaces-macsec.py b/src/conf_mode/interfaces-macsec.py
index d251f6408..6a3bb49fe 100755
--- a/src/conf_mode/interfaces-macsec.py
+++ b/src/conf_mode/interfaces-macsec.py
@@ -45,6 +45,9 @@ default_config_data = {
     'vrf': ''
 }
 
+# XXX: wpa_supplicant works on the source interface
+wpa_suppl_conf = '/run/wpa_supplicant/{source_interface}.conf'
+
 def get_config():
     macsec = deepcopy(default_config_data)
     conf = Config()
@@ -158,12 +161,7 @@ def verify(macsec):
     return None
 
 def generate(macsec):
-    # XXX: wpa_supplicant works on the source interface not the resulting
-    #      MACsec interface
-    wpa_suppl_conf = '/run/wpa_supplicant/{source_interface}.conf'
-    conf = wpa_suppl_conf.format(**macsec)
-
-    render(conf, 'macsec/wpa_supplicant.conf.tmpl', macsec, permission=0o640)
+    render(wpa_suppl_conf.format(**macsec), 'macsec/wpa_supplicant.conf.tmpl', macsec, permission=0o640)
     return None
 
 def apply(macsec):
@@ -172,6 +170,10 @@ def apply(macsec):
         call('systemctl stop wpa_supplicant-macsec@{source_interface}.service'.format(**macsec))
         MACsecIf(macsec['intf']).remove()
 
+        # delete configuration on interface removal
+        if os.path.isfile(wpa_suppl_conf.format(**macsec)):
+            os.unlink(wpa_suppl_conf.format(**macsec))
+
     else:
         # MACsec interfaces require a configuration when they are added using
         # iproute2. This static method will provide the configuration
diff --git a/src/systemd/wpa_supplicant-macsec@.service b/src/systemd/wpa_supplicant-macsec@.service
index 9fad6b773..21e189e4b 100644
--- a/src/systemd/wpa_supplicant-macsec@.service
+++ b/src/systemd/wpa_supplicant-macsec@.service
@@ -11,7 +11,7 @@ RequiresMountsFor=/run
 Type=simple
 WorkingDirectory=/run/wpa_supplicant
 PIDFile=/run/wpa_supplicant/%I.pid
-ExecStart=/sbin/wpa_supplicant -c /run/wpa_supplicant/%I.conf -Dmacsec_linux -i%I
+ExecStart=/sbin/wpa_supplicant -c/run/wpa_supplicant/%I.conf -Dmacsec_linux -i%I
 
 [Install]
 WantedBy=multi-user.target
-- 
cgit v1.2.3