nixio: Autogenerate private key on installation if we have axtls
support, make the TLS provider configurable in the build menu
This commit is contained in:
Steven Barth
parent
a5ae3959b5
commit
b92e6532a0
5 changed files with 53 additions and 1 deletions
|
|
@ -213,15 +213,39 @@ define Package/luci-json/install
|
|||
endef
|
||||
|
||||
|
||||
|
||||
NIXIO_TLS:=axtls
|
||||
|
||||
define Package/luci-nixio
|
||||
$(call Package/luci/libtemplate)
|
||||
TITLE:=NIXIO Socket Library
|
||||
DEPENDS:=
|
||||
endef
|
||||
|
||||
define Package/luci-nixio/install
|
||||
$(call Package/luci/install/template,$(1),libs/nixio)
|
||||
endef
|
||||
|
||||
define Package/luci-nixio/config
|
||||
choice
|
||||
prompt "TLS Provider"
|
||||
default PACKAGE_luci-nixio_axtls
|
||||
|
||||
config PACKAGE_luci-nixio_axtls
|
||||
bool "Builtin (axTLS)"
|
||||
select PACKAGE_dropbear
|
||||
select PACKAGE_dropbearconvert
|
||||
|
||||
config PACKAGE_luci-nixio_openssl
|
||||
bool "OpenSSL"
|
||||
select PACKAGE_libopenssl
|
||||
endchoice
|
||||
endef
|
||||
|
||||
ifneq ($(CONFIG_PACKAGE_luci-nixio_openssl),)
|
||||
NIXIO_TLS:=openssl
|
||||
endif
|
||||
|
||||
|
||||
define Package/luci-sys
|
||||
$(call Package/luci/libtemplate)
|
||||
|
|
@ -951,7 +975,7 @@ MAKE_FLAGS += \
|
|||
LUA_SHLIBS="-llua -lm -ldl -lcrypt" \
|
||||
CFLAGS="$(TARGET_CFLAGS) -I$(STAGING_DIR)/usr/include" \
|
||||
LDFLAGS="$(TARGET_LDFLAGS) -L$(STAGING_DIR)/usr/lib" \
|
||||
OS="Linux"
|
||||
NIXIO_TLS="$(NIXIO_TLS)" OS="Linux"
|
||||
|
||||
|
||||
$(eval $(call BuildPackage,luci-core))
|
||||
|
|
|
|||
|
|
@ -39,6 +39,8 @@ src/tls-socket.o: $(TLS_DEPENDS) src/tls-socket.c
|
|||
|
||||
src/openssl-compat.o: src/libaxtls.a src/openssl-compat.c
|
||||
$(COMPILE) $(NIXIO_CFLAGS) $(LUA_CFLAGS) $(FPIC) $(TLS_CFLAGS) -c -o $@ src/openssl-compat.c
|
||||
mkdir -p dist
|
||||
cp -pR axtls-root/* dist/
|
||||
|
||||
|
||||
compile: $(NIXIO_OBJ)
|
||||
|
|
|
|||
2
libs/nixio/axtls-root/etc/uci-defaults/nixio
Executable file
2
libs/nixio/axtls-root/etc/uci-defaults/nixio
Executable file
|
|
@ -0,0 +1,2 @@
|
|||
#!/bin/sh
|
||||
nixio-axtls-checkkey
|
||||
20
libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey
Executable file
20
libs/nixio/axtls-root/usr/sbin/nixio-axtls-checkkey
Executable file
|
|
@ -0,0 +1,20 @@
|
|||
#!/usr/bin/lua
|
||||
local nixio = require "nixio"
|
||||
local posix
|
||||
local defkey = nixio.meta_tls_context.tls_defaultkey
|
||||
if not defkey or io.open(defkey) then
|
||||
os.exit(0)
|
||||
end
|
||||
|
||||
if os.execute("which openssl") then
|
||||
io.stderr:write("Warning: OpenSSL detected "..
|
||||
"but it looks like nixio was linked against axtls\n")
|
||||
os.execute("umask 0077;openssl genrsa -out '" .. defkey .. "' 2048")
|
||||
elseif os.execute("which dropbearkey && which dropbearconvert") then
|
||||
os.execute("dropbearkey -t rsa -s 2048 -f /tmp/dbkey.rsa")
|
||||
os.execute("umask 0077;dropbearconvert dropbear openssh /tmp/dbkey.rsa '"..defkey.."'")
|
||||
os.remove("/tmp/dbkey.rsa")
|
||||
else
|
||||
io.stderr:write("No key generators available! Giving up.")
|
||||
os.exit(1)
|
||||
end
|
||||
4
libs/nixio/ipkg/postinst
Executable file
4
libs/nixio/ipkg/postinst
Executable file
|
|
@ -0,0 +1,4 @@
|
|||
#!/bin/sh
|
||||
[ -n "${IPKG_INSTROOT}" -a -f "/etc/uci-defaults/nixio" ] || {
|
||||
( . /etc/uci-defaults/nixio ) && rm -f /etc/uci-defaults/nixio
|
||||
}
|
||||
Loading…
Reference in a new issue